×

System, method and program product for consolidated authentication

  • US 8,219,802 B2
  • Filed: 05/07/2008
  • Issued: 07/10/2012
  • Est. Priority Date: 05/07/2008
  • Status: Active Grant
First Claim
Patent Images

1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising the steps of:

  • a third computer receiving from the user a valid combination of userID and password;

    the second computer receiving from the user of the first computer a request to access the first application, and in response, the second computer determining that the user has not yet been authenticated to the first application, and in response, the second computer redirecting the request to the third computer, and in response, the third computer determining that the user has been authenticated to the third computer based on the userlD and password, and in response, the third computer notifying the second computer that the user is authentic, and in response, the second computer returning a session key to the third computer for a session between the first application and the user, the session key having a scope of the first application but not a scope of a domain; and

    in response to the third computer receiving the session key from the second computer for the session between the user and the first application the third computer generating another session key with a scope of the domain, and the third computer sending the domain-scope session key to the first computer; and

    subsequently, the second computer receiving from the user of the first computer another request with the domain-scope session key to the first application, and in response to the domain-scope session key received with the request, the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can respond to the first computer to the other request; and

    whereinthe domain is a group of two or more applications, including the first application and the second application, which are licensed to a same entity or have a same domain name URL component, and the scope of the session key with the scope of the first application does not include the second application such that the session key with scope of the first application does not directly grant access to the second application; and

    subsequently, the second computer receiving from the user of the first computer another request with the domain-scope session key to the second application, and in response to the domain-scope session key received with the request, the second computer determining that the user is authentic and notifying the second application that the user is authentic so that the second application can respond to the first computer to the other request to the second application.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×