System and method for transparent single sign-on
First Claim
1. A method for providing single sign-on to a user of a first device of a plurality of devices in a networked computing environment, the method comprising:
- controlling a plurality of applications on said first device by an operating system, the plurality of applications communicating with said operating system, said operating system generating an authentication request on behalf of the plurality of applications, said operating system coupled to only one single sign-on (SSO) interface located at said first device;
receiving the authentication request generated by said operating system of the first device at said SSO interface located at said first device, said single sign-on interface coupled to a SSO provider, and said operating system supporting each of said plurality of applications on said first device;
determining if authentication information required by said authentication request is available to said single sign-on interface from a storage location located on said first device, and if not available, requesting credentials required to authenticate said user for using an application making the authentication request;
authenticating the credentials with information located in said SSO provider, said SSO provider used by each of said plurality of devices; and
in response to a successful authentication of the required credentials, storing data indicative that the credentials have been authenticated at said storage location on said first device.
10 Assignments
0 Petitions
Accused Products
Abstract
System and method for transparent single sign-on authentication on computers in a networked environment. A preferred embodiment comprises receiving an authentication request from an operating system of a first computer, requesting credentials of an application making the authentication request, authenticating the credentials, storing the credentials if the authentication is successful, and transmitting the credentials to a second computer. On subsequent access requests made by the user on the second computer, the credentials can be retrieved from the secure store, eliminating the need to prompt the user to re-enter authentication information.
-
Citations
21 Claims
-
1. A method for providing single sign-on to a user of a first device of a plurality of devices in a networked computing environment, the method comprising:
-
controlling a plurality of applications on said first device by an operating system, the plurality of applications communicating with said operating system, said operating system generating an authentication request on behalf of the plurality of applications, said operating system coupled to only one single sign-on (SSO) interface located at said first device; receiving the authentication request generated by said operating system of the first device at said SSO interface located at said first device, said single sign-on interface coupled to a SSO provider, and said operating system supporting each of said plurality of applications on said first device; determining if authentication information required by said authentication request is available to said single sign-on interface from a storage location located on said first device, and if not available, requesting credentials required to authenticate said user for using an application making the authentication request; authenticating the credentials with information located in said SSO provider, said SSO provider used by each of said plurality of devices; and in response to a successful authentication of the required credentials, storing data indicative that the credentials have been authenticated at said storage location on said first device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A first network computing device in a SSO (single sign-on) network computing environment that includes a plurality of network computing devices, the first network computing device comprising:
-
an operating system configured to control interaction between users of the first network computing device and a plurality of applications and data stored in the first network computing device, the operating system generating an authentication request on behalf of the plurality of applications; a single authentication module coupled to the operating system, the single authentication module comprising a SSO interface coupled to a SSO provider, and the SSO interface receiving the authentication request and the single authentication module configured to support each of said plurality of applications and data, and to determine that the required information to authenticate credentials of a user of the first network computing device is available prior to granting the user access to said plurality of applications and data and storing the required authentication information of the user'"'"'s credentials in a storage location, wherein once a user'"'"'s authentication information is present in the storage location, the user is no longer prompted to re-enter the authentication information; and a SSO module coupled to the operating system of the first network computing device and said SSO provider, said SSO module used by each of said plurality of network computing devices. - View Dependent Claims (13, 14, 15, 21)
-
-
16. A networked computing environment comprising:
-
a computer network to convey information and data; at least two network computing devices coupled to the computer network, each network computing device comprising an operating system configured to control interaction between users of the network computing device and a plurality of applications and data stored in the network computing device, the operating system generating an authentication request on behalf of the plurality of applications; a single authentication module coupled to the operating system, the single authentication module comprising a single sign-on (SSO) interface coupled to a SSO provider and the SSO interface receiving the authentication request and the single authentication module configured to support each of said plurality of applications and data stored in said network computing device and to determine that the required information to authenticate credentials of a user of the network computing device is available prior to granting the user access to said plurality of applications and data and storing the required information to authenticate the user'"'"'s credentials in a secure storage location, wherein once a user'"'"'s authentication information is present in the storage location, the user is no longer prompted to re-enter the authentication information; and a SSO module for each of said at least two computing devices coupled to the operating system and the SSO provider, the single sign on SSO module being used by each of said at least two computing devices and being configured to transmit data indicative of the user'"'"'s credentials to another networked computing device that is remotely located and that contains applications or data and to verify the validity of received credentials. - View Dependent Claims (17, 18, 19, 20)
-
Specification