System and method for transparent single sign-on

US 8,327,427 B2
Filed: 09/25/2006
Issued: 12/04/2012
Est. Priority Date: 09/25/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing single sign-on to a user of a first device of a plurality of devices in a networked computing environment, the method comprising:

controlling a plurality of applications on said first device by an operating system, the plurality of applications communicating with said operating system, said operating system generating an authentication request on behalf of the plurality of applications, said operating system coupled to only one single sign-on (SSO) interface located at said first device;

receiving the authentication request generated by said operating system of the first device at said SSO interface located at said first device, said single sign-on interface coupled to a SSO provider, and said operating system supporting each of said plurality of applications on said first device;

determining if authentication information required by said authentication request is available to said single sign-on interface from a storage location located on said first device, and if not available, requesting credentials required to authenticate said user for using an application making the authentication request;

authenticating the credentials with information located in said SSO provider, said SSO provider used by each of said plurality of devices; and

in response to a successful authentication of the required credentials, storing data indicative that the credentials have been authenticated at said storage location on said first device.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for transparent single sign-on authentication on computers in a networked environment. A preferred embodiment comprises receiving an authentication request from an operating system of a first computer, requesting credentials of an application making the authentication request, authenticating the credentials, storing the credentials if the authentication is successful, and transmitting the credentials to a second computer. On subsequent access requests made by the user on the second computer, the credentials can be retrieved from the secure store, eliminating the need to prompt the user to re-enter authentication information.

Citations

21 Claims

1. A method for providing single sign-on to a user of a first device of a plurality of devices in a networked computing environment, the method comprising:
- controlling a plurality of applications on said first device by an operating system, the plurality of applications communicating with said operating system, said operating system generating an authentication request on behalf of the plurality of applications, said operating system coupled to only one single sign-on (SSO) interface located at said first device;
  
  receiving the authentication request generated by said operating system of the first device at said SSO interface located at said first device, said single sign-on interface coupled to a SSO provider, and said operating system supporting each of said plurality of applications on said first device;
  
  determining if authentication information required by said authentication request is available to said single sign-on interface from a storage location located on said first device, and if not available, requesting credentials required to authenticate said user for using an application making the authentication request;
  
  authenticating the credentials with information located in said SSO provider, said SSO provider used by each of said plurality of devices; and
  
  in response to a successful authentication of the required credentials, storing data indicative that the credentials have been authenticated at said storage location on said first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising transmitting the credentials to a second device of said plurality of devices, wherein the transmitting occurs when network traffic is initiated from the first device to the second device.
  - 3. The method of claim 1, wherein the user makes use of an application to create the authentication request, and the method further comprising transmitting the authentication request from the application to the operating system prior to the receiving.
  - 4. The method of claim 1, wherein at least one of the plurality of applications creates the authentication request when the user attempts to access a second application or data.
  - 5. The method of claim 1, wherein the credentials are only transmitted periodically.
  - 6. The method of claim 1, wherein the authentication information required by said authentication request is determined to be present at said storage location and further comprising:
    - retrieving the data indicative of authenticated credentials from said storage location in response to the determination that the credentials are available and located in the storage location.
  - 7. The method of claim 1, wherein the authenticating the credentials comprises using an authentication server.
  - 8. The method of claim 1, wherein the determining if authentication information required by said authentication request is available to said single sign-on interface is performed in response to a determination that the credentials located in the storage location are no longer valid.
  - 9. The method of claim 8, wherein the stored data indicative that the credentials have been authenticated are no longer valid if the user has not been actively utilizing the first device for a specified period of time or if the stored data are older than a permitted age.
  - 10. The method of claim 1, wherein the data indicative that the credentials have been authenticated are the credentials and the storing comprises placing the credentials in a secure storage location.
  - 11. The method of claim 1 further comprising after the storing, receiving a transmission packet containing a target host containing the target of the authentication request and wherein the second device comprises the target host.

12. A first network computing device in a SSO (single sign-on) network computing environment that includes a plurality of network computing devices, the first network computing device comprising:
- an operating system configured to control interaction between users of the first network computing device and a plurality of applications and data stored in the first network computing device, the operating system generating an authentication request on behalf of the plurality of applications;
  
  a single authentication module coupled to the operating system, the single authentication module comprising a SSO interface coupled to a SSO provider, and the SSO interface receiving the authentication request and the single authentication module configured to support each of said plurality of applications and data, and to determine that the required information to authenticate credentials of a user of the first network computing device is available prior to granting the user access to said plurality of applications and data and storing the required authentication information of the user'"'"'s credentials in a storage location, wherein once a user'"'"'s authentication information is present in the storage location, the user is no longer prompted to re-enter the authentication information; and
  
  a SSO module coupled to the operating system of the first network computing device and said SSO provider, said SSO module used by each of said plurality of network computing devices.
- View Dependent Claims (13, 14, 15, 21)
- - 13. The first network computing device of claim 12, wherein if a user'"'"'s credentials are not in the storage location when the single authentication module is processing an access request from the user, the single authentication module causes the operating system to prompt the user for authentication information.
  - 14. The first network computing device of claim 13, wherein the SSO provider is an authentication server, and the user'"'"'s authentication information is forwarded to the authentication server for authentication.
  - 15. The first network computing device of claim 12, wherein the single authentication module and the SSO module are unique to the operating system.
  - 21. The first network computing device of claim 12, wherein the SSO module is configured to transmit data indicating authentication of the user'"'"'s credentials to a second network computing device that is remotely located and containing applications or data to verify the validity of received credentials.

16. A networked computing environment comprising:
- a computer network to convey information and data;
  
  at least two network computing devices coupled to the computer network, each network computing device comprisingan operating system configured to control interaction between users of the network computing device and a plurality of applications and data stored in the network computing device, the operating system generating an authentication request on behalf of the plurality of applications;
  
  a single authentication module coupled to the operating system, the single authentication module comprising a single sign-on (SSO) interface coupled to a SSO provider and the SSO interface receiving the authentication request and the single authentication module configured to support each of said plurality of applications and data stored in said network computing device and to determine that the required information to authenticate credentials of a user of the network computing device is available prior to granting the user access to said plurality of applications and data and storing the required information to authenticate the user'"'"'s credentials in a secure storage location, wherein once a user'"'"'s authentication information is present in the storage location, the user is no longer prompted to re-enter the authentication information; and
  
  a SSO module for each of said at least two computing devices coupled to the operating system and the SSO provider, the single sign on SSO module being used by each of said at least two computing devices and being configured to transmit data indicative of the user'"'"'s credentials to another networked computing device that is remotely located and that contains applications or data and to verify the validity of received credentials.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The networked computing environment of claim 16, wherein a SSO module of a first networked computing device transmits the user'"'"'s credentials to a second networked computing device.
  - 18. The networked computing environment of claim 17, wherein another single authentication module at the second networked computing device verifies the user'"'"'s authentication information utilizing an authentication server of the networked computing environment.
  - 19. The networked computing environment of claim 16, wherein different networked computing devices utilize different operating systems, and wherein for each operating system, a single implementation of the single authentication module and the SSO module is used.
  - 20. The networked computing environment of claim 16, wherein different applications are installed in the networked computing environment, and wherein the applications are unaware of the presence of the single authentication module and the SSO module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Rockstar Consortium US LP (Rockstar Consortium Inc.)
Inventors
Soukup, Martin, Reiche, Albert, Hyndman, Arn, Li, Hongbo
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
HERZOG, MADHURI R

Application Number

US11/526,789
Publication Number

US 20080092215A1
Time in Patent Office

2,262 Days
Field of Search

726 1- 21, 726 26- 30, 713/153, 713/201, 713155-159, 713168-175, 713182-186, 709217-229
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

System and method for transparent single sign-on

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for transparent single sign-on

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links