Methods systems and articles of manufacture for implementing user access to remote resources

US 8,544,069 B1
Filed: 04/29/2011
Issued: 09/24/2013
Est. Priority Date: 04/29/2011
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for implementing user access to a remote resource, comprising:

receiving, at a first computer, a request from a user computing device through a first network to access the remote resource, wherein the remote resource resides on a second computer accessible by the first computer through a second network;

performing, at the first computer, automatic logon for the user using stored user credentials, performing automatic logon comprising;

identifying or creating a new session between the first computer and the second computer, andcausing the user to be authenticated or authorized to the second computer via the new session utilizing an aggregation process, causing the user to be authenticated or authorized comprising;

invoking the aggregation process on the first computer,using the aggregation process to retrieve or identify a user credential stored and accessible by the first computer, andtransmitting the user credential to the second computer for authenticating or authorizing the user on the second computer, wherein the stored user credentials authenticate or authorize the user to access the remote resource on the second computer when the user uses the stored user credentials to separately log onto the second computer, the new session between the first computer and the second computer through the second network is identified or created without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the remote resource to the user, and authentication of the user on the first computer grants the user access to the remote resource on the second computer; and

enabling, by the first computer, the user to access the remote resource by using the new session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and articles of manufacture for implementing user access to remote resources residing on an external domain. Various implementations include authenticating and authorizing a user on a first system and receiving user request to access remote resources. The first system invokes processes or modules to initiate a new session to perform auto logon on behalf of the user on a second system by using stored user'"'"'s credentials and subdomain delegation techniques without user intervention. The second system authenticates and authorizes this new session to allow user access to remote resources residing thereupon. The first system further prepares the user'"'"'s system to take over the new session by setting cookie(s) and also by redirecting the URL so the user may continue to use the new session to access the desired remote resources residing on the second system.

Citations

25 Claims

1. A computer implemented method for implementing user access to a remote resource, comprising:
- receiving, at a first computer, a request from a user computing device through a first network to access the remote resource, wherein the remote resource resides on a second computer accessible by the first computer through a second network;
  
  performing, at the first computer, automatic logon for the user using stored user credentials, performing automatic logon comprising;
  
  identifying or creating a new session between the first computer and the second computer, andcausing the user to be authenticated or authorized to the second computer via the new session utilizing an aggregation process, causing the user to be authenticated or authorized comprising;
  
  invoking the aggregation process on the first computer,using the aggregation process to retrieve or identify a user credential stored and accessible by the first computer, andtransmitting the user credential to the second computer for authenticating or authorizing the user on the second computer, wherein the stored user credentials authenticate or authorize the user to access the remote resource on the second computer when the user uses the stored user credentials to separately log onto the second computer, the new session between the first computer and the second computer through the second network is identified or created without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the remote resource to the user, and authentication of the user on the first computer grants the user access to the remote resource on the second computer; and
  
  enabling, by the first computer, the user to access the remote resource by using the new session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer implemented method of claim 1, in which the action of receiving the request comprises:
    - identifying a first session between the user and the first computer;
      
      allowing the user to access a product or a service on the first computer upon or after authenticating or authorizing the first session; and
      
      receiving the request from the user via the first session.
  - 3. The computer implemented method of claim 1, in which the action of performing the automatic logon for the user is performed without user intervention.
  - 4. The computer implemented method of claim 1, in which the request from the user to access the remote resource comprises a single click in a user interface on the user'"'"'s computing device.
  - 5. The computer implemented method of claim 1, in which the action of causing the user to be authenticated or authorized to the second computer further comprises:
    - receiving a cookie from the second computer for authenticating or authorizing the user, wherein the action of transmitting the user credential further comprises;
      
      sending the cookie with the user credential to the second computer.
  - 6. The computer implemented method of claim 1, in which the action of invoking the aggregation process comprises:
    - causing a subdomain delegation for a subdomain of a parent domain to be created on the second computer hosting the remote resource; and
      
      creating or configuring a zone and domain name server records for the sub domain of the parent domain to direct access to the second computer to the first computer.
  - 7. The computer implemented method of claim 6, in which the sub domain of the parent domain is created or configured on the first computer.
  - 8. The computer implemented method of claim 6, further comprising:
    - creating or configuring a third system for the zone and the domain name server records for the sub domain of the parent domain.
  - 9. The computer implemented method of claim 6, in which the action of causing the sub domain delegation for the subdomain of the parent domain to be created on the second computer comprises:
    - identifying or creating a parent zone in the second computer hosting the parent domain in which the remote resource reside; and
      
      creating or modifying a DNS (domain name server) zone file for the parent domain.
  - 10. The computer implemented method of claim 9, in which the action of causing the sub domain delegation for the sub domain of the parent domain to be created on the second computer further comprises:
    - identifying or creating a sub domain zone on the first computer.
  - 11. The computer implemented method of claim 10, in which the action of identifying or creating the subdomain zone on the first computer comprises:
    - identifying or creating the subdomain zone on the first computer; and
      
      identifying or generating a subdomain configuration file that includes configurations of the sub domain.
  - 12. The computer implemented method of claim 11, in which the action of causing the sub domain delegation for the sub domain of the parent domain to be created on the second computer further comprises modifying the sub domain configuration file.
  - 13. The computer implemented method of claim 9, in which the action of creating or modifying the DNS (domain name server) zone file for the parent domain comprises:
    - defining a name server for the parent domain in the DNS zone file; and
      
      defining an address record for the name server in the DNS zone file.
  - 14. The computer implemented method of claim 13, in which the action of creating or modifying the DNS (domain name server) zone file for the parent domain further comprises at least one of:
    - defining a parent domain level server, host, or service in the DNS zone file; and
      
      defining the sub domain configuration for the parent domain in the DNS zone file.
  - 15. The computer implemented method of claim 1, in which the action of enabling the user to access the remote resource by using the first session comprises:
    - identifying a URL (uniform resource locator) redirection and a cookie that is received by the first computer from the second computer;
      
      setting a browser cookie for a user browser on a parent domain of the second system; and
      
      redirecting the user browser to a parent domain hosting the remote resource on the second computer via the new session.
  - 16. The computer implemented method of claim 15, in which the action of setting the browser cookie for the user browser comprises:
    - identifying content of the cookie;
      
      identifying a session identifier for the new session based at least in part upon the content of the cookie; and
      
      generating or modifying the browser cookie by using at least the session identifier.
  - 17. The computer implemented method of claim 16, in which the action of setting the browser cookie for the user browser further comprises:
    - determining whether or not to decompress or decrypt at least a portion of the content of the cookie, in which the portion comprises at least data of the new session;
      
      identifying user preference from the cookie; and
      
      setting the user preference in the browser cookie.

18. A system for implementing user access to a remote resource, comprising a first computer that communicates with a user through a first network and is configured to at leastreceive at the first computer, a request from the user through the first network to access the remote resource, wherein the remote resource resides on a second computer accessible by the first computer through a second network,perform, at the first computer, automatic logon for the user using stored user credentials, which authenticate or authorize the user to access the remote resource on the second computer when the user uses the stored user credentials to separately log onto the second computer, and a new session between the first computer and the second computer through the second network without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the remote resource to the user, and authentication of the user on the first computer grants the user access to the remote resource on the second computer, and enable, by the first computer, the user to access the remote resource by using the new session, the first computer being further configured to identify or create the new session between the first computer and the second computer, cause the user to be authenticated or authorized to the second computer via the new session by using an aggregation process, invoke the aggregation process on the first computer, use the aggregation process to retrieve or identify a user credential that is stored and accessible by the first computer, transmit the user credential to the second computer for authenticating or authorizing the user on the second computer, cause a sub domain delegation for a sub domain of a parent domain to be created on the second computer hosting the remote resource, wherein the first computer that is configured to cause the subdomain delegation to be created is further configured to:
- create or configure a zone and domain name server records for the sub domain of the parent domain; and
  
  create or configure a third system for the zone and the domain name server records for the sub domain of the parent domain.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, in which the first computer that is configured to receive the request is further configured to identify a first session between the user and the first computer, allow the user to access a product or a service on the first system upon or after authenticating or authorizing the first session, and receive the request from the user via the first session.
  - 20. The system of claim 18, the first computer being further configured for performing the action of causing the user to be authenticated or authorized to the second computer, the action of causing the user to be authenticated or authorized to the second computer further comprising identifying or creating a parent zone in the second computer hosting the parent domain in which the remote resource reside, creating or modifying a DNS (domain name server) zone file for the parent domain, and identifying or creating a sub domain zone on the first computer.
  - 21. The system of claim 18, the first computer being further configured for performing the action of causing the user to be authenticated or authorized to the second computer, the action of causing the user to be authenticated or authorized to the second computer further comprising receiving a cookie from the second computer for authenticating or authorizing the user, wherein the action of transmitting the user credential further comprises sending the cookie with the user credential to the second computer.

22. An article of manufacture comprising a non-transitory computer accessible storage medium having one or more instructions which, when executed by at least one processor, cause the at least one processor to perform a process for implementing user access to a remote resource, the process comprising:
- receiving, at the first computer, a request from a user through a first network to access the remote resource, wherein the remote resource resides on a second computer accessible by the first computer through a second network, performing, at the first computer, automatic logon for the user using stored user credentials, which authenticate or authorize the user to access the remote resource on the second computer when the user uses the stored user credentials to separately log onto the second computer, and a new session between the first computer and the second computer through the second network without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the remote resource to the user, and authentication of the user on the first computer grants the user access to the remote resource on the second computer, and enabling, by the first computer, the user to access the remote resource by using the new session, the action of performing the automatic logon for the user further comprising;
  
  identifying or creating the new session between the first computer and the second computer, causing the user to be authenticated or authorized to the second computer via the new session by using an aggregation process, invoking the aggregation process on the first computer, using the aggregation process to retrieve or identify a user credential that is stored and accessible by the first computer, transmitting the user credential to the second computer for authenticating or authorizing the user on the second computer, causing a subdomain delegation for a sub domain of a parent domain to be created on the second computer hosting the remote resource, the action of causing the subdomain delegation to be created comprising;
  
  creating or configuring a zone and domain name server records for the sub domain of the parent domain, and creating or configuring a third system for the zone and the domain name server records for the subdomain of the parent domain.
- View Dependent Claims (23, 24, 25)
- - 23. The article of manufacture of claim 22, the action of receiving the request comprises further comprising:
    - identifying a first session between the user and the first computer, allowing the user to access a product or a service on the first computer upon or after authenticating or authorizing the first session, and receiving the request from the user via the first session.
  - 24. The article of manufacture of claim 22, the action of causing the user to be authenticated or authorized to the second computer further comprising:
    - identifying or creating a parent zone in the second computer hosting the parent domain in which the remote resource reside, creating or modifying a DNS (domain name server) zone file for the parent domain, and identifying or creating a subdomain zone on the first computer.
  - 25. The article of manufacture of claim 22, the action of causing the user to be authenticated or authorized to the second computer further comprising:
    - receiving a cookie from the second computer for authenticating or authorizing the user, wherein the action of transmitting the user credential further comprises sending the cookie with the user credential to the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Subbiah, Thirugnanam, Hanscom, Ken
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/097,723
Time in Patent Office

879 Days
Field of Search

726/4, 715/150, 340/5.8
US Class Current

726/4
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 61/4511   using domain name system [DNS]

H04L 63/0236   Filtering by address, proto...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

Methods systems and articles of manufacture for implementing user access to remote resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Methods systems and articles of manufacture for implementing user access to remote resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links