System and method for single session sign-on

US 8,707,410 B2
Filed: 06/17/2011
Issued: 04/22/2014
Est. Priority Date: 12/04/2001
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for validating credentials comprising:

receiving, using a first computer system, a request to access the first computer system;

making a determination, using the first computer system, that a client does not have a valid session credential to access the first computer system, wherein the determination further comprises whether the client has a valid session with a second computer system;

retrieving, using the first computer system, information from a session token held by the client based at least in part on the determination that the client does not have a valid session credential to access the first computer system, the information corresponding to the valid session credential for the second computer system;

transmitting, using the first computer system, at least a portion of the information from the session token to the second computer system; and

granting, using the first computer system, the client access to the first computer system based at least in part on the determination that the client has a valid session credential with the second computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for cross-system authentication or credentialing of clients. Credentials from one system (e.g., system 2) are placed on a client, such as with a cookie on a browser, and the credentials are then extracted by another system (e.g., system 1), and used by system 1 to impersonate the client to system 2. If the client'"'"'s credentials with system 2 are valid, system 2 provides that information to system 1 (which is impersonating the client), and system 1 uses the validity of the credentials from system 2 to grant the client access to protected resources on system 1.

896 Citations

19 Claims

1. A computer implemented method for validating credentials comprising:
- receiving, using a first computer system, a request to access the first computer system;
  
  making a determination, using the first computer system, that a client does not have a valid session credential to access the first computer system, wherein the determination further comprises whether the client has a valid session with a second computer system;
  
  retrieving, using the first computer system, information from a session token held by the client based at least in part on the determination that the client does not have a valid session credential to access the first computer system, the information corresponding to the valid session credential for the second computer system;
  
  transmitting, using the first computer system, at least a portion of the information from the session token to the second computer system; and
  
  granting, using the first computer system, the client access to the first computer system based at least in part on the determination that the client has a valid session credential with the second computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method according to claim 1, further comprising granting a session credential to the client by the first computer system, after determining that the client has a valid session credential granted by the second computer system.
  - 3. The method according to claim 1, further comprising sending a session token to the client, the token corresponding to a session credential granted by the first computer system.
  - 4. The method according to claim 1, wherein retrieving information from the session token held by the client comprises:
    - sending a query to the client from the first computer system.
  - 5. The method according to claim 4, the query including identification as originating from a domain name corresponding to the second computer system;
    - andthe method further including the step of receiving a response to the query.
  - 6. The method according to claim 1, further comprising granting a session credential for the second computer system.
  - 7. The method according to claim 1, further comprising associating session credentials for each of the first computer system and the second computer system with the client.
  - 8. The method of claim 1, wherein a protected resource in the first computer system includes content provided on a pay-per-use basis, and wherein a protected resource in the second computer system includes content provided on a pay-per-use basis.
  - 9. The method of claim 1, wherein a protected resource in the first computer system includes content provided on a subscription basis, and wherein a protected resource in the second computer system includes content provided on a subscription basis.
  - 10. The method of claim 1, wherein the request to access the first computer system includes an authentication process.
  - 11. The method of claim 10, the authentication process including a login in which the client enters a user name and password.
  - 12. The method of claim 10, the authentication process including a login in which the client inputs biometric information.
  - 13. The method of claim 10, the authentication process including a login in which the client inputs smartcard information.
  - 14. The method of claim 1, the session token, held by the client, being in the form of a cookie.
  - 15. The method of claim 1, wherein at least one of the first computer system and the second computer system provide a financial related protected resource to the client.
  - 16. The method of claim 1, the method further including the first computer system directing the client to the second computer system in conjunction with said request to access the first computer system.
  - 17. The method of claim 16, the method further including the first computer system directing the client to the second computer system in such a way that the second computer system redirects the client back to the first computer system.
  - 18. The method of claim 17, the second computer system, after authentication by the second computer system, redirecting the client back to a login page of the first computer system.

19. Computer executable software code stored on a non-transitory computer-readable storage medium and transmitted as an information signal, the code for validating credentials, the code comprising:
- code to input, at first computer system, a request to access the first computer system;
  
  code to make a determination, at the first computer system, that a client does not have a valid session credential to access the first computer system, wherein the determination further comprises whether the client has a valid session with a second computer system;
  
  code to retrieve, at the first computer system, information from a session token held by the client based at least in part on the determination that the client does not have a valid session credential to access the first computer system, the information corresponding to the valid session credential for the second computer system;
  
  code to transmit, at the first computer system, at least a portion of the information from the session token to the second computer system; and
  
  code to grant, at the first computer system, the client access to the first computer system based at least in part on the determination that the client has a valid session credential with the second computer system; and
  
  the first computer system having a first protected resource that is accessible upon the client having the access to the first computer system; and
  
  the second computer system having a second protected resource that is accessible upon the client having the access to the first computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Miller, Lawrence R, Trenholm, Martin J.
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US13/163,293
Publication Number

US 20110252465A1
Time in Patent Office

1,040 Days
Field of Search

726/8, 713/185
US Class Current

726/8
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

System and method for single session sign-on

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

896 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for single session sign-on

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

896 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links