System for and method of providing single sign-on (SSO) capability in an application publishing environment

US 8,713,658 B1
Filed: 05/25/2012
Issued: 04/29/2014
Est. Priority Date: 05/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method of providing single sign-on (SSO) capability in an application publishing environment, the method comprising:

receiving, by a gateway service, an access request from a client application;

prompting, by the gateway service, the client application, for credentials;

authenticating, by the gateway service, the client application using the credentials;

responsive to a successful authentication, selecting an initial host computer from a cluster of host computers;

encrypting, by the gateway service, the credentials using a public key associated with the selected host computer;

transmitting, by the gateway service, the encrypted credentials to the host computer;

decrypting, by the host computer, the encrypted credentials;

authenticating, by the host computer, the client application using the decrypted credentials; and

responsive to a successful authentication on said host computer;

starting, by the host computer, a host session for the client application, andautomatically erasing the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process.

65 Citations

View as Search Results

19 Claims

1. A method of providing single sign-on (SSO) capability in an application publishing environment, the method comprising:
- receiving, by a gateway service, an access request from a client application;
  
  prompting, by the gateway service, the client application, for credentials;
  
  authenticating, by the gateway service, the client application using the credentials;
  
  responsive to a successful authentication, selecting an initial host computer from a cluster of host computers;
  
  encrypting, by the gateway service, the credentials using a public key associated with the selected host computer;
  
  transmitting, by the gateway service, the encrypted credentials to the host computer;
  
  decrypting, by the host computer, the encrypted credentials;
  
  authenticating, by the host computer, the client application using the decrypted credentials; and
  
  responsive to a successful authentication on said host computer;
  
  starting, by the host computer, a host session for the client application, andautomatically erasing the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16, 17, 18)
- - 2. The method of claim 1, further comprising registering the host computer with the gateway server.
  - 3. The method of claim 2, wherein registration includes the gateway service generating encryption keys for the host computer, the generated encryption keys including the public key associated with the host computer.
  - 4. The method of claim 3, wherein the generated encryption keys further include a private key associated with the host computer.
  - 5. The method of claim 4, wherein the encrypted credentials can only be decrypted with the private key associated with the host computer.
  - 6. The method of claim 1, further comprising publishing a list of a plurality of available resources.
  - 7. The method of claim 1, wherein another access request is received for a resource on another host computer.
  - 8. The method of claim 7, wherein the gateway service forwards the request to the initially selected host computer.
  - 9. The method of claim 8, wherein the authentication on the initially selected host computer is used to authenticate the request for the other host computer.
  - 16. The system of claim 1, wherein the gateway service receives another access request is received for a resource on another host computer of the one or more host computers.
  - 17. The system of claim 16, wherein the gateway service forwards the request to the initially selected host computer.
  - 18. The system of claim 17, wherein the authentication on the initially selected host computer is used to authenticate the request for the other host computer.

10. A system for providing single sign-on (SSO) capability in an application publishing environment, the system comprising:
- a cluster of one or more host computers;
  
  a gateway service that;
  
  receives an access request from a client application;
  
  prompts the client application, for credentials;
  
  authenticates the client application using the credentials;
  
  responsive to a successful authentication, selects an initial host computer from the cluster of one or more host computers;
  
  encrypts the credentials using a public key associated with the selected host computer;
  
  transmits the encrypted credentials to the host computer;
  
  wherein the host computer;
  
  decrypts the encrypted credentials;
  
  authenticates the client application using the decrypted credentials; and
  
  responsive to a successful authentication by the host computer;
  
  starts a host session for the client applicationautomatically erases the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the gateway service registers each of the host computers.
  - 12. The system of claim 11, wherein registration includes the gateway service generating encryption keys for the host computer, the generated encryption keys including the public key associated with the host computer.
  - 13. The system of claim 12, wherein the generated encryption keys further include a private key associated with the host computer.
  - 14. The system of claim 13, wherein the encrypted credentials can only be decrypted with the private key associated with the host computer.
  - 15. The system of claim 10, wherein the host computers publish a list of a plurality of available resources.

19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for providing single sign-on (SSO) capability in an application publishing environment, the method comprising:
- receiving an access request from a client application;
  
  prompting the client application, for credentials;
  
  authenticating the client application using the credentials;
  
  responsive to a successful authentication, selecting an initial host computer from a cluster of host computers;
  
  encrypting, by the gateway service, the credentials using a public key associated with the selected host computer;
  
  transmitting the encrypted credentials to the host computer;
  
  decrypting, by the host computer, the encrypted credentials;
  
  authenticating, by the host computer, the client application using the decrypted credentials; and
  
  responsive to a successful authentication by the host computer;
  
  starting, by the host computer, a host session for the client application, andautomatically erasing the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
GraphOn Corporation
Inventors
Tidd, William
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US13/481,742
Time in Patent Office

704 Days
Field of Search

713/155, 726/8, 715/200
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

System for and method of providing single sign-on (SSO) capability in an application publishing environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System for and method of providing single sign-on (SSO) capability in an application publishing environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links