Seamless cross-site user authentication status detection and automatic login

US 8,719,899 B2
Filed: 08/28/2009
Issued: 05/06/2014
Est. Priority Date: 07/02/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for a baseline authentication agency allowing for seamless login of a user as the user accesses a site of a collection of sites within a network, the method comprising:

retrieving computer-executable instructions from computer storage of a server of the baseline authentication agency; and

executing the computer-executable instructions on at least one computer processor of the server, thereby causing computer hardware of the server to perform operations comprising;

receiving a request from a browser of the user who has been previously been authenticated by the baseline authentication agency with respect to the network, the request comprising a site identifier related to the site, the request also comprising a cookie related to the user, the cookie including a reference designating the baseline authentication agency, the baseline authentication agency one of a set of baseline authentication agencies and associated with the user, wherein the cookie is stored on a global network domain used for cookie sharing and the collection of sites have access to cookies on the global network domain;

determining whether the cookie is valid;

when the cookie is valid,determining whether a trust relationship is established between the user and the site indicating that the site is one of a group of partner sites for which the user has defined login parameters;

generating a login ticket for the site and sending the login ticket to the user'"'"'s browser to allow for seamless login of the user to the site when the trust relationship is established; and

wherein the method further comprises generating JavaScript code thatwrites out an HTML form that includes the login ticket as a hidden field and a partner Web site global network login handler as an action URL, andauto-submits said HTML form such that the user'"'"'s browser posts the HTML form to the partner Web site, global network login handler URL on the site.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.

34 Citations

View as Search Results

10 Claims

1. A computer-implemented method for a baseline authentication agency allowing for seamless login of a user as the user accesses a site of a collection of sites within a network, the method comprising:
- retrieving computer-executable instructions from computer storage of a server of the baseline authentication agency; and
  
  executing the computer-executable instructions on at least one computer processor of the server, thereby causing computer hardware of the server to perform operations comprising;
  
  receiving a request from a browser of the user who has been previously been authenticated by the baseline authentication agency with respect to the network, the request comprising a site identifier related to the site, the request also comprising a cookie related to the user, the cookie including a reference designating the baseline authentication agency, the baseline authentication agency one of a set of baseline authentication agencies and associated with the user, wherein the cookie is stored on a global network domain used for cookie sharing and the collection of sites have access to cookies on the global network domain;
  
  determining whether the cookie is valid;
  
  when the cookie is valid,determining whether a trust relationship is established between the user and the site indicating that the site is one of a group of partner sites for which the user has defined login parameters;
  
  generating a login ticket for the site and sending the login ticket to the user'"'"'s browser to allow for seamless login of the user to the site when the trust relationship is established; and
  
  wherein the method further comprises generating JavaScript code thatwrites out an HTML form that includes the login ticket as a hidden field and a partner Web site global network login handler as an action URL, andauto-submits said HTML form such that the user'"'"'s browser posts the HTML form to the partner Web site, global network login handler URL on the site.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising checking if the site identifier is known or valid.
  - 3. The method of claim 1, wherein the cookie includes a set of user information.
  - 4. The method of claim 1, wherein sending the login ticket for the site comprises sending the JavaScript code.
  - 5. The method of claim 1, further comprising:
    - if the cookie is valid,receiving the ticket from the site;
      
      determining whether the ticket is valid; and
      
      if the ticket is valid, sending user identification information to the site, the user identification information to be used by the site to login the user.

6. A computer-implemented method for a baseline authentication agency that determines a user'"'"'s login permission for a site, the method comprising:
- retrieving computer-executable instructions from computer storage of a server of the baseline authentication agency; and
  
  executing the computer-executable instructions on at least one computer processor of the server, thereby causing computer hardware of the server to perform operations comprising;
  
  receiving a request from the user'"'"'s browser, the request comprising a site identifier related to the site, and a user status identifier related to the user and including a reference designating the baseline authentication agency, the baseline authentication agency being one of a set of baseline authentication agencies and is associated with the user;
  
  determining whether the user status identifier is valid;
  
  when the user status identifier is valid, determining whether the user has authorized seamless login for the site, the site selected the by the user to establish the site as one of a group of partner sites for which the user has defined login parameters; and
  
  generating a login ticket for the site and sending the login ticket to the user'"'"'s browser when the user has authorized seamless login for the site;
  
  wherein the user status identifier is stored on a global network domain used for sharing user status identifiers, and the site is one of a collection of sites with access to cookies on the global network domain; and
  
  wherein the method further comprises generating JavaScript code thatwrites out an HTML form comprising the login ticket as a hidden field and a partner Web site global network login handler as an action URL, andauto-submits said HTML form such that the user'"'"'s browser posts the HTML form to the partner Web site global network login handler URL on the site.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - checking if the site identifier is known or valid.
  - 8. The method of claim 6, wherein the user status identifier includes a set of user information.
  - 9. The method of claim 6, wherein sending the login ticket for the site comprises sending the JavaScript code.
  - 10. The method of claim 6, further comprising:
    - if the user status identifier is valid,receiving the ticket from the site;
      
      determining whether the ticket is valid; and
      
      if the ticket is valid,sending user identification information to the site, the user identification information to be used by the site to login the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Bright Sun Technologies, Series 42 of Allied Security Trust I (Allied Security Trust)
Inventors
Toomey, Christopher Newell, Cahill, Conor
Primary Examiner(s)
Schwartz, Darren B
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US12/550,302
Publication Number

US 20100064355A1
Time in Patent Office

1,712 Days
Field of Search

713/150, 713/155, 713/159, 713/170, 713182-186, 713188-189, 726 1- 10, 726 17- 21, 726 27- 30, 709/203, 709212-219, 709223-225, 709228-229, 711/5, 711/100, 711/105, 711/111, 711/112, 711/128, 711/154, 705/67, 705 75- 79, 705/18, 705/21, 705/26, 705 42- 44, 705404-405, 707 1- 3, 707/8, 707/10, 707/100, 707/103.R, 707/103.Z, 707200-205
US Class Current

726/2
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0807 using tickets, e.g. Kerbero...

Seamless cross-site user authentication status detection and automatic login

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Seamless cross-site user authentication status detection and automatic login

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others