System, method and program product for consolidated authentication
First Claim
Patent Images
1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising the steps of:
- the second computer receiving from the user a request to access the first application, and in response, the second computer redirecting the request to a third computer, and in response, the third computer determining that the user was previously authenticated based on a userID and password and notifying the second computer that the user is authentic, and in response, the second computer returning a session key to the third computer, the session key enabling a session with the first application but not with the second application, the first, second, and third computers being three different computers, the first and second applications installed in the second computer being different applications; and
in response to the third computer receiving the session key the third computer generating another session key which enables a session with both the first and second applications and sending the other session key to the first computer; and
the second computer receiving from the user another request with the other session key to access the first application, and in response the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can respond to the first computer to the other request; and
the second computer receiving from the user another request with the other session key to access the second application, and in response the second computer determining that the user is authentic and notifying the second application that the user is authentic so the second application can respond to the first computer to the other request to the second application.
0 Assignments
0 Petitions
Accused Products
Abstract
A first computer sends a request to the second computer to access the application. The second computer determines that the user has not yet been authenticated to the application. The second computer redirects the request to a third computer. The third computer determines that the user has been authenticated to the third computer. The third computer authenticates the user to the application. The second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. The third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer.
13 Citations
9 Claims
-
1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising the steps of:
-
the second computer receiving from the user a request to access the first application, and in response, the second computer redirecting the request to a third computer, and in response, the third computer determining that the user was previously authenticated based on a userID and password and notifying the second computer that the user is authentic, and in response, the second computer returning a session key to the third computer, the session key enabling a session with the first application but not with the second application, the first, second, and third computers being three different computers, the first and second applications installed in the second computer being different applications; and in response to the third computer receiving the session key the third computer generating another session key which enables a session with both the first and second applications and sending the other session key to the first computer; and the second computer receiving from the user another request with the other session key to access the first application, and in response the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can respond to the first computer to the other request; and the second computer receiving from the user another request with the other session key to access the second application, and in response the second computer determining that the user is authentic and notifying the second application that the user is authentic so the second application can respond to the first computer to the other request to the second application. - View Dependent Claims (2, 3)
-
-
4. A computer program product for authenticating a user at a first computer to first and second applications installed in a second computer, the computer program product comprising:
- one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising;
first program instructions for execution in the second computer to receive from the user a request to access the first application, and in response, redirect the request to a third computer; second program instructions for execution in the third computer, responsive to the redirected request, to determine that the user was previously authenticated based on a userID and password and notify the second computer that the user is authentic, and in response, the first program instructions return a session key to the third computer, the session key enabling a session with the first application but not with the second application, the first, second, and third computers being three different computers, the first and second applications installed in the second computer being different applications; and
whereinthe second program instructions, responsive to the third computer receiving the session key, to generate another session key which enables a session with both the first and second applications and send the other session key to the first computer; the first program instructions receive from the user another request with the other session key to access the first application, and in response determine that the user is authentic and notify the first application that the user is authentic so that the first application can respond to the first computer to the other request; and the first program instructions receive from the user another request with the other session key to access the second application, and in response determine that the user is authentic and notify the second application that the user is authentic so the second application can respond to the first computer to the other request to the second application. - View Dependent Claims (5, 6)
- one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising;
-
7. A computer system for authenticating a user at a first computer to first and second applications installed in a second computer, the computer system comprising:
- one or more processors, one or more computer-readable memories and one or more computer-readable tangible storage devices in the second computer and a third computer, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the program instructions comprising;
first program instructions for execution in the second computer to receive from the user a request to access the first application, and in response, redirect the request to the third computer; second program instructions for execution in the third computer, responsive to the redirected request, to determine that the user was previously authenticated based on a userID and password and notify the second computer that the user is authentic, and in response, the first program instructions return a session key to the third computer, the session key enabling a session with the first application but not with the second application, the first, second, and third computers being three different computers, the first and second applications installed in the second computer being different applications; and
whereinthe second program instructions, responsive to the third computer receiving the session key, to generate another session key which enables a session with both the first and second applications and send the other session key to the first computer; the first program instructions receive from the user another request with the other session key to access the first application, and in response determine that the user is authentic and notify the first application that the user is authentic so that the first application can respond to the first computer to the other request; and the first program instructions receive from the user another request with the other session key to access the second application, and in response determine that the user is authentic and notify the second application that the user is authentic so the second application can respond to the first computer to the other request to the second application. - View Dependent Claims (8, 9)
- one or more processors, one or more computer-readable memories and one or more computer-readable tangible storage devices in the second computer and a third computer, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the program instructions comprising;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsDoleh, Yaser K., Kalamaras, Christopher G., Marzorati, Mauro
-
Primary Examiner(s)Rahman, Mahfuzur
-
Assistant Examiner(s)LANE, GREGORY A
-
Application NumberUS13/480,038Publication NumberTime in Patent Office894 DaysField of Search713/155, 713/171, 726/8US Class Current713/155CPC Class CodesG06F 21/1012 to domainsG06F 21/335 for accessing specific reso...G06F 21/41 where a single sign-on prov...G06F 2221/2101 Auditing as a secondary aspectG06F 2221/2115 Third partyG06F 2221/2119 Authenticating web pages, e...H04L 63/0815 providing single-sign-on or...H04L 63/083 using passwords cryptograph...
