Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network

US 9,059,987 B1
Filed: 04/04/2013
Issued: 06/16/2015
Est. Priority Date: 04/04/2013
Status: Active Grant

First Claim

Patent Images

1. A method for accessing an application on a server within an enterprise network while being protected behind a firewall, comprising:

retrieving, by an authentication system, an authentication message comprising a user name associated with a user identification for the enterprise network, the authentication message being generated by a web server sending an authentication request response comprising a randomly generated key and receiving the authentication message which comprises the user name and encrypted password with the randomly generated key to validate the authentication message, wherein the authentication message is associated with a browser that originates the authentication message subsequent to being logged into the enterprise network via the user name authorized for use on the enterprise network, and wherein the authentication system is associated with the application server having at least partial integration with the enterprise network;

based on the user name of the authentication message, determining, by the authentication system, that an application login account has not been generated for a data store of the authentication system, wherein the application login account is associated with the user identification for the enterprise network and comprises an application user name corresponding to the user name of the authentication message;

retrieving, by the authentication system from a user data store behind the firewall, an enterprise login account for the enterprise network to generate the application login account for the data store of the authentication system;

authenticating, by the authentication system, the user name with the application login account;

providing, by the authentication system, access to the application on the server within the enterprise network based on the authentication; and

generating, by the authentication system, at least one application metric based on at least one application data point that is associated with access to the application on the server, the application metric comprising at least one of a frequency that access to the application is successfully attempted, a frequency that a particular user name successfully attempts access to the application, a total number of successful access attempts to the application, or a total number of successful access attempts to the application by a particular user name.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for accessing, using an authentication system, an application server within an enterprise network is disclosed. The method comprises retrieving an authentication message comprising a user name, wherein the authentication system is associated with the application server. The method comprises determining that a login account is not stored in a data store of the authentication system, wherein the login account is associated with a user identification and comprises a user name that matches the user name of the authentication message. The method comprises retrieving a login account from a user data store to generate a login account in the data store associated with the authentication system, wherein the login account is associated with the user name. The method comprises authenticating the user name with the login account. The method comprises providing to a user associated with the user name, access based on the authentication to the project server.

68 Citations

View as Search Results

18 Claims

1. A method for accessing an application on a server within an enterprise network while being protected behind a firewall, comprising:
- retrieving, by an authentication system, an authentication message comprising a user name associated with a user identification for the enterprise network, the authentication message being generated by a web server sending an authentication request response comprising a randomly generated key and receiving the authentication message which comprises the user name and encrypted password with the randomly generated key to validate the authentication message, wherein the authentication message is associated with a browser that originates the authentication message subsequent to being logged into the enterprise network via the user name authorized for use on the enterprise network, and wherein the authentication system is associated with the application server having at least partial integration with the enterprise network;
  
  based on the user name of the authentication message, determining, by the authentication system, that an application login account has not been generated for a data store of the authentication system, wherein the application login account is associated with the user identification for the enterprise network and comprises an application user name corresponding to the user name of the authentication message;
  
  retrieving, by the authentication system from a user data store behind the firewall, an enterprise login account for the enterprise network to generate the application login account for the data store of the authentication system;
  
  authenticating, by the authentication system, the user name with the application login account;
  
  providing, by the authentication system, access to the application on the server within the enterprise network based on the authentication; and
  
  generating, by the authentication system, at least one application metric based on at least one application data point that is associated with access to the application on the server, the application metric comprising at least one of a frequency that access to the application is successfully attempted, a frequency that a particular user name successfully attempts access to the application, a total number of successful access attempts to the application, or a total number of successful access attempts to the application by a particular user name.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the authentication system provides a gateway from the enterprise network to the application server, and wherein the authentication message is generated by:
    - receiving, by a web server, an anonymous http request to access the web server associated with the application server, wherein the anonymous http request does not provide a user name and password;
      
      sending, by the web server, an anonymous access http request response that access to the web server is unauthorized; and
      
      receiving, by the web server, an authentication protocols request to access the web server, wherein the authentication protocols request comprises authentication protocols supported by the web server.
  - 3. The method of claim 1, wherein retrieving comprises:
    - detecting, by the authentication system coupled behind the firewall of the enterprise network, that the authentication message is to be routed from within the enterprise network to the application server, the application server being protected behind the firewall; and
      
      intercepting the authentication message before the authentication message is received by the application server.
  - 4. The method of claim 1, wherein the authentication system is coupled to a terminal that accesses the enterprise network, the terminal being associated with a browser sending the authentication message.
  - 5. The method of claim 1, wherein the authentication system is coupled to the application server and the enterprise network while remaining behind the firewall.
  - 6. The method of claim 1, the method further comprising recording, by the authentication system, the number of occurrences the user name is authenticated with the application login account.
  - 7. The method of claim 1, wherein the authentication system authenticates the user name with the application login account without validating the authentication message.
  - 8. The method of claim 1, wherein the authentication system provides access to the application server for the application login account subsequent to the authenticating and without retrieving the user identification associated with the user name from the user data store responsive to the user identification associated with the user name being stored with the application login account for the authentication system.

9. A system for accessing a server within an enterprise network is protected behind a firewall, the system comprising:
- a user data store comprising a plurality of enterprise login accounts that each comprise a user name and encrypted password;
  
  a server coupled to at least one processor and a non-transitory memory storing an application that configures the at least one processor upon execution, wherein the server is accessed by a terminal via the enterprise network, the terminal being associated with a browser that originates an authentication message subsequent to being logged into the enterprise network via a user name authorized for use on the enterprise network; and
  
  an authentication system comprising a data store having non-transitory memory, that is configured to store one or more application login accounts, wherein the authentication system is coupled to the server and configures the at least one processor to;
  
  retrieve the authentication message comprising the user name that is associated with a user identification for the enterprise network, wherein the authentication system is associated with the application executable on the server, the authentication message being generated by a web server sending an authentication request response comprising a randomly generated key and receiving the authentication message which comprises the user name and encrypted password with the randomly generated key to validate the authentication message,determine that an application login account is not stored in the data store of the authentication system, wherein the application login account is associated with the user identification and comprises an application user name that matches the user name of the authentication message;
  
  retrieve an enterprise login account from a user data store to generate the application login account for the data store based on the enterprise login account;
  
  authenticate the user name with the application login account;
  
  provide, to the terminal associated with the user name, access to the application on the server based on the authentication; and
  
  generate at least one application metric based on at least one application data point that is associated with access to the application on the server, the application metric comprising at least one of a frequency that access to the application is successfully attempted, a frequency that a particular user name successfully attempts access to the application, a total number of successful access attempts to the application, or a total number of successful access attempts to the application by a particular user name.
- View Dependent Claims (10)
- - 10. The system of claim 9, wherein the server is accessible only through the enterprise network and behind the firewall.

11. A method of tracking access of an application on a server from within an enterprise network behind a firewall, comprising:
- retrieving, by an authentication system coupled to the enterprise network and the server, an authentication message that comprises a user name, wherein the authentication system is associated with the application that is among a plurality of applications coupled to the enterprise network, wherein each of the plurality of applications being associated with a different authentication system, wherein the authentication message is generated by a web server sending an authentication request response comprising a randomly generated key and receiving the authentication message which comprises the user name and encrypted password with the randomly generated key to validate the authentication message, and wherein the authentication message is associated with a browser that originates the authentication message subsequent to being logged into the enterprise network via the user name authorized for use on the enterprise network;
  
  determining, by the authentication system, that an application login account is not stored in a data store of the authentication system, wherein the application login account is associated with a user identification of the enterprise network and comprises an application user name that matches the user name of the authentication message;
  
  retrieving, by the authentication system, an enterprise network login account from a user data store to generate the application login account in the data store of the authentication system, wherein the enterprise network login account is associated with the user name of the authentication message;
  
  authenticating, by the authentication system, the user name with the application login account, wherein authenticating comprises achieving a successful access attempt to the application on the server;
  
  recording, by the authentication system, one or more application data points tare associated with each successful access attempt to the application on the server; and
  
  based on the one or more application data points, generating, by the authentication system, one or more application metrics that comprise at least one of the frequency that access to the application is successfully attempted, the frequency that a particular user name successfully attempts access to the application the total number of successful access attempts to the application, and the total number of successful access attempts to the application by a particular user name.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein the authentication message is generated by:
    - receiving, by a web server, an anonymous http request to access the web server, wherein the anonymous http request does not provide a user identification and password;
      
      sending, by the web server, an anonymous access http request response that access to the web server is unauthorized; and
      
      receiving, by the web server, an authentication protocols request to access the web server, wherein the authentication protocols request comprise authentication protocols supported by the web server.
  - 13. The method of claim 12, wherein retrieving comprises:
    - detecting that the authentication message is to be sent to one of the application or the server; and
      
      intercepting the authentication message before the authentication message is received by the application.
  - 14. The method of claim 11, wherein a user, logged into the enterprise network by providing an authorized user name and password corresponding to the enterprise network login account, sends the authentication message via a browser.
  - 15. The method of claim 11, wherein the authentication system is located at a terminal associated with a browser sending the authentication message.
  - 16. The method of claim 12, wherein the authentication system is located at the server.
  - 17. The method of claim 11, wherein the one or more application data points comprise at least one of a count of successful access attempts, a count of successful access attempts using a particular user name, and the time associated with each successful access attempt.
  - 18. The method of claim 11, wherein the one or more application data points further comprise duration of access to a particular application and the one or more application metrics further comprise at least one of a total duration of time that a particular application is accessed, the total duration of time that a particular user name accesses a particular application, the peak time that a particular application is used, and the peak time that a particular user name uses a particular application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Miller, Eric E., Lofland, Bruce, Teixeira, Joao Tex
Primary Examiner(s)
Desrosiers, Evans

Application Number

US13/857,144
Time in Patent Office

803 Days
Field of Search

713168-174, 713182-186, 713/202, 709/206, 709/225, 709/229, 709/249, 709/389, 726 2- 8
US Class Current

1/1
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/168 above the transport layer

Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others