System for and method of providing single sign-on (SSO) capability in an application publishing environment

US 9,398,001 B1
Filed: 01/10/2014
Issued: 07/19/2016
Est. Priority Date: 05/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method for providing single-sign-on capability, the method comprising:

receiving at a gateway service an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user;

executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service;

automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer,selects another host computer from the cluster that has the requested resource, andidentifies that a host session is running on the initial host computer,forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and

executing further instructions, wherein execution of the further instructions by the processor;

determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, andprovides the requested resource to the authenticated user at the client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process.

213 Citations

19 Claims

1. A method for providing single-sign-on capability, the method comprising:
- receiving at a gateway service an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user;
  
  executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service;
  
  automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer,selects another host computer from the cluster that has the requested resource, andidentifies that a host session is running on the initial host computer,forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and
  
  executing further instructions, wherein execution of the further instructions by the processor;
  
  determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, andprovides the requested resource to the authenticated user at the client device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein authentication comprises relaying challenges from the initial host computer to the other host computer.
  - 3. The method of claim 2, wherein authentication further comprises relaying challenge responses from the other host computer to the initial host computer.
  - 4. The method of claim 1, wherein determining that the authentication on the other host computer is successful comprises determining that no errors have occurred.
  - 5. The method of claim 1, wherein determining that the authentication on the other host computer is successful comprises determining that no attempted spoofing has been detected.
  - 6. The method of claim 1, wherein the requested resource is provided via the gateway service and a client application.

7. An apparatus for providing single-sign-on capability, the apparatus comprising:
- a gateway server communication interface that receives over a communication network an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user;
  
  memory that stores a gateway service database comprising user credentials;
  
  a gateway server processor coupled to the memory, wherein execution of instructions by the gateway server processor;
  
  automatically erases user credentials from the gateway service database in the memory subsequent to successful authentication of the user credentials on the initial host computer,selects another host computer from the cluster that has the requested resource, andidentifies that a host session is running on the initial host computer,wherein the gateway server communication interface forwards the access request over the communication network to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and
  
  wherein the gateway server processor executes further instructions, wherein execution of the further instructions;
  
  determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, andprovides the requested resource to the authenticated user at the client device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, wherein the initial host computer authenticates the user credentials by relaying challenges from the initial host computer to the other host computer.
  - 9. The apparatus of claim 8, wherein the initial host computer receives challenge responses sent from the other host computer to the initial host computer.
  - 10. The apparatus of claim 7, wherein the gateway server processor determines that the authentication on the other host computer is successful by identifying that no errors have occurred.
  - 11. The apparatus of claim 7, wherein the gateway server processor determines that the authentication on the other host computer is successful by identifying that no attempted spoofing has been detected.
  - 12. The apparatus of claim 7, wherein the communication interface and a client application provide the requested resource over the communication network to the client device.

13. A system for providing single-sign-on capability, the system comprising:
- a cluster comprising a plurality of host computers; and
  
  a gateway service associated with the cluster, the gateway service comprising;
  
  a communication interface receiving an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user;
  
  a processor for executing instructions stored in memory of the gateway service, wherein execution of the instructions;
  
  automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer,selects another host computer from the cluster that has the requested resource, andidentifies that a host session is running on the initial host computer,wherein the communication interface forwards the access request to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and
  
  wherein the processor executes further instructions, wherein execution of the further instructions;
  
  determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, andprovides the requested resource to the authenticated user at the client device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein authentication comprises relaying challenges from the initial host computer to the other host computer.
  - 15. The system of claim 14, wherein authentication comprises relaying challenge responses from the other host computer to the initial host computer.
  - 16. The system of claim 13, wherein determining that the authentication on the other host computer is successful comprises the processor executing instructions to determine that no errors have occurred.
  - 17. The system of claim 13, wherein determining that the authentication on the other host computer is successful comprises the processor executing instructions to determine that no attempted spoofing has been detected.
  - 18. The system of claim 13, wherein the requested resource is provided via the communication interface and a client application.

19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for providing single-sign-on capability, the method comprising:
- receiving an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user;
  
  automatically erasing user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer;
  
  selecting another host computer from the cluster that has the requested resource;
  
  identifying that a host session is running on the initial host computer;
  
  forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials;
  
  determining that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user; and
  
  providing the requested resource to the authenticated user at the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Hopto Inc.
Inventors
Tidd, William
Primary Examiner(s)
Pyzocha, Michael

Application Number

US14/152,303
Time in Patent Office

921 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

System for and method of providing single sign-on (SSO) capability in an application publishing environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

213 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System for and method of providing single sign-on (SSO) capability in an application publishing environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

213 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links