Methods systems and articles of manufacture for implementing user access to remote resources

US 9,787,664 B1
Filed: 02/12/2016
Issued: 10/10/2017
Est. Priority Date: 04/29/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for implementing user access to a plurality of remote resources, comprising:

receiving, at the first computer, a single click on a user interface element of a user computing device through a first network for accessing the plurality of remote resources, wherein the plurality of remote resources reside on a second computer accessible by the first computer through a second network;

performing, at the first computer;

automatic logon for the user, without human intervention other than the single click, using centrally stored user credentials that are used to authenticate or authorize the user access to the plurality of remote resources each requiring a separate authentication or authorization on the second computer, whereinthe user computing device includes no login logic for authenticating or authorizing the user access to the plurality of remote resources and is authenticated or authorized to access the plurality of remote resources on the second computer, without transmitting the centrally stored user credentials from the user computing device or using a single-sign-on mechanism where at least one ticket is passed between the first computer and the second computer to service at least one of the plurality of remote resources to the user;

initiation or identification of a new session between the first computer and the second computer through the second network, andauthentication or authorization of the user on the first computer granting the user access to the plurality of remote resources on the second computer; and

enabling, by the first computer, the user to access the plurality of remote resources by using the new session in response to the single click on the user interface element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and articles of manufacture for implementing user access to remote resources residing on an external domain. Various implementations include authenticating and authorizing a user on a first system and receiving user request to access remote resources. The first system invokes processes or modules to initiate a new session to perform auto logon on behalf of the user on a second system by using stored user'"'"'s credentials and subdomain delegation techniques without user intervention. The second system authenticates and authorizes this new session to allow user access to remote resources residing thereupon. The first system further prepares the user'"'"'s system to take over the new session by setting cookie(s) and also by redirecting the URL so the user may continue to use the new session to access the desired remote resources residing on the second system.

46 Citations

View as Search Results

31 Claims

1. A computer implemented method for implementing user access to a plurality of remote resources, comprising:
- receiving, at the first computer, a single click on a user interface element of a user computing device through a first network for accessing the plurality of remote resources, wherein the plurality of remote resources reside on a second computer accessible by the first computer through a second network;
  
  performing, at the first computer;
  
  automatic logon for the user, without human intervention other than the single click, using centrally stored user credentials that are used to authenticate or authorize the user access to the plurality of remote resources each requiring a separate authentication or authorization on the second computer, whereinthe user computing device includes no login logic for authenticating or authorizing the user access to the plurality of remote resources and is authenticated or authorized to access the plurality of remote resources on the second computer, without transmitting the centrally stored user credentials from the user computing device or using a single-sign-on mechanism where at least one ticket is passed between the first computer and the second computer to service at least one of the plurality of remote resources to the user;
  
  initiation or identification of a new session between the first computer and the second computer through the second network, andauthentication or authorization of the user on the first computer granting the user access to the plurality of remote resources on the second computer; and
  
  enabling, by the first computer, the user to access the plurality of remote resources by using the new session in response to the single click on the user interface element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer implemented method of claim 1, wherein the first computing performs the automatic logon for the user without using the single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the plurality of remote resources to the user.
  - 3. The computer implemented method of claim 1, further comprising:
    - transmitting, using a thin client architecture, the centrally stored user credentials to the second computer through the second network for authenticating or authorizing the user to access the plurality of remote resources on the second computer.
  - 4. The computer implemented method of claim 1, further comprising:
    - invoking an aggregation module on the first computer; and
      
      authenticating or authorizing the user using the aggregation module on the first computer.
  - 5. The computer implemented method of claim 4, further comprising:
    - retrieving or identifying a user credential of the centrally stored user credentials stored and accessible by the first computer utilizing the aggregation module; and
      
      transmitting the user credential to the second computer for authenticating or authorizing the user on the second computer.
  - 6. The computer implemented method of claim 4, further comprising:
    - creating a subdomain delegation for a subdomain of a parent domain on the second computer hosting the plurality of remote resources; and
      
      creating or configuring a zone and domain name server records for the subdomain of the parent domain to redirect an access to the second computer to the first computer.
  - 7. The computer implemented method of claim 6, further comprising:
    - identifying or creating a parent zone in the second computer hosting the parent domain in which at least some of the plurality of remote resources reside;
      
      creating or modifying a DNS (domain name server) zone file for the parent domain; and
      
      identifying or creating a subdomain zone on the first computer.
  - 8. The computer implemented method of claim 7, further comprising:
    - defining a name server for the parent domain in the DNS zone file;
      
      defining an address record for the name server in the DNS zone file;
      
      defining a parent domain level server, host, or service in the DNS zone file;
      
      defining a subdomain configuration for the parent domain in the DNS zone file; and
      
      modifying the subdomain configuration for the parent domain in the DNS zone file.
  - 9. The computer implemented method of claim 1, wherein the centrally stored user credentials are used to authenticate or authorize the user to access the plurality of remote resources on the second computer when the user uses the centrally stored user credentials to separately log onto the second computer, and the authentication or authorization of the user on the first computer grants the user access to the plurality of remote resources on the second computer.
  - 10. The computer implemented method of claim 1, further comprising:
    - identifying a first cookie transmitted between the first computer and the second computer;
      
      identifying content of the first cookie, the content of the cookie comprising a unique identifier;
      
      setting a browser cookie for a user browser on the first computer on a parent domain of the second computer at least by modifying or generating the browser cookie with at least the unique identifier;
      
      redirecting the user browser to the parent domain hosting at least one remote resource of the plurality of remote resources reside; and
      
      recognizing the single click for accessing the plurality of remote resources at least by receiving the browser cookie at the second computer.
  - 11. The computer implemented method of claim 1, in which performing the automatic logon for the user is performed without user intervention.

12. A system for implementing user access to a remote resource, comprising a first computer that communicates with a user through a first network and is configured to at least receive, at the first computer, a single click on a user interface element of a user computing device through a first network for accessing the plurality of remote resources, wherein the plurality of remote resources reside on a second computer accessible by the first computer through a second network, perform, at the first computer, automatic logon for the user without human intervention other than the single click, using centrally stored user credentials that are used to authenticate or authorize the user access to the plurality of remote resources each requiring a separate authentication or authorization on the second computer, wherein the user computing device includes no login logic for authenticating or authorizing the user access to the plurality of remote resources and is authenticated or authorized to access the plurality of remote resources on the second computer without transmitting the stored user credentials from the user computing device or using a single-sign-on mechanism where at least one ticket is passed between the first computer and the second computer to service at least one of the plurality of remote resources to the user, initiation or identification of a new session between the first computer and the second computer through the second network, and authentication or authorization of the user on the first computer granting the user access to the plurality of remote resources on the second computer, and enable, by the first computer, the user to access the plurality of remote resources by using the new session in response to the single click on the user interface element.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, in which the first computer that is configured to perform the automatic logon for the user without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the plurality of remote resources to the user.
  - 14. The system of claim 12, further comprising a thin client architecture that transmits the centrally stored user credentials to the second computer through the second network for authenticating or authorizing the user to access the plurality of remote resources on the second computer.
  - 15. The system of claim 12, in which the first computer is further to invoke an aggregation module on the first computer and to authenticate or authorize the user using the aggregation module on the first computer.
  - 16. The system of claim 15, in which the first computer is further to retrieve or identify a user credential of the centrally stored user credentials stored and accessible by the first computer utilizing the aggregation module, and to transmit the user credential to the second computer for authenticating or authorizing the user on the second computer.
  - 17. The system of claim 15, in which the first computer is further to create a subdomain delegation for a subdomain of a parent domain on the second computer hosting the plurality of remote resources, and to create or configure a zone and domain name server records for the subdomain of the parent domain to redirect an access to the second computer to the first computer.
  - 18. The system of claim 17, in which the first computer is further to identify or create a parent zone in the second computer hosting the parent domain in which at least some of the plurality of remote resources reside, to create or modify a DNS (domain name server) zone file for the parent domain, and to identify or create a subdomain zone on the first computer.
  - 19. The system of claim 18, in which the first computer is further to define a name server for the parent domain in the DNS zone file, to define an address record for the name server in the DNS zone file, to define a parent domain level server, host, or service in the DNS zone file, to define a subdomain configuration for the parent domain in the DNS zone file, and to modify the subdomain configuration for the parent domain in the DNS zone file.
  - 20. The system of claim 12, wherein the centrally stored user credentials are used to authenticate or authorize the user to access the plurality of remote resources on the second computer when the user uses the centrally stored user credentials to separately log onto the second computer, and the authentication or authorization of the user on the first computer grants the user access to the plurality of remote resources on the second computer.
  - 21. The system of claim 12, in which the first computer is further toidentify a first cookie transmitted between the first computer and the second computer, to identify content of the first cookie, the content of the cookie comprising a unique identifier, to set a browser cookie for a user browser on the first computer on a parent domain of the second computer at least by modifying or generating the browser cookie with at least the unique identifier, to redirect the user browser to the parent domain hosting at least one remote resource of the plurality of remote resources reside, and to recognize the single click for accessing the plurality of remote resources at least by receiving the browser cookie at the second computer.

22. An article of manufacture comprising a non-transitory computer accessible storage medium having one or more instructions which, when executed by at least one processor, cause the at least one processor to perform a set of acts for implementing user access to a plurality of remote resources, the process comprising:
- receiving, at the first computer, a single click on a user interface element of a user computing device through a first network for accessing the plurality of remote resources, wherein the plurality of remote resources reside on a second computer accessible by the first computer through a second network;
  
  performing, at the first computer;
  
  automatic logon for the user, without human intervention other than the single click, using centrally stored user credentials that are used to authenticate or authorize the user access to the plurality of remote resources each requiring a separate authentication or authorization on the second computer, wherein the user computing device includes no login logic for authenticating or authorizing the user access to the plurality of remote resources and is authenticated or authorized to access the plurality of remote resources on the second computer without transmitting the stored user credentials from the user computing device or using a single-sign-on mechanism where at least one ticket is passed between the first computer and the second computer to service at least one of the plurality of remote resources to the user;
  
  initiation or identification of a new session between the first computer and the second computer through the second network, and authentication or authorization of the user on the first computer granting the user access to the plurality of remote resources on the second computer; and
  
  enabling, by the first computer, the user to access the plurality of remote resources by using the new session in response to the single click on the user interface element.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The article of manufacture of claim 22, wherein the first computing performs the automatic logon for the user without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second computer to service the plurality of remote resources to the user.
  - 24. The article of manufacture of claim 22, the set of acts further comprising transmitting, using a thin client architecture, the centrally stored user credentials to the second computer through the second network for authenticating or authorizing the user to access the plurality of remote resources on the second computer.
  - 25. The article of manufacture of claim 22, the set of acts further comprising invoking an aggregation module on the first computer;
    - and authenticating or authorizing the user using the aggregation module on the first computer.
  - 26. The article of manufacture of claim 25, the set of acts further comprising retrieving or identifying a user credential of the centrally stored user credentials stored and accessible by the first computer utilizing the aggregation module;
    - and transmitting the user credential to the second computer for authenticating or authorizing the user on the second computer.
  - 27. The article of manufacture of claim 25, the set of acts further comprising creating a subdomain delegation for a subdomain of a parent domain on the second computer hosting the plurality of remote resources;
    - and creating or configuring a zone and domain name server records for the subdomain of the parent domain to redirect an access to the second computer to the first computer.
  - 28. The article of manufacture of claim 27, the set of acts further comprising identifying or creating a parent zone in the second computer hosting the parent domain in which at least some of the plurality of remote resources reside;
    - creating or modifying a DNS (domain name server) zone file for the parent domain; and
      
      identifying or creating a sub domain zone on the first computer.
  - 29. The article of manufacture of claim 28, the set of acts further comprising defining a name server for the parent domain in the DNS zone file;
    - defining an address record for the name server in the DNS zone file;
      
      defining a parent domain level server, host, or service in the DNS zone file;
      
      defining a subdomain configuration for the parent domain in the DNS zone file; and
      
      modifying the subdomain configuration for the parent domain in the DNS zone file.
  - 30. The article of manufacture of claim 22, wherein the centrally stored user credentials are used to authenticate or authorize the user to access the plurality of remote resources on the second computer when the user uses the centrally stored user credentials to separately log onto the second computer, and the authentication or authorization of the user on the first computer grants the user access to the plurality of remote resources on the second computer.
  - 31. The article of manufacture of claim 22, the set of acts further comprising identifying a first cookie transmitted between the first computer and the second computer;
    - identifying content of the first cookie, the content of the cookie comprising a unique identifier;
      
      setting a browser cookie for a user browser on the first computer on a parent domain of the second computer at least by modifying or generating the browser cookie with at least the unique identifier;
      
      redirecting the user browser to the parent domain hosting at least one remote resource of the plurality of remote resources reside; and
      
      recognizing the single click for accessing the plurality of remote resources at least by receiving the browser cookie at the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Subbiah, Thirugnanam, Hanscom, Kenneth
Primary Examiner(s)
Gergiso, Techane

Application Number

US15/043,427
Time in Patent Office

606 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 61/4511   using domain name system [DNS]

H04L 63/0236   Filtering by address, proto...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

Methods systems and articles of manufacture for implementing user access to remote resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Methods systems and articles of manufacture for implementing user access to remote resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links