Single-sign-on method based on markup language and system using the method

US 20050277420A1
Filed: 06/10/2005
Published: 12/15/2005
Est. Priority Date: 06/10/2004
Status: Active Grant

First Claim

Patent Images

1. A single-sign-on method based on a markup language, the method comprising:

requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;

generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and

receiving the user authentication message, which has a markup language format, from the authentication message generator, and permitting or rejecting access of the user to resources based on the user authentication message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A single-sign-on method in a wired/wireless hybrid environment and a system using the method are provided. The single-sign-on method includes: requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator; generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the generated authentication domain location information to the user; and if an authentication message of a markup language format is received from the authentication message generator, analyzing the user authentication message and permitting or rejecting access of the user to resources.

Citations

42 Claims

1. A single-sign-on method based on a markup language, the method comprising:
- requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
  
  generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and
  
  receiving the user authentication message, which has a markup language format, from the authentication message generator, and permitting or rejecting access of the user to resources based on the user authentication message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the wireless Internet protocol utilizes a wireless application protocol (WAP), and data is transmitted to or received from the user via a WAP gateway.
  - 3. The method of claim 1, wherein the information required for authentication comprises a user name and a user password.
  - 4. The method of claim 1, wherein the information required for authentication comprises a user certificate.
  - 5. The method of claim 1, wherein the information required for authentication comprises a uniform resource locator (URL) indicating a location of a user certificate.
  - 6. The method of claim 1, further comprising:
    - transmitting the user authentication message to another domain if an authentication information request with respect to the user is received from the other domain.
  - 7. The method of claim 6, further comprising:
    - deleting the user authentication message and the authentication domain location information stored in the current domain if the user authentication message is transmitted to the other domain.
  - 8. The method of claim 1, further comprising:
    - transmitting to another domain an authentication notice message informing that the user is normally authenticated by the current domain if an authentication information request with respect to the user is received from the other domain.

9. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
- requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
  
  generating an SAML artifact including location information of a current domain and information required for processing a user authentication message and transmitting the SAML artifact which is generated to the user; and
  
  receiving an SAML authentication assertion from the user authentication message generator, and permitting or rejecting access of the user to resources based on the SAML authentication assertion.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the user via a WAP gateway.
  - 11. The method of claim 9, wherein the information required for authentication comprises a user name and a user password.
  - 12. The method of claim 9, further comprising:
    - if the SAML artifact is received from another domain, transmitting the SAML authentication assertion to the other domain only if it determined that the SAML artifact is neither counterfeited nor altered as a result of checking an integrity of the received SAML artifact.
  - 13. The method of claim 12, further comprising:
    - deleting the SAML authentication assertion and authentication domain location information stored in the current domain if the SAML authentication assertion is transmitted to the other domain.

14. A method of a single-sign-on based on a markup language, the method comprising:
- transmitting information required for authentication and information required for processing a user authentication message in order to access service resources of a first domain providing a wired Internet service through wireless Internet;
  
  receiving authentication domain location information including location information of the first domain; and
  
  receiving the authentication domain location information and accessing service resources of the first domain.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the first domain via a WAP gateway.
  - 16. The method of claim 14, wherein the information required for authentication comprises a user name and a user password.
  - 17. The method of claim 14, further comprising:
    - transmitting the authentication domain location information and the information required for processing the user authentication message to a second domain in order to access service resources of the second domain providing a wired Internet service through the wireless Internet and accessing the service resources of the second domain.

18. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
- transmitting information required for authentication in order to access service resources of a first domain providing a wired Internet service through wireless Internet;
  
  receiving an SAML artifact including location information of the first domain and information required for processing a user authentication message; and
  
  receiving the SAML artifact and accessing service resources of the first domain.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the first domain via a WAP gateway.
  - 20. The method of claim 18, wherein the information required for authentication comprises a user name and a user password.
  - 21. The method of claim 18, further comprising:
    - transmitting the SAML artifact to a second domain in order to access service resources of the second domain providing a wired Internet service through the wireless Internet and accessing the service resources of the second domain.

22. A single-sign-on method based on a markup language, the method comprising:
- receiving authentication domain location information including location information of a domain, which has authenticated a user using wireless Internet, and information required for processing a user authentication message;
  
  requesting authentication information of the user by transmitting the received authentication domain location information to the domain, which has authenticated the user; and
  
  receiving an authentication message which has a markup language format from the domain, which has authenticated the user, and permitting or rejecting access of the user to resources based on the user authentication message.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received from the user via a WAP gateway.
  - 24. The method of claim 22, further comprising:
    - generating authentication domain location information including location information of the current domain and information required for processing the user authentication message and transmitting the authentication domain location information which is generated to the user.
  - 25. The method of claim 24, further comprising, if an authentication information request with respect to the user is received from another domain, transmitting the authentication message to the other domain.
  - 26. The method of claim 25, further comprising, if the authentication message is transmitted to the other domain, deleting the authentication message and the authentication domain location information stored in the current domain.

27. A single-sign-on method based on a security assertion markup language (SAML), the method comprising:
- receiving an SAML artifact including location information of a domain, which has authenticated a user using wireless Internet, and information required for processing a user authentication message;
  
  requesting authentication information of the user by transmitting the received SAML artifact to the domain, which has authenticated the user; and
  
  receiving an SAML authentication assertion from the domain, which has authenticated the user, and permitting or rejecting access of the user to resources based on the SAML authentication assertion.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The method of claim 27, wherein the wireless Internet utilizes a wireless application protocol (WAP), and data is transmitted to or received the user via a WAP gateway.
  - 29. The method of claim 27, further comprising generating an SAML artifact including location information of a current domain and information required for processing a user authentication message and transmitting the SAML artifact which is generated to the user.
  - 30. The method of claim 29, further comprising if the SAML artifact is received from another domain, transmitting the SAML authentication assertion to the other domain only if it is determined that the SAML artifact is neither counterfeited nor altered as a result of checking an integrity of the SAML artifact.
  - 31. The method of claim 30, further comprising:
    - deleting the SAML authentication assertion and the authentication domain location information stored in the current domain if the SAML authentication assertion is transmitted to the other domain.

32. A single-sign-on system based on a markup language, the system comprising:
- a plurality of domains which provide service resources to a user using wireless Internet through a gateway performing wired or wireless protocol transformation; and
  
  an authentication message generator which receives information required for user authentication from a first domain of the plurality of domains, authenticates the user, generates an authentication message which has a markup language format, and transmits the authentication message to the first domain, wherein the first domain, which has received the authentication message, permits or rejects access of the user to service resources based on the user authentication message, generates authentication domain location information including its own location information and information required for processing the user authentication message, transmits the generated authentication domain location information to the user, and transmits the authentication message to a second domain of the plurality of domains if a request for authentication information of the user is received from the second domain.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The system of claim 32, wherein after transmitting the authentication message to the second domain, the first domain deletes the authentication message and the authentication domain location information stored therein.
  - 34. The system of claim 32, wherein the information required for user authentication comprises a user name and a user password.
  - 35. The system of claim 32, wherein the gateway is a wireless application protocol (WAP) gateway using a WAP protocol.
  - 36. The system of claim 32, wherein after receiving the authentication message, the second domain generates authentication domain location information including its own location information and information required for processing a user authentication message and transmits the authentication domain location information which is generated to the user.

37. A single-sign-on system based on a security assertion markup language (SAML), the system comprising:
- a plurality of domains which provide service resources to a user using wireless Internet through a gateway performing wired or wireless protocol transformation; and
  
  an authentication message generator which receives information required for user authentication from first domain of the plurality of domains, authenticates the user, generates an SAML authentication assertion, and transmits the SAML authentication assertion to the first domain, wherein the first domain, which has received the SAML authentication assertion, permits or rejects access of the user to service resources based on the SAML authentication assertion, generates an SAML artifact including its own location information and information required for processing the user authentication message, transmits the generated authentication domain location information to the user, and if a request for the user authentication is received from a second domain using the SAML artifact, transmits the SAML authentication assertion to the second domain of the plurality of domains only if it determined that the SAML artifact is neither counterfeited nor altered as a result of checking an integrity of the SAML artifact.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The system of claim 37, wherein after transmitting the SAML authentication assertion to the second domain, the first domain deletes the SAML authentication assertion and the authentication domain location information stored therein.
  - 39. The system of claim 37, wherein the information required for user authentication comprises a user name and a user password.
  - 40. The system of claim 37, wherein the gateway is a wireless application protocol (WAP) gateway using a WAP protocol.
  - 41. The system of claim 37, wherein after transmitting the SAML authentication assertion, the second domain generates an SAML artifact including its own location information and information required for processing a user authentication message and transmits the SAML artifact which is generated to the user.

42. A computer-readable recording medium having recorded thereon a computer-readable program for performing a single-sign-on method based on a markup language, the method comprising:
- requesting user authentication by transmitting information required for authentication of a user using wireless Internet to an authentication message generator;
  
  generating authentication domain location information including location information of a current domain and information required for processing a user authentication message and transmitting the authentication domain location information to the user; and
  
  receiving an authentication message which has a markup language format from the authentication message generator, and permitting or rejecting access of the user to resources based on the user authentication message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Industry-Academia Cooperation Group of Sejong University, Samsung Electronics Co. Ltd.
Original Assignee
Industry-Academia Cooperation Group of Sejong University, Samsung Electronics Co. Ltd.
Inventors
Jeong, Jong-il, Shin, Dong-kyoo, Shin, Dong-il

Granted Patent

US 8,108,921 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/442
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04W 12/069   using certificates or pre-s...

H04W 8/08   Mobility data transfer

Single-sign-on method based on markup language and system using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Single-sign-on method based on markup language and system using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links