System and method for user enrollment in an e-community

US 6,993,596 B2
Filed: 12/19/2001
Issued: 01/31/2006
Est. Priority Date: 12/19/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for allowing an Internet or intranet browser user to conveniently transfer directly to a domain that is participating in an e-community, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said method comprising the steps of:

automatically enrolling said user at a group of affiliated domains within said e-community through exchange of a single home domain identity cookie shared among said plurality of affiliated domains by;

(a) defining a minimal group of affiliated domains for automatic enrollment corresponding to a condition selected from the group of users home domain, and a common set of domains required by all users participating in a given e-community;

(b) providing a single-sign-on plug-in to said home domain and to each of said affiliated e-community domains;

(c) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to trigger enrollment functionality;

(d) upon redirection to a first affiliated e-community domain during step (b);

(i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user;

(ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser;

(iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain;

(iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “

enrollment successful”

indicator;

(v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser;

(vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “

enrollment successful at first affiliated domain”

symbol in said extensible data area; and

(vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory;

(e) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (d)(ii) through (d)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “

enrollment success”

symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;

when said user'"'"'s browser is pointed at a given affiliated domain server subsequent to completion of said building of said home domain identity cookie having a plurality of enrollment success symbols, vouching for the identity of the user through exchange of a vouch-four request and vouch-for response between said home domain server and said given affiliated domain server; and

building a local session at said given affiliated domain for said user using a protected resource of said given affiliated domain responsive to receipt of said vouch-for response.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user'"'"'s home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user'"'"'s browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user'"'"'s browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.

245 Citations

21 Claims

1. A method for allowing an Internet or intranet browser user to conveniently transfer directly to a domain that is participating in an e-community, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said method comprising the steps of:
- automatically enrolling said user at a group of affiliated domains within said e-community through exchange of a single home domain identity cookie shared among said plurality of affiliated domains by;
  
  (a) defining a minimal group of affiliated domains for automatic enrollment corresponding to a condition selected from the group of users home domain, and a common set of domains required by all users participating in a given e-community;
  
  (b) providing a single-sign-on plug-in to said home domain and to each of said affiliated e-community domains;
  
  (c) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to trigger enrollment functionality;
  
  (d) upon redirection to a first affiliated e-community domain during step (b);
  
  (i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user;
  
  (ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser;
  
  (iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain;
  
  (iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
  
  enrollment successful”
  
  indicator;
  
  (v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser;
  
  (vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
  
  enrollment successful at first affiliated domain”
  
  symbol in said extensible data area; and
  
  (vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory;
  
  (e) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (d)(ii) through (d)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
  
  enrollment success”
  
  symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;
  
  when said user'"'"'s browser is pointed at a given affiliated domain server subsequent to completion of said building of said home domain identity cookie having a plurality of enrollment success symbols, vouching for the identity of the user through exchange of a vouch-four request and vouch-for response between said home domain server and said given affiliated domain server; and
  
  building a local session at said given affiliated domain for said user using a protected resource of said given affiliated domain responsive to receipt of said vouch-for response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as set forth in claim 1 wherein said step of modifying said home domain identity cookie to include an enrollment success symbol comprises creating a server-maintained persistent record of the user'"'"'s enrollment at said affiliated domain.
  - 3. The method as set forth claim 1 wherein said step of redirecting said enrollment request comprises performing a hyper text transfer protocol redirection operation.
  - 4. The method as set forth claim 1 wherein said step of redirecting said enrollment success indicator to said home domain server comprises performing a hyper text transfer protocol redirection operation.
  - 5. The method as set forth in claim 1 wherein said step of vouching for the identity of the user comprises the steps of:
    - transferring said affiliated domain identity cookie with access request for a protected resource from said user'"'"'s browser to said affiliated domain server;
      
      extracting the user'"'"'s home domain identity from the affiliated domain identity cookie in order to determine where to send a vouch-for request;
      
      sending a vouch-for request from said affiliated domain server to said home domain server via the user'"'"'s browser using redirection; and
      
      returning a vouch-for response to said affiliated domain server from said home domain server via the user'"'"'s browser using redirection.
  - 6. The method as set forth in claim 5 wherein said step of sending a vouch-for request from said affiliated domain server to said home domain comprises the step of determining the user'"'"'s home domain server by evaluation of the user'"'"'s affiliated domain identity cookie.
  - 7. The method as set forth in claim 5 wherein said step of sending a vouch-for request from said affiliated domain server to said home domain server comprises performing a hyper text transfer protocol redirection operation.
  - 8. The method as set forth in claim 5 wherein said step of returning a vouch-for response to said affiliated domain server from said home domain server comprises performing a hyper text transfer protocol redirection operation.

9. A computer readable medium encoded with software for allowing an Internet or intranet browser user to conveniently transfer directly to a domain that is participating in an e-community, said e-community comprising a plurality of affiliated domain servers, said user being registered and authenticated to a home domain server within said e-community, said software performing the steps of:
- automatically enrolling said user at a group of affiliated domains within said e-community through exchange of a single home domain identity cookie shared among said plurality of affiliated domains by;
  
  (a) defining a minimal group of affiliated domains for automatic enrollment corresponding to a condition selected from the group of user'"'"'s home domain, and a common set of domains required by all users participating in a given e-community;
  
  (b) providing a single-sign-on plug-in to said home domain and to each of said affiliated e-community domains;
  
  (c) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to tripper enrollment functionality;
  
  (d) upon redirection to a first affiliated e-community domain during step (b);
  
  (i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user;
  
  (ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser;
  
  (iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain;
  
  (iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
  
  enrollment successful”
  
  indicator;
  
  (v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser;
  
  (vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
  
  enrollment successful at first affiliated domain”
  
  symbol in said extensible data area; and
  
  (vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory;
  
  (e) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (d)(ii) through (d)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
  
  enrollment success”
  
  symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;
  
  when said user'"'"'s browser is pointed at a given affiliated domain server subsequent to completion of said building of said home domain identity cookie having a plurality of enrollment success symbols, vouching for the identity of the user through exchange of a vouch-four request and vouch-for response between said home domain server and said given affiliated domain server; and
  
  building a local session at said given affiliated domain for said user using a protected resource of said given affiliated domain responsive to receipt of said vouch-for response.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer readable medium as set forth in claim 9 wherein said software for step of modifying said home domain identity cookie to include an enrollment success symbol comprises creating a server-maintained persistent record of the user'"'"'s enrollment at said affiliated domain.
  - 11. The computer readable medium as set forth in claim 9 wherein said software for redirecting said enrollment request comprises software for performing a hyper text transfer protocol redirection operation.
  - 12. The computer readable medium as set forth in claim 9 wherein said software for redirecting said enrollment success indicator to said home domain server comprises software for performing a hyper text transfer protocol redirection operation.
  - 13. The computer readable medium as set forth in claim 9 wherein said software for vouching for the identity of the user comprises software for performing the steps of:
    - transferring said affiliated domain identity cookie with access request for a protected resource from said user'"'"'s browser to said affiliated domain server;
      
      extracting the user'"'"'s home domain identity from the affiliated domain identity cookie in order to determine where to send a vouch-for request;
      
      sending a vouch-for request from said affiliated domain server to said home domain server via the user'"'"'s browser using redirection; and
      
      returning a vouch-for response to said affiliated domain server from said home domain server via the user'"'"'s browser using redirection.
  - 14. The computer readable medium as set forth in claim 13 wherein said software for sending a vouch-for request from said affiliated domain server to said home domain comprises software for determining the user'"'"'s affiliated domain server by evaluation of the user'"'"'s home domain identity cookie.
  - 15. The computer readable medium as set forth in claim 13 wherein said software for sending a vouch-for request from said affiliated domain server to said home domain server comprises software for performing a hyper text transfer protocol redirection operation.
  - 16. The computer readable medium as set forth in claim 13 wherein said software for returning a vouch-for response to said affiliated domain server from said home domain server comprises software for performing a hyper text transfer protocol redirection operation.

17. A system for convenient e-community enrollment by an Internet or intranet user using cross-domain single-sign-on to a group of affiliated domains that are participating in an e-community, said user being properly registered and authenticated to a home domain server within said e-community, said system comprising:
- a single-sign-on plug-in operatively disposed to a home domain server;
  
  a minimal group of affiliated domains defined in a list for automatic enrollment corresponding to a condition selected from the group of user'"'"'s home domain, and a common set of domains required by all users participating in a given e-community, said list being accessible by said home domain single-sign-on plug-in;
  
  a plurality of single-sign-on plug-ins, each of which is operatively disposed to an affiliated e-community domain server;
  
  a home domain identity cookie having a plurality of enrollment success symbols in an extensible data area, said symbols being accumulated by passing said home domain identity cookie by said home domain among said group of affiliated domains, said passing occurring in a star topology centered upon a user'"'"'s web browser, by;
  
  (a) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to tripper enrollment functionality;
  
  (b) upon redirection to a first affiliated e-community domain during step (a);
  
  (i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user;
  
  (ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser;
  
  (iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain;
  
  (iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
  
  enrollment successful”
  
  indicator;
  
  (v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser;
  
  (vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
  
  enrollment successful at first affiliated domain”
  
  symbol in said extensible data area; and
  
  (vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory;
  
  (c) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (b)(ii) through (b)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
  
  enrollment success”
  
  symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;
  
  a vouch-for request receivable by a home domain server transmitted by a given affiliated domain upon pointing of said user'"'"'s web browser to said given affiliated domain; and
  
  a vouch-for response receivable by said affiliated domain server transmitted by said home domain responsive to receipt of said vouch-for request.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The system as set forth in claim 17 further comprising:
    - an enrollment request redirector for redirecting said enrollment request from said home domain server to an affiliated domain server via said browser;
      
      an enrollment response redirector for redirecting said enrollment response with enrollment success indicator to said home domain server from said affiliated domain server via said browser;
      
      a user information manager operable by said home domain adapted to record enrollment success at said affiliated domain server such that there is a server-maintained persistent record of the user'"'"'s enrollment; and
      
      a home domain identity cookie modifier adapted to record enrollment success at said affiliated domain server such that there is a client-maintained persistent record of the user'"'"'s enrollment so that the user may access and use resources associated with the affiliated domain server.
  - 19. The system as set forth claim 18 wherein said enrollment request redirector comprises a hyper text transfer protocol command.
  - 20. The system as set forth claim 18 wherein said enrollment response redirector comprises a hyper text transfer protocol redirection command.
  - 21. The system as set forth in claim 17 further comprising an affiliated domain identity cookie evaluator for extracting the user'"'"'s home domain identity from said affiliated domain identity cookie in order to determine where to send a vouch-for request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activision Publishing Incorporated (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria, Blakley, III, George Robert, Clark, Greg
Primary Examiner(s)
Dharia, Rupal
Assistant Examiner(s)
Gillis, Brian J.

Application Number

US10/034,725
Publication Number

US 20030115267A1
Time in Patent Office

1,504 Days
Field of Search

709/204, 709/205, 709/249, 709/250, 709/252, 370/260
US Class Current

709/250
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/20   for managing network securi...

System and method for user enrollment in an e-community

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

245 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user enrollment in an e-community

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links