System and method for authentication via a single sign-on server
First Claim
Patent Images
1. A system, comprising:
- a client workstation;
a single sign-on (“
SSO”
) server accessible to the client workstation;
a plurality of host servers accessible to the client workstation, a unique public key being associated with each host server;
wherein access by the client workstation to a first host server causes the client workstation to be automatically re-directed to the SSO server and the SSO server causes the client workstation to request sign-on credentials from a user if the user has not signed on to any of the host servers, and wherein the first host server, not the SSO server, authenticates the user; and
wherein said sign-on credentials are used to authenticate the user upon accessing each host server, and wherein said siqn-on credentials are encrypted with the public key associated with the host server for which the sign-on credentials were most recently used to authenticate the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A system comprises a client workstation, a single sign-on (“SSO”) server accessible to the client workstation, and a plurality of host servers accessible to the client workstation. Access by the client workstation to a first host server causes the client workstation to be automatically re-directed to the SSO server and the SSO server causes the client workstation to request sign-on credentials from a user if the user has not signed on to any of the host servers. The first host server, not the SSO server, authenticates the user.
-
Citations
19 Claims
-
1. A system, comprising:
-
a client workstation; a single sign-on (“
SSO”
) server accessible to the client workstation;a plurality of host servers accessible to the client workstation, a unique public key being associated with each host server; wherein access by the client workstation to a first host server causes the client workstation to be automatically re-directed to the SSO server and the SSO server causes the client workstation to request sign-on credentials from a user if the user has not signed on to any of the host servers, and wherein the first host server, not the SSO server, authenticates the user; and wherein said sign-on credentials are used to authenticate the user upon accessing each host server, and wherein said siqn-on credentials are encrypted with the public key associated with the host server for which the sign-on credentials were most recently used to authenticate the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A client workstation configured to access any one or more of a plurality of services, comprising:
-
a CPU; an input device coupled to the CPU; and storage coupled to the CPU, said storage containing a browser that is executed by the CPU and that causes the workstation to; browse to a service that runs in a host server; automatically re-direct to a single sign-on (“
SSO”
) server; andpermit the host server to authenticate a user either by requiring the user to enter credentials via the input device if the user has not already signed-on to a service and providing the credentials to the host server or, without the user entering credentials, by providing credentials previously stored in the storage to the host server if the user has already signed-on to a service and providing the credentials to the host server; wherein said credentials are encrypted using a public key associated with the host server that the client workstation most recently accessed. - View Dependent Claims (10, 11)
-
-
12. A single sign-on (“
- SSO”
) server, comprising;a CPU; storage coupled to the CPU, said storage containing software that is executed by the CPU and that causes the SSO server to; cause user credentials to be entered by a user of a first computer if the user has not already signed-on to a service and to be encrypted using a first public key associated with a host computer, or to cause user credentials previously stored in the first computer to be retrieved, decrypted, and then encrypted using a second public key associated with a second computer, the first public key being different than the second public key; and cause the user credentials to be used by the second computer to authenticate the user.
- SSO”
-
13. A host computer on which a user accessible service is executed, comprising:
-
a CPU; and software executable by said CPU; wherein the CPU causes a user'"'"'s browser to be re-directed to a first computer to obtain user credentials and that causes a user'"'"'s browser to be re-directed back to the host computer so that the host computer can authenticate the user using the credentials; wherein the CPU decrypts the credentials using a private key associated with the host computer.
-
-
14. A system, comprising:
-
means for providing user identifying information from a user if the user has not already signed-on to a service; means for retrieving user identifying information previously stored in a computer if the user has already signed-on to a service; means for hosting a service and for authenticating the user using the user identifying information; and means for encrypting user credentials using a public key associated with a means for hosting, a different public key being associated with each of multirle means for hosting. - View Dependent Claims (15)
-
-
16. A method, comprising:
-
accessing a host server; automatically re-directing from the host server to a sign-on server; either retrieving previously stored user credentials if a user has already accessed a service or requesting the user to enter user credentials if the user has not already accessed a service; re-directing back to the host server; and the host server authenticating the user using the user credentials; and encryping said user credentials with a pubhc key associated with the host server that the user most recently accessed, a different public key being associated with each of multiple host servers. - View Dependent Claims (17, 18, 19)
-
Specification