System and method of locating identity providers in a data network

US 7,784,092 B2
Filed: 03/25/2005
Issued: 08/24/2010
Est. Priority Date: 03/25/2005
Status: Expired due to Fees

First Claim

Patent Images

1. An identity provider locator (IDPL) server comprising:

an interface to a data network to communicate with a plurality of identity provider servers and to communicate with a plurality of service provider servers;

a processor; and

a computer-readable medium accessible to the processor, the computer-readable medium including;

a list of the plurality of identity provider servers;

a list of the plurality of service provider servers, wherein each service provider server is associated with an identifier; and

mappings between the plurality of identity provider servers and the plurality of service provider servers, wherein a list of identity provider servers associated with a particular service provider server is determined based on the identifier associated with the particular service provider server,wherein a first list of identity provider servers associated with a first service provider server of the plurality of service provider servers is provided to the first service provider server in response to a request an end-user computer to access the first service provider server, the first list of identity provider servers determined based on a first identifier associated with the first service provider server, and wherein the first list of identity provider servers is provided to the first service provider server without being stored as cookie information at the end-user computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed computer system is disclosed and includes a plurality of identity provider servers and a plurality of service provider servers coupled to a data network. Further, an identity provider locator server is coupled to the data network. In response to a request from one of the plurality of service provider servers, the identity provider locator server can provide an identifier of at least one of the plurality of identity provider servers. The identity provider locator server can include a memory that stores a list of active identity provider servers for a particular end-user having access to the data network. Further, one or more of the plurality of identity provider servers is able to add or remove itself from the list of active identity provider servers.

129 Citations

View as Search Results

14 Claims

1. An identity provider locator (IDPL) server comprising:
- an interface to a data network to communicate with a plurality of identity provider servers and to communicate with a plurality of service provider servers;
  
  a processor; and
  
  a computer-readable medium accessible to the processor, the computer-readable medium including;
  
  a list of the plurality of identity provider servers;
  
  a list of the plurality of service provider servers, wherein each service provider server is associated with an identifier; and
  
  mappings between the plurality of identity provider servers and the plurality of service provider servers, wherein a list of identity provider servers associated with a particular service provider server is determined based on the identifier associated with the particular service provider server,wherein a first list of identity provider servers associated with a first service provider server of the plurality of service provider servers is provided to the first service provider server in response to a request an end-user computer to access the first service provider server, the first list of identity provider servers determined based on a first identifier associated with the first service provider server, and wherein the first list of identity provider servers is provided to the first service provider server without being stored as cookie information at the end-user computer.
- View Dependent Claims (2)
- - 2. The server of claim 1, wherein the computer-readable medium further includes a list of end-user sessions and mappings to identity provider servers associated with the list of end-user sessions.

3. A method comprising:
- receiving, at an identity provider locator (IDPL) server, a redirect message from an end-user computer, the redirect message having been received at the end-user computer from a service provider server in response to an end-user accessing the service provider server from the end-user computer, wherein the redirect message includes an identifier of the service provider server;
  
  determining, at the IDPL server, a list of identity provider servers associated with the service provider server based on the identifier included in the redirect message; and
  
  transmitting a redirect uniform resource locator (URL) from the IDPL server to the end-user computer, wherein the redirect URL includes the list of identity provider servers associated with the service provider server, wherein the list of identity provider servers is provided to the service provider server via the end-user computer without the list of identity provider servers being stored as cookie information at the end-user computer.
- View Dependent Claims (4, 5, 6, 7, 8, 9)
- - 4. The method of claim 3, wherein the redirect message further includes:
    - information including a type of request; and
      
      an encrypted payload.
  - 5. The method of claim 4, wherein the encrypted payload includes a timestamp and a fully qualified domain name (FQDN).
  - 6. The method of claim 5, wherein the redirect URL transmitted to the end-user computer includes the FQDN and a second encrypted payload, wherein the second encrypted payload includes the list of identity provider servers associated with the service provider server, and wherein the list of identity provider servers associated with the service provider server includes an ordered list of identity provider servers.
  - 7. The method of claim 6, wherein the second encrypted payload further includes a timestamp.
  - 8. The method of claim 6, wherein the ordered list of identity provider servers is ordered so that a most recent identity provider server associated with the end-user computer is listed first.
  - 9. The method of claim 6, wherein each of the identity provider servers in the ordered list of identity provider servers is registered at the IDPL server as an identity provider server.

10. A method comprising:
- accessing a service provider server from an end-user computer;
  
  receiving a redirect message at the end-user computer from the service provider server in response to the end-user computer accessing the service provider server, wherein the redirect message includes a request for a list of identity provider servers from an identity provider locator (IDPL) server, wherein the redirect message includes an identifier of the service provider server;
  
  delivering the redirect message from the end-user computer to the IDPL server;
  
  receiving a redirect response at the end-user computer from the IDPL server, wherein the redirect response includes an ordered list of identity provider servers associated with the service provider server determined based on the identifier of the service provider server; and
  
  delivering the redirect response from the end-user computer to the service provider server without storing the ordered list of identity provider servers as cookie information at the end-user computer.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the redirect message further includes:
    - information including a type of request; and
      
      an encrypted payload including a timestamp and a fully qualified domain name (FQDN).
  - 12. The method of claim 11, wherein the redirect response includes the FQDN and a second encrypted payload, and wherein the second encrypted payload includes a second timestamp and the ordered list of identity provider servers.
  - 13. The method of claim 10, wherein the service provider server is accessed in response to an end-user interacting with a web browser at the end-user computer, and wherein the ordered list of identity provider servers is ordered so that a most recent identity provider server associated with the end-user is listed first.
  - 14. The method of claim 13, wherein each of the identity provider servers in the ordered list of identity provider servers is registered at the IDPL server as an identity provider server for the end-user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sbc Knowledge Ventures, L.P.
Original Assignee
AT&T Intellectual I LP (AT&T, Inc.)
Inventors
Doherty, James M., Pearson, Larry B
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US11/090,704
Publication Number

US 20060218625A1
Time in Patent Office

1,978 Days
Field of Search

726/4, 726/8, 726/12
US Class Current

726/8
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/0815 providing single-sign-on or...

System and method of locating identity providers in a data network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

129 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of locating identity providers in a data network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links