Method and system for providing user access to a secure application

US 8,214,887 B2
Filed: 03/20/2006
Issued: 07/03/2012
Est. Priority Date: 03/20/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing remote user access to a secure application by deployment of single sign-on (SSO) software to client workstations, said method comprising:

navigating to a secure server using a web browser on a remote workstation;

providing user authorisation details to the secure server;

downloading an SSO deployment file to the remote workstation upon validation of the user authorisation details;

executing the SSO deployment file to install an SSO client application on the remote workstation;

reading workstation settings and user credentials from a secure file or data store; and

running the SSO client application on the workstation to employ the user credentials to logon to the secure application, wherein;

the SSO client application intercepts and responds to authentication requests issued by the secure application and received at the remote workstation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing remote user access to secure applications by deployment of SSO software to client workstations, including navigating to a secure server using a web browser on a remote workstation; providing user authorization details to the secure server; downloading an SSO deployment file to the remote workstation upon validation of the user authorization details; executing the SSO deployment file to install an SSO client application on the remote workstation; reading workstation settings and user credentials from a secure file or data store; and running the SSO client application on the workstation to employ the user credentials to logon to the secure application.

103 Citations

View as Search Results

20 Claims

1. A method for providing remote user access to a secure application by deployment of single sign-on (SSO) software to client workstations, said method comprising:
- navigating to a secure server using a web browser on a remote workstation;
  
  providing user authorisation details to the secure server;
  
  downloading an SSO deployment file to the remote workstation upon validation of the user authorisation details;
  
  executing the SSO deployment file to install an SSO client application on the remote workstation;
  
  reading workstation settings and user credentials from a secure file or data store; and
  
  running the SSO client application on the workstation to employ the user credentials to logon to the secure application, wherein;
  
  the SSO client application intercepts and responds to authentication requests issued by the secure application and received at the remote workstation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 17)
- - 2. The method of claim 1 wherein, if the remote workstation is a shared client workstation, the method further includes uninstalling the SSO client application upon any of:
    - a) termination of the web browser application,b) log off from a current user session, orc) re-starting of the client workstation.
  - 3. The method of claim 1 wherein, if the remote workstation is a single user client workstation, the SSO client application starts automatically without requiring re-entry of user credentials.
  - 4. The method of claim 1 wherein the SSO client application facilitates reduced or single sign on type remote access to a plurality of secure applications.
  - 5. The method of claim 1 wherein a secure file for the user credentials is stored on at least one of:
    - a) the user workstation,b) the web server, andc) a secure third party server.
  - 6. The method of claim 5 wherein the secure file takes the form of an LDAP directory entry, an ordinary file on a local or remote file system, a file on a portable storage device, a token or a smart card.
  - 7. The method of claim 1 wherein user credentials may take the form of identifiers;
    - passwords, including one-time passwords (OTP);
      
      pass phrases;
      
      certificates;
      
      encryption, signing and authentication key pairs or keys;
      
      Kerberos tickets;
      
      any other authentication or authorisation data.
  - 8. The method of claim 1 wherein the user credentials are secured in a local file by the user authorisation details.
  - 9. The method of claim 1 wherein installing the SSO client application is undertaken dynamically to deliver client application functionality based on at least one of client location and user credentials.
  - 10. The method of claim 1 further including a step of consolidating, encrypting and storing user credentials in the secure file or data store.
  - 11. The method of claim 1 wherein the user authorisation details are encrypted and stored on a web server.
  - 12. The method of claim 11 wherein the SSO client application is further configured, in the event that a secure application prompts user credentials to be changed, to:
    - intercept such application prompts;
      
      ask the user for the changed credentials or automatically generate changed user credentials;
      
      validate that the changed credentials meet the secure application'"'"'s requirements;
      
      enter the changed credentials into the application prompt that was intercepted; and
      
      encrypt and send the changed credentials to the secure file or SSO datastore.
  - 13. The method of claim 12 wherein changes to the SSO datastore are monitored and transferred to an authentication database of the secure application.
  - 17. The method of claim 1, wherein the requests are issued by at least one of mainframe applications, web sites, Java applications, Unix applications and Windows applications.

14. A system for providing remote user access to a secure application by deployment of single sign-on (SSO) software to client workstations, said system comprising:
- a secure server, having a processor, coupled to a publicly accessible global communications network, said secure server having a single sign-on (SSO) service module, an SSO deployment file and associated user authorisation details;
  
  at least one remote workstation having a web browser for navigating to the secure server via the publicly accessible global communications network; and
  
  wherein the SSO deployment file includes instructions for execution on a plurality of processors, and the SSO deployment file includes a management control program for controlling download from the secure server and installation of an SSO client application on said at least one remote workstation, and once installed, the SSO client application provides sign-on and user credential caching in relation to said secure application for the user at said remote workstation, and wherein the SSO client application intercepts and responds to authentication requests issued by the secure application and received at the at least one remote workstation.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14 wherein the SSO service module effects initial user authentication and thereafter manages download of the SSO deployment file for execution on said at least one remote workstation.
  - 16. The system of claim 14 further including a sub-system for reverse synchronisation of user credentials required to access secure applications for a server managing an SSO datastore accessible by a plurality of remote workstations, said sub-system including:
    - an SSO datastore monitor server coupled to the server for monitoring changes to user credentials in the SSO datastore; and
      
      upon changes being effected to user credentials for a secure application, said SSO datastore monitor server is configured to;
      
      connect to a respective back-end system hosting said secure application, andmodify the corresponding user credentials held in an authentication database for the secure application on the back-end system.

18. A non-transitory computer readable storage medium storing software modules that provide remote user access to a secure application by deployment of single sign-on (SSO) software to client workstations, the software modules comprising executable code that is executable to:
- provide user authorisation details to a secure server;
  
  download an SSO deployment file to a remote workstation upon validation of the user authorisation details;
  
  execute the SSO deployment file to install an SSO client application on the remote workstation;
  
  read workstation settings and user credentials from a secure file or data store; and
  
  run the SSO client application on the workstation to employ the user credentials to logon to the secure application, wherein the SSO client application intercepts and responds to authentication requests issued by the secure application and received at the remote workstation.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer readable storage medium of claim 18, wherein the requests are issued by at least one of:
    - mainframe applications, web sites, Java applications, Unix applications and Windows applications.
  - 20. The non-transitory computer readable storage medium of claim 18, the software modules includes executable code that is executable to further configure the SSO client application, in the event that a secure application prompts user credentials to be changed, to:
    - intercept such application prompts;
      
      ask the user for the changed credentials or automatically generate changed user credentials;
      
      validate that the changed credentials meet the secure application'"'"'s requirements;
      
      enter the changed credentials into the application prompt that was intercepted; and
      
      encrypt and send the changed credentials to the secure file or SSO datastore.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Actividentity Corporation (Assa Abloy AB)
Original Assignee
Actividentity Corporation (Assa Abloy AB)
Inventors
Clark, John F., Dingwall, Timothy, Hart, Jason, Herscovitch, Matthew
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Plecha, Thaddeus

Application Number

US11/384,634
Publication Number

US 20060265740A1
Time in Patent Office

2,297 Days
Field of Search

726/8
US Class Current

726/8
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

H04L 63/0815   providing single-sign-on or...

Method and system for providing user access to a secure application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing user access to a secure application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links