CA2403383A1 - System, method and computer program product for providing unified authentication services for online applications - Google Patents
System, method and computer program product for providing unified authentication services for online applications Download PDFInfo
- Publication number
- CA2403383A1 CA2403383A1 CA002403383A CA2403383A CA2403383A1 CA 2403383 A1 CA2403383 A1 CA 2403383A1 CA 002403383 A CA002403383 A CA 002403383A CA 2403383 A CA2403383 A CA 2403383A CA 2403383 A1 CA2403383 A1 CA 2403383A1
- Authority
- CA
- Canada
- Prior art keywords
- user
- server
- account
- determined policy
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
A system, method, and computer program product for providing authentication services in an Application Service Provider setting to a user of one or more online (or web) applications. The system includes, client side components: user management component (207), a web browser (212), device specific components (210), and authentication control (208). The system also includes server side components: authentication server (202), web/application server (214), communication components (204), and filter (206). The client side components authentication control component (208) manages the process of capturing a user-determined policy for a first account and user credentials.
This allows the user to define the level of protection to access the first account.
Furthermore, the user's credentials that are stored in the user management component (207) can be reused to access other accounts or applications.
This allows the user to define the level of protection to access the first account.
Furthermore, the user's credentials that are stored in the user management component (207) can be reused to access other accounts or applications.
Claims (22)
1. A system for providing user authentication to a first account provided by a first server via a communication medium, comprising:
client side components;
a user management component coupled to said client side components via the communication medium; and server side components coupled to said user management component via the communication medium, wherein said client side components include an authentication control component that manages the process of capturing a user-determined policy for the first account and user credentials, thereby allowing the user to define the level of protection to access the first account and wherein said client side components communicate the result of capturing said user-determined policy and said user credentials to said user management component, wherein said user management component stores said user-determined policy and said user credentials in a centralized location and organizes said user-determined policy and said user credentials such that said user credentials can be reused for user authentication to a second account provided by a second server; and wherein said server side components include an authentication server, and wherein said user management component indicates to said authentication server to use said user-determined policy for user authentication to the first account.
client side components;
a user management component coupled to said client side components via the communication medium; and server side components coupled to said user management component via the communication medium, wherein said client side components include an authentication control component that manages the process of capturing a user-determined policy for the first account and user credentials, thereby allowing the user to define the level of protection to access the first account and wherein said client side components communicate the result of capturing said user-determined policy and said user credentials to said user management component, wherein said user management component stores said user-determined policy and said user credentials in a centralized location and organizes said user-determined policy and said user credentials such that said user credentials can be reused for user authentication to a second account provided by a second server; and wherein said server side components include an authentication server, and wherein said user management component indicates to said authentication server to use said user-determined policy for user authentication to the first account.
2. The system of claim 1, wherein the communication medium is the Internet.
3. The system of claim 1, wherein the communication medium is a local network.
4. The system of claim 1, wherein the communication medium is a wireless network.
5. The system of claim 1, wherein the first server and said second server are web servers.
6. The system of claim 1, wherein the first server and said second server are application servers.
7. The system of claim 1, wherein said authentication control component is checked for integrity each time it is invoked.
8. The system of claim 1, wherein said user-determined policy for the first account is the same as a second user-determined policy for said second account.
9. The system of claim 1, wherein said user-determined policy for the first account is different from a second user-determined policy for said second account.
10. The system of claim 1, wherein the first server and said second server are unrelated.
11. The system of claim 1, wherein the first server and said second server are related.
12. A method for providing user authentication to a first account provided by a first server via a communication medium, comprising the steps of:
managing, via an authentication control component, the process of capturing a user-determined policy for the first account and user credentials, thereby allowing the user to define the level of protection to access the first account;
communicating, from said authentication control component to a user management component, the result of capturing said user-determined policy and said user credentials;
organizing, by said user management component, said user-determined policy and said user credentials in a centralized location such that said user credentials can be reused for user authentication to a second account provided by a second server; and indicating, by said user management component to said authentication server, to use said user-determined policy for user authentication to the first account.
managing, via an authentication control component, the process of capturing a user-determined policy for the first account and user credentials, thereby allowing the user to define the level of protection to access the first account;
communicating, from said authentication control component to a user management component, the result of capturing said user-determined policy and said user credentials;
organizing, by said user management component, said user-determined policy and said user credentials in a centralized location such that said user credentials can be reused for user authentication to a second account provided by a second server; and indicating, by said user management component to said authentication server, to use said user-determined policy for user authentication to the first account.
13. The method of claim 12, wherein the communication medium is the Internet.
14. The method of claim 12, wherein the communication medium is a local network.
15. The method of claim 12, wherein the communication medium is a wireless network.
16. The method of claim 12, wherein the first server and said second server are web servers.
17. The method of claim 12 wherein the first server and said second server are application servers.
18. The method of claim 12 wherein said authentication control component is checked for integrity each time it is invoked.
19. The method of claim 12, wherein said user-determined policy for the first server is the same as a second user-determined policy for said second server.
20. The method of claim 12 wherein said user-determined policy for the first server is different from a second user-determined policy for said second server.
21. The method of claim 12, wherein the first server and said second server are unrelated.
22. The method of claim 12, wherein the first server and said second server are related.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US19147100P | 2000-03-23 | 2000-03-23 | |
US60/191,471 | 2000-03-23 | ||
US69506000A | 2000-10-25 | 2000-10-25 | |
US09/695,060 | 2000-10-25 | ||
PCT/US2001/009188 WO2001071961A1 (en) | 2000-03-23 | 2001-03-23 | System, method and computer program product for providing unified authentication services for online applications |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2403383A1 true CA2403383A1 (en) | 2001-09-27 |
CA2403383C CA2403383C (en) | 2011-06-28 |
Family
ID=26887076
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2403383A Expired - Lifetime CA2403383C (en) | 2000-03-23 | 2001-03-23 | System, method and computer program product for providing unified authentication services for online applications |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP2004524591A (en) |
AU (1) | AU2001243706A1 (en) |
CA (1) | CA2403383C (en) |
WO (1) | WO2001071961A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7441263B1 (en) | 2000-03-23 | 2008-10-21 | Citibank, N.A. | System, method and computer program product for providing unified authentication services for online applications |
GB2386445A (en) * | 2002-03-13 | 2003-09-17 | Hewlett Packard Co | Application server functions |
US8458775B2 (en) | 2006-08-11 | 2013-06-04 | Microsoft Corporation | Multiuser web service sign-in client side components |
CN105450629A (en) * | 2015-10-29 | 2016-03-30 | 东莞酷派软件技术有限公司 | Biological-information-verification-based router connecting method and apparatus, and router |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06223041A (en) * | 1993-01-22 | 1994-08-12 | Fujitsu Ltd | Rarge-area environment user certification system |
US5724423A (en) * | 1995-09-18 | 1998-03-03 | Telefonaktiebolaget Lm Ericsson | Method and apparatus for user authentication |
US5930804A (en) * | 1997-06-09 | 1999-07-27 | Philips Electronics North America Corporation | Web-based biometric authentication system and method |
US6052468A (en) * | 1998-01-15 | 2000-04-18 | Dew Engineering And Development Limited | Method of securing a cryptographic key |
US6178511B1 (en) * | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
-
2001
- 2001-03-23 AU AU2001243706A patent/AU2001243706A1/en not_active Abandoned
- 2001-03-23 JP JP2001570010A patent/JP2004524591A/en not_active Withdrawn
- 2001-03-23 WO PCT/US2001/009188 patent/WO2001071961A1/en active Search and Examination
- 2001-03-23 CA CA2403383A patent/CA2403383C/en not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
CA2403383C (en) | 2011-06-28 |
JP2004524591A (en) | 2004-08-12 |
WO2001071961A1 (en) | 2001-09-27 |
AU2001243706A1 (en) | 2001-10-03 |
WO2001071961A9 (en) | 2001-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100464518C (en) | Green internet-accessing system based on concentrated management and dictributed control, and method therefor | |
DE60220718T2 (en) | METHOD AND SYSTEM FOR SAFE TREATMENT OF ELECTRONIC BUSINESS ON THE INTERNET | |
DE60027971T2 (en) | Single sign-on to a network system that includes several separately controllable resources with limited access | |
DE69818008T2 (en) | DATA ACCESS CONTROL | |
CN104184832B (en) | Data submission method and device in network application | |
CN107995215A (en) | Control method, device and the cloud platform server of smart home device | |
WO2000029922A3 (en) | Providing web browsing companion tools and services | |
CN108322472A (en) | Multi-tenant identity and data security management cloud service | |
CN107733922A (en) | Method and apparatus for calling service | |
HK1036539A1 (en) | Method and embedded system for instantiating an object in a network | |
CN105144111A (en) | Relay service for different WEB service architectures | |
CN101076033B (en) | Method and system for storing authentication certificate | |
WO2005069911A3 (en) | Client-server data execution flow | |
CN106814975A (en) | A kind of memory management method and its system for polymorphic type storage device | |
DK1095491T3 (en) | Method, server system and device for making a secure communication network | |
JP2007213397A (en) | Data management program, data management device and switching method of protocol | |
CN107070894A (en) | A kind of software integrating method based on enterprise's cloud service platform | |
CN103023935B (en) | M2M platforms cloud system and its method of processing M2M services | |
SE0003925D0 (en) | Method and apparatus for an application | |
CN101378329B (en) | Distributed business operation support system and method for implementing distributed business | |
CA2538693A1 (en) | Personalisation | |
CN103379093B (en) | A kind of method and device for realizing account intercommunication | |
CN101594342A (en) | log recording method and device | |
CN106021375B (en) | Data bank access method and database broker node | |
CA2403383A1 (en) | System, method and computer program product for providing unified authentication services for online applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20210323 |