US2016248757A1PendingUtilityA1
Method and apparatus for multi-domain authentication
Est. expiryFeb 11, 2031(~4.6 yrs left)· nominal 20-yr term from priority
H04L 63/10H04L 63/1466H04L 63/0815H04L 63/0807
46
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method and apparatus for multi-domain authentication is described. In one example, credentials are received for a user accessing a first domain. User access to the first domain and a second domain is confirmed. A token is created for access to the second domain and the is provided with access to the second domain.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method comprising:
receiving credentials for a user at a first domain receiving a request from the user at the first domain to redirect to a second domain; redirecting the user to the second domain; generating a token based on the user credentials on the first domain; sending the token to the user and storing the token; receiving a request from the user at the second domain, the request including the token; comparing the received token to the stored token and conditionally authenticating the user at the second domain based on the token comparison.
2 . The method of claim 1 , wherein storing the token comprises storing the token in a database accessible to the first and the second domains.
3 . The method of claim 1 , wherein receiving credentials comprises logging a user into a session on the first domain.
4 . The method of claim 1 , wherein receiving a request comprises receiving a request to log the user into a session in the second domain and wherein authenticating the user comprises logging the user into a session on the first domain.
5 . The method of claim 1 , wherein receiving the token comprises receiving a hash of the token with an ID of the user and wherein comparing comprises generating a hash of the stored token with a stored user ID and comparing the generated hash to the received hash.
6 . The method of claim 5 , wherein sending the token to the user comprises sending the token not hashed with the user ID.
7 . The method of claim 1 , further comprising searching for an active session for the user with the first domain and if no active session is found not authenticating the user at the second domain.
8 . The method of claim 7 , wherein searching for an active session comprises searching for a valid session cookie.
9 . The method of claim 1 , further comprising retrieving permissions of the user for the first domain and not authenticating the user at the second domain if the permissions are not sufficient for the first domain.
10 . The method of claim 9 , wherein the first and second domains provide user access to a single shared database and wherein retrieving permissions comprises retrieving permissions for the user to access data in the single shared database and wherein sufficient permissions are permissions that allow the user to access data in the single shared database.
11 . The method of claim 1 , further comprising checking to determine whether the token has been consumed and if the token has been consumed, then not authenticating the user at the second domain.
12 . The method of claim 11 , further comprising consuming the token after authenticating the user at the second domain.
13 . The method of claim 1 , further comprising checking to determine whether the token has expired and if the token has expired, then not authenticating the user at the second domain.
14 . A system comprising:
a computing device having a memory to store instructions, and a processing device to execute the instructions, the computing device further having a mechanism to: receiving credentials for a user at a first domain receiving a request from the user at the first domain to redirect to a second domain; redirecting the user to the second domain; generating a token based on the user credentials on the first domain; sending the token to the user and storing the token; receiving a request from the user at the second domain, the request including the token; comparing the received token to the stored token and conditionally authenticating the user at the second domain based on the token comparison.
15 . The system of claim 14 , further comprising a database shared by the first and second domain, the database including credentials for the user and wherein generating a user taken includes storing the token in the shared database.
16 . A computer-readable medium having instruction thereon that when operated on by a computer cause the computer to perform operations comprising:
receiving credentials for a user at a first domain receiving a request from the user at the first domain to redirect to a second domain; redirecting the user to the second domain; generating a token based on the user credentials on the first domain; sending the token to the user and storing the token; receiving a request from the user at the second domain, the request including the token; comparing the received token to the stored token and conditionally authenticating the user at the second domain based on the token comparison.
17 . The medium of claim 16 , the operations further comprising determining whether the user has a valid session with the first domain and wherein authenticating the user at the second domain comprises authenticating the user only if the user has a valid session with the first domain.
18 . A method comprising:
receiving credentials for a user accessing a first domain; confirming that the user has access to the first domain and a second domain; creating a token for access to the second domain; and, providing the user access to the second domain.
19 . The method of claim 18 , wherein receiving credentials comprises accessing a database shared by the first and the second domain to determine whether user credential for the first domain are stored in the shared database.Join the waitlist — get patent alerts
Track US2016248757A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.