System and method of providing credentials in a network
US8364957B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 2, 2004 |
| Grant date | Jan 29, 2013 |
| Priority date | — |
| Expiry date | Oct 13, 2029 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0846
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and system is provided to provide single sign on (SSO) functionality in a network that avoids storing a user's credentials in persistent storage. A session may be initiated with a portal which sends a session ID derivative as a credential string instead of a user's password to a target application. When the target application attempts to authenticate the user, by sending a request to a LDAP directory, the request is intercepted by a LDAP proxy that instead validates the UserID with the LDAP directory and the password is validated by a credential validator component which verifies with the portal that the credential string presented as the user password has been produced from the active session ID. In an embodiment, the credential string validator validates each short-living credential only once and upon detecting a second validation request for the same string, initiates a security breech process. A target application proxy may also be employed to terminate all sessions with the UserID when duplicate session requests occur.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.