公开(公告)号：WO0239237A3

公开(公告)日：2003-10-09

申请号：PCT/EP0112361

申请日：2001-10-25

Applicant: IBM ,  IBM DEUTSCHLAND

Inventor： HINTON HEATHER MARIA ,  WINTERS DAVID JOHN

IPC: G06F21/33 ,  G06F21/41 ,  H04L29/06 ,  G06F1/00

CPC classification number: H04L63/0815 ,  G06F21/33 ,  G06F21/41 ,  G06F2221/0706 ,  G06F2221/2131 ,  G06F2221/2137 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2151 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/168

Abstract: A method, system, or computer program product is presented for cross-domain, single-sign-on, authentication functionality. The methodology uses an introductory authentication token to introduce an already authenticated user from one domain to a new domain. This token is passed from one domain to the other domain using HTTP-redirection. This token is protected by encryption with a cryptographic key shared only between the two domain in a secure manner such that an external user cannot generate a counterfeit introductory token. An introductory token is further protected by enabling it with a limited lifetime so that an unauthorized user would not be able to use or reuse the introductory token within the token s lifetime. After a user has been introduced to a new security domain, then all of the user's resource requests are authorized by the new domain.

Abstract translation: 提供了一种方法，系统或计算机程序产品，用于跨域，单点登录，认证功能。 该方法使用介绍性身份验证令牌将已验证的用户从一个域引入新域。 该令牌使用HTTP重定向从一个域传递到另一个域。 该令牌通过使用仅以两个域之间共享的加密密钥以安全方式进行加密来保护，使得外部用户不能生成伪造介绍令牌。 引入令牌进一步受到保护，使其在有限的使用寿命期内使未经授权的用户无法在令牌寿命内使用或重新使用介绍令牌。 在将用户引入新的安全域之后，所有用户的资源请求都被新域授权。

公开(公告)号：DE60130037D1

公开(公告)日：2007-09-27

申请号：DE60130037

申请日：2001-10-25

Applicant: IBM

Inventor： HINTON HEATHER MARIA ,  WINTERS DAVID JOHN

IPC: G06F21/33 ,  G06F21/41 ,  H04L29/06

Abstract: A method, system, or computer program product is presented for cross-domain, single-sign-on, authentication functionality. The methodology uses an introductory authentication token to introduce an already authenticated user from one domain to a new domain. This token is passed from one domain to the other domain using HTTP-redirection. This token is protected by encryption with a cryptographic key shared only between the two domain in a secure manner such that an external user cannot generate a counterfeit introductory token. An introductory token is further protected by enabling it with a limited lifetime so that an unauthorized user would not be able to use or reuse the introductory token within the token s lifetime. After a user has been introduced to a new security domain, then all of the user's resource requests are authorized by the new domain.

公开(公告)号：DE60130037T2

公开(公告)日：2008-05-08

申请号：DE60130037

申请日：2001-10-25

Applicant: IBM

Inventor： HINTON HEATHER MARIA ,  WINTERS DAVID JOHN

IPC: G06F21/33 ,  G06F21/41 ,  H04L29/06

Abstract: A method, system, or computer program product is presented for cross-domain, single-sign-on, authentication functionality. The methodology uses an introductory authentication token to introduce an already authenticated user from one domain to a new domain. This token is passed from one domain to the other domain using HTTP-redirection. This token is protected by encryption with a cryptographic key shared only between the two domain in a secure manner such that an external user cannot generate a counterfeit introductory token. An introductory token is further protected by enabling it with a limited lifetime so that an unauthorized user would not be able to use or reuse the introductory token within the token s lifetime. After a user has been introduced to a new security domain, then all of the user's resource requests are authorized by the new domain.

公开(公告)号：AU1234502A

公开(公告)日：2002-05-21

申请号：AU1234502

申请日：2001-10-25

Applicant: IBM

Inventor： WINTERS DAVID JOHN

IPC: G06F21/33 ,  G06F21/41 ,  H04L29/06 ,  G06F1/00

Abstract: A method, system, or computer program product is presented for cross-domain, single-sign-on, authentication functionality. The methodology uses an introductory authentication token to introduce an already authenticated user from one domain to a new domain. This token is passed from one domain to the other domain using HTTP-redirection. This token is protected by encryption with a cryptographic key shared only between the two domain in a secure manner such that an external user cannot generate a counterfeit introductory token. An introductory token is further protected by enabling it with a limited lifetime so that an unauthorized user would not be able to use or reuse the introductory token within the token s lifetime. After a user has been introduced to a new security domain, then all of the user's resource requests are authorized by the new domain.