公开(公告)号：US20130007194A1

公开(公告)日：2013-01-03

申请号：US13173469

申请日：2011-06-30

申请人： Yaser K. Doleh ,  Jeffrey W. Lucas ,  Mauro Marzorati ,  Brian M. O'Connell ,  Keith R. Walker

发明人： Yaser K. Doleh ,  Jeffrey W. Lucas ,  Mauro Marzorati ,  Brian M. O'Connell ,  Keith R. Walker

IPC分类号： G06F15/16

CPC分类号： H04L67/02 ,  H04L61/1511 ,  H04L63/08 ,  H04L67/142 ,  H04L67/2814

摘要： In a method for transferring session data from a first application accessible via at least one DNS name in a first DNS domain to a second application accessible via at least one DNS name in a second DNS domain, a computer receives via the first application a first HTTP request from an HTTP client, and in response, the computer establishes a first session with the HTTP client. The computer receives, from the HTTP client, a second HTTP request comprising an identifier of the second application, and in response, the computer stores in a memory a data structure identifiable by a data structure identifier and containing data pertaining to the first session. Responsive to storing the data structure, the computer transmits, to the HTTP client, an HTTP response comprising the data structure identifier, a redirection status code, and a URI comprising a DNS name in the second DNS domain.

公开(公告)号：US08880872B2

公开(公告)日：2014-11-04

申请号：US13480038

申请日：2012-05-24

申请人： Yaser K. Doleh ,  Christopher G. Kalamaras ,  Mauro Marzorati

发明人： Yaser K. Doleh ,  Christopher G. Kalamaras ,  Mauro Marzorati

IPC分类号： G06F21/00 ,  G06F21/41 ,  G06F21/33

CPC分类号： H04L63/0815 ,  G06F21/335 ,  G06F21/41 ,  G06F2221/0706 ,  G06F2221/2101 ,  G06F2221/2115 ,  G06F2221/2119 ,  H04L63/083

摘要： A first computer sends a request to the second computer to access the application. The second computer determines that the user has not yet been authenticated to the application. The second computer redirects the request to a third computer. The third computer determines that the user has been authenticated to the third computer. The third computer authenticates the user to the application. The second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. The third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer.

摘要翻译： 第一台计算机向第二台计算机发送访问应用程序的请求。 第二台计算机确定用户尚未对应用程序进行身份验证。 第二台计算机将请求重定向到第三台计算机。 第三台计算机确定用户已被认证到第三台计算机。 第三台计算机向应用程序验证用户。 第二台计算机将会话密钥返回给第三台计算机，用于应用程序和用户之间的会话。 会话具有第二台计算机或应用程序的范围，但不包括域的范围。 第三台计算机生成另一个具有域范围的会话密钥，并将域范围会话密钥发送到第一台计算机。

公开(公告)号：US08219802B2

公开(公告)日：2012-07-10

申请号：US12116616

申请日：2008-05-07

申请人： Yaser K. Doleh ,  Christopher G. Kalamaras ,  Mauro Marzorati

发明人： Yaser K. Doleh ,  Christopher G. Kalamaras ,  Mauro Marzorati

IPC分类号： G06F21/00

CPC分类号： H04L63/0815 ,  G06F21/335 ,  G06F21/41 ,  G06F2221/0706 ,  G06F2221/2101 ,  G06F2221/2115 ,  G06F2221/2119 ,  H04L63/083

摘要： A first computer sends a request to the second computer to access the application. In response, the second computer determines that the user has not yet been authenticated to the application. In response, the second computer redirects the request to a third computer. In response, the third computer determines that the user has been authenticated to the third computer. In response, the third computer authenticates the user to the application. In response, the second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. In response to the authentication of the user to the second application and receipt by the third computer of the session key from the second computer for a session between the user and the second computer or the application, the third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer. The first computer sends another request to the application with the domain-scope session key.

摘要翻译： 第一台计算机向第二台计算机发送访问应用程序的请求。 作为响应，第二计算机确定用户尚未被认证到该应用。 作为响应，第二计算机将请求重定向到第三计算机。 作为响应，第三计算机确定用户已被认证到第三计算机。 作为响应，第三台计算机向应用程序认证用户。 作为响应，第二计算机向第三计算机返回会话密钥以用于应用和用户之间的会话。 会话具有第二台计算机或应用程序的范围，但不包括域的范围。 响应于用户对第二应用的认证和第三计算机从第二计算机接收用于用户和第二计算机或应用之间的会话的会话密钥，第三计算机生成具有范围的另一会话密钥 并将域范围会话密钥发送到第一台计算机。 第一台计算机使用域范围会话密钥向应用发送另一个请求。

公开(公告)号：US20120291141A1

公开(公告)日：2012-11-15

申请号：US13480038

申请日：2012-05-24

申请人： Yaser K. Doleh ,  Christopher G. Kalamaras ,  Mauro Marzorati

发明人： Yaser K. Doleh ,  Christopher G. Kalamaras ,  Mauro Marzorati

IPC分类号： G06F21/24

CPC分类号： H04L63/0815 ,  G06F21/335 ,  G06F21/41 ,  G06F2221/0706 ,  G06F2221/2101 ,  G06F2221/2115 ,  G06F2221/2119 ,  H04L63/083

摘要： A first computer sends a request to the second computer to access the application. The second computer determines that the user has not yet been authenticated to the application. The second computer redirects the request to a third computer. The third computer determines that the user has been authenticated to the third computer. The third computer authenticates the user to the application. The second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. The third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer.

摘要翻译： 第一台计算机向第二台计算机发送访问应用程序的请求。 第二台计算机确定用户尚未对应用程序进行身份验证。 第二台计算机将请求重定向到第三台计算机。 第三台计算机确定用户已被认证到第三台计算机。 第三台计算机向应用程序验证用户。 第二台计算机将会话密钥返回给第三台计算机，用于应用程序和用户之间的会话。 会话具有第二台计算机或应用程序的范围，但不包括域的范围。 第三台计算机生成另一个具有域范围的会话密钥，并将域范围会话密钥发送到第一台计算机。

公开(公告)号：US20090282239A1

公开(公告)日：2009-11-12

申请号：US12116616

申请日：2008-05-07

申请人： Yaser K. Doleh

发明人： Yaser K. Doleh

IPC分类号： H04L9/32

CPC分类号： H04L63/0815 ,  G06F21/335 ,  G06F21/41 ,  G06F2221/0706 ,  G06F2221/2101 ,  G06F2221/2115 ,  G06F2221/2119 ,  H04L63/083

摘要： A first computer sends a request to the second computer to access the application. In response, the second computer determines that the user has not yet been authenticated to the application. In response, the second computer redirects the request to a third computer. In response, the third computer determines that the user has been authenticated to the third computer. In response, the third computer authenticates the user to the application. In response, the second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. In response to the authentication of the user to the second application and receipt by the third computer of the session key from the second computer for a session between the user and the second computer or the application, the third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer. The first computer sends another request to the application with the domain-scope session key.

摘要翻译： 第一台计算机向第二台计算机发送访问应用程序的请求。 作为响应，第二计算机确定用户尚未被认证到该应用。 作为响应，第二计算机将请求重定向到第三计算机。 作为响应，第三计算机确定用户已被认证到第三计算机。 作为响应，第三台计算机向应用程序认证用户。 作为响应，第二计算机向第三计算机返回会话密钥以用于应用和用户之间的会话。 会话具有第二台计算机或应用程序的范围，但不包括域的范围。 响应于用户对第二应用的认证和第三计算机从第二计算机接收用于用户和第二计算机或应用之间的会话的会话密钥，第三计算机生成具有范围的另一会话密钥 并将域范围会话密钥发送到第一台计算机。 第一台计算机使用域范围会话密钥向应用发送另一个请求。