Positioning control method and positioning device
US-2017299726-A1 · Oct 19, 2017 · US
Method and apparatus for protecting a single sign-on domain from credential leakage
US8943571B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-8943571-B2 |
| Application number | US-201113252931-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 4, 2011 |
| Priority date | Oct 4, 2011 |
| Publication date | Jan 27, 2015 |
| Grant date | Jan 27, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for protecting a single sign-on domain, comprising: providing, by an authentication server, an authentication cookie to a user browser client, wherein the authentication cookie has at least one user authentication credential for the single sign-on domain, and is associated with an authentication subdomain of the single sign-on domain; receiving, by the authentication server, the authentication cookie in an access request from the user browser client, wherein the access request is based on a redirection received by the user browser client from a content server within the single sign-on domain in response to a content request from the user browser client; upon authentication of the user authentication credential in the received authentication cookie, responding, by the authentication server, to the access request by forwarding, to the user browser client, a limited-use cookie for the single sign-on domain; receiving, by the authentication server, a request from the content server to validate a session identifier of the limited-use cookie, wherein the content server received the limited-use cookie from the user browser client; upon validation of the session identifier of the limited-use cookie, providing, by the authentication server, a valid session message to the content server for enabling the content server to forward requested content to the user browser client and upon validation of the session identifier of the limited-use cookie, invalidating, by the authentication server, the limited-use cookie to prohibit further use of the limited-use cookie. 2. A method as defined in claim 1 , wherein the limited-use cookie comprises a one-time use cookie. 3. A method as defined in claim 1 , wherein the limited-use cookie has a expiration time. 4. A method as defined in claim 3 , wherein the expiration time comprises about one minute. 5. A method as defined in claim 1 , wherein the content server comprises a subdomain of the single sign-on domain. 6. A method as defined in claim 5 , wherein the limited-use cookie is only valid for the content server's subdomain. 7. A method as defined in claim 1 , wherein the session identifier comprises a one-time session key. 8. An authentication server, comprising: means for providing an authentication cookie to a user browser client, wherein the authentication cookie has at least one user authentication credential for the single sign-on domain, and is associated with an authentication subdomain of the single sign-on domain; means for receiving the authentication cookie in an access request from the user browser client, wherein the access request is based on a redirection received by the user browser client from a content server within the single sign-on domain in response to a content request from the user browser client; means for responding to the access request, upon authentication of the user authentication credential in the received authentication cookie, by forwarding, to the user browser client, a limited-use cookie for the single sign-on domain; means for receiving a request from the content server to validate a session identifier of the limited-use cookie, wherein the content server received the limited-use cookie from the user browser client; means for providing, upon validation of the session identifier of the limited-use cookie, a valid session message to the content server for enabling the content server to forward requested content to the user browser client; and means for invalidating, upon validation of the session identifier of the limited-use cookie, the limited-use cookie to prohibit further use of the limited-use cookie. 9. An authentication server as defined in claim 8 , wherein the limited-use cookie comprises a one-time use cookie. 10. An authentication server as defined in claim 8 , wherein the limited-use cookie has a expiration time. 11. An authentication server as defined in claim 10 , wherein the expiration time comprises about one minute. 12. An authentication server as defined in claim 8 , wherein the content server comprises a subdomain of the single sign-on domain. 13. An authentication server as defined in claim 12 , wherein the limited-use cookie is only valid for the content server's subdomain. 14. An authentication server as defined in claim 8 , wherein the session identifier comprises a one-time session key. 15. An authentication server, comprising: a processor configured to: provide an authentication cookie to a user browser client, wherein the authentication cookie has at least one user authentication credential for the single sign-on domain, and is associated with an authentication subdomain of the single sign-on domain; receive the authentication cookie in an access request from the user browser client, wherein the access request is based on a redirection received by the user browser client from a content server within the single sign-on domain in response to a content request from the user browser client; respond to the access request, upon authentication of the user authentication credential in the received authentication cookie, by forwarding, to the user browser client, a limited-use cookie for the single sign-on domain; receive a request from the content server to validate a session identifier of the limited-use cookie, wherein the content server received the limited-use cookie from the user browser client; provide, upon validation of the session identifier of the limited-use cookie, a valid session message to the content server for enabling the content server to forward requested content to the user browser; and invalidate, upon validation of the session identifier of the limited-use cookie, the limited-use cookie to prohibit further use of the limited-use cookie. 16. An authentication server as defined in claim 15 , wherein the limited-use cookie comprises a one-time use cookie. 17. An authentication server as defined in claim 15 , wherein the limited-use cookie has a expiration time. 18. An authentication server as defined in claim 17 , wherein the expiration time comprises about one minute. 19. An authentication server as defined in claim 15 , wherein the content server comprises a subdomain of the single sign-on domain. 20. An authentication server as defined in claim 19 , wherein the limited-use cookie is only valid for the content server's subdomain. 21. An authentication server as defined in claim 15 , wherein the session identifier comprises a one-time session key. 22. A computer program product, comprising: non-transitory computer-readable medium, comprising: code for causing a computer to provide an authentication cookie to a user browser client, wherein the authentication cookie has at least one user authentication credential for the single sign-on domain, and is associated with an authentication subdomain of the single sign-on domain; code for causing a computer to receive the authentication cookie in an access request from the user browser client, wherein the access request is based on a redirection received by the user browser client from a content server within the single sign-on domain in response to a content request from the user browser client; code for causing a computer to respond to the access request, upon authentication of the user authentication credential in the received authentication cookie, by forwarding, to the user browser client, a limited-use cookie for the single sign-on domain; code for causing a computer to receiv
Assignees
Inventors
Classifications
providing single-sign-on or federations · CPC title
by combining or switching between position solutions or signals derived from different satellite radio beacon positioning systems; by combining or switching between position solutions or signals derived from different modes of operation in a single system · CPC title
by combining or switching between position solutions derived from the satellite radio beacon positioning system and position solutions derived from a further system · CPC title
involving long acquisition integration times, extended snapshots of signals or methods specifically directed towards weak signal acquisition · CPC title
Services making use of location information · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US8943571B2 cover?
- Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication…
- Who is the assignee on this patent?
- Paddon Michael W, Flanagan Jessica M, Brown Craig M, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification G01S19/32. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 27 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).