WO2006065004A1 - System and method for performing service logout in single-sign-on service using identity - Google Patents

System and method for performing service logout in single-sign-on service using identity Download PDF

Info

Publication number
WO2006065004A1
WO2006065004A1 PCT/KR2005/000713 KR2005000713W WO2006065004A1 WO 2006065004 A1 WO2006065004 A1 WO 2006065004A1 KR 2005000713 W KR2005000713 W KR 2005000713W WO 2006065004 A1 WO2006065004 A1 WO 2006065004A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
logout
session
request
referring
Prior art date
Application number
PCT/KR2005/000713
Other languages
French (fr)
Inventor
Sang Rae Cho
Yeong Sub Cho
Dae Seon Choi
Jong Hyouk Noh
Taesung Kim
Seung Hyun Kim
Seung Hun Jin
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Publication of WO2006065004A1 publication Critical patent/WO2006065004A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Definitions

  • the present invention relates to a system and a method for performing a service logout in a single-sign-on service using federated identity.
  • a Korean patent application No.10-2000-0044999 titled "Method for performing automatic joining and automatic login of an Internet site and system using the same” discloses an authentication technology such that when the member of the site accesses another external site linked by the site, the member is allowed to achieve the same rights as the member of the external site without a separate login- procedure.
  • the above Korean application discloses an SSO (Single-Sign-On) method, in which when the users intend to become a member of a predetermined site (sub-site) the system delivers member information of a site (main-site) already joined by the users to the sub-site, thereby allowing the users to achieve the same rights as the member of the main site also in the sub-site without a separate login-procedure.
  • SSO Single-Sign-On
  • Liberty Alliance group provides a single- logout service in which respective SPs manage user IDs and passwords and work in cooperation with one another to provide an Internet SSO service to users and the users are allowed to logout from all the logged-in SPs at a time if the users desire to logout.
  • Liberty Alliance does not provide a service for allowing the users to logout a single website when the users may want to leave the visited website and no longer wish to come back that site. Disclosure of Invention Technical Problem
  • the present invention is directed to a system and a method for performing a service logout in a single-sign-on service that substantially obviate one or more of the problems due to limitations and disadvantages of the related art.
  • An object of the present invention is to provide a system and a method for performing a service logout in a single-sign-on service using a federated identity capable of processing service-logout requests in cooperation with system policies and sessions so as to support logouts from respective sites which cannot be provided by a related art SSO.
  • a system provided performing a service logout in a single-sign-on service using a federated identity which includes: a service-logout-request processor for receiving a service-logout request from an SP to refer to policies regarding a service logout through a system policy manager and referring to whether a session is valid through a session manager; a system policy manager for referring to whether a user has rights for performing a service logout and referring to other policies necessary for the service logout; and a session manager for managing an authentication session and a service session of the user and referring to whether a session exists and is valid in order to logout from the service session.
  • a method provided for performing a service logout in a single-sign-on service using a federated identity which includes the steps of: referring to service-logout polices through a policy database (DB) when a service-logout request is received; judging whether the service- logout request is valid on the basis of the above-referred policy; if the service-logout request is valid as a result of the judgment, referring to session information using a session ID and checking whether a session is valid; and if the session is valid currently as a result of the checking, deleting the session.
  • DB policy database
  • FIG. 1 is a view schematically illustrating a structure of a system for performing a service logout in a single-sign-on service using a federated identity according to the present invention
  • FIG. 2 is a view schematically illustrating a structure and an operation principle of a system policy manager according to the present invention
  • FIG. 3 is a view schematically illustrating a structure and an operation principle of a session manager according to the present invention
  • FIG. 4 is a flowchart illustrating a schematic processing procedure of a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention.
  • FIG. 5 is a flowchart illustrating a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention. Best Mode for Carrying Out the Invention
  • FIG. 1 is a view schematically illustrating a structure of a system for performing a service logout in a single-sign-on service using a federated identity according to the present invention.
  • the SP 2000 is intended for providing services to users through on-line.
  • the SP is intended for providing services to users through on-line.
  • ID service provider 2000 has a service-logout request and response processor for requesting an ID service provider (IDSP) 1000 to perform a service logout and receiving a response thereto from the IDSP 1000 to output a response message to a user's web-browser.
  • IDSP ID service provider
  • the IDSP 1000 is intended for allowing users to login a plurality of sites through an
  • the IDSP 1000 includes a service-logout-request processor 100 for receiving a service-logout request of a user transmitted from the SP 2000 and referring to policies regarding service logout by communicating with a system policy manage; the system policy manager 200 for referring to whether a user has rights for performing a service logout and referring to other policies necessary for the service logout; and a session manager 300 for managing an authentication session and a service session of the user and referring to whether a session exists and is valid in order to logout from the service session.
  • the service-logout-request processor 100 determines whether to logout from the service session and perform the logout on the basis of the information referred through the system policy manager 200 and the session manager 300 and transmits results to the SP.
  • FIG. 2 is a view schematically illustrating a structure and an operation principle of a system policy manager 200 for managing policies regarding an SSO according to the present invention.
  • the system policy manager 200 has a policy request receiver 201 for receiving requests regarding a variety of policies and a policy dispatcher 202 for classifying the requests according to the their kind to send the classified requests to the relevant module.
  • the policies are roughly classified into registration, inquiry, change, and deletion operations.
  • the system policy manager 200 refers to the policies through a policy database (DB) when performing each operation.
  • DB policy database
  • FIG. 3 is a view schematically illustrating a structure and an operation principle of a session manager 300 for managing SSO sessions according to the present invention.
  • the session manager 300 has a session handler 301 for receiving and analyzing all operations regarding the session and sending a request to the relevant operation. Since the session handler manages session information on a memory and records the session information on a session DB so that log information may be left afterwards, the session handler accesses the DB to leave the record when generating and deleting the session. On the contrary, when referring to and updating the session, the session handler performs the operations directly on the memory.
  • FIG. 4 is a flowchart illustrating a schematic processing procedure of a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention. If users designate an IDSP at an SP 2000 to make a service-logout request, the SP 2000 generates a service-logout request message and transmit the same to the IDSP 1000 through a user's web-browser. At this time, a redirection which is one of communication methods generally used on the web is used.
  • the SP 2000 transmits a login ID of the user and a session ID given when logging in the SP 2000 together with the request message.
  • the IDSP 1000 that has received the request message executes a service logout upon request of the user, makes a response message using results thereof, and transmits the response message to the SP 2000 using a redirection.
  • the SP 2000 that has received the response message informs the user of the results regarding the requested service.
  • FIG. 5 is a flowchart illustrating a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention.
  • the service-logout-request processor 100 of the IDSP 1000 receives a service-logout request
  • the service-logout policies are referred to by the system policy manager 200 first (Sl 1), and whether the user has rights to request a service logout is judged on the basis of the referred policy (S 12).
  • the session information is referred to using the session ID through the session manager 300 (S 13). Whether the session information exists and is currently valid are checked (S 14) and the session manager is requested to delete the relevant service session (S 15).
  • a response message is generated and transmitted to the SP 2000, whereby a service- logout procedure is completed.
  • the present invention increases security in the SSO service as well as enhances reliability of the service and increases efficiency of the system management by providing the service-logout service in that the users of the SSO service using the federated identity may be allowed to separately logout from the respective sites.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system and a method for performing a service logout in a single-sign-on service are provided. The system includes a service-logout-request processor, a system policy manager, and a session manager. The service-logout-request processor receives a service-logout request from an SP (service provider) to refer to policies regarding a service logout through a system policy manager and refers to whether a session is valid through a session manager. The system policy manager refers to whether a user has rights for performing a service logout and refers to other policies necessary for the service logout. The session manager manages an authentication session and a service session of the user and refers to whether a session exists and is valid in order to logout from the service session.

Description

Description
SYSTEM AND METHOD FOR PERFORMING SERVICE LOGOUT IN SINGLE-SIGN-ON SERVICE USING IDENTITY
Technical Field
[1] The present invention relates to a system and a method for performing a service logout in a single-sign-on service using federated identity. Background Art
[2] Thanks to development and expansion of the Internet, an electronic commerce has been rapidly expanded and actively in use. Lots of users become a member of a plurality of on-line service providers (SP) and receive services thereof. The SP requests an user to register an identifier(ID) and a password when the user joins the SP. The SP provides the services after performing a user authentication using the ID and the password registered by the users. However, due to overflowing of numerous SPs, the users have so many IDs and passwords that the users cannot actually memorize all the IDs and the passwords. Thus, lots of systems currently provide a single-sign-on function that allows the users to use web-services without additional authentication if the users pass through an authentication procedure for one time.
[3] For example, a Korean patent application No.10-2000-0044999 titled "Method for performing automatic joining and automatic login of an Internet site and system using the same" discloses an authentication technology such that when the member of the site accesses another external site linked by the site, the member is allowed to achieve the same rights as the member of the external site without a separate login- procedure. Particularly, the above Korean application discloses an SSO (Single-Sign-On) method, in which when the users intend to become a member of a predetermined site (sub-site) the system delivers member information of a site (main-site) already joined by the users to the sub-site, thereby allowing the users to achieve the same rights as the member of the main site also in the sub-site without a separate login-procedure.
[4] However, the above-described Korean application does not provide a service for logging-out when users intend to quit using a service for respective websites in case the users have logged-in multiple websites using SSO.
[5] To solve the above-described problems, Liberty Alliance group provides a single- logout service in which respective SPs manage user IDs and passwords and work in cooperation with one another to provide an Internet SSO service to users and the users are allowed to logout from all the logged-in SPs at a time if the users desire to logout. However, even Liberty Alliance does not provide a service for allowing the users to logout a single website when the users may want to leave the visited website and no longer wish to come back that site. Disclosure of Invention Technical Problem
[6] Accordingly, the present invention is directed to a system and a method for performing a service logout in a single-sign-on service that substantially obviate one or more of the problems due to limitations and disadvantages of the related art.
[7] An object of the present invention is to provide a system and a method for performing a service logout in a single-sign-on service using a federated identity capable of processing service-logout requests in cooperation with system policies and sessions so as to support logouts from respective sites which cannot be provided by a related art SSO.
Technical Solution
[8] To achieve these and other advantages and in accordance with the purpose of the present invention, as embodied and broadly described, there is a system provided performing a service logout in a single-sign-on service using a federated identity, which includes: a service-logout-request processor for receiving a service-logout request from an SP to refer to policies regarding a service logout through a system policy manager and referring to whether a session is valid through a session manager; a system policy manager for referring to whether a user has rights for performing a service logout and referring to other policies necessary for the service logout; and a session manager for managing an authentication session and a service session of the user and referring to whether a session exists and is valid in order to logout from the service session.
[9] According to another aspect of the present invention, there is a method provided for performing a service logout in a single-sign-on service using a federated identity, which includes the steps of: referring to service-logout polices through a policy database (DB) when a service-logout request is received; judging whether the service- logout request is valid on the basis of the above-referred policy; if the service-logout request is valid as a result of the judgment, referring to session information using a session ID and checking whether a session is valid; and if the session is valid currently as a result of the checking, deleting the session. Brief Description of the Drawings
[10] FIG. 1 is a view schematically illustrating a structure of a system for performing a service logout in a single-sign-on service using a federated identity according to the present invention;
[11] FIG. 2 is a view schematically illustrating a structure and an operation principle of a system policy manager according to the present invention; [12] FIG. 3 is a view schematically illustrating a structure and an operation principle of a session manager according to the present invention;
[13] FIG. 4 is a flowchart illustrating a schematic processing procedure of a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention; and
[14] FIG. 5 is a flowchart illustrating a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention. Best Mode for Carrying Out the Invention
[15] Hereinafter, preferred embodiments of the present invention will be described in detail with reference to accompanying drawings.
[16] FIG. 1 is a view schematically illustrating a structure of a system for performing a service logout in a single-sign-on service using a federated identity according to the present invention.
[17] The SP 2000 is intended for providing services to users through on-line. The SP
2000 has a service-logout request and response processor for requesting an ID service provider (IDSP) 1000 to perform a service logout and receiving a response thereto from the IDSP 1000 to output a response message to a user's web-browser.
[18] The IDSP 1000 is intended for allowing users to login a plurality of sites through an
Internet SSO service under a federated identity environment and to logout from the respective sites. The IDSP 1000 includes a service-logout-request processor 100 for receiving a service-logout request of a user transmitted from the SP 2000 and referring to policies regarding service logout by communicating with a system policy manage; the system policy manager 200 for referring to whether a user has rights for performing a service logout and referring to other policies necessary for the service logout; and a session manager 300 for managing an authentication session and a service session of the user and referring to whether a session exists and is valid in order to logout from the service session. The service-logout-request processor 100 determines whether to logout from the service session and perform the logout on the basis of the information referred through the system policy manager 200 and the session manager 300 and transmits results to the SP.
[19] FIG. 2 is a view schematically illustrating a structure and an operation principle of a system policy manager 200 for managing policies regarding an SSO according to the present invention. The system policy manager 200 has a policy request receiver 201 for receiving requests regarding a variety of policies and a policy dispatcher 202 for classifying the requests according to the their kind to send the classified requests to the relevant module. The policies are roughly classified into registration, inquiry, change, and deletion operations. The system policy manager 200 refers to the policies through a policy database (DB) when performing each operation.
[20] FIG. 3 is a view schematically illustrating a structure and an operation principle of a session manager 300 for managing SSO sessions according to the present invention. The session manager 300 has a session handler 301 for receiving and analyzing all operations regarding the session and sending a request to the relevant operation. Since the session handler manages session information on a memory and records the session information on a session DB so that log information may be left afterwards, the session handler accesses the DB to leave the record when generating and deleting the session. On the contrary, when referring to and updating the session, the session handler performs the operations directly on the memory.
[21] FIG. 4 is a flowchart illustrating a schematic processing procedure of a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention. If users designate an IDSP at an SP 2000 to make a service-logout request, the SP 2000 generates a service-logout request message and transmit the same to the IDSP 1000 through a user's web-browser. At this time, a redirection which is one of communication methods generally used on the web is used.
[22] The SP 2000 transmits a login ID of the user and a session ID given when logging in the SP 2000 together with the request message.
[23] The IDSP 1000 that has received the request message executes a service logout upon request of the user, makes a response message using results thereof, and transmits the response message to the SP 2000 using a redirection. The SP 2000 that has received the response message informs the user of the results regarding the requested service.
[24] FIG. 5 is a flowchart illustrating a method for performing a service logout in a single-sign-on service using a federated identity according to the present invention. If the service-logout-request processor 100 of the IDSP 1000 receives a service-logout request, the service-logout policies are referred to by the system policy manager 200 first (Sl 1), and whether the user has rights to request a service logout is judged on the basis of the referred policy (S 12). Next, the session information is referred to using the session ID through the session manager 300 (S 13). Whether the session information exists and is currently valid are checked (S 14) and the session manager is requested to delete the relevant service session (S 15). After the service session is deleted, a response message is generated and transmitted to the SP 2000, whereby a service- logout procedure is completed.
Industrial Applicability
[25] The present invention increases security in the SSO service as well as enhances reliability of the service and increases efficiency of the system management by providing the service-logout service in that the users of the SSO service using the federated identity may be allowed to separately logout from the respective sites.
[26] While the present invention has been described and illustrated herein with reference to the preferred embodiments thereof, it will be apparent to those skilled in the art that various modifications and variations can be made therein without departing from the spirit and scope of the invention. Thus, it is intended that the present invention covers the modifications and variations of this invention that come within the scope of the appended claims and their equivalents.

Claims

Claims
[1] A system for performing a service logout in a single-sign-on service using a federated identity, the system comprising: a service-logout-request processor for receiving a service-logout request from an
SP (service provider) to refer to policies regarding a service logout through a system policy manager and referring to whether a session is valid through a session manager; the system policy manager for referring to whether a user has rights for performing a service logout and referring to other policies necessary for the service logout; and the session manager for managing an authentication session and a service session of the user and referring to whether a session exists and is valid in order to logout from the service session.
[2] The system of claim 1, further comprising a service provider for requesting the service-logout-request processor to allow a service logout, receiving processing results from the service-logout-request processor, and transmitting the results to a web-browser.
[3] The system of claim 1, further comprising: a policy request receiver for receiving requests regarding a variety of policies from the system policy manager; and a policy dispatcher for classifying the requests according to their kind and transmitting the classified requests to a relevant module.
[4] The system of claim 1, wherein the session manager has a session handler for receiving and analyzing all operations regarding the session and transmitting a request to a relevant operation.
[5] The system of claim 4, wherein the session handler accesses a session DB
(database) when generating and deleting the session and performs operations directly on a memory when referring to and updating the session without an access to the session DB.
[6] A method for performing a service logout in a single-sign-on service using a federated identity, the method comprising the steps of: generating a service-logout-request message including a login ID (identification) and a session ID of a user by a service-logout request; redirecting the generated service-logout-request message to an IDSP (ID service provider) through a web-browser; executing a service logout from a single service requested through a service- logout-request message; and redirecting a response message representing results of the executed service logout to an SP (service provider).
[7] A method for performing a service logout in a single- sign-on service using a federated identity, the method comprising the steps of: referring to service-logout polices through a policy DB (database) when a service-logout request is received; judging whether the service-logout request is valid on the basis of the above- referred policy; if the service-logout request is valid as a result of the judgment, referring to session information using a session ID (identification) and checking whether a session is valid; and if the session is valid currently as a result of the checking, deleting the session.
[8] The method of claim 7, further comprising the step of: preparing a response message informing that the session has been deleted and redirecting the response message.
PCT/KR2005/000713 2004-12-15 2005-03-14 System and method for performing service logout in single-sign-on service using identity WO2006065004A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020040106627A KR20060067732A (en) 2004-12-15 2004-12-15 Method of service logout in single sign on service using federated identity
KR10-2004-0106627 2004-12-15

Publications (1)

Publication Number Publication Date
WO2006065004A1 true WO2006065004A1 (en) 2006-06-22

Family

ID=36588032

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2005/000713 WO2006065004A1 (en) 2004-12-15 2005-03-14 System and method for performing service logout in single-sign-on service using identity

Country Status (2)

Country Link
KR (1) KR20060067732A (en)
WO (1) WO2006065004A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008003593A1 (en) * 2006-07-07 2008-01-10 International Business Machines Corporation Method and system for policy-based initiation of federation management
US7743153B2 (en) * 2006-01-18 2010-06-22 International Business Machines Corporation Killing login-based sessions with a single action
CN103560884A (en) * 2013-10-28 2014-02-05 上海浦东物流云计算有限公司 Method and system for user identity information logout, authentication server and client terminal
US8825855B2 (en) 2011-03-31 2014-09-02 International Business Machines Corporation Non-intrusive single sign-on mechanism in cloud services
CN110365680A (en) * 2019-07-16 2019-10-22 中国联合网络通信集团有限公司 Batch based on single-sign-on publishes method and device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101042484B1 (en) * 2008-12-19 2011-06-16 주식회사 케이티 Apparatus and method of service interaction for single login and logout
CN114615084B (en) * 2022-04-11 2024-04-16 西安热工研究院有限公司 Single sign-on logout method, system, electronic equipment and storage medium applied to front-end and back-end separation scene

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003073242A1 (en) * 2002-02-28 2003-09-04 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for handling user identities under single sign-on services
WO2004075035A1 (en) * 2003-02-21 2004-09-02 Telefonaktiebolaget Lm Ericsson (Publ) Service provider anonymization in a single sign-on system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003073242A1 (en) * 2002-02-28 2003-09-04 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for handling user identities under single sign-on services
WO2004075035A1 (en) * 2003-02-21 2004-09-02 Telefonaktiebolaget Lm Ericsson (Publ) Service provider anonymization in a single sign-on system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JUN MIYOSHI.: "Network-based Single Sign-On Architecture for IP-VPN.", IEEE COMMUNICATIONS, COMPUTER AND SIGNAL PROCESSING., vol. 1, 28 August 2003 (2003-08-28) - 30 August 2003 (2003-08-30), pages 458 - 461 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7743153B2 (en) * 2006-01-18 2010-06-22 International Business Machines Corporation Killing login-based sessions with a single action
WO2008003593A1 (en) * 2006-07-07 2008-01-10 International Business Machines Corporation Method and system for policy-based initiation of federation management
US8825855B2 (en) 2011-03-31 2014-09-02 International Business Machines Corporation Non-intrusive single sign-on mechanism in cloud services
CN103560884A (en) * 2013-10-28 2014-02-05 上海浦东物流云计算有限公司 Method and system for user identity information logout, authentication server and client terminal
CN103560884B (en) * 2013-10-28 2016-08-17 上海浦东物流云计算有限公司 The cancellation method of subscriber identity information, system, certificate server and client
CN110365680A (en) * 2019-07-16 2019-10-22 中国联合网络通信集团有限公司 Batch based on single-sign-on publishes method and device
CN110365680B (en) * 2019-07-16 2022-04-15 中国联合网络通信集团有限公司 Batch logout method and device based on single sign-on

Also Published As

Publication number Publication date
KR20060067732A (en) 2006-06-20

Similar Documents

Publication Publication Date Title
JP4579546B2 (en) Method and apparatus for handling user identifier in single sign-on service
TWI400922B (en) Authentication of a principal in a federation
US8332919B2 (en) Distributed authentication system and distributed authentication method
EP2036304B1 (en) Secure communication network user mobility apparatus and methods
EP2375688B1 (en) Managing automatic log in to Internet target resources
EP2643955B1 (en) Methods for authorizing access to protected content
US9197639B2 (en) Method for sharing data of device in M2M communication and system therefor
US8683565B2 (en) Authentication
US7793343B2 (en) Method and system for identity management integration
US9319412B2 (en) Method for establishing resource access authorization in M2M communication
WO2013099065A1 (en) Authentication coordination system and id provider device
EP3297243B1 (en) Trusted login method and device
US20110010762A1 (en) Identity management
CN112235265B (en) System and method for external network to access project progress
US6874088B1 (en) Secure remote servicing of a computer system over a computer network
WO2006065004A1 (en) System and method for performing service logout in single-sign-on service using identity
JP2002334056A (en) System and method for executing log-in in behalf of user
US11165768B2 (en) Technique for connecting to a service
KR101186695B1 (en) Method for interconnecting site based on id federation using federation cookie
CN114389890B (en) User request proxy method, server and storage medium
KR101256675B1 (en) System for preventing id theft, service method thereof, single sign on system using the same and service method thereof
US20060048198A1 (en) Establishing remote connections
CN113922982B (en) Login method, electronic equipment and computer readable storage medium
CN102215211A (en) Communication method, and security policy negotiation method and system for supporting trusted network connect
KR101853350B1 (en) Method and apparatus for the world wide federated authentication

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05789406

Country of ref document: EP

Kind code of ref document: A1