1. Field of the Invention
This application relates generally to verifying a user's identity in a computer system. Certain implementations relate more particularly to simplifying and enabling seamless access to commercial and legacy applications using a Department of Defense (“DOD”) common access card (“CAC”). These implementations may provide a seamless login experience to back-end applications, while meeting DOD security policies and regulations. These implementations may provide a central authentication gateway and various agents/adapters to pass login credentials to various types of back-end applications (for example, web-enabled, non-web-enabled, commercial off-the shelf (“COTS”), and custom government applications).
2. Discussion of the Related Art
Business applications traditionally require a user to login by providing information to verify the user's identity (typically account name and password). Because a user typically needs access to multiple applications to perform the user's job, the user is typically required to perform multiple separate and disparate logins to different applications. For example, a user may be required to navigate multiple logins to different systems to use an accounting application, retrieve a long-term contract, or view demand/supply forecasts. This process may be quite cumbersome and disjointed from a usability perspective if the user must maintain, remember, and/or try to synchronize account names and passwords across disparate applications. This process is particularly problematic where the desired applications (or the associated needed data) are accessed through disparate locations, such as locally, on a local network, and over the Internet, as commonly occurring in large organizations such as the government.
Additionally, DOD has mandated that all agencies deploy DOD CACs to access government business systems. Compliance with this mandate may require various agencies to deploy public key infrastructure (“PKI”) solutions that read, validate, verify, and authenticate user credentials embedded on the CAC. An enterprise PKI can be a large undertaking, typically requiring new business practices, specialized infrastructure to manage/maintain CACs for government employees, and specialized hardware (such as card readers) across the agency. PKI solutions also generally require specialized middleware to interact with card readers and pass login credentials to downstream applications.
Various implementations provide government agencies with a proven solution for meeting the DOD CAC mandate, while simultaneously simplifying and streamlining the overall login process through a single sign-on (“SSO”) feature. SSO allows the user to login one time and, once logged-in, provides the user access to one or more, and possibly all, back-end applications required to perform the user's job. These implementations not only comply with the DOD mandate, but also offer a PKI/SSO solution to seamlessly pass login credentials to back-end applications.