The disclosed embodiments relate generally to authorizing access to data including, for example, between a user terminal and a server in a communications network. Apparatus and methods according to various embodiments are capable of, for example, authorizing and/or validating access to controlled data in a communication network.
Methods and apparatus for authorizing access to data are known. For example, single sign on server (“SSoS”) systems allow a single computer server to authorize a user of a computer terminal for access to data located on another computer server in a communication network.
Such known methods and apparatus have been implemented in a variety of ways. One system redirects a computer terminal from a computer server housing data to an authentication computer server for authorization for access to the data when the user of the computer terminal attempts to access the data. The user can then authenticate with the authentication computer server, and the authentication computer server redirects the computer terminal back to the computer server housing the data for accessing the data.
Another known system allows a user of a computer terminal to authenticate with a computer server and then access other partner computer servers without authenticating with each partner computer server. Such systems are often implemented using data received by the computer terminal from the authenticating computer server. This data, often referred to as a cookie is stored on the computer terminal and sent to the partner computer servers by the computer terminal as an indication that the computer terminal is authorized to access the partner computer servers. In such a system, each of the authenticating computer server and the partner computer servers can interpret the data. For example, the data may be encrypted and each of the authenticating computer server and the partner computer servers have access to appropriate encryption keys for encrypting and/or decrypting the data.
Other such known systems pass data between the authenticating computer server and the partner computer servers to authorize the computer terminal for access to data on the partner computer servers. For example, a user of a computer terminal can authenticate with a computer server and then request data from a partner computer server. The partner computer server then requests an authentication status of the computer terminal from the authenticating computer server. If the authenticating computer server indicates to the partner computer server that the computer terminal is authenticated, the partner computer server provides to the computer terminal access to the data. If the authenticating computer server indicates to the partner computer server that the computer terminal is not authenticated, the partner computer server denies the computer terminal access to the data, or initiates an authentication process with the computer terminal.
Known methods of providing authorized and/or validated access to data suffer several disadvantages. For example, to access controlled data, users are often directed from one computer server or web page to another for authentication. After authenticating, users are then redirected to the computer server or web page hosting or displaying the data of interest. In some instances, a user is directed from one web page to another for authentication, and then redirected back to the original web page for accessing data. This repetitive change in web pages and shift in perspective can be an annoyance to users.
Additionally, some known methods and/or systems involve manual user intervention for at least a portion of a process. For example, some methods involve manual intervention to initiate or complete an authorization process. Such manual intervention can be an annoyance to and/or cause confusion for users.
In other known systems, multiple computer servers have access to encryption keys and/or are able to authorize access to data stored on other computer servers. These arrangements can raise significant security concerns and can be difficult to implement.