Invalidity dossier

US 8327426

Single sign on with proxy services

Added 5/13/2026, 6:00:21 AM

IndustrySoftware Technology & Computing Systems (T)

Active provider: Google · gemini-2.5-flash

Auto-generating section 1 of 2: Extensions…

Each section takes ~30-60s with web-search grounding. Keep this tab open — sections will fill in below as they complete.

⚖️ 1 PTAB proceeding on file for this patent

— Inter Partes Review, Post-Grant Review, or Covered Business Method proceedings at the USPTO Patent Trial and Appeal Board.

See proceedings →

Got a demand letter citing US 8327426?

Paste the full letter into the analyzer. We extract every asserted patent (this one and any others), characterize the asserter, flag validity vulnerabilities, and draft a sample response letter your attorney can adapt.

Analyze a letter →

Generic sample response letter (PDF)

Generates a draft reply letter to a generic infringement claim citing this patent, using the analysis in this dossier. For a response tailored to a specific letter you received, use the demand letter analyzer instead. Sample only — not legal advice. Do not send without review by a licensed patent attorney.

Watchlist

Get alerted when this patent moves.

Email-only, free, anonymous. We'll notify you when US 8327426 gets a new lawsuit, a new PTAB proceeding, or a new dossier section. One-click unsubscribe from any alert.

Patent summary

Title, assignee, inventors, filing/issue dates, abstract, and a plain-language overview of the claims.

✓ Generated

US Patent 8327426, titled "Single sign on with proxy services," was filed on June 1, 2006, and issued on December 4, 2012. The original assignee was Novell Intellectual Property Holdings Inc, and the current assignee is Netskope Inc. The inventors are Stephen Hugh Kinser, Lloyd Leon Burch, and Cameron Craig Morris.

Abstract:
The patent describes techniques for providing single sign-on (SSO) with proxy services. A principal authenticates to a first identity service, which has a trusted relationship with a second identity service. An authentication request, including an authentication response from the first identity service, is sent to the second identity service. This response, provided after successful authentication to the first identity service, allows the principal to be authenticated for access to the second identity service. Furthermore, targeted services accessible through the second identity service are proxied to and from the principal during interactions between the principal and an external service.

Plain-Language Overview of Independent Claims:

Claim 1: This claim outlines a computer-implemented method for transparent single sign-on. When a user (principal) tries to access an external service, their authentication request is intercepted by a first identity service. After the first identity service authenticates the user, it creates a new "authentication message" containing both a request and a response, which vouches for the user's authentication. This message is sent to a second "identity service" to grant the user single sign-on access to that service and its associated services (including the original external service). The principal is unaware that these proxying and authentication steps are happening. The new authentication response also dictates whether a single or multiple authentication steps are needed for access to other services.
Claim 8: This claim describes a computer-implemented method from the perspective of a "receiving identity service." This service indirectly receives an authentication request and response for a single sign-on transaction. These messages are generated by an "original identity service" (acting as a transparent proxy) after it has authenticated the user. The receiving identity service, which has a secure relationship with the original identity service, then detects an "instruction" within the received authentication response. Based on a dynamic, real-time evaluation of its policies, the receiving identity service takes action to authenticate the user for access to its "targeted services." Access to these targeted services also happens transparently through proxied sessions via this receiving identity service.
Claim 14: This claim details a computer-implemented method for providing proxied access to a targeted service. A request for access is received from a user (principal), containing two authentication tokens. The first token indicates authentication with a "first identity service," and the second indicates authentication with a "second identity service." The second identity service automatically issues the second token based on the first token, due to a secure, trusted relationship where it relies on the first identity service's authentication. The second token also signifies that the first identity service can authorize the principal to access a specific "targeted service" controlled by the second identity service. A "service token" for this targeted service is then acquired and supplied to the first identity service. The first identity service then passes this service token to the principal, acting as a proxy to make the targeted service accessible. The principal perceives direct interaction with the targeted service, even though it was originally only available within the second identity service's environment and is being proxied through the first identity service.

Litigation Status:
The patent is currently active and is noted to expire on April 24, 2029.

According to the patent's legal status information, the family of this patent has litigation. Specifically:

A PTAB case (IPR2026-00026) was filed, though it was "Not Instituted - Procedural."
First worldwide family litigation was filed.
Two US cases were filed in the California Northern District Court: 3:25-cv-02360 and 4:25-cv-02360.

No specific CAFC 2026 docket information for US8327426 was found during the current search, though the general CAFC case information portal was identified. However, the patent document itself provides more direct litigation details as noted above.

Generated 5/25/2026, 12:49:06 AM