	US 12,231,420 B2
	Single sign-on (SSO) identification across networks
Jaume Cervello, Cambrils (ES); and Jordi Garcia Alvarez, Barcelona (ES)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Jun. 30, 2023, as Appl. No. 18/217,439.
Prior Publication US 2025/0007899 A1, Jan. 2, 2025
Int. Cl. G06F 15/16 (2006.01); G06F 9/54 (2006.01); H04L 9/40 (2022.01); H04L 29/06 (2006.01); H04L 61/5014 (2022.01)

CPC H04L 63/0815 (2013.01) [H04L 61/5014 (2022.05)]

10 Claims

1. A method in a network authentication device for Single Sign-On (SSO) identification across networks of a data communication network, the method comprising the steps:

listening, through a plurality of access points, to Dynamic Host Configuration Server Protocol (DHCP) requests over a wired network and a wireless network to identify endpoints discovering an DHCP server, the DHCP requests sent by endpoints to get first IP addresses;

collecting SSO data concerning the endpoints using an identity service;

generating a DHCP fingerprint for each of the endpoints, including the first IP addresses;

storing DHCP fingerprint to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network;

subsequently detecting the specific endpoint at a second IP address on the wireless network, responsive to a transition by the specific endpoint from the wired network to the wireless network, the detection based on matching a DHCP fingerprint of the specific endpoint to a record of the SSO unification database;

updating the record of the SSO unification database along with corresponding SSO data for the specific endpoint at the second IP address; and

performing an SSO authentication transaction to reauthenticate the specific endpoint.