Secure session management and authentication for web sites
First Claim
1. A method of secure session management and authentication between a web site and a web client, said web site having secure and non-secure web pages, said method comprising the steps of:
- a) utilizing anon-secure communicationprotocol and a session cookie when said web client requests access to said non-secure web pages; and
b) utilizing a secure communication protocol and an authcode cookie when said web client requests access to said secure web pages.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention comprises a system and method for secure session management and authentication between web sites and web clients. The method includes both secure and non-secure communication protocols, means for switching between secure and non-secure communication protocols, a session cookie and an authcode cookie. The session cookie is used for session management and the authcode cookie is used for authentication. The session cookie is transmitted using a non-secure communication protocol when the web client accesses a non-secure web page, whereas, the authcode cookie is transmitted using a secure communication protocol when the web client accesses a secure web page. Session management architecture and usage of two distinct cookies along with both secure and non-secure communication protocols prevents unauthorized users from accessing sensitive web client or web site information.
-
Citations
34 Claims
-
1. A method of secure session management and authentication between a web site and a web client, said web site having secure and non-secure web pages, said method comprising the steps of:
-
a) utilizing anon-secure communicationprotocol and a session cookie when said web client requests access to said non-secure web pages; and
b) utilizing a secure communication protocol and an authcode cookie when said web client requests access to said secure web pages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19)
-
-
12. A system, for secure session management and authentication between a web site and a web client, said system comprising a web server, a web client and a communication channel, said web server coupled to said web client via said communication channel, said web server having a web site, said web site including:
-
a) secure and non-secure web pages;
b) a non-secure communication protocol and a session cookie for allowing said web client access to said non-secure web pages; and
c) a secure communication protocol and an authcode cookie for allowing said web client access to said secure web pages.
-
-
20. A computer program embodied on a computer readable medium, said computer program providing for secure session management and authentication between a web site and a web client, said web site having secure and non-secure web pages, said computer program adapted to:
-
a) use a non-secure communication protocol and a session cookie when said web client requests access to said non-secure web pages; and
b) use a secure communication protocol and an authcode cookie when said web client requests access to said secure web pages. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer program for creating a NAME attribute in a session cookie, said computer program comprising the steps of:
-
a) generating a user_id;
b) generating a session_string;
c) generating a session_timestamp;
d) appending said session_timestamp to said session_string to create an intermediate value;
e) applying a one way hash function to said intermediate value to create a final value; and
f) storing said final value in said NAME attribute. - View Dependent Claims (32)
-
-
33. A computer program for creating a NAME attribute in an authcode cookie, said computer program comprising the steps of:
-
a) generating an authcode;
b) generating an authcode_timestamp;
c) appending said authcode_timestamp to said authcode to create an intermediate value;
d) applying a one way hash function to said intermediate value to create a final value; and
e) storing said final value in said NAME attribute. - View Dependent Claims (34)
-
Specification