De-authenticating in security environments only providing authentication

US 20020161886A1
Filed: 04/26/2001
Published: 10/31/2002
Est. Priority Date: 04/26/2001
Status: Active Grant

First Claim

Patent Images

1. A method for de-authenticating from a first web server security realm protected by an authentication scheme lacking a de-authentication operation, the method comprising:

attempting to access a first resource in a first security realm protected by the authentication scheme;

receiving a request for authentication credentials in response to said attempting to access the first resource;

supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and

accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm on accessing thereof.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a protocol providing for authentication to a first security realm, but failing to provide for a logout operation to de-authenticate from the first security realm, a logout operation is effected by providing a logout button, hyperlink, or other linking construct that causes a user to be transparently authenticated to a second security realm. For example, with respect to HTTP basic authentication, authentication with the second security realm removes, or logs out, the user from the first security realm.

Citations

22 Claims

1. A method for de-authenticating from a first web server security realm protected by an authentication scheme lacking a de-authentication operation, the method comprising:
- attempting to access a first resource in a first security realm protected by the authentication scheme;
  
  receiving a request for authentication credentials in response to said attempting to access the first resource;
  
  supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and
  
  accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm on accessing thereof.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - providing a common access point executing a web browser;
      
      first displaying a login web page of the second security realm so that a first user may authenticate with the first security realm and access the first resource, the login page comprising a login resource configured to perform said attempting to access the first resource; and
      
      second displaying the login web page of the second security realm responsive to said accessing the logout resource so that a second user may authenticate with the first security realm and access the first resource.
  - 3. The method of claim 1, wherein the logout resource executes a script configured to authenticate a user with the second security realm.
  - 4. The method of claim 3, wherein the logout resource comprises a web page element comprising a link to the script, and wherein the web page element incorporates authentication credentials for the second security realm so that the user need not provide authentication credentials to access the second security realm.
  - 5. The method of claim 1, wherein the authentication scheme comprises HTTP basic authentication.

6. A method for de-authenticating from an HTTP basic authentication, comprising:
- attempting to access a first resource in a first security realm protected by HTTP basic authentication;
  
  responsive to said attempting to access, receiving an authentication request for controlling access to the first resource;
  
  supplying authentication credentials responsive to said authentication request so as to authenticate with the first security realm;
  
  accessing a second resource in the first security realm; and
  
  responsive to said accessing the second resource, automatically authenticating with a second security realm.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein said authenticating with the second security realm invalidates a prior authentication with the first security realm.
  - 8. The method of claim 7, further comprising:
    - displaying a login element within a web browser, the login element configured to access the first resource upon activation thereof.
  - 9. The method of claim 8, further comprising:
    - displaying a logout element within the web browser for performing said automatically authenticating with the second security realm; and
      
      within a single browser session;
      
      authenticating a first user with the first security realm;
      
      authenticating the first user with the second security realm so as to de-authenticate the first user from the first security realm; and
      
      authenticating a second user with the first security realm.

10. An article of manufacture for de-authenticating from a first web server security realm protected by an authentication scheme lacking a de-authentication operation, comprising a readable medium having instructions encoded thereon for execution by a processor, said instructions capable of directing the processor to perform:
- attempting to access a first resource in a first security realm protected by the authentication scheme;
  
  receiving a request for authentication credentials in response to said attempting to access the first resource;
  
  supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and
  
  accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm on accessing thereof.
- View Dependent Claims (11, 12, 13, 14, 16, 17, 18, 20)
- - 11. The article of manufacture of claim 10, said instructions comprising further instructions capable of directing the processor to perform:
    - providing a common access point executing a web browser;
      
      first displaying a login web page of the second security realm so that a first user may authenticate with the first security realm and access the first resource, the login page comprising a login resource configured to perform said attempting to access the first resource; and
      
      second displaying the login web page of the second security realm responsive to said accessing the logout resource so that a second user may authenticate with the first security realm and access the first resource.
  - 12. The article of manufacture of claim 10, wherein said instructions for said logout resource comprise instructions capable of directing the processor to execute a script configured to authenticate a user with the second security realm.
  - 13. The article of manufacture of claim 12, further comprising:
    - said instructions for said logout resource further comprising instructions capable of directing the processor to provide a web page element comprising a link to the script; and
      
      said instructions for said web page element further comprising instructions capable of directing the processor to provide authentication credentials for the second security realm so that the user need not provide authentication credentials to access the second security realm.
  - 14. The article of manufacture of claim 10, wherein the authentication scheme comprises HTTP basic authentication.
  - 16. The article of manufacture of claim 15, wherein said instructions for authenticating with the second security realm invalidates a prior authentication with the first security realm.
  - 17. The article of manufacture of claim 16, said instructions comprising further instructions capable of directing the processor to perform:
    - displaying a login element within a web browser, the login element configured to access the first resource upon activation thereof.
  - 18. The article of manufacture of claim 17, said instructions comprising further instructions capable of directing the processor to perform:
    - displaying a logout element within the web browser for performing said automatically authenticating with the second security realm; and
      
      within a single browser session;
      
      authenticating a first user with the first security realm;
      
      authenticating the first user with the second security realm so as to de-authenticate the first user from the first security realm; and
      
      authenticating a second user with the first security realm.
  - 20. The apparatus of claim 10, further comprising:
    - means for providing a common access point executing a web browser;
      
      means for first displaying a login web page of the second security realm so that a first user may authenticate with the first security realm and access the first resource, the login page comprising a login resource configured to perform said attempting to access the first resource; and
      
      means for second displaying the login web page of the second security realm responsive to said accessing the logout resource so that a second user may authenticate with the first security realm and access the first resource.

15. An article of manufacture for de-authenticating from an HTTP basic authentication comprising a readable medium having instructions encoded thereon for execution by a processor, said instructions capable of directing the processor to perform:
- attempting to access a first resource in a first security realm protected by HTTP basic authentication;
  
  responsive to said attempting to access, receiving an authentication request for controlling access to the first resource;
  
  supplying authentication credentials responsive to said authentication request so as to authenticate with the first security realm;
  
  accessing a second resource in the first security realm; and
  
  responsive to said accessing the second resource, automatically authenticating with a second security realm.

19. An apparatus for de-authenticating from a first web server security realm protected by an authentication scheme lacking a de-authentication operation, comprising:
- means for attempting to access a first resource in a first security realm protected by the authentication scheme;
  
  means for receiving a request for authentication credentials in response to said attempting to access the first resource;
  
  means for supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and
  
  means for accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm on accessing thereof.

21. An apparatus for de-authenticating from an HTTP basic authentication comprising:
- means for attempting to access a first resource in a first security realm protected by HTTP basic authentication;
  
  responsive to said attempting to access, means for receiving an authentication request for controlling access to the first resource;
  
  means for supplying authentication credentials responsive to said authentication request so as to authenticate with the first security realm;
  
  means for accessing a second resource in the first security realm; and
  
  responsive to said accessing the second resource, means for automatically authenticating with a second security realm.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, further comprising:
    - means for displaying a logout element within the web browser for performing said automatically authenticating with the second security realm; and
      
      within a single browser session;
      
      means for authenticating a first user with the first security realm;
      
      means for authenticating the first user with the second security realm so as to de-authenticate the first user from the first security realm; and
      
      means for authenticating a second user with the first security realm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wang, Bing, Zhang, Jessica

Granted Patent

US 7,020,705 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/08 for authentication of entit...

De-authenticating in security environments only providing authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

De-authenticating in security environments only providing authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links