Method and system for terminating an authentication session upon user sign-off

US 20020165971A1
Filed: 05/02/2002
Published: 11/07/2002
Est. Priority Date: 05/04/2001
Status: Active Grant

First Claim

Patent Images

1. A method for terminating an authentication session following a user'"'"'s indication that the user intends to terminate user'"'"'s interaction with an application independent of the application comprising:

monitoring a request for a termination indication from a user in one or more transactions between a user and an application; and

terminating an authentication session in response to receiving the termination indication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication component resides between a server and a client, or on a server, and monitors one or more transactions communicated between the server and the client. When the authentication component detects a transaction that contains a termination indication, the authentication session is terminated, forcing the client to re-authenticate the next time a transaction with the server is desired. The termination indication may have been provided by an application running on the server, or alternatively, the termination indication may be provided by the authentication component.

134 Citations

51 Claims

1. A method for terminating an authentication session following a user'"'"'s indication that the user intends to terminate user'"'"'s interaction with an application independent of the application comprising:
- monitoring a request for a termination indication from a user in one or more transactions between a user and an application; and
  
  terminating an authentication session in response to receiving the termination indication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 41, 42, 43, 44, 45, 47, 48)
- - 2. The method of claim 1, wherein the termination indication includes a predefined URL.
  - 3. The method of claim 1, further including entering a session entry in an authentication session table when an authentication session begins.
  - 4. The method of claim 1, wherein the terminating includes deleting a session entry from an authentication session table.
  - 5. The method of claim 1, wherein the terminating includes marking a session entry in an authentication session table as expired.
  - 6. The method of claim 1, wherein the terminating includes denoting an encrypted token associated with the authentication session as invalid.
  - 7. The method of claim 1, wherein the terminating includes entering a session cookie associated with the authentication session into a table of disallowed cookies.
  - 8. The method of claim 1, wherein the terminating includes detecting a predetermined parameter appended to the request.
  - 9. The method of claim 1, further including entering a session entry, corresponding to a URL parameter, in an authentication session table when an authentication session begins.
  - 10. The method of claim 1, wherein the termination indication has a pre-existing function in the application.
  - 11. The method of claim 1, wherein the termination indication includes one or more preexisting logoff URLs provided by the application.
  - 12. The method of claim 1, wherein the terminating includes terminating the authentication session after communicating one or more transactions between the user and the application.
  - 13. The method of claim 1, wherein the terminating includes:
    - marking an authentication session as termination pending in a session table;
      
      communicating the transaction having the termination indication to the application;
      
      continuing to monitor the transactions until the application replies with a response to the termination indication; and
      
      terminating the authentication session.
  - 14. The method of claim 13, wherein only predetermined transactions are permitted during the terminating.
  - 15. The method of claim 13, wherein the terminating includes deleting an entry associated with the authentication session from the session table.
  - 16. The method of claim 13, wherein the terminating includes marking a session entry in an authentication session table as expired.
  - 17. The method of claim 13, wherein the terminating includes denoting an encrypted token associated with the authentication session as invalid.
  - 18. The method of claim 13, wherein the terminating includes entering a session cookie associated with the authentication session into a table of disallowed cookies.
  - 19. The method of claim 1, wherein the terminating includes terminating the authentication session after a predetermined period of time has passed after receiving the termination indication.
  - 20. The method of claim 19, wherein the terminating includes allowing only a predetermined set of transactions to be communicated between the user and the application during the predetermined period of time.
  - 21. The method of claim 19, wherein the terminating includes, after receiving the termination indication, terminating the authentication session upon the earlier of the expiration of the predetermined period of time or an invalid request is received from the user.
  - 22. The method of claim 1, wherein the terminating includes terminating the authentication session after the first request is received from the user that is not among a predefined set of allowed requests or is one of a predefined set of disallowed requests.
  - 23. The method of claim 1, further including:
    - after receiving the termination indication, denoting the authentication session as termination pending;
      
      allowing prior to terminating the authentication session one or more predefined transactions between the user and the application; and
      
      terminating the authentication session.
  - 24. The method of claim 1, wherein the terminating includes:
    - denoting the authentication session as termination pending; and
      
      allowing one or more pre-defined URL requests and responses to and from the user and the application.
  - 25. The method of claim 24, wherein the one or more pre-defined URL requests and responses include one or more requests and responses used for an application'"'"'s logoff sequence.
  - 26. The method of claim 1, further including presenting a logoff indication to the user in response to receiving the termination indication.
  - 27. The method of claim 1, further including:
    - presenting in response to receiving the termination indication a logoff page to the user that includes additional options for the user;
      
      intercepting one or more transactions from the user after presenting said logoff page; and
      
      responding to the one or more transactions before terminating the authentication session.
  - 28. The method of claim 26, further including discarding one or more application-generated responses to the user in response to receiving the termination indication.
  - 29. The method of claim 27, further including allowing only selected, pre-defined requests from the user to the application after the presenting and before terminating.
  - 30. The method of claim 1, further including disallowing a request from the user to the application after receiving the termination indication.
  - 31. The method of claim 1, further including:
    - monitoring one or more transactions from the application;
      
      adding a predefined data segment to the one or more transactions received from the application; and
      
      transmitting to the user the one or more transactions having the added predefined data segment to present to the user an option to send the termination indication.
  - 32. The method of claim 31, wherein the data segment includes a reference to an HTML log-off image that the user can select when the user intends to terminate the session.
  - 33. The method of claim 32, wherein the HTML log-off image is presented in an HTML frame that remains in the browser display area throughout the session.
  - 34. The method of claim 1, further including communicating the termination indication to the application after terminating an authentication session.
  - 35. The method of claim 1, further including:
    - intercepting and not transmitting to the application one or more subsequent requests from the user to the application after receiving the termination indication; and
      
      replying to one or more of the subsequent requests.
  - 36. The method of claim 1, further including:
    - intercepting and not transmitting to the user one or more subsequent transactions from the application to the user after receiving the termination indication; and
      
      sending one or more subsequent transactions to the application to emulate the user.
  - 37. The method of claim 1, further including:
    - intercepting one or more subsequent user requests after receiving the termination indication;
      
      sending, to emulate the user, one or more pre-defined subsequent requests to the application that are determined by but not necessarily identical to the one or more subsequent user requests; and
      
      replying to one or more of the one or more subsequent user requests.
  - 39. The system of claim 38, wherein the termination sequence includes deleting an entry associated with the session in the session entry table.
  - 40. The system of claim 38, wherein the authentication module is a proxy.
  - 41. The system of claim 38, wherein the authentication module is a filter.
  - 42. The system of claim 38, wherein the one or more entries include one or more cookies.
  - 43. The system of claim 38, wherein the one or more entries include one or more encrypted tokens.
  - 44. The system of claim 38, wherein the one or more entries include one or more URL parameters.
  - 45. The system of claim 38, wherein the termination indication includes a log-off URL.
  - 47. The method of claim 46, further including:
    - waiting for a predetermined period of time to pass before the deleting.
  - 48. The method of claim 46, wherein the deleting the session entry includes marking the session entry as invalid.

38. A system for terminating an authentication session, comprising:
- a session entry table having one or more entries of valid sessions, and an authentication component residing between a client and a server running an application, said authentication component monitoring transactions between the client and the server and in response to receiving a termination indication of a session initiating a termination sequence.

46. A method for terminating an authentication session, comprising:
- validating a client transaction to begin a session between a client and an application;
  
  entering a valid session entry in a session table;
  
  monitoring one or more transactions between the client and the application during the session;
  
  detecting a predefined termination indication in the one or more transactions;
  
  deleting the valid session entry in the session table.

49. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps of terminating an authentication session, comprising:
- validating a client transaction to begin a session between a client and an application;
  
  entering a valid session entry in a session table;
  
  monitoring one or more transactions between the client and the application during the session;
  
  detecting a predefined termination indication in the one or more transactions;
  
  deleting the valid session entry in the session table.

50. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps of terminating and authentication session, comprising:
- monitoring a request for a termination indication from a user in one or more transactions between a user and an application; and
  
  terminating an authentication session in response to receiving the termination indication.
- View Dependent Claims (51)
- - 51. The program storage device of claim 50, wherein the terminating includes:
    - marking an authentication session as termination pending in a session table;
      
      communicating the transaction having the termination indication to the application;
      
      continuing to monitor the transactions until the application replies with a response to the termination indication; and
      
      terminating the authentication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Whale Communications Ltd.
Inventors
Baron, Elad

Granted Patent

US 7,769,845 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/08 for authentication of entit...

Method and system for terminating an authentication session upon user sign-off

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

134 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for terminating an authentication session upon user sign-off

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links