Method for restricting access to a web site by remote users
First Claim
1. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
- a. installing a client-side software program on the client machine for generating a client machine-specific identifier, the client machine-specific identifier being unique to the particular machine upon which such client-side software program is initially installed;
b. operating the client-side software program on the client machine to generate the client machine-specific identifier;
c. generating a unique password remote from the client machine, and providing the unique password to a user of the client machine, the unique password being derived from the client machine-specific identifier generated in step b., and uniquely corresponding thereto;
d. issuing a request by the client machine to the server computer for access to data maintained on the server computer;
e. responding to the request for access of step d. by having the client machine re-generate its machine-specific identifier;
f. verifying whether the client machine-specific identifier re-generated in step e. uniquely corresponds with the unique password generated in step c.; and
g. recognizing the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is true, and refusing to recognize the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is false.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of restricting access to data maintained on a server computer by one or more authorized, networked client machines includes the step of installing a client-side software program on the client machine for generating a client machine-specific identifier determined by particular characteristics of the client machine. The machine-specific identifier is used by the server administrator to generate a unique password, which the user enters into the client-side software program. Server-side software is embedded on protected Web pages of the server computer that hosts the protected Web site. When a user desires access to protected content, the client-side software is prompted to re-generate its machine-specific identifier and valid client password list for comparison with the password previously entered by the user. Access is granted if they correspond, and denied if they do not. If the client machine is recognized as being authorized to access data on the protected Web site during a first access request, then the current session identifier is saved in a temporary storage table remote from the client machine for indicating current working sessions of authorized client machines. The client machine returns such session identifier with each additional request for access, and the temporary storage table is consulted to search for such session identifier before granting access.
112 Citations
16 Claims
-
1. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
-
a. installing a client-side software program on the client machine for generating a client machine-specific identifier, the client machine-specific identifier being unique to the particular machine upon which such client-side software program is initially installed;
b. operating the client-side software program on the client machine to generate the client machine-specific identifier;
c. generating a unique password remote from the client machine, and providing the unique password to a user of the client machine, the unique password being derived from the client machine-specific identifier generated in step b., and uniquely corresponding thereto;
d. issuing a request by the client machine to the server computer for access to data maintained on the server computer;
e. responding to the request for access of step d. by having the client machine re-generate its machine-specific identifier;
f. verifying whether the client machine-specific identifier re-generated in step e. uniquely corresponds with the unique password generated in step c.; and
g. recognizing the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is true, and refusing to recognize the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is false. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
-
a. creating a session identifier in a computer remote from the client machine for a current browsing session of the client machine;
b. transmitting to the client machine the session identifier created in step a);
c. storing the session identifier transmitted in step b) within the client machine;
d. verifying that the client machine is authorized to access data maintained on the server computer;
e. obtaining the session identifier stored in step c), and storing such session identifier within a storage table remote from the client machine if such client machine was verified in step d);
f. transmitting a request by the client machine for access to data maintained on the server computer, such request including the session identifier stored in step c);
g. comparing the session identifier transmitted in step f) with the session identifier stored in the storage table during step e) to determine whether the request for access transmitted in step f) is authorized; and
h. permitting access by the client machine to the requested data maintained on the server computer if the comparison made in step g) shows that the request for access is authorized, and denying access by the client machine to the requested data maintained on the server computer if the comparison made in step g) shows that the request for access is not authorized. - View Dependent Claims (15, 16)
-
Specification