Method for restricting access to a web site by remote users

US 20030208562A1
Filed: 05/06/2002
Published: 11/06/2003
Est. Priority Date: 05/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:

a. installing a client-side software program on the client machine for generating a client machine-specific identifier, the client machine-specific identifier being unique to the particular machine upon which such client-side software program is initially installed;

b. operating the client-side software program on the client machine to generate the client machine-specific identifier;

c. generating a unique password remote from the client machine, and providing the unique password to a user of the client machine, the unique password being derived from the client machine-specific identifier generated in step b., and uniquely corresponding thereto;

d. issuing a request by the client machine to the server computer for access to data maintained on the server computer;

e. responding to the request for access of step d. by having the client machine re-generate its machine-specific identifier;

f. verifying whether the client machine-specific identifier re-generated in step e. uniquely corresponds with the unique password generated in step c.; and

g. recognizing the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is true, and refusing to recognize the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is false.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of restricting access to data maintained on a server computer by one or more authorized, networked client machines includes the step of installing a client-side software program on the client machine for generating a client machine-specific identifier determined by particular characteristics of the client machine. The machine-specific identifier is used by the server administrator to generate a unique password, which the user enters into the client-side software program. Server-side software is embedded on protected Web pages of the server computer that hosts the protected Web site. When a user desires access to protected content, the client-side software is prompted to re-generate its machine-specific identifier and valid client password list for comparison with the password previously entered by the user. Access is granted if they correspond, and denied if they do not. If the client machine is recognized as being authorized to access data on the protected Web site during a first access request, then the current session identifier is saved in a temporary storage table remote from the client machine for indicating current working sessions of authorized client machines. The client machine returns such session identifier with each additional request for access, and the temporary storage table is consulted to search for such session identifier before granting access.

112 Citations

16 Claims

1. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
- a. installing a client-side software program on the client machine for generating a client machine-specific identifier, the client machine-specific identifier being unique to the particular machine upon which such client-side software program is initially installed;
  
  b. operating the client-side software program on the client machine to generate the client machine-specific identifier;
  
  c. generating a unique password remote from the client machine, and providing the unique password to a user of the client machine, the unique password being derived from the client machine-specific identifier generated in step b., and uniquely corresponding thereto;
  
  d. issuing a request by the client machine to the server computer for access to data maintained on the server computer;
  
  e. responding to the request for access of step d. by having the client machine re-generate its machine-specific identifier;
  
  f. verifying whether the client machine-specific identifier re-generated in step e. uniquely corresponds with the unique password generated in step c.; and
  
  g. recognizing the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is true, and refusing to recognize the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is false.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method recited by claim 1 wherein the verification step f. of claim 1 is performed by the client machine.
  - 3. The method recited by claim 1 wherein the verification step f. of claim 1 is performed by a server computer remote from the client machine.
  - 4. The method recited by claim 3 wherein the verification step f of claim 1 is performed by the server computer that maintains the data which the client machine is trying to access.
  - 5. The method recited by claim 1 including the step of installing a server-side software program on a server computer, remote from the client machine, for generating the unique password generated in step c. of claim 1.
  - 6. The method recited by claim 5 wherein the server-side software program is installed on the server computer that maintains the data which the client machine is trying to access.
  - 7. The method recited by claim 1 wherein the step of generating a unique password remote from the client machine is performed by a computer other than the client machine.
  - 8. The method recited by claim 1 wherein the step of installing the client-side software program on the client machine includes the step of downloading the client-side software program from the server computer.
  - 9. The method recited by claim 1 wherein the step of generating a unique password remote from the client machine includes the step of transmitting the client machine-specific identifier generated in step b. to a password-generating computer other than the client machine, and generating the unique password at the password-generating computer.
  - 10. The method recited by claim 9 wherein the password-generating computer is the server computer that maintains the data which the client machine is trying to access.
  - 11. The method recited by claim 9 wherein the password-generating computer operates a software program to perform an algorithm for generating the unique password based upon the client machine-specific identifier generated in step a.
  - 12. The method recited by claim 1 further including the steps of:
    - h. obtaining a session identifier and a site identifier from the client machine each time the client machine requests access to restricted data area of the server computer, the session identifier indicating a particular working session by the client machine, and the site identifier indicating a particular data area of the server computer which the client machine is authorized to access;
      
      i. storing the session identifier and site identifier in a temporary storage table remote from the client machine upon a first request by the client machine for access to a restricted data area of the server computer;
      
      j. comparing the session identifier obtained from the client machine upon subsequent requests for access to the restricted data area of the server following the first request; and
      
      k. allowing the client machine continued access to the restricted data area of the server computer if the session identifier obtained from the client machine upon a subsequent request corresponds to a session identifier already stored in the temporary storage table.
  - 13. The method recited by claim 1 wherein each client machine is only authorized to access particular data areas of the server computer, and wherein the client-side software program installed on the client machine determines which areas of the server computer can be accessed by a particular client machine.

14. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
- a. creating a session identifier in a computer remote from the client machine for a current browsing session of the client machine;
  
  b. transmitting to the client machine the session identifier created in step a);
  
  c. storing the session identifier transmitted in step b) within the client machine;
  
  d. verifying that the client machine is authorized to access data maintained on the server computer;
  
  e. obtaining the session identifier stored in step c), and storing such session identifier within a storage table remote from the client machine if such client machine was verified in step d);
  
  f. transmitting a request by the client machine for access to data maintained on the server computer, such request including the session identifier stored in step c);
  
  g. comparing the session identifier transmitted in step f) with the session identifier stored in the storage table during step e) to determine whether the request for access transmitted in step f) is authorized; and
  
  h. permitting access by the client machine to the requested data maintained on the server computer if the comparison made in step g) shows that the request for access is authorized, and denying access by the client machine to the requested data maintained on the server computer if the comparison made in step g) shows that the request for access is not authorized.
- View Dependent Claims (15, 16)
- - 15. The method recited by claim 14 wherein the session identifier stored on the client machine in step c) is stored as a temporary file on the client machine.
  - 16. The method recited by claim 15 wherein the temporary file which stores the session identifier on the client machine is a “
    - cookie”
      
      .

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Browserkey Incorporated
Original Assignee
Browserkey Incorporated
Inventors
Burval, Brent J., Hauck, Leon E.

Granted Patent

US 7,249,262 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/219
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/142   Managing session states for...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

Method for restricting access to a web site by remote users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Method for restricting access to a web site by remote users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others