Maintaining authentication states for resources accessed in a stateless environment

US 20030212887A1
Filed: 05/09/2002
Published: 11/13/2003
Est. Priority Date: 05/09/2002
Status: Active Grant

First Claim

Patent Images

1. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the computer system, a method for validating authentication information that is associated with a request to access a resource so as to determine the state of the resource, the method comprising the following:

a specific act of receiving a request to access a resource that requires authentication information; and

a specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A providing computer system may receive a request, via a stateless protocol, to access a resource. An access control application may refer to administrative rules to set validation information associated with the request. Validation information may be in the form of electronic text that is stored in a location such as a cookie or state-table. Validation information may indicate the state of a session associated with a resource, such as whether a session is in a logged-in or logged-out state. When a request is received, validation information and authentication information may be utilized together to determine if access to a resource should be granted. When access to a resource is granted or denied, validation information may be updated to indicate that the state of the session has changed.

Citations

41 Claims

1. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the computer system, a method for validating authentication information that is associated with a request to access a resource so as to determine the state of the resource, the method comprising the following:
- a specific act of receiving a request to access a resource that requires authentication information; and
  
  a specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as recited in claim 1, wherein the specific act of receiving a request to access a resource that requires authentication information comprises the following:
    - a specific act of receiving a request, via a stateless protocol, to access a resource that requires authentication information.
  - 3. The method as recited in claim 2, wherein the specific act of receiving a request, via a stateless protocol, to access a resource that requires authentication information comprises the following:
    - a specific act of receiving an HTTP request to access a resource that requires authentication information.
  - 4. The method as recited in claim 1, wherein the specific act of receiving a request to access a resource that requires authentication information comprises the following:
    - a specific act of receiving a request that includes a WWW-Authenticate header.
  - 5. The method as recited in claim 1, wherein the specific act of receiving a request to access a resource that requires authentication information comprises the following:
    - a specific act of receiving a request that includes authentication information that was retrieved from a storage location.
  - 6. The method as recited in claim 1, wherein the specific act of receiving a request to access a resource that requires authentication information comprises the following:
    - a specific act of receiving a request that includes authentication information that was manually entered in response to a form being presented to a user.
  - 7. The method as recited in claim 1, wherein the specific act of receiving a request to access a resource that requires authentication information comprises the following:
    - a specific act of receiving a request to access a Web page that requires authentication information to access.
  - 8. The method as recited in claim 1, wherein the specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of adding validation information contained in a cookie that is subsequently used along with the authentication information.
  - 9. The method as recited in claim 1, wherein the specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of adding validation information contained in a state-table that is subsequently used along with the authentication information.
  - 10. The method as recited in claim 1, wherein the specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of adding validation information indicative of the validation state of the resource that is subsequently used along with the authentication information.
  - 11. The method as recited in claim 1, wherein the specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of adding validation information, which was caused to be set by the execution of an express log-out command, that is subsequently used along with the authentication information.
  - 12. The method as recited in claim 1, wherein the specific act of adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of adding validation information, which is indicative of access to the resource being expired, and is subsequently used along with the authentication information.

13. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources, a method for validating authentication information included in a request to access a resource, wherein the request was received via a stateless protocol, so as to determine if a resource is in an accessible state, the method comprising the following:
- a specific act of receiving an initial request to access the resource;
  
  a specific act of referring to administrative rules to set validation information associated with the resource;
  
  a specific act of receiving a second request to access the resource, the second request including the validation information; and
  
  a specific act of using the validation information along with authentication information to determine whether access to the resource should be granted.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 14. The method as recited in claim 13, wherein the specific act of receiving an initial request to access the resource comprises the following:
    - a specific act of receiving a request to access a resource that is in a validation state.
  - 15. The method as recited in claim 13, wherein the specific act of receiving an initial request to access the resource comprises the following:
    - a specific act of receiving a request that includes authentication information that was cached to a memory location by a browser.
  - 16. The method as recited in claim 13, wherein the specific act of referring to administrative rules to set validation information associated with the resource comprises the following:
    - a specific act of rejecting the initial request and returning an unauthorized message.
  - 17. The method as recited in claim 13, wherein the specific act of referring to administrative rules to set validation information associated with the resource comprises the following:
    - a specific act of referring to administrative rules to set validation information indicative of a validation state.
  - 18. The method as recited in claim 13, wherein the specific act of referring to administrative rules to set validation information associated with the resource comprises the following:
    - a specific act of referring to administrative rules to set a cookie with validation information.
  - 19. The method as recited in claim 13, wherein the specific act of referring to administrative rules to set validation information associated with the resource comprises the following:
    - a specific act of referring to administrative rules to set a state-table with validation information.
  - 20. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource that includes authentication information that was manually entered.
  - 21. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource that is associated with validation information contained in a cookie.
  - 22. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource that is associated with validation information contained in a state-table.
  - 23. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a validation begin state.
  - 24. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a validation end state.
  - 25. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a valid state.
  - 26. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a logged-in state.
  - 27. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a logged-out state.
  - 28. The method as recited in claim 13, wherein the specific act of receiving a second request to access the resource, the second request including the validation information comprises the following:
    - a specific act of receiving a second request to access the resource, the second request including the validation information indicating access to the resource has expired.
  - 29. The method as recited in claim 13, wherein the specific act of using the validation information along with authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of using validation information contained in a cookie along with authentication information to determine whether access to the resource should be granted.
  - 30. The method as recited in claim 13, wherein the specific act of using the validation information along with authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of using validation information contained in a state-table along with authentication information to determine whether access to the resource should be granted.
  - 31. The method as recited in claim 13, wherein the specific act of using the validation information along with authentication information to determine whether access to the resource should be granted comprises the following:
    - a specific act of using validation information along with authentication information that was manually entered to determine whether access to the resource should be granted.
  - 32. The method as recited in claim 13, wherein requests to access the resource are received via a stateless protocol.
  - 33. The method as recited in claim 32, wherein requests to access the resource are received via HTTP.
  - 34. The method as recited in claim 13, further comprising:
    - a specific act of receiving a third request to access the resource that is associated with validation information indicative of a session associated with the resource being in a validation state that allows access to be granted to the resource.

35. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources, a method for validating authentication information that is associated with a request to access a resource, and which was received via a stateless protocol, so as to determine if a resource is in an accessible state, the method comprising the following:
- a specific act of receiving an initial request to access the resource;
  
  a step for associating validation information with the resource in a subsequent request to access the resource so as to indicate the authentication information associated with the resource was manually reentered; and
  
  a specific act of using the validation information along with the authentication information to determine whether access to the resource should be granted.

36. A computer program product for us in a providing computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the providing computer system, the computer program product for implementing a method for validating authentication information received in a request to access a resource so as to determine the state of the resource, the computer program product comprising the following:
- one or more computer-readable media carrying computer-executable instructions, that when executed at the computer system, cause the computer system to perform the method, including;
  
  receiving a request to access a resource that requires authentication information; and
  
  adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted.
- View Dependent Claims (37)
- - 37. The computer program product as recited claim 36, wherein the one or more computer-readable media include physical storage media.

38. A computer program product for use in a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources, the computer program product for implementing a method for validating authentication information included in a request to access a resource, wherein the request was received via a stateless protocol, the computer program product comprising the following:
- one or more computer-readable media carrying computer-executable instructions, that when executed at the computer system, cause the computer system to perform the method, including;
  
  receiving an initial request to access the resource;
  
  referring to administrative rules to set validation information associated with the resource;
  
  receiving a second request to access the resource, the second request including the validation information; and
  
  using the validation information along with authentication information to determine whether access to the resource should be granted.
- View Dependent Claims (39)
- - 39. The computer program product as recited claim 38, wherein the one or more computer-readable media include physical storage media.

40. A network system for validating authentication information associated with a request to access a resource, comprising:
- a requesting computer system that includes a browser and is configured to transfer validation cookies, which include validation information used to validate authentication information contained in requests access to a resource, when the requesting computer systems requests access to the resource; and
  
  a providing computer system that is network connectable to the requesting computer system and includes an application for validating authentication associated with a request to access the resource, wherein the providing computer system is configured to maintain log-in and log-out states for the resource.

41. In a computer system that is network connectable to a network and that may receive requests to access resources, a method for determining if access to a resource should be granted, the method comprising the following:
- a specific act of receiving a request, via a stateless protocol, to access the resource;
  
  a specific act of determining if the request is associated with authentication information appropriate for accessing the resource;
  
  a specific act of determining if state information indicates that a session is in an appropriate state for accessing the resource; and
  
  a specific act of grating access to the resource if the authentication information and the state are appropriate for accessing the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kramer, Michael, Mazur, Leszek, Kueh, Anthony Y., Walther, Dan E.

Granted Patent

US 7,421,730 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/08 for authentication of entit...

Maintaining authentication states for resources accessed in a stateless environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining authentication states for resources accessed in a stateless environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links