Device independent authentication system and method

US 20040078604A1
Filed: 12/09/2002
Published: 04/22/2004
Est. Priority Date: 10/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating authentication between a communication device and a host web server over a communication network, comprising the steps of:

receiving an HTTP request file from a communication device;

analyzing said file for the presence of a security token; and

issuing a security token if no security token is present by transmitting said security token to said communication device within an HTML tag.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client'"'"'s communication device is issued a security token using standard HTML-INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.

Citations

10 Claims

1. A method for facilitating authentication between a communication device and a host web server over a communication network, comprising the steps of:
- receiving an HTTP request file from a communication device;
  
  analyzing said file for the presence of a security token; and
  
  issuing a security token if no security token is present by transmitting said security token to said communication device within an HTML tag.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising the step of determining if each additional HTTP request file received from said client includes said security token before responding to said request.
  - 3. The method of claim 2, wherein said communication device is at least one of a wireless device and a PC-based device.
  - 4. The method of claim 2, wherein the step of receiving an HTTP request file from a communication device further includes the step of receiving URL information, wherein such information facilitates identification of the type of communication device issuing the HTTP request.
  - 5. The method of claim 2, wherein the step of receiving an HTTP request file from a communication device further includes the step of receiving device-specific browser information, wherein such information facilitates identification of the type of communication device issuing the HTTP request.
  - 6. The method of claim 2, wherein the step of receiving an HTTP request file from a communication device further includes the step of receiving client agent data, wherein such data is compared to a list of authorized client agents on an associated database to selectively grant or deny access to a web site.
  - 7. The method of claim 2, wherein the step of analyzing said file for the presence of a security token further includes the steps of:
    - issuing a login page to said communication device in the event no security token is located, wherein said login page requests input of at least one of a user name or password information;
      
      receiving and analyzing said login information from said communication device; and
      
      issuing a security token to said communication device upon validation of said login information.
  - 8. The method of claim 1, wherein said security token thereafter enables used for at least one of facilitating a secure session with a web server or tracking a particular web session within the web site.

9. A method for facilitating authentication between a communication device and a host web server over a communication network, comprising the steps of:
- transmitting an HTTP request file to a host web server from a communication device;
  
  receiving from said host web server a login page;
  
  transmitting from said communication device login information comprising at least one of a user name or password; and
  
  receiving from said host server a security token, wherein said security token is contained within an HTML tag.

10. A system for facilitating authentication processes with a communication devices, comprising:
- a host web server including a database with client identification data;
  
  a wireless device with a memory configured to temporarily accept and store HTML tags; and
  
  wherein, said host web server serves an HTML tag to said wireless device to facilitate authentication processes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Rice, Mike, Keshav, Sineesh

Granted Patent

US 7,222,363 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/168   above the transport layer

Device independent authentication system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Device independent authentication system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links