Methods, systems, and media to authenticate a user

US 20050015601A1
Filed: 07/17/2003
Published: 01/20/2005
Est. Priority Date: 07/17/2003
Status: Active Grant

First Claim

Patent Images

1. A method for logging a successful authentication of a user, the method comprising:

generating a session identification in response to the authentication to identify a login session for the user;

storing the session identification in a memory location, the memory location being configured to retain the session identification independent of de-allocations of memory for individual applications, to authenticate the user for at least one of the independent applications;

transmitting the session identification to the user; and

authenticating the user for the at least one of the independent applications in response to receipt of the session identification upon verifying that the session identification is stored in the memory location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and media to authenticate a user for interaction with applications on a server are disclosed. Embodiments include hardware in and/or software on a server adapted to generate a unique, session identification like a random number to identify a user'"'"'s login session. The identification is stored in memory that will not be de-allocated upon termination of applications on the server and is transmitted via, e.g., a cookie to the user'"'"'s browser, or the like. Subsequent user accesses can be verified by comparing the session identification from the web browser with the corresponding entry in the memory. Once the user'"'"'s identification is verified, the user is authorized to access to applications associated with the user'"'"'s login session, providing independence from the architecture of the applications executed by the server. Further embodiments include additional session information with the identification in the memory. Some embodiments monitor login sessions for expiration.

251 Citations

22 Claims

1. A method for logging a successful authentication of a user, the method comprising:
- generating a session identification in response to the authentication to identify a login session for the user;
  
  storing the session identification in a memory location, the memory location being configured to retain the session identification independent of de-allocations of memory for individual applications, to authenticate the user for at least one of the independent applications;
  
  transmitting the session identification to the user; and
  
  authenticating the user for the at least one of the independent applications in response to receipt of the session identification upon verifying that the session identification is stored in the memory location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising storing additional session information with the session identification to associate the additional session information with the login session.
  - 3. The method of claim 1, further comprising:
    - associating a time indication with the session identification and removing the session identification from the memory location after a period of inactivity by the user.
  - 4. The method of claim 1, further comprising locking the memory location while accessing an entry for the session identification in the memory location.
  - 5. The method of claim 1, wherein generating a session identification comprises generating a random number, the random number uniquely identifying the user'"'"'s login session.
  - 6. The method of claim 1, wherein storing the session identification comprises storing the session identification in a shared memory buffer.
  - 7. The method of claim 1, wherein transmitting the session identification comprises generating a cookie and transmitting the cookie to a web browser utilized by the user.
  - 8. The method of claim 1, wherein authenticating the user comprises receiving the session identification from the user and comparing the session identification with session identifications previously stored in the memory location.

9. An apparatus for logging a successful authentication of a user for a server, the apparatus comprising:
- a memory location to retain a session identification independent of de-allocation of memory for individual applications executed on the server;
  
  a session creator coupled with the memory location to generate the session identification in response to the authentication to identify a login session of the user, store the session identification in the memory location, and transmit the session identification to the user; and
  
  a session authenticator coupled with the memory location to authenticate the user for an application of the individual applications executed on the server in response to receipt of the session identification upon verifying that the session identification is stored in the memory location.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, further comprising an arbitrator to prevent simultaneous access to the memory location by more than one of the individual applications executed on the server.
  - 11. The apparatus of claim 9, wherein the memory location comprises at least a portion of a shared memory buffer.
  - 12. The apparatus of claim 9, wherein the session creator comprises a session identification generator to generate a unique, random number to associate with the user and the login session.
  - 13. The apparatus of claim 9, wherein the session creator comprises a bundle generator to bundle the session identification with additional session information, associating the additional session information with the login session.
  - 14. The apparatus of claim 13, wherein the bundle generator comprises a time stamper to associate a time indication with the session identification and the session authenticator comprises a time monitor coupled with the memory location to remove the session identification from the memory location after a period of inactivity by the user.
  - 15. The apparatus of claim 9, wherein the session creator comprises a bundle transmitter to transmit a bundle having the session identification to a web browser, wherein the web browser is utilized by the user to communicate with the server.
  - 16. The apparatus of claim 9, wherein the session authenticator comprises an identification comparator to compare the session identification received from the user with session identifications previously stored in the memory location.

17. A machine-accessible medium containing instructions, which when executed by a machine, cause said machine to perform operations, comprising:
- generating a session identification in response to a user authentication via a login application to identify a login session for a user;
  
  storing the session identification in a memory location, the allocation for the memory location being independent of allocations of memory to individual applications, to authenticate the user for at least one of the individual applications;
  
  transmitting the session identification to the user; and
  
  authenticating the user for the at least one of the individual applications in response to receipt of the session identification upon verifying that the session identification is stored in the memory location.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The machine-accessible medium of claim 17, wherein the operations further comprise arbitrating access to the memory location to prevent simultaneous access by more than one of the individual applications to an entry comprising the session identifier.
  - 19. The machine-accessible medium of claim 17, wherein the operations further comprise associating a time indication with the session identification to facilitate removal of the session identification from the memory location upon expiration of the login session.
  - 20. The machine-accessible medium of claim 17, wherein the operations further comprise locking the memory location while accessing the memory location.
  - 21. The machine-accessible medium of claim 17, wherein generating a session identification comprises generating a unique, random number to associate with the user and the login session.
  - 22. The machine-accessible medium of claim 17, wherein authenticating the user comprises receiving the session identification from the user and comparing the session identification with session identifications in the memory location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Tabi, Timur

Granted Patent

US 7,546,630 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/6227   where protection concerns t...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

Methods, systems, and media to authenticate a user

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

251 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems, and media to authenticate a user

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

251 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links