SECURITY SESSION AUTHENTICATION SYSTEM AND METHOD

US 20050204148A1
Filed: 03/10/2004
Published: 09/15/2005
Est. Priority Date: 03/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating the sharing of data pertinent to a user system between a first domain and a second domain, wherein said second domain is in a session with said user system, the method comprising:

establishing a network session between said user system and said second domain, wherein said session is at least one of secure or non-secure, and wherein said second domain and said first domain are configured to interactively communicate with each other;

receiving a request from said user system to said second domain for a resource, wherein access to said resource includes authorization by said first domain;

determining the presence of at least one secure token in a cookie set by said second domain on said user system, wherein said secure token originates with said first domain and relates at least to an authorization of said user system to access said resource;

determining the validity of said secure token, if said secure token is present;

redirecting said request to said first domain, if said secure token is not present; and

if said secure token is present, and is valid, incorporating said secure token in a request to said first domain to keep the state of the session between said user system and said first domain as active.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Sharing of data between one domain and at least one other domain over a network is facilitated by the use of tokens. A user token set in a cookie stored on the user'"'"'s system at log-on to a first domain is used to create, or is associated with, a secure token passed by a first domain to a second domain when the user, in a session with the second domain, requests resources, access to which includes authorization by a first domain. The secure token facilitates various actions pertinent to a user in a session with said second domain, including, for example, the maintenance of an active, concurrent session between a user and a first domain, and authentication and authorization without log-on at a second domain or other domains.

159 Citations

25 Claims

1. A method for facilitating the sharing of data pertinent to a user system between a first domain and a second domain, wherein said second domain is in a session with said user system, the method comprising:
- establishing a network session between said user system and said second domain, wherein said session is at least one of secure or non-secure, and wherein said second domain and said first domain are configured to interactively communicate with each other;
  
  receiving a request from said user system to said second domain for a resource, wherein access to said resource includes authorization by said first domain;
  
  determining the presence of at least one secure token in a cookie set by said second domain on said user system, wherein said secure token originates with said first domain and relates at least to an authorization of said user system to access said resource;
  
  determining the validity of said secure token, if said secure token is present;
  
  redirecting said request to said first domain, if said secure token is not present; and
  
  if said secure token is present, and is valid, incorporating said secure token in a request to said first domain to keep the state of the session between said user system and said first domain as active.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said secure token is encrypted, and is clarified by at least one of said first domain and second domain prior to its use in said request to maintain the session between said user system and said first domain.
  - 3. The method of claim 1, wherein said secure token is obfuscated, and is clarified by at least one of said first domain and second domain prior to its use in said request to maintain the session between said user system and said first domain.
  - 4. The method of claim 1, further comprising determining an elapsed time since the prior use of said secure token in said request to maintain the session between said user system and said first domain, and if such elapsed time is greater than a pre-defined threshold, redirecting said user system to said first domain.
  - 5. The method of claim 1, further comprising using said secure token, if such secure token is present, and is valid, to fulfill said request made by said user system for said resource.
  - 6. The method of claim 1, further comprising determining whether said request made by said user system is for a secure or a non-secure resource, and if said request is for a non-secure resource, fulfilling said request.

7. A computer system for facilitating the sharing of data pertinent to a user system between a first domain and a second domain, wherein said second domain is in a session with said user system, comprising:
- a module configured to establish a network session between said user system and said second domain, wherein said session is at least one of secure or non-secure;
  
  a module configured to establish interactive communication between said first domain and said second domain;
  
  a module configured to receive a request made by said user system to said second domain for a resource, wherein access to said resource includes authorization by said first domain;
  
  a module configured to substantially determine the presence of at least one secure token in a cookie set by said second domain on said user system, wherein said secure token originates with said first domain and relates at least to an authorization of said user system to access said resource;
  
  a module configured to substantially determine the validity of said secure token, if said secure token is present;
  
  a module configured to redirect said request to said first domain, if said secure token is not present; and
  
  if said secure token is present, and is valid, a module configured to use said secure token in a request to said first domain to keep the state of the session between said user system and said first domain as active.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising a module to clarify said secure token, where said secure token is obfuscated, prior to its use in said request to said first domain to keep the state of the session between said user system and said first domain as active.
  - 9. The system of claim 7, further comprising a module to decrypt said secure token, where said secure token is encrypted, prior to its use in said request to said first domain to keep the state of the session between said user system and said first domain as active.
  - 10. The system of claim 7, further comprising a module configured to substantially determine an elapsed time since the prior use of said secure token in said request to said first domain to keep the state of the session between said user system and said first domain as active, and if such elapsed time is greater than a pre-defined threshold, to redirect said user system to said first domain.
  - 11. The system of claim 7, further comprising a module configured to use said secure token, if such secure token is present, and is valid, to fulfill said request for said resource.
  - 12. The system of claim 7, further comprising a module configured to substantially determine whether said request is for a secure or a non-secure resource, and if said request is for a non-secure resource, fulfilling said request.

13. A method for facilitating the sharing of data pertinent to a user system between a first domain and a second domain, wherein said second domain is in a session with said user system, the method comprising:
- establishing a network session between said user system and said second domain, wherein said session is at least one of secure or non-secure, and wherein said second domain and said first domain are configured to interactively communicate with each other;
  
  receiving, on redirect from said second domain, a request made by said user system to said second domain for a resource, wherein access to said resource includes authorization by said first domain;
  
  determining the presence of at least one user token in a cookie set by said first domain on said user system, wherein said user token originates with said first domain and relates at least to a log-on of said user system to said first domain;
  
  determining the validity of said user token, if said user token is present;
  
  if said user token is at least one of not present and not valid, said user system logging-on, and, upon valid log-on, setting a user token in a cookie on said user system, which user token relates at least to said log-on; and
  
  if said user token is present, and said user token is valid, including a secure token in said first domain response to said redirect from said second domain, wherein said secure token relates to the authorization of said user system to request said resource.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein said secure token included in said first domain'"'"'s response to said redirect from said second domain is obfuscated.
  - 15. The method of claim 13, wherein said secure token included in said first domain'"'"'s response to said redirect from said second domain is encrypted.
  - 16. The method of claim 13, further comprising:
    - receiving a request from said second domain, wherein said request is to keep the state of the session between said user system and said first domain as active;
      
      determining whether said request made by said second domain contains said secure token; and
      
      if said secure token is present, and is valid, setting the state of the session between said first domain and said user system as active.
  - 17. The method of claim 13, further comprising determining whether said request made by said user system is for a secure or a non-secure resource, and if said request is for a non-secure resource, including a secure token in said first domain'"'"'s response to said redirect from said second domain authorizing fulfilling said request whether or not said user token is present.

18. A computer system for facilitating the sharing of data pertinent to a user system between a first domain and a second domain, wherein said second domain is in a session with said user system, comprising:
- a module configured to establish a network session between said user system and said first domain, wherein said session is at least one of secure and non-secure;
  
  a module configured to facilitate interactive communication between said first domain and said second domain;
  
  a module configured to receive, on redirect from said second domain, a request made by said user system to said second domain for a resource, wherein access to said resource includes authorization by said first domain;
  
  a module configured to substantially determine the presence of at least one user token in a cookie set by said first domain on said user system, wherein said user token originates with said first domain and relates at least to a log-on of said user system to said first domain;
  
  a module configured to substantially determine the validity of said user token, if said user token is present;
  
  if said user token is at least one of not present and not valid, said user system logging-on, and, upon valid log-on, setting a user token in a cookie on said user system, which token relates at least to said log-on; and
  
  if said user token is present, and is valid, a module configured to include a secure token in said first domain'"'"'s response to said redirect from said second domain, wherein said secure token relates to the authorization of said user system to request said resource.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, further comprising a module to obfuscate said secure token prior to inclusion in said first domain'"'"'s response to said redirect from said second domain.
  - 20. The system of claim 18, further comprising a module to encrypt said secure token prior to inclusion in said first domain'"'"'s response to said redirect from said second domain.
  - 21. The system of claim 18, further comprising:
    - a module to receive a request from said second domain, wherein said request is to keep the state of the session between said first domain and said user system as active;
      
      a module to substantially determine whether said request contains said secure token; and
      
      if said secure token is present in said request, and said token is valid, setting the state of said session between said first domain and said user system as active.

22. A secure token comprising computer readable program code relating at least to the authorization of a user system in a session with a second domain, which session is one of secure or non-secure, to access a resource, wherein access to said resource includes authorization by a first domain, and wherein said computer readable program code derives from a secure token included by said first domain in a response to a redirect by said second domain of a request for said resource, which secure token is included in a cookie set by the second domain on the user system, and wherein said secure token is associated with a user token in a cookie set by said first domain on said user system at log-on to said first domain.
- View Dependent Claims (23, 24)
- - 23. The secure token of claim 22, wherein said secure token is obfuscated by said first domain prior to inclusion in said first domain'"'"'s response to said redirect from said second domain.
  - 24. The secure token of claim 22, wherein said secure token is encrypted by said first domain prior to inclusion in said first domain'"'"'s response to said redirect from said second domain.

25. A method for facilitating the sharing of data pertinent to a user system between a first domain and a second domain, wherein said second domain is in a session with said user system, the method comprising:
- establishing a network session between said user system and said second domain, wherein said session is at least one of secure or non-secure, and wherein said second domain and said first domain are configured to interactively communicate with each other;
  
  receiving a request from said user system to said second domain for a resource, wherein access to said resource includes authorization by said first domain;
  
  requesting, by said second domain, authentication of said user session at said first domain;
  
  determining the validity of said authentication, if said authentication is present;
  
  redirecting said request to said first domain, if said authentication is not valid; and
  
  if said authentication is valid, maintaining the state of the session between said user system and said first domain as active.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Neemann, Trey, Pearson, Harry, Mayo, Mary Ann, Sekhar, Chandra Nallakukkala, Toraason, Dan

Granted Patent

US 7,356,694 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/0846 using time-dependent-passwo...

SECURITY SESSION AUTHENTICATION SYSTEM AND METHOD

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY SESSION AUTHENTICATION SYSTEM AND METHOD

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links