System and method for authenticating clients in a client-server environment
First Claim
1. Method for authenticating clients in a client-server environment, wherein said client-server environment uses a communication protocol that allows extensions of the header request without violating said communication protocol, wherein said client comprises the steps of:
- generating a header request(10), inserting client authentication information into said header request resulting in an extended header request (20) independently of the authentication process used by said server and without server requesting authentication information, sending said extended header request to a server (30), and receiving information from said server if authentication has been successful (35,60).
1 Assignment
0 Petitions
Accused Products
Abstract
The idea of the present invention is to replace the existing password/user ID based authentication process by a new digital signature authentication process in which preferably the first HTTP-request header is extended by the client authentication information independently of the authentication process used by the destination server and without server requesting authentication information. The authentication information preferably includes the client certificate containing the client public key, signed by certification authority, and preferably a hash value calculated over the HTTP-request header data being sent in the request, and encrypted with the Client'"'"'s private key. The certificate and digital signature may be added during the creation of the HTTP-request header in the client system itself, or may be added later in a server acting as a gateway, proxy, or tunnel. A destination server that does not support the new digital signature authentication process will simply ignore the certificate and digital signature in the HTTP-request header and will automatically initiate its own authentication process. The present invention simplifies the existing digital signature authentication process and concurrently allows the coexistence of different authentication processes without changing the HTTP-protocol or causing unnecessary network traffic.
177 Citations
20 Claims
-
1. Method for authenticating clients in a client-server environment, wherein said client-server environment uses a communication protocol that allows extensions of the header request without violating said communication protocol, wherein said client comprises the steps of:
-
generating a header request(10), inserting client authentication information into said header request resulting in an extended header request (20) independently of the authentication process used by said server and without server requesting authentication information, sending said extended header request to a server (30), and receiving information from said server if authentication has been successful (35,60). - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. Method for authenticating clients (1a, 1b) in a client-server environment, wherein said client-server environment uses a communication protocol that allows extensions of the header request without violating said communication protocol, wherein a system (22) establishes communication between said client (1a, 1b) and said server (3), wherein said system(22) comprises the steps of:
-
receiving a header request from said client (1a, 1b), inserting authentication information into said header request resulting in an extended header request(20) independently of the authentication process used by said server and without server requesting authentication information, sending said extended header request to a server (3), and receiving information from said server (3), if the authentication has been successful. - View Dependent Claims (9, 10, 11)
-
-
12. Method for authenticating clients in a client-server environment, wherein said client-server environment uses a communication protocol that allows extensions of the header request without violating said communication protocol, wherein at said server side said method comprises the steps of:
-
receiving a client header request containing authentication information, validating said authentication information contained in said header request by said server authentication component, and providing information to said client, if the authentication has been successful. - View Dependent Claims (13, 14)
-
-
15. Server System (3) for authenticating clients (1) in a client-service environment, wherein said client-server environment uses a communication protocol that allows extensions of the header request without violating said communication protocol, wherein said client (1) provides authentication information in the header request to said server system, wherein said server system (3) comprising:
an authentication component (4) with the functionality to read said authentication information contained in the incoming client header request, and to validate said authentication information without having requested said authentication information from said client.
-
16. Client System (1) to be authenticated by a server system in client-server environment, wherein said client-server environment uses a communication protocol that allows extensions of the header request without violating said communication protocol, wherein said client system comprising:
-
a browser (2), and a component for inserting client authentication information into said header request independently of the authentication process used by said server and without server requesting authentication information. - View Dependent Claims (17, 18)
-
-
19. Proxy Server system (22) for providing client authentication information to a server system (3), wherein said proxy server system (22) has a communication connection with a client system (1a, 1b) and a server system (3), wherein said communication protocol used between said systems allows extensions of the header request of said header request without violating said communication protocol, wherein said proxy server system (22) comprising:
-
a proxy insertion component (20) for inserting the client certificate and digital signature into the header request received from said client independently of the authentication process used by said server and without server requesting authentication information, and a signature component (24) for creating a digital signature and for providing it together with said client certificate to said proxy insertion component (20).
-
Specification