Method for Securely Associating Data with Http and Https Sessions

US 20080307517A1
Filed: 11/24/2006
Published: 12/11/2008
Est. Priority Date: 11/24/2005
Status: Active Grant

First Claim

Patent Images

1. A method for establishing an authenticated communication session between a client and a server over a communications network, the client identified by a credential which is unavailable to the client, the method comprising:

transmitting a service request to the server at a first location;

receiving a token and a redirection to a second location from the server; and

appending said token to said service request and retransmitting said service request together with said token to the server at said second server location via an intermediate node, wherein said intermediate node appends the credential to said retransmitted service request and transmits said service request, said token and said credential to the server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system, method and product comprising a server, a mobile device comprising a client interconnected with the server via a data network, the client identified by a credential which is unavailable to the client and an intermediate node interconnected to the client and the server via the data network wherein the credential is available to the intermediate node. Upon reception of a service request from the client at a first server address the server redirects the client to transmit the service request to a second server address via the intermediate node together with a token, wherein the intermediate node appends a credential identifying the client to the redirected service request and the token and relays the redirected service request, the token and the credential to the second server address.

Citations

85 Claims

1. A method for establishing an authenticated communication session between a client and a server over a communications network, the client identified by a credential which is unavailable to the client, the method comprising:
- transmitting a service request to the server at a first location;
  
  receiving a token and a redirection to a second location from the server; and
  
  appending said token to said service request and retransmitting said service request together with said token to the server at said second server location via an intermediate node, wherein said intermediate node appends the credential to said retransmitted service request and transmits said service request, said token and said credential to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein said first location is the same as said second location and said receiving act further comprises receiving an indication that said service request is to be retransmitted to said first location via said intermediate node.
  - 3. The method of claim 1, wherein said receiving act further comprises receiving a second token.
  - 4. The method of claim 3, further comprising transmitting an additional request to the server at said first location wherein said additional request includes said second token.
  - 5. The method of claim 4, wherein said additional request further includes said token.
  - 6. The method of claim 1, wherein said token is a Cookie.
  - 7. The method of claim 3, wherein said second token is a Cookie.
  - 8. The method of claim 1, wherein the credential is a MDN.
  - 10. The method of claim 1, wherein the network is trusted and further comprising prior to said transmitting act, opening an unsecured transport connection with the server and wherein said transmitting act comprises transmitting said service request via said transport connection.
  - 11. The method of claim 1, wherein at least a portion of the network interconnecting the client and the server is untrusted and further comprising prior to said transmitting act, opening a secure transport connection with the server at said first location and wherein said transmitting act comprises transmitting said service request via said transport connection.
  - 12. The method of claim 10, further comprising closing said transport connection following said receiving act.
  - 13. The method of claim 11, wherein said secure transport connection is a SSL session.
  - 14. The method of claim 1, wherein said first location is different from said second location and said receiving act further comprises receiving an indication that said service request is to be retransmitted to said second location via said intermediate node.
  - 15. The method of claim 1, further comprising:
    - generating at least one additional service request;
      
      appending said token to each of said at least one additional service request; and
      
      transmitting said at least one additional service request to the server.
  - 17. The method of claim 3, further comprising receiving a third token from the server.
  - 18. The method of claim 17, further comprising transmitting an additional request to the server at said first location and wherein said additional request includes said third token.
  - 19. The method of claim 18, wherein said additional request includes said second token.
  - 20. The method of claim 1, wherein the network is trusted and said service request is an HTTP Request using the POST method.
  - 21. The method of claim 1, wherein at least a portion of the network interconnecting the client and the server is untrusted and said service request is an HTTPS Request using the POST method.

9. (canceled)

16. (canceled)

22. A method for establishing an authenticated communication session between a client and a server over a communications network, the client identified by a credential which is unavailable to the client, the method comprising:
- receiving at a first location a service request from the client;
  
  transmitting a redirection to a second location comprising a token to the client;
  
  receiving at said second location a redirected service request and the credential via an intermediate node; and
  
  transmitting to the client an acknowledgment of correct reception of said redirected service request if said redirected service request includes said token.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The method of claim 22, further comprising generating said token.
  - 24. The method of claim 22, wherein an additional service request from the client including said token is authenticated.
  - 25. The method of claim 22, wherein said acknowledgement includes a second token and further wherein an additional service request received at said first location from the client including said second token is authenticated.
  - 26. The method of claim 22, wherein said acknowledgement includes a second token and further wherein an additional service request received at said first location from the client including said token and said second token is authenticated.
  - 27. The method of claim 22, further comprising receiving an additional service request from the client and comparing a token received with said additional service request with said first token, wherein if said token matches said first token, said additional service request is authenticated.

28. (canceled)

29. (canceled)

30. (canceled)

31. (canceled)

32. (canceled)

33. (canceled)

34. (canceled)

35. (canceled)

36. (canceled)

37. (canceled)

38. (canceled)

39. (canceled)

40. (canceled)

41. (canceled)

42. A computing system comprising:
- a server;
  
  a mobile device comprising a client interconnected with said server via a data network, said client identified by a credential which is unavailable to said client; and
  
  an intermediate node interconnected to said client and said server via said data network wherein said credential is available to said intermediate node;
  
  wherein upon reception of a service request from said client said server redirects said client to retransmit said service request to said server via said intermediate node together with a token, wherein said intermediate node appends a credential identifying said client to said redirected service request and said token and relays said redirected service request, said token and said credential to said server.

43. (canceled)

44. (canceled)

45. (canceled)

46. (canceled)

47. (canceled)

48. (canceled)

49. (canceled)

50. (canceled)

51. (canceled)

52. (canceled)

53. (canceled)

54. A computer program product in a computer readable medium for establishing an authenticated communication session between a client and a server over a communications network, the client identified by a credential which is unavailable to the client, the product comprising:
- instructions for generating a service request;
  
  instructions for transmitting said service request to the server;
  
  instructions for receiving a token, a redirection and an indication that said service request is to be retransmitted to the server via an intermediate node from the server; and
  
  instructions for appending said token to said service request and retransmitting said service request together with said token to the server via said intermediate node.
- View Dependent Claims (57, 64)
- - 57. The computer program product of claim 54, further comprising instructions for receiving a second token from the server, instructions for generating at least one additional service request, instructions for appending said second token to each of said at least one additional service request and instructions for transmitting said at least one additional service request to the server.
  - 64. The computer program product of claim 54, wherein at least a portion of the network interconnecting the client and the server is untrusted and further comprising instructions for opening a secure transport connection with the server.

55. (canceled)

56. (canceled)

58. (canceled)

59. (canceled)

60. (canceled)

61. (canceled)

62. (canceled)

63. (canceled)

65. (canceled)

66. (canceled)

67. (canceled)

68. (canceled)

69. A computer program product in a computer readable medium for establishing an authenticated communication session between a client and a server over a communications network, the client identified by a credential which is not available to the client, the product comprising:
- instructions for receiving a service request from the client;
  
  instructions for sending to the client a redirection comprising a first token and an indication that said service request should be retransmitted to the server via an intermediate node; and
  
  instructions for receiving a redirected service request, said first token and the credential from said intermediate node.
- View Dependent Claims (71, 72)
- - 71. The computer program product of claim 69, further comprising instructions for receiving an additional service request from the client and instructions for comparing a token received with said additional service request with said first token, wherein if said token matches said first token, said additional service request is authenticated.
  - 72. The computer program product of claim 69, further comprising instructions for sending a second token, instructions for receiving an additional service request from the client and instructions for comparing a token received with said additional service request with said second token, wherein if said token matches said second token, said additional service request is authenticated.

70. (canceled)

73. (canceled)

74. (canceled)

75. (canceled)

76. (canceled)

77. (canceled)

78. (canceled)

79. (canceled)

80. (canceled)

81. (canceled)

82. (canceled)

83. (canceled)

84. (canceled)

85. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synchronica PLC (Myriad Group AG)
Original Assignee
Synchronica PLC (Myriad Group AG)
Inventors
Caron, Alain, Thorkelsson, Haraldur, Grigoriev, Nikolai, Legault, Sylvain

Granted Patent

US 9,088,416 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 9/3213   using tickets or tokens, e....

Method for Securely Associating Data with Http and Https Sessions

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

85 Claims

Specification

Solutions

Use Cases

Quick Links

Method for Securely Associating Data with Http and Https Sessions

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

85 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links