HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT

US 20100024006A1
Filed: 07/24/2008
Published: 01/28/2010
Est. Priority Date: 07/24/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

receiving at a processing node a request for a domain from a client browser;

determining at the processing node whether the request includes domain authorization data for the requested domain;

if the request for the domain includes the domain authorization data, allowing the request;

if the request for the domain does not include the domain authorization data, requesting authorized user data from the client browser;

in response to the request for the authorized user data, determining if the client browser provided the authorized user data;

if the client browser provided the authorized user data, generating at the processing node the domain authorization data, providing the domain authorization data to the client browser, and allowing the request for the domain;

if the client browser did not provide the authorized user data, requesting user authorization from the client browser.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains.

Citations

16 Claims

1. A computer implemented method, comprising:
- receiving at a processing node a request for a domain from a client browser;
  
  determining at the processing node whether the request includes domain authorization data for the requested domain;
  
  if the request for the domain includes the domain authorization data, allowing the request;
  
  if the request for the domain does not include the domain authorization data, requesting authorized user data from the client browser;
  
  in response to the request for the authorized user data, determining if the client browser provided the authorized user data;
  
  if the client browser provided the authorized user data, generating at the processing node the domain authorization data, providing the domain authorization data to the client browser, and allowing the request for the domain;
  
  if the client browser did not provide the authorized user data, requesting user authorization from the client browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein receiving at a processing node a request for a domain from a client browser comprises:
    - receiving at a processing node a request for a URL from a client browser; and
      
      identifying a domain associated with the URL.
  - 3. The method of claim 2, wherein allowing the request for the domain comprises allowing the request for a URL associated with the domain.
  - 4. The method of claim 1, wherein requesting user authorization from the client browser comprises initiating a request from the access agent to the client browser for user credentials.
  - 5. The method of claim 1, wherein the domain authorization data is based on the authorized user data.
  - 6. The method of claim 1, wherein the user authorization data is based on authentication data, the authentication data passed to the processing node as a query parameter.
  - 7. The method of claim 1, wherein the request for the domain is an http request.
  - 8. The method of claim 1, wherein the domain authorization data is an http cookie.
  - 9. The method of claim 1, wherein allowing the request comprises:
    - removing the domain authorization data from the request; and
      
      transmitting the request to the domain.
  - 10. The method of claim 1, further comprising determining a state associated with the client browser based on data included with the request.
  - 11. The method of claim 10, wherein determining a state associated with the client browser comprises determining that the client browser is associated with the AD state for a domain if the request from the client browser included domain authorization data for the domain.
  - 12. The method of claim 10, wherein determining a state associated with the client browser comprises determining that the client browser is associated with the AU state if the request from the client browser included user authorization data.

13. A computer implemented method, comprising:
- receiving at a processing node an http request from a client browser;
  
  analyzing at the processing node data associated with the http request;
  
  determining if the data associated with the http request included domain authorization data;
  
  if the data associated the http request included domain authorization data, allowing the request;
  
  if the data associated with the http request did not include domain authorization data, determining if the data associated with the http request included authorized user data;
  
  if the data associated with the http request included authorized user data,generating domain authorization data based on the authorized use data;
  
  redirecting the client browser to submit a redirected http request to the processing node with the generated domain authorization data.If the data associated with the http request did not include the authorized user data, instructing the client browser to obtain authorization.

14. Software stored in a computer readable medium and comprising instructions executable by a data processing system and upon such execution cause the data processing system to perform operations comprising:
- receiving at a processing node a request for a URL at a domain;
  
  determining at the processing node whether the request includes domain authorization data for the domain of the request URL;
  
  if the request for the domain includes the domain authorization data, allowing the request for the URL;
  
  if the request for the domain does not include the domain authorization data, requesting authorized user data from the client browser;
  
  in response to the request for the authorized user data, determining if the client browser provided the authorized user data;
  
  if the client browser provided the authorized user data, generating at the processing node the domain authorization data, providing the domain authorization data to the client browser, and allowing the request for the URL;
  
  if the client browser did not provide the authorized user data, requesting user authorization from the client browser.
- View Dependent Claims (15, 16)
- - 15. The software of claim 14, wherein the request is an http request.
  - 16. The software of claim 14, wherein the domain authorization data and the authorized user data are stored in the form of an http cookie.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
SafeChannel, Inc.
Inventors
Mullick, Amarnath, Nanjundaswamy, Shashidhara Mysore, Kailash, Kailash, Raphel, Jose

Granted Patent

US 8,656,462 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links