Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices
First Claim
1. A method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP), the method comprising:
- setting, at the communication device, an HTTP cookie which includes;
at least one of a user identification of a user of the communication device, or a group identification of a group with which the user is associated; and
a message portion which is signed with a digital signature of the user or the group;
sending, to an application server site via the communication network, a request message which includes the HTTP cookie; and
in response to sending the request message;
receiving access, via the communication network, to an application service of the application server site if verification of the digital signature at the application server site is successful.
6 Assignments
0 Petitions
Accused Products
Abstract
In one illustrative example, a method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP) involves setting, at the communication device, an HTTP cookie which includes a user identification of a user of the communication device and a message portion which is signed with a digital signature of the user. The communication device sends, to an application server site via the communication network, a request message which includes the HTTP cookie. If verification of the digital signature at the application server site is successful, the communication device will receive access to an application service of the application server site. In one variation, the HTTP cookie is alternatively set with a group identification of a group with which the user is associated, and the message portion is signed with a digital signature of the group. The group may be a plurality of users associated with a service provider which provides the communication device access to a communication service in the communication network. In this case, the HTTP cookie may be set with a token retrieved from the service provider, where the token includes the digital signature of the service provider.
73 Citations
32 Claims
-
1. A method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP), the method comprising:
-
setting, at the communication device, an HTTP cookie which includes; at least one of a user identification of a user of the communication device, or a group identification of a group with which the user is associated; and a message portion which is signed with a digital signature of the user or the group; sending, to an application server site via the communication network, a request message which includes the HTTP cookie; and in response to sending the request message;
receiving access, via the communication network, to an application service of the application server site if verification of the digital signature at the application server site is successful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A communication device, comprising:
-
one or more processors; memory coupled to the one or more processors; a transceiver coupled to the one or more processors and being operative for communications in a communication network; the one or more processors being operative to; set a Hypertext Transport Protocol (HTTP) cookie which includes; at least one of a user identification of a user of the communication device, or a group identification of a group with which the user is associated; and a message portion which is signed with a digital signature of the user or the group; send, to an application server site via the communication network, a request message which includes the HTTP cookie; and in response to sending the request message;
receive access, via the communication network, to an application service of the application server site if verification of the digital signature at the application server site is successful. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method at an application server site for permitting access to an application service for a communication device over a communication network using Hypertext Transport Protocol (HTTP), the method comprising:
-
receiving, from the communication device over the communication network, a request message having an HTTP cookie which includes; at least one of a user identification of a user, or a group identification of a group with which the user is associated; and a message portion which is signed with a digital signature; performing validation of the HTTP cookie, which includes a verification step for verifying the digital signature in the HTTP cookie is that of the user; granting the communication device access to the application service at the application server site via the communication network if validation of the HTTP cookie is successful; and denying the communication device access to the application service if validation of the HTTP cookie is unsuccessful. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An application server site adapted to permit access to an application service for a communication device over a communication network with use of Hypertext Transport Protocol (HTTP), the application server site being further adapted to receive, from the communication device over the communication network, a request message having an HTTP cookie which includes at least one of a user identification of a user, or a group identification of a group with which the user is associated, and a message portion which is signed with a digital signature;
- perform validation of the HTTP cookie, which includes a verification step for verifying the digital signature in the HTTP cookie;
grant the communication device access to the application service at the application server site via the communication network if validation of the HTTP cookie is successful; and
deny the communication device access to the application service if validation of the HTTP cookie is unsuccessful.
- perform validation of the HTTP cookie, which includes a verification step for verifying the digital signature in the HTTP cookie;
Specification