Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices

US 20100223471A1
Filed: 02/27/2009
Published: 09/02/2010
Est. Priority Date: 02/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP), the method comprising:

setting, at the communication device, an HTTP cookie which includes;

at least one of a user identification of a user of the communication device, or a group identification of a group with which the user is associated; and

a message portion which is signed with a digital signature of the user or the group;

sending, to an application server site via the communication network, a request message which includes the HTTP cookie; and

in response to sending the request message;

receiving access, via the communication network, to an application service of the application server site if verification of the digital signature at the application server site is successful.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one illustrative example, a method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP) involves setting, at the communication device, an HTTP cookie which includes a user identification of a user of the communication device and a message portion which is signed with a digital signature of the user. The communication device sends, to an application server site via the communication network, a request message which includes the HTTP cookie. If verification of the digital signature at the application server site is successful, the communication device will receive access to an application service of the application server site. In one variation, the HTTP cookie is alternatively set with a group identification of a group with which the user is associated, and the message portion is signed with a digital signature of the group. The group may be a plurality of users associated with a service provider which provides the communication device access to a communication service in the communication network. In this case, the HTTP cookie may be set with a token retrieved from the service provider, where the token includes the digital signature of the service provider.

73 Citations

View as Search Results

32 Claims

1. A method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP), the method comprising:
- setting, at the communication device, an HTTP cookie which includes;
  
  at least one of a user identification of a user of the communication device, or a group identification of a group with which the user is associated; and
  
  a message portion which is signed with a digital signature of the user or the group;
  
  sending, to an application server site via the communication network, a request message which includes the HTTP cookie; and
  
  in response to sending the request message;
  
  receiving access, via the communication network, to an application service of the application server site if verification of the digital signature at the application server site is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - wherein the HTTP cookie includes the user identification; and
      
      wherein the digital signature is that of the user.
  - 3. The method of claim 1, further comprising:
    - wherein the HTTP cookie includes the group identification; and
      
      wherein the digital signature is that of the group.
  - 4. The method of claim 1, further comprising:
    - wherein the digital signature is produced with use of a private key of the user or the group; and
      
      wherein the verification of the user or group identification is performed with use of a public key of the user or the group.
  - 5. The method of claim 1, further comprising:
    - failing to receive access, via the communication network, to the application service if validation of the user or group identification at the application server site is unsuccessful.
  - 6. The method of claim 1, wherein receiving access to the application service comprises at least one of:
    - receiving, via the communication network, data for rendering in a display at the communication device;
      
      receiving, via the communication network, web data for rendering a web page in a browser application of the communication device;
      
      orreceiving access, via the communication network, to an e-commerce transaction service of the application server for performing an e-commerce transaction via the application server site.
  - 7. The method of claim 1, wherein the request message comprises a HTTP request message, and wherein the method further comprises:
    - receiving display data in response to the HTTP request message.
  - 8. The method of claim 1, further comprising:
    - accessing a communication service via the communication network;
      
      receiving, via the communication network, a token from a token server of a service provider which provides the communication service, the token having a digital signature of the service provider; and
      
      providing the token in the HTTP cookie of the request message for verification at the application server site.
  - 9. The method of claim 8, wherein accessing the communication service comprises causing authentication credentials of the communication device to be sent via the communication network for authentication by the service provider.
  - 10. The method of claim 1, further comprising:
    - wherein the application server site is adapted to provide a proof-of-work (POW) test for accessing the application service; and
      
      and wherein the application server site is further adapted to bypass the POW test for the communication device if the validation at the application server site is successful.
  - 11. The method of claim 1 wherein one or more subsequent request messages sent by the communication device are allowed access to the application service based on a previous validation of a previous request message.
  - 12. The method of claim 1, further comprising:
    - wherein the communication device comprises a wireless mobile communication device; and
      
      wherein the communication network comprises a wireless communication network.
  - 13. The method of claim 1, wherein the method is performed by computer instructions stored on a computer readable medium, the computer instructions being executable by one or more processors of the communication device.

14. A communication device, comprising:
- one or more processors;
  
  memory coupled to the one or more processors;
  
  a transceiver coupled to the one or more processors and being operative for communications in a communication network;
  
  the one or more processors being operative to;
  
  set a Hypertext Transport Protocol (HTTP) cookie which includes;
  
  at least one of a user identification of a user of the communication device, or a group identification of a group with which the user is associated; and
  
  a message portion which is signed with a digital signature of the user or the group;
  
  send, to an application server site via the communication network, a request message which includes the HTTP cookie; and
  
  in response to sending the request message;
  
  receive access, via the communication network, to an application service of the application server site if verification of the digital signature at the application server site is successful.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The communication device of claim 14, further comprising:
    - wherein the HTTP cookie includes the user identification; and
      
      wherein the digital signature is that of the user.
  - 16. The communication device of claim 14, further comprising:
    - wherein the HTTP cookie includes the group identification; and
      
      wherein the digital signature is that of the group.
  - 17. The communication device of claim 14, further comprising:
    - wherein the digital signature is produced with use of a private key of the user or the group; and
      
      wherein the verification of the user or group identification is performed with use of a public key associated with the user or the group identification.
  - 18. The communication device of claim 14, wherein the one or more processors are further operative to:
    - access a token server via the communication network; and
      
      receive, from the token server, a token having the digital signature of the group; and
      
      provide the token in the HTTP cookie of the request message for verification at the application server site.
  - 19. The communication device of claim 14, wherein the one or more processors are further operative to:
    - access a communication service via the communication network;
      
      receive, via the communication network, a token from a token server of a service provider which provides the communication service, the token having the digital signature of the service provider; and
      
      provide the token in the HTTP cookie of the request message for verification at the application server site.
  - 20. The communication device of claim 19, wherein gaining access to the communication service comprises causing authentication credentials of the communication device to be sent via the communication network for authentication by the service provider.
  - 21. The communication device of claim 14, which is a wireless communication device having the transceiver comprising a wireless transceiver operative in the communication network comprising a wireless communication network.
  - 22. The mobile communication device of claim 14, further comprising:
    - wherein the message comprises a HTTP request message; and
      
      wherein the one or more processors are further adapted to receive display data in response to the HTTP request message.

23. A method at an application server site for permitting access to an application service for a communication device over a communication network using Hypertext Transport Protocol (HTTP), the method comprising:
- receiving, from the communication device over the communication network, a request message having an HTTP cookie which includes;
  
  at least one of a user identification of a user, or a group identification of a group with which the user is associated; and
  
  a message portion which is signed with a digital signature;
  
  performing validation of the HTTP cookie, which includes a verification step for verifying the digital signature in the HTTP cookie is that of the user;
  
  granting the communication device access to the application service at the application server site via the communication network if validation of the HTTP cookie is successful; and
  
  denying the communication device access to the application service if validation of the HTTP cookie is unsuccessful.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The method of claim 23, further comprising:
    - wherein the HTTP cookie includes the user identification; and
      
      wherein the digital signature is that of the user.
  - 25. The method of claim 23, further comprising:
    - wherein the HTTP cookie includes the group identification; and
      
      wherein the digital signature is that of the group.
  - 26. The method of claim 23, further comprising:
    - wherein the digital signature is produced with use of a private key of the user or the group; and
      
      wherein the verification of the digital signature is performed with use of a public key corresponding to the user or the group.
  - 27. The method of claim 23, wherein the granting of access to the application service comprises at least one of:
    - sending, via the communication network, data for rendering in a display at the communication device;
      
      sending, via the communication network, web data for rendering a web page in a browser application of the communication device;
      
      orproviding access, via the communication network, to an e-commerce transaction service of the application server for performing an e-commerce transaction via the application server site.
  - 28. The method of claim 23, wherein the HTTP cookie comprises a token from a service provider which provides access for the communication device to a communication service of the communication network, the token having the digital signature of the service provider which represents the group with which the user of the communication device is associated.
  - 29. The method of claim 23, wherein the application server site is adapted to provide a proof-of-work (POW) test for accessing the application service, and wherein the act of granting access to the communication service comprises the further act of bypassing the POW test for the communication device if the validation at the application server site is successful.
  - 30. The method of claim 23, further comprising the act of:
    - performing session control and management with use of the HTTP cookie.
  - 31. The method of claim 23, wherein the method is performed by computer instructions stored on a computer readable medium, the computer instructions being executable by one or more processors at the application server site.

32. An application server site adapted to permit access to an application service for a communication device over a communication network with use of Hypertext Transport Protocol (HTTP), the application server site being further adapted to receive, from the communication device over the communication network, a request message having an HTTP cookie which includes at least one of a user identification of a user, or a group identification of a group with which the user is associated, and a message portion which is signed with a digital signature;
- perform validation of the HTTP cookie, which includes a verification step for verifying the digital signature in the HTTP cookie;
  
  grant the communication device access to the application service at the application server site via the communication network if validation of the HTTP cookie is successful; and
  
  deny the communication device access to the application service if validation of the HTTP cookie is unsuccessful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Fresko, Nedim, Franco, Will D., Sherkin, Alexander

Granted Patent

US 9,059,979 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/168   above the transport layer

Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links