Predictive HTTP Authentication Mode Negotiation

US 20100251338A1
Filed: 03/31/2009
Published: 09/30/2010
Est. Priority Date: 03/31/2009
Status: Active Grant

First Claim

Patent Images

1. A method of negotiating a Hypertext Transfer Protocol (HTTP) authentication mode, the method comprising:

receiving from a client system a first HTTP request at a server system, the first HTTP request requesting a first resource, wherein the server system receives the first HTTP request via an electronic communication network; and

in response to receiving the first HTTP request, sending an HTTP response from the server system to the client system, the HTTP response containing an HTTP authentication mode preference header, wherein the HTTP authentication mode preference header indicates a preferred HTTP authentication mode.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client system and a server system use a Hypertext Transfer Protocol (HTTP) authentication mode preference header to negotiate an HTTP authentication mode. The client system sends an HTTP request to the server system. In response to the HTTP request, the server system sends an HTTP response to the client system. The HTTP response includes an HTTP authentication mode preference header. The HTTP authentication mode preference header indicates whether a preferred HTTP authentication mode is connection-based HTTP authentication or request-based HTTP authentication. In subsequent HTTP requests to the server system, the client system uses the HTTP authentication mode indicated by the HTTP authentication mode preference header.

7 Citations

View as Search Results

20 Claims

1. A method of negotiating a Hypertext Transfer Protocol (HTTP) authentication mode, the method comprising:
- receiving from a client system a first HTTP request at a server system, the first HTTP request requesting a first resource, wherein the server system receives the first HTTP request via an electronic communication network; and
  
  in response to receiving the first HTTP request, sending an HTTP response from the server system to the client system, the HTTP response containing an HTTP authentication mode preference header, wherein the HTTP authentication mode preference header indicates a preferred HTTP authentication mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, the method further comprising:
    - in response to receiving the first HTTP request, identifying at the server system a required HTTP authentication mode;
      
      in response to identifying the required HTTP authentication mode, determining, at the server system, whether the required HTTP authentication mode is request-based HTTP authentication;
      
      in response to determining that the required HTTP authentication mode is request-based HTTP authentication, determining, at the server system, whether the first HTTP request includes an authorization header; and
      
      in response to determining that the first HTTP request does not include an authorization header, sending a first HTTP rejection response via the electronic communication network from the server system to the client system, wherein the first HTTP rejection response indicates that the client system is not authorized to access the first resource.
  - 3. The method of claim 2, the method further comprising:
    - in response to determining that the first HTTP request includes an authorization header, using, at the server system, the authorization header to perform an action in an authentication process, the server system using the authorization header to perform the action in the authentication process;
      
      after performing the action in the authentication process, determining, at the server system, whether the authentication process was completed successfully;
      
      in response to determining that the authentication process was not completed successfully, sending, by the server system, a second HTTP rejection response, the second HTTP rejection response indicating that the client system is not authorized to access the first resource, the second HTTP rejection response being sent via the electronic communication network from the server system to the client system; and
      
      in response to determining that the authentication process was completed successfully, sending, by the server system, the HTTP response, the HTTP authentication mode preference header indicating that the preferred HTTP authentication mode is request-based HTTP authentication.
  - 4. The method of claim 1,wherein receiving the first HTTP request comprises receiving the first HTTP request via a connection;
    - andwherein the method further comprises;
      
      in response to receiving the first HTTP request, identifying, at the server system, a required HTTP authentication mode;
      
      in response to identifying the required HTTP authentication mode, determining, at the server system, whether the required HTTP authentication mode is connection-based HTTP authentication;
      
      in response to determining that the required HTTP authentication mode is connection-based HTTP authentication, determining, at the server system, whether the first HTTP request includes an authorization header;
      
      in response to determining that the first HTTP request does not include an authorization header, determining, at the server system, whether the connection is an authenticated connection;
      
      in response to determining that the first HTTP request includes an authorization header, using, at the server system, the authorization header to perform an action in an authentication process;
      
      after performing the action in the authentication process, determining, at the server system, whether the authentication process was completed successfully;
      
      in response to determining that the authentication process was not completed successfully or in response to determining that the connection is not an authenticated connection, sending, by the server system, an HTTP rejection response, the HTTP rejection response indicating that the client system is not authorized to access the first resource, the HTTP rejection response being sent via the electronic communication network from the server system to the client system;
      
      in response to determining that the authentication process was completed successfully, updating, at the server system, connection data to indicate that the connection is an authenticated connection; and
      
      in response to determining that the authentication process was completed successfully or in response to determining that the connection is an authenticated connection, sending, by the server system, the HTTP response, the HTTP authentication mode preference header indicating that the preferred HTTP authentication mode is connection-based HTTP authentication.
  - 5. The method of claim 4, wherein using the authorization header to perform the authentication process comprises using, by the server system, a Kerberos security protocol to perform the authentication process.
  - 6. The method of claim 4, wherein using the authorization header to perform the authentication process comprises using, by the server system, a negotiation mechanism to negotiate a security protocol used in the authentication process.
  - 7. The method of claim 4, wherein the connection is a Transmission Control Protocol (TCP) connection.
  - 8. The method of claim 1, the method further comprising:
    - receiving a second HTTP request at the server system, the server system receiving the second HTTP request after the server system sends the HTTP response, the second HTTP request being sent by the client system, the second HTTP request requesting a second resource, the server system receiving the second HTTP request via the electronic communication network, the second HTTP request containing an authorization header when the HTTP authentication mode preference header indicated that the preferred HTTP authentication mode is request-based HTTP authentication, the second HTTP request not containing an authorization header when the HTTP authentication mode preference header indicated that the preferred HTTP authentication mode is connection-based HTTP authentication.
  - 9. The method of claim 1, wherein the HTTP authentication mode preference header uses a Boolean value to indicate the preferred HTTP authentication mode.

10. An electronic computing system comprising:
- a processing unit; and
  
  a data storage system, the data storage system storing instructions that, when executed by the processing unit, cause the electronic computing system to;
  
  receive a Hypertext Transfer Protocol (HTTP) response, the HTTP response being sent by a server system, the HTTP response being received by the electronic computing system via an electronic communication network, the HTTP response containing an HTTP authentication mode preference header, the HTTP authentication mode preference header indicating a preferred HTTP authentication mode; and
  
  in response to identifying the preferred HTTP authentication mode, use the preferred HTTP authentication mode in an HTTP request, the HTTP request requesting a resource, the resource being provided by the server system, the HTTP request being sent via the electronic communication network, the HTTP request being sent to the server system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The electronic computing system of claim 10,wherein the instructions further cause the electronic computing system to:
    - in response to identifying the preferred HTTP authentication mode, determine whether the preferred HTTP authentication mode is connection-based HTTP authentication; and
      
      in response to determining that the preferred HTTP authentication mode is connection-based HTTP authentication, determine whether a connection exists between the electronic computing system and the server system;
      
      wherein the instructions cause the electronic computing system to use the preferred HTTP authentication mode by causing the electronic computing system to;
      
      in response to determining that a connection exists between the electronic computing system and the server system, generate the HTTP request, the HTTP request not including an authorization header; and
      
      send the HTTP request to the server system.
  - 12. The electronic computing system of claim 11, wherein the connection is a Transmission Control Protocol (TCP) connection.
  - 13. The electronic computing system of claim 11, wherein the instructions cause the electronic computing system to use the preferred HTTP authentication mode by further causing the electronic computing system to:
    - generate the authorization header, the instructions causing the electronic computing system to generate the authorization header in response to determining that a connection does not exist between the electronic computing system and the server system;
      
      generate the HTTP request, the instructions causing the electronic computing system to generate the HTTP request in response to determining that a connection does not exist between the electronic computing system and the server system, the HTTP request including the authorization header; and
      
      send the HTTP request to the server system.
  - 14. The electronic computing system of claim 13, wherein the authorization header includes a client-to-server ticket and an authenticator for use in a Kerberos security protocol.
  - 15. The electronic computing system of claim 10,wherein the instructions further cause the electronic computing system to:
    - in response to identifying the preferred HTTP authentication mode, determine whether the preferred HTTP authentication mode is request-based HTTP authentication; and
      
      wherein using the preferred HTTP authentication mode comprises;
      
      in response to determining that the preferred HTTP authentication mode is request-based HTTP authentication, generate the HTTP request, the HTTP request including the authorization header; and
      
      send the HTTP request to the server system.
  - 16. The electronic computing system of claim 10,wherein the instructions further cause the electronic computing system to:
    - in response to receiving the HTTP response, update mode preference data such that the mode preference data indicates the preferred HTTP authentication mode;
      
      after updating the mode preference data, use the mode preference data to identify the preferred HTTP authentication mode;
      
      determine whether the mode preference data indicates the preferred HTTP authentication mode;
      
      wherein the instructions cause the electronic computing system to use the mode preference data to identify the preferred HTTP authentication mode in response to determining that the mode preference data indicates the preferred HTTP authentication mode; and
      
      wherein the instructions further cause the electronic computing system to generate a second HTTP request, the instructions causing the electronic computing system to generate the second HTTP request in response to determining that the mode preference data does not indicate the preferred HTTP authentication mode, the second HTTP request requesting the resource, the second HTTP request being sent via the electronic communication network, the second HTTP request being sent to the server system.
  - 17. The electronic computing system of claim 16, wherein the mode preference data is stored at the electronic computing system.
  - 18. The electronic computing system of claim 10, wherein the HTTP authentication mode preference header uses a Boolean value to indicate the preferred HTTP authentication mode.
  - 19. The electronic computing system of claim 10, the instructions causing the electronic computing system to generate the HTTP request in response to a resource request, the resource request being sent by an application, the application operating at the electronic computing system.

20. A computer-readable data storage medium comprising instructions that, when executed by a processing unit of a server system, cause the server system to:
- receive a Hypertext Transfer Protocol (HTTP) request, the HTTP request being received via an electronic communication network, the HTTP request being sent by a client system, the HTTP request requesting a resource, the resource being provided by the server system;
  
  in response to receiving the HTTP request, determine whether HTTP authentication is required to access the resource;
  
  in response to determining that HTTP authentication is not required to access the resource, retrieve the resource;
  
  in response to determining that HTTP authentication is not required to access the resource, send a first HTTP response, the first HTTP response containing the resource, the first HTTP response being sent via the electronic communication network, the first HTTP response being sent to the client system;
  
  in response to determining that HTTP authentication is required to access the resource, identify a required HTTP authentication mode, the required HTTP authentication mode being an HTTP authentication mode required to access the resource;
  
  in response to identifying the required HTTP authentication mode, determine whether the required HTTP authentication mode is connection-based HTTP authentication;
  
  send a second HTTP response, the server system sending the second HTTP response when the second HTTP authentication mode is connection-based HTTP authentication, the second HTTP response being responsive to the HTTP request, the second HTTP response containing a first HTTP authentication mode preference header, the first HTTP authentication mode preference header indicating that a preferred HTTP authentication mode is connection-based HTTP authentication, the second HTTP response being sent via the electronic communication network, the second HTTP response being sent to the client system;
  
  in response to identifying the required HTTP authentication mode, determine whether the required HTTP authentication mode is request-based HTTP authentication; and
  
  send a third HTTP response, the server system sending the third HTTP response when the required HTTP authentication mode is request-based HTTP authentication, the third HTTP response being responsive to the HTTP request, the third HTTP response containing a second HTTP authentication mode preference header, the second HTTP authentication preference header indicating that the preferred HTTP authentication mode is request-based HTTP authentication, the third HTTP response being sent via the electronic communication network, the third HTTP response being sent to the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cox, Matthew, Silvera, Jonathan, James, Rick, Leach, Paul J., Ruia, Anil K., Desai, Anish V.

Granted Patent

US 8,266,680 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 69/22   Parsing or analysis of headers

Predictive HTTP Authentication Mode Negotiation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Predictive HTTP Authentication Mode Negotiation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links