USING AN IP MULTIMEDIA SUBSYSTEM FOR HTTP SESSION AUTHENTICATION

US 20140282990A1
Filed: 10/11/2013
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method for operating a processor in an Internet Protocol Multimedia Subsystem (IMS) to authenticate a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, the method comprising:

receiving a request from a communication device to initiate an HTTP session;

determining whether the communication device is registered on the Internet Protocol Multimedia Subsystem;

in response to determining that the communication device is registered on the Internet Protocol Multimedia Subsystem, generating an initial authentication token and sending the generated initial authentication token to the communication device;

receiving an HTTP session request from the communication device, wherein the HTTP session request includes a copy of the authentication token;

determining whether the copy of the authentication token is valid; and

in response to determining that the authentication token is valid, transmitting the HTTP session request and the authentication token to a Web server to authenticate the communication device to an online application hosted by the Web server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method and system for utilizing an Internet Protocol Multimedia Subsystem (IMS) to authenticate an HTTP session between a communication device and an online application program. The method includes registering a communication device on an IMS, and generating an authorization token which is sent to the communication device. The communication device then embeds the authorization token in HTTP request communication directed to the IMS. The IMS, after verifying the authorization token, forwards the HTTP request and token to a selected Web server that hosts an online application to authenticate an HTTP session.

44 Citations

View as Search Results

20 Claims

1. A method for operating a processor in an Internet Protocol Multimedia Subsystem (IMS) to authenticate a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, the method comprising:
- receiving a request from a communication device to initiate an HTTP session;
  
  determining whether the communication device is registered on the Internet Protocol Multimedia Subsystem;
  
  in response to determining that the communication device is registered on the Internet Protocol Multimedia Subsystem, generating an initial authentication token and sending the generated initial authentication token to the communication device;
  
  receiving an HTTP session request from the communication device, wherein the HTTP session request includes a copy of the authentication token;
  
  determining whether the copy of the authentication token is valid; and
  
  in response to determining that the authentication token is valid, transmitting the HTTP session request and the authentication token to a Web server to authenticate the communication device to an online application hosted by the Web server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the HTTP session request is received from the communication device using a Session Initiation Protocol (SIP).
  - 3. The method of claim 1, further comprising:
    - receiving an HTTP response from the Web server, the response being addressed to the communication device; and
      
      transmitting the received HTTP response to the communication device.
  - 4. The method of claim 1, further comprising assigning an expiration time to the initial authentication token.
  - 5. The method of claim 4, wherein determining whether the copy of the authentication token is valid comprises determining whether the assigned expiration time to the initial authentication token has expired.
  - 6. The method of claim 1, further comprising storing a copy of the initial authentication token.
  - 7. The method of claim 6, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication token with the copy of the initial authentication token to confirm that the copy of the authentication token and the initial authentication token are the same.
  - 8. The method of claim 1, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to an access control list.
  - 9. The method of claim 1, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to subscriber settings associated with the communication device.
  - 10. The method of claim 1, further comprising:
    - determining whether the initial authentication token has expired; and
      
      in response to determining that the initial authentication token has expired;
      
      generating a new replacement token;
      
      assigning a new expiration time; and
      
      sending the new replacement token to the communication device.

11. At least one tangible, computer-readable medium storing instructions, which when executed by at least one processor in an Internet Protocol Multimedia Subsystem (IMS), authenticates a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, comprising:
- receiving a request from a communication device to initiate an HTTP session;
  
  detecting whether a communication device is registered on the Internet Protocol Multimedia Subsystem;
  
  in response to determining that a communication device is registered on the Internet Protocol Multimedia Subsystem,generating an initial authentication token, andcausing the generated initial authentication token to be sent to the communication device;
  
  receiving an HTTP session request from the communication device;
  
  determining whether the received HTTP session request includes an authentication token;
  
  in response to determining that that the received HTTP session request does not include an authentication token, requesting an authentication token from the communication device;
  
  receiving a copy of the authentication token from the communication device;
  
  determining whether the copy of the authentication token is valid; and
  
  in response to determining that the copy of the authentication token is valid, causing the HTTP session request and authentication token to be sent to a Web server to authenticate the communication device to an online application hosted by the Web server.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The tangible, computer-readable medium of claim 11, further comprising assigning an expiration time to the initial authentication token.
  - 13. The tangible, computer-readable medium of claim 12, wherein determining whether the copy of the authentication token is valid comprises determining whether the copy of the initial authentication token has expired.
  - 14. The tangible, computer-readable medium of claim 11, further comprising storing a copy of the initial authentication token.
  - 15. The tangible, computer-readable medium of claim 14, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication token with the copy of the initial authentication token to confirm that the copy of the authentication token and the initial authentication token are the same.
  - 16. The tangible, computer-readable medium of claim 11, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to an access control list.
  - 17. The tangible, computer-readable medium of claim 11, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to subscriber settings associated with the communication device.

18. A communication device including a processor configured to execute program instructions to initiate a Hypertext Transfer Protocol (HTTP) session with an online application, comprising:
- a memory for securely storing a received token;
  
  a processor for executing a sequence of stored instructions in order to;
  
  register the communication device with an Internet Protocol Multimedia Subsystem;
  
  receive a token from the Internet Protocol Multimedia Subsystem;
  
  store the received token in the memory;
  
  create a request to establish an HTTP session with an online application program; and
  
  embed the stored token in the request such that an HTTP session is authenticated with the application program without having to perform a log-in procedure with the application program.
- View Dependent Claims (19, 20)
- - 19. The communication device of claim 18, wherein the token is stored in an IP Multimedia Services Identity Module (ISIM).
  - 20. The communication device of claim 18, wherein the token has an expiration time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Engelhart, Robert L.

Granted Patent

US 9,992,183 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

USING AN IP MULTIMEDIA SUBSYSTEM FOR HTTP SESSION AUTHENTICATION

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USING AN IP MULTIMEDIA SUBSYSTEM FOR HTTP SESSION AUTHENTICATION

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links