AUTHENTICATION SYSTEM AND METHOD FOR EMBEDDED APPLETS

US 20140325627A1
Filed: 04/30/2013
Published: 10/30/2014
Est. Priority Date: 04/30/2013
Status: Active Grant

First Claim

Patent Images

1. A web-accessible security system, comprising:

a server system connected to a security network that receives information from security devices on the security network; and

one or more user devices that access the information from the security devices via the server system using embedded applets that receive authentication tokens that were provided by the server system and include the authentication tokens in messages to the server system.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating user requests issued from embedded applets running on web-accessible user devices. The server system generates authentication tokens associated with user credentials, in response to user requests for HTML pages that include the embedded applets. The server system stores the authentication tokens on the server system, and includes the authentication tokens in URLs within applet tags in the HTML pages returned to the user devices. When the applets download and request content from the server system, the applets supply the previously included authentication tokens in the URLs that identify the requested content. Upon finding a match between the applet-supplied authentication tokens and the stored authentication tokens, the server identifies the user as a trusted user, and responds with the requested content. This can be used to eliminate HTTP- based authentication challenges for subsequent user access.

Citations

35 Claims

1. A web-accessible security system, comprising:
- a server system connected to a security network that receives information from security devices on the security network; and
  
  one or more user devices that access the information from the security devices via the server system using embedded applets that receive authentication tokens that were provided by the server system and include the authentication tokens in messages to the server system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the user devices access the server system over a network cloud.
  - 3. The system of claim 1, wherein the server system further comprises:
    - an authentication system for validating users that includes an authentication database, wherein the authentication system receives user credentials for each user, generates the authentication tokens associated with the user credentials, and stores the authentication tokens in the authentication database;
      
      applets for accessing the information from the security devices, and HTML pages that embed one or more of the applets; and
      
      a content management system that generates dynamic content for the HTML pages.
  - 4. The system of claim 1, wherein the user devices include web browsers which request HTML pages on the server system that embed one or more of the applets, the applets accessing the information from the security devices.
  - 5. The system of claim 4, wherein, in response to the user devices loading the embedded applets, the embedded applets receive the authentication tokens from the server system, and save the authentication tokens as applet tokens.
  - 6. The system of claim 1, wherein, in response to requests by the user devices for HTML pages on the server system that include the embedded applets for accessing the information from the security devices:
    - the server system generates the authentication tokens associated with user credentials for each user, and stores the authentication tokens in the authentication database;
      
      the content management system includes the authentication tokens within the HTML pages; and
      
      the server system provides the HTML pages to the user devices.
  - 7. The system of claim 1, wherein the authentication system generates new authentication tokens, associated with user credentials on the user devices, each time the user devices request HTML pages that include the embedded applets.
  - 8. The system of claim 1, further comprising a communications channel for communicating the authentication tokens in the messages between the server system and the embedded applets, wherein the communications channel comprises:
    - a server-side portion that includes the authentication tokens in the messages that the server system sends to the embedded applets; and
      
      an applet-side portion that includes applet tokens in the messages that the embedded applets send to the server system.
  - 9. The system of claim 8, wherein the messages from the server-side portion of the communications channel include an applet tag within the HTML pages requested by the user devices, the applet tag including a first Uniform Resource Locator (“
    - URL”
      
      ) that includes the authentication tokens.
  - 10. The system of claim 8, wherein the messages from the applet-side portion of the communications channel utilize a second URL that includes the applet tokens, the second URL identifying the location of content on the server system requested by the embedded applets.
  - 11. The system of claim 10, wherein the second URL comprises a URL query string that includes the applet tokens.
  - 12. The system of claim 10, wherein the second URL comprises a path that includes the applet tokens.
  - 13. The system of claim 8, wherein the server system stores the authentication tokens in the authentication database.
  - 14. The system of claim 13, wherein the authentication system accepts the applet tokens within the messages from the applet-side portion of the communications channel, and compares the applet tokens to the stored authentication tokens to validate the user.
  - 15. The system of claim 14, wherein the authentication system removes the stored authentication tokens for each user after performing the user validation to prevent reuse of the stored authentication tokens.
  - 16. The system of claim 13, wherein the authentication system removes the stored authentication tokens for each user after a timeout period.
  - 17. The system of claim 13, wherein the authentication system ignores the stored authentication tokens for each user after a timeout period.

18. A web-accessible system, comprising:
- a server system for serving information; and
  
  one or more user devices that access the information from the server system using embedded applets that receive authentication tokens in messages from the server system and include the authentication tokens in messages to the server system.

19. A method for accessing information from security devices in a web-accessible security system including a security network, a server system, and user devices running embedded applets, the method comprising:
- the server system connecting to the security network and receiving information from security devices on the security network;
  
  the user devices accessing the information from the security devices via the server system using the embedded applets; and
  
  the embedded applets receiving authentication tokens that were provided by the server system and then including the authentication tokens in messages to the server system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 20. The method of claim 19, further comprising accessing the server system over a network cloud.
  - 21. The method of claim 19, further including an authentication system for validating users, an authentication database, applets, HTML pages, and a content management system, the method comprising:
    - the authentication system receiving user credentials for each user, generating the authentication tokens associated with the user credentials, and storing the authentication tokens in the authentication database;
      
      the applets accessing the information from the security devices;
      
      the HTML pages embedding one or more of the applets; and
      
      the content management system generating dynamic content for the HTML pages.
  - 22. The method of claim 19, further including web browsers which request HTML pages on the server system that embed one or more of the applets, the method comprising the applets accessing the information from the security devices.
  - 23. The method of claim 22, wherein, in response to the user devices loading the embedded applets, the embedded applets receiving the authentication tokens from the server system, and saving the authentication tokens as applet tokens.
  - 24. The method of claim 19, wherein, in response to the user devices requesting HTML pages on the server system that include the embedded applets for accessing the information from the security devices:
    - the server system generating the authentication tokens associated with user credentials for each user, and storing the authentication tokens in the authentication database;
      
      the content management system including the authentication tokens within the HTML pages; and
      
      the server system providing the HTML pages to the user devices.
  - 25. The method of claim 19, further comprising the authentication system generating new authentication tokens, associated with user credentials on the user devices, each time the user devices request HTML pages that include the embedded applets.
  - 26. The method of claim 19, further including a communications channel for communicating the authentication tokens in the messages between the server system and the embedded applets, the communications channel including a server-side portion and an applet side portion, the method comprising:
    - the server-side portion including the authentication tokens in the messages that the server system sends to the embedded applets; and
      
      the applet-side portion including applet tokens in the messages that the embedded applets send to the server system.
  - 27. The method of claim 26, further including an applet tag within the HTML pages requested by the user devices, the applet tag including a first Uniform Resource Locator (“
    - URL”
      
      ), the method comprising the first Uniform Resource Locator (“
      
      URL”
      
      ) including the authentication tokens.
  - 28. The method of claim 26, further utilizing a second URL that includes the applet tokens, the method comprising the second URL identifying the location of content on the server system requested by the embedded applets.
  - 29. The method of claim 26, further including a URL query string within the second URL, the method comprising including the applet tokens in the URL query string.
  - 30. The method of claim 26, further including a path within the second URL, the method comprising including the applet tokens in the path.
  - 31. The method of claim 26, further comprising storing the authentication tokens in the authentication database.
  - 32. The method of claim 31, further comprising the authentication system accepting the applet tokens within the messages from the applet-side portion of the communications channel, and comparing the applet tokens to the stored authentication tokens to validate the user.
  - 33. The method of claim 32, further comprising the authentication system removing the stored authentication tokens for each user after performing the user validation to prevent reuse of the stored authentication tokens.
  - 34. The method of claim 32, further comprising the authentication system removing the stored authentication tokens for each user after a timeout period.
  - 35. The method of claim 31, further comprising the authentication system ignoring the stored authentication tokens for each user after a timeout period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tyco Fire & Security GmbH (Johnson Controls International plc)
Original Assignee
Sensormatic Electronics LLC (Johnson Controls International plc)
Inventors
Fee, Paul

Granted Patent

US 9,608,983 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

AUTHENTICATION SYSTEM AND METHOD FOR EMBEDDED APPLETS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SYSTEM AND METHOD FOR EMBEDDED APPLETS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links