Common session token system and protocol

US 6,041,357 A
Filed: 02/06/1997
Issued: 03/21/2000
Est. Priority Date: 02/06/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a client-server network having multiple independent servers, a method of session migration from a session between a client and a first server to a session between the client and a second server;

establishing a current session between the client and the first server after the first server has verified that th e client is an authorized client of the first server;

sending a migration request from the client to the first server;

in response to the migration request generating a session token;

sending a session token from the first server to the client, wherein the session token uniquely identifies the current session between the client and the first server;

sending the session token from the client to the second server as a request to the second server for migration;

verifying, at the second server and from the session token, the identity of the client and the first server;

requesting, from the first server, data about the session, wherein the request is sent from the second server;

responding from the first server to the request for data by sending the requested data to the second server; and

if the client is an authorized client with respect to the second server, continuing the session with the second server in place of the first server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved session control method and apparatus includes a client which establishes a session with a first server such that the first server can identify the client. When the client wishes to migrate from the first server to a second server, the client requests a session token from the first server. The session token is a data element generated by the first server which is unique over the client-server network being navigated and identifies the particular session with the first server. The session token is preferably a difficult to forge data element, such as a data element digitally signed using the private key of the first server. The session token is passed from the client to the second server to initiate migration to the second server. If session data is too bulky to be passed as part of the session token, the second server may use data from the session token to formulate a request to the first server for additional data needed to handle the state of the session. To minimize the transmission of data, the second server might maintain a version of the bulk session data and only request an update to the version of the data indicated in the session token.

510 Citations

13 Claims

1. In a client-server network having multiple independent servers, a method of session migration from a session between a client and a first server to a session between the client and a second server;
- establishing a current session between the client and the first server after the first server has verified that th e client is an authorized client of the first server;
  
  sending a migration request from the client to the first server;
  
  in response to the migration request generating a session token;
  
  sending a session token from the first server to the client, wherein the session token uniquely identifies the current session between the client and the first server;
  
  sending the session token from the client to the second server as a request to the second server for migration;
  
  verifying, at the second server and from the session token, the identity of the client and the first server;
  
  requesting, from the first server, data about the session, wherein the request is sent from the second server;
  
  responding from the first server to the request for data by sending the requested data to the second server; and
  
  if the client is an authorized client with respect to the second server, continuing the session with the second server in place of the first server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the client-server network is the Internet and the first and second servers are hypertext transfer protocol servers.
  - 3. The method of claim 1, wherein the step of generating a session token is a step of generating an encrypted session token.
  - 4. The method of claim 3, wherein the step of generating an encrypted session token comprises the steps of encrypting portions of the session token and including a digitally signed portion in the session token, the digitally signed portion being digitally signed by a private key of the first server.
  - 5. The method of claim 1, wherein the step of sending a session token from the first server to the client is a step of sending a session token containing a digitally signed portion, the digitally signed portion being digitally signed by a private key of the first server.
  - 6. The method of claim 1, further comprising the steps of:
    - requesting a password from the client;
      
      sending the password to the first server;
      
      if the password matches a predetermined criterion indicating an authorized client, continuing with the step of establishing a session;
      
      sending, as part of the session token, an indication from the first server, that the client is an authorized client; and
      
      using the indication from the first server as a substitute for a logon procedure used by the second server to verify the authorization of the client.
  - 7. The method of claim 1, further comprising a step of forming a uniform resource locator representing the session token.
  - 8. The method of claim 1, wherein the step of generating the session token is performed without a central token repository yet is guaranteed to be a unique session token.
  - 9. The method of claim 1, further comprising a step of transferring the requested data using a protocol other than a hypertext transfer protocol.
  - 10. The method of claim 1, further comprising a step of maintaining a version control number and requesting from the first server data which is an update to data received previously at the second server, the update being an update from a previous version of the data identified by a version number stored on the second server and a current version of the data identified by a version number stored on the first server.
  - 11. The method of claim 1, wherein the session migration is from one World Wide Web server to a second World Wide Web server, and the client is a World Wide Web browser.
  - 12. The method of claim 1, wherein each step of sending a session token comprises sending at least a part of the session token in a uniform resource locator.
  - 13. The method of claim 1, wherein each step of sending a session token comprises sending at least a part of the session token in a hypertext transport protocol cookie.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tumbleweed Holdings LLC (Equitable IP Corporation)
Original Assignee
Electric Classified Incorporated
Inventors
Kunzelman, Kevin, Hutto, Sterling
Primary Examiner(s)
Laufer, Pinchus M.

Application Number

US08/796,260
Time in Patent Office

1,139 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/200.48, 395/200.59, 395/200.33, 395/200.57, 380/49, 380/25
US Class Current

709/228
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/168   above the transport layer

H04L 67/1001   for accessing one among a p...

Common session token system and protocol

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

510 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Common session token system and protocol

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

510 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links