Authenticating access to a network server without communicating login information through the network server
First Claim
1. A method of granting access to a network server, the method comprising:
- receiving, at an authentication server, a request to authenticate a user, wherein the request is generated by the network server to which the user is attempting to gain access;
determining whether the user was already authenticated by the authentication server;
if the user was already authenticated by the authentication server, notifying the network server that the user is authenticated; and
if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, notifying the network server that the user is authenticated if the retrieved login information matches the authentication information.
2 Assignments
0 Petitions
Accused Products
Abstract
A system determines whether to grants access to a network server by a user. Initially, a user attempts to gain access to a network server, such as a web server. Prior to granting access to the network server, the network server authenticates the user by sending an authentication request to an authentication server. The authentication server determines whether the user was already authenticated by the authentication server. If the user was already authenticated by the authentication server, then the network server is notified that the user is authenticated. The network server then grants the user access to the network server. If the user was not already authenticated by the authentication server, then login information is retrieved from the user and compared to authentication information maintained by the authentication server. If the retrieved login information matches the authentication information, then the network server is notified that the user is authenticated. The retrieved login information and the authentication information is concealed from the network server. If the user is authenticated, then a user profile is communicated to the network server along with the notification that the user is authenticated. If the user is successfully authenticated, then a cookie is provided to an Internet browser operated by the user. The cookie contains information regarding user authentication, the user'"'"'s profile, and a list of network servers previously visited by the user.
-
Citations
54 Claims
-
1. A method of granting access to a network server, the method comprising:
-
receiving, at an authentication server, a request to authenticate a user, wherein the request is generated by the network server to which the user is attempting to gain access;
determining whether the user was already authenticated by the authentication server;
if the user was already authenticated by the authentication server, notifying the network server that the user is authenticated; and
if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, notifying the network server that the user is authenticated if the retrieved login information matches the authentication information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
determining an elapsed time since the last authentication of the user; and
refreshing the authentication of the user if the elapsed time since the last authentication of the user exceeds a timeout period identified by the network server.
-
-
6. A method as recited in claim 1 further comprising concealing the retrieved login information from the network server.
-
7. A method as recited in claim 1 further comprising concealing the authentication information maintained by the authentication server from the network server.
-
8. A method as recited in claim 1 wherein the notifying further includes communicating a user profile to the network server by way of data passed through the user device.
-
9. A method as recited in claim 1 wherein the notifying further includes:
-
identifying elements of a user profile to be provided to the network server; and
communicating the identified elements of the user profile to the network server by way of data passed through the user device.
-
-
10. A method as recited in claim 1 wherein the notifying further includes:
-
identifying particular elements of a user profile to be provided to the network server, wherein the identified elements are selected by the user and maintained by the authentication server; and
communicating the identified elements of the user profile to the network server.
-
-
11. A method as recited in claim 1 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user profile information.
-
12. A method as recited in claim 1 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user authentication information.
-
13. A method as recited in claim 1 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains a list of network servers previously visited by the user.
-
14. A method as recited in claim 1 wherein the user previously registered with the authentication server.
-
15. A method as recited in claim 1 wherein the network server previously registered with the authentication server.
-
16. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 1.
-
17. A method of accessing a web server, the method comprising:
-
receiving a request to authenticate a user, wherein the request is generated by the web server to which the user is attempting to gain access;
determining whether the user was already authenticated by an authentication server;
if the user was already authenticated by the authentication server, notifying the web server that the user is authenticated and communicating a user profile to the web server; and
if the user was not already authenticated by the authentication server, then retrieving login information directly from the user, wherein the login information is not communicated through the web server;
authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server; and
if the retrieved login information matches the authentication information, notifying the web server that the user is authenticated and communicating the user profile to the web server. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
determining an elapsed time since the last authentication of the user; and
refreshing the authentication of the user if the elapsed time since the last authentication of the user exceeds a timeout period identified by the web server.
-
-
19. A method as recited in claim 17 further including concealing the retrieved login information from the web server.
-
20. A method as recited in claim 17 further including concealing the authentication information maintained by the authentication server from the web server.
-
21. A method as recited in claim 17 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user authentication information.
-
22. A method as recited in claim 17 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user profile information.
-
23. A method as recited in claim 17 wherein the user determines which elements of the user profile are communicated to the web server.
-
24. A method as recited in claim 17 wherein the user previously registered with the authentication server.
-
25. A method as recited in claim 17 wherein the web server previously registered with the authentication server.
-
26. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 17.
-
27. A method of distributing information, the method comprising:
-
receiving a request for information relating to a user, wherein the request is generated by a network server to which the user is attempting to gain access, and wherein the request is received by an authentication server;
determining whether the user was already authenticated by the authentication server;
if the user was already authenticated by the authentication server, providing user profile information to the network server; and
if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, providing user profile information to the network server if the retrieved login information matches the authentication information. - View Dependent Claims (28, 29, 30)
identifying elements of a user profile to be provided to the network server; and
communicating the identified elements of the user profile to the network server.
-
-
29. A method as recited in claim 27 wherein the providing of user profile information to the network server includes:
-
identifying particular elements of a user profile to be provided to the network server, wherein the identified elements are selected by the user and maintained by the authentication server; and
communicating the identified elements of the user profile to the network server.
-
-
30. A method as recited in claim 27 wherein the providing of user profile information to the network server further includes notifying the network server that the user is authenticated.
-
31. One or more computer-readable media having stored thereon a computer program comprising the following steps:
-
receiving a request to authenticate a user seeking access to a network server;
determining whether the user was already authenticated by an authentication server;
if the user was already authenticated by the authentication server, notifying the network server that the user is authenticated; and
if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, notifying the network server that the user is authenticated if the retrieved login information matches the authentication information, and notifying the network server that the user is not authenticated if the retrieved login information does not match the authentication information. - View Dependent Claims (32, 33, 34, 35)
-
-
36. An apparatus comprising:
-
an authentication server coupled to a data communication network;
an authentication database coupled to the authentication server;
wherein the authentication server is configured to receive a request to authenticate a user requesting access to a network server coupled to the data communication network and to determine whether the user was already authenticated by the authentication server so that if the user was already authenticated by the authentication server, then the authentication server sends a notification to the network server that the user is authenticated, and if the user was not already authenticated by the authentication server, then the authentication server retrieves login information from the user, authenticates the user by comparing the retrieved login information with authentication information stored in the authentication database, and sends a notification to the network server that the user is authenticated if the retrieved login information matches the authentication information stored in the authentication database, wherein the login information is not communicated through the network server. - View Dependent Claims (37, 38, 39, 40)
-
-
41. A method of accessing multiple network servers, the method comprising:
-
accessing a first network server, wherein the first network server authenticates a user requesting access by communicating an authentication request to an authentication server;
receiving a request for login information from the authentication server;
providing the requested login information to the authentication server, wherein the login information is not communicated through the first network server;
receiving an acknowledgement granting access to the first network server;
accessing a second network server, wherein the second network server authenticates the user requesting access by communicating an authentication request to the authentication server; and
receiving an acknowledgement granting access to the second network server. - View Dependent Claims (42, 43, 44, 45, 46)
-
-
47. A method of accessing a web server coupled to the Internet, the method comprising:
-
receiving a request to authenticate a user of an Internet browser seeking access to the web server, wherein the request is received from the web server;
determining whether the user was already authenticated by an authentication server;
if the user was already authenticated by the authentication server, notifying the web server that the user is authenticated, wherein the web server grants access to the user;
if the user was not already authenticated by the authentication server, then communicating a web page directly to the user'"'"'s Internet browser without communicating through the web server, wherein the web page requests login information from the user;
receiving the completed web page directly from the user without communicating through the web server;
authenticating the user by comparing the information received in the completed web page with authentication information maintained by the authentication server; and
if the information received in the completed web page matches the authentication information, notifying the web server that the user is authenticated. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54)
determining an elapsed time since the last authentication of the user; and
refreshing the authentication of the user if the elapsed time since the last authentication of the user exceeds a timeout period identified by the web server.
-
-
49. A method as recited in claim 47 further including concealing the information received in the completed web page from the web server.
-
50. A method as recited in claim 47 further including concealing the authentication information maintained by the authentication server from the web server.
-
51. A method as recited in claim 47 further including providing a cookie to the user'"'"'s Internet browser if the information received in the completed web page matches the authentication information, wherein the cookie contains user authentication information.
-
52. A method as recited in claim 47 further including providing a cookie to the user'"'"'s Internet browser if the information received in the completed web page matches the authentication information, wherein the cookie contains user profile information.
-
53. A method as recited in claim 47 further including providing a user profile to the web server if the information received in the completed web page matches the authentication information.
-
54. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 47.
Specification