Authenticating access to a network server without communicating login information through the network server

US 6,584,505 B1
Filed: 07/08/1999
Issued: 06/24/2003
Est. Priority Date: 07/08/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of granting access to a network server, the method comprising:

receiving, at an authentication server, a request to authenticate a user, wherein the request is generated by the network server to which the user is attempting to gain access;

determining whether the user was already authenticated by the authentication server;

if the user was already authenticated by the authentication server, notifying the network server that the user is authenticated; and

if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, notifying the network server that the user is authenticated if the retrieved login information matches the authentication information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system determines whether to grants access to a network server by a user. Initially, a user attempts to gain access to a network server, such as a web server. Prior to granting access to the network server, the network server authenticates the user by sending an authentication request to an authentication server. The authentication server determines whether the user was already authenticated by the authentication server. If the user was already authenticated by the authentication server, then the network server is notified that the user is authenticated. The network server then grants the user access to the network server. If the user was not already authenticated by the authentication server, then login information is retrieved from the user and compared to authentication information maintained by the authentication server. If the retrieved login information matches the authentication information, then the network server is notified that the user is authenticated. The retrieved login information and the authentication information is concealed from the network server. If the user is authenticated, then a user profile is communicated to the network server along with the notification that the user is authenticated. If the user is successfully authenticated, then a cookie is provided to an Internet browser operated by the user. The cookie contains information regarding user authentication, the user'"'"'s profile, and a list of network servers previously visited by the user.

Citations

54 Claims

1. A method of granting access to a network server, the method comprising:
- receiving, at an authentication server, a request to authenticate a user, wherein the request is generated by the network server to which the user is attempting to gain access;
  
  determining whether the user was already authenticated by the authentication server;
  
  if the user was already authenticated by the authentication server, notifying the network server that the user is authenticated; and
  
  if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, notifying the network server that the user is authenticated if the retrieved login information matches the authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as recited in claim 1 wherein the network server is a web server coupled to the Internet.
  - 3. A method as recited in claim 1 wherein the method is performed by the authentication server, which is coupled to the Internet.
  - 4. A method as recited in claim 1 wherein the retrieved login information includes a login ID and a password associated with the login ID.
  - 5. A method as recited in claim 1 wherein the notifying includes:
6. A method as recited in claim 1 further comprising concealing the retrieved login information from the network server.
7. A method as recited in claim 1 further comprising concealing the authentication information maintained by the authentication server from the network server.
8. A method as recited in claim 1 wherein the notifying further includes communicating a user profile to the network server by way of data passed through the user device.
9. A method as recited in claim 1 wherein the notifying further includes:
- identifying elements of a user profile to be provided to the network server; and
  
  communicating the identified elements of the user profile to the network server by way of data passed through the user device.
10. A method as recited in claim 1 wherein the notifying further includes:
- identifying particular elements of a user profile to be provided to the network server, wherein the identified elements are selected by the user and maintained by the authentication server; and
  
  communicating the identified elements of the user profile to the network server.
11. A method as recited in claim 1 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user profile information.
12. A method as recited in claim 1 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user authentication information.
13. A method as recited in claim 1 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains a list of network servers previously visited by the user.
14. A method as recited in claim 1 wherein the user previously registered with the authentication server.
15. A method as recited in claim 1 wherein the network server previously registered with the authentication server.
16. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 1.

17. A method of accessing a web server, the method comprising:
- receiving a request to authenticate a user, wherein the request is generated by the web server to which the user is attempting to gain access;
  
  determining whether the user was already authenticated by an authentication server;
  
  if the user was already authenticated by the authentication server, notifying the web server that the user is authenticated and communicating a user profile to the web server; and
  
  if the user was not already authenticated by the authentication server, then retrieving login information directly from the user, wherein the login information is not communicated through the web server;
  
  authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server; and
  
  if the retrieved login information matches the authentication information, notifying the web server that the user is authenticated and communicating the user profile to the web server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. A method as recited in claim 17 wherein the notifying includes:
19. A method as recited in claim 17 further including concealing the retrieved login information from the web server.
20. A method as recited in claim 17 further including concealing the authentication information maintained by the authentication server from the web server.
21. A method as recited in claim 17 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user authentication information.
22. A method as recited in claim 17 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user profile information.
23. A method as recited in claim 17 wherein the user determines which elements of the user profile are communicated to the web server.
24. A method as recited in claim 17 wherein the user previously registered with the authentication server.
25. A method as recited in claim 17 wherein the web server previously registered with the authentication server.
26. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 17.

27. A method of distributing information, the method comprising:
- receiving a request for information relating to a user, wherein the request is generated by a network server to which the user is attempting to gain access, and wherein the request is received by an authentication server;
  
  determining whether the user was already authenticated by the authentication server;
  
  if the user was already authenticated by the authentication server, providing user profile information to the network server; and
  
  if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, providing user profile information to the network server if the retrieved login information matches the authentication information.
- View Dependent Claims (28, 29, 30)
- - 28. A method as recited in claim 27 wherein the providing of user profile information to the network server includes:
29. A method as recited in claim 27 wherein the providing of user profile information to the network server includes:
- identifying particular elements of a user profile to be provided to the network server, wherein the identified elements are selected by the user and maintained by the authentication server; and
  
  communicating the identified elements of the user profile to the network server.
30. A method as recited in claim 27 wherein the providing of user profile information to the network server further includes notifying the network server that the user is authenticated.

31. One or more computer-readable media having stored thereon a computer program comprising the following steps:
- receiving a request to authenticate a user seeking access to a network server;
  
  determining whether the user was already authenticated by an authentication server;
  
  if the user was already authenticated by the authentication server, notifying the network server that the user is authenticated; and
  
  if the user was not already authenticated by the authentication server, then retrieving login information from the user, wherein the login information is not communicated through the network server, authenticating the user by comparing the retrieved login information with authentication information maintained by the authentication server, notifying the network server that the user is authenticated if the retrieved login information matches the authentication information, and notifying the network server that the user is not authenticated if the retrieved login information does not match the authentication information.
- View Dependent Claims (32, 33, 34, 35)
- - 32. One or more computer-readable media as recited in claim 31 further including concealing the retrieved login information from the network server.
  - 33. One or more computer-readable media as recited in claim 31 wherein the notifying further includes communicating a user profile to the network server by way of data passed through the user device.
  - 34. One or more computer-readable media as recited in claim 31 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user profile information.
  - 35. One or more computer-readable media as recited in claim 31 further including providing a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information, wherein the cookie contains user authentication information.

36. An apparatus comprising:
- an authentication server coupled to a data communication network;
  
  an authentication database coupled to the authentication server;
  
  wherein the authentication server is configured to receive a request to authenticate a user requesting access to a network server coupled to the data communication network and to determine whether the user was already authenticated by the authentication server so that if the user was already authenticated by the authentication server, then the authentication server sends a notification to the network server that the user is authenticated, and if the user was not already authenticated by the authentication server, then the authentication server retrieves login information from the user, authenticates the user by comparing the retrieved login information with authentication information stored in the authentication database, and sends a notification to the network server that the user is authenticated if the retrieved login information matches the authentication information stored in the authentication database, wherein the login information is not communicated through the network server.
- View Dependent Claims (37, 38, 39, 40)
- - 37. An apparatus as recited in claim 36 wherein the network server is a web server and the data communication network is the Internet.
  - 38. An apparatus as recited in claim 36 wherein the network server is registered with the authentication server.
  - 39. An apparatus as recited in claim 36 wherein the user is registered with the authentication server.
  - 40. An apparatus as recited in claim 36 wherein the user operates an Internet browser configured to communicate on the data communication network.

41. A method of accessing multiple network servers, the method comprising:
- accessing a first network server, wherein the first network server authenticates a user requesting access by communicating an authentication request to an authentication server;
  
  receiving a request for login information from the authentication server;
  
  providing the requested login information to the authentication server, wherein the login information is not communicated through the first network server;
  
  receiving an acknowledgement granting access to the first network server;
  
  accessing a second network server, wherein the second network server authenticates the user requesting access by communicating an authentication request to the authentication server; and
  
  receiving an acknowledgement granting access to the second network server.
- View Dependent Claims (42, 43, 44, 45, 46)
- - 42. A method as recited in claim 41 wherein the first network server and the second network server are web servers.
  - 43. A method as recited in claim 41 wherein the first network server and the second network server previously registered with the authentication server.
  - 44. A method as recited in claim 41 wherein the user previously registered with the authentication server.
  - 45. A method as recited in claim 41 wherein the requested login information includes a login ID and a password associated with the login ID.
  - 46. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 41.

47. A method of accessing a web server coupled to the Internet, the method comprising:
- receiving a request to authenticate a user of an Internet browser seeking access to the web server, wherein the request is received from the web server;
  
  determining whether the user was already authenticated by an authentication server;
  
  if the user was already authenticated by the authentication server, notifying the web server that the user is authenticated, wherein the web server grants access to the user;
  
  if the user was not already authenticated by the authentication server, then communicating a web page directly to the user'"'"'s Internet browser without communicating through the web server, wherein the web page requests login information from the user;
  
  receiving the completed web page directly from the user without communicating through the web server;
  
  authenticating the user by comparing the information received in the completed web page with authentication information maintained by the authentication server; and
  
  if the information received in the completed web page matches the authentication information, notifying the web server that the user is authenticated.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54)
- - 48. A method as recited in claim 47 wherein the notifying includes:
49. A method as recited in claim 47 further including concealing the information received in the completed web page from the web server.
50. A method as recited in claim 47 further including concealing the authentication information maintained by the authentication server from the web server.
51. A method as recited in claim 47 further including providing a cookie to the user'"'"'s Internet browser if the information received in the completed web page matches the authentication information, wherein the cookie contains user authentication information.
52. A method as recited in claim 47 further including providing a cookie to the user'"'"'s Internet browser if the information received in the completed web page matches the authentication information, wherein the cookie contains user profile information.
53. A method as recited in claim 47 further including providing a user profile to the web server if the information received in the completed web page matches the authentication information.
54. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 47.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kunins, Jeffrey C., Howard, John Hal, Metral, Max E., Battle, Ryan W., Anderson, Darren L.
Primary Examiner(s)
Luu, Le Hien

Application Number

US09/349,619
Time in Patent Office

1,447 Days
Field of Search

370/338, 380/244, 709/201, 709/225, 709/227, 709/229
US Class Current

709/225
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/168   above the transport layer

Authenticating access to a network server without communicating login information through the network server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating access to a network server without communicating login information through the network server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links