Method and apparatus for caching credentials in proxy servers for wireless user agents

US 6,606,663 B1
Filed: 09/29/1998
Issued: 08/12/2003
Est. Priority Date: 09/29/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of caching credential information with a proxy server, said method comprising:

proxying to a set of client devices on a wireless network using a proxy server, a set of services on a wireline network;

enabling caching of credentials at a location accessible by the proxy server using a wireless user agent;

creating a credential cache accessible by said proxy server;

intercepting a first request to access a resource at a specified network locator on the wireline network using said proxy server, the first request transmitted by a client device and destined for a resource in said wireline network, the first request including a credential;

storing said credential in a credential entry in said credential cache if said credential is not present in the cache; and

in response to receiving a subsequent request from the client device to access the resource on the wireline network;

accessing the credential stored in the credential cache; and

sending the accessed credential for authentication to the resource with the subsequent request, such that the client device is not required to send the credential over the wireless network for the subsequent request to be satisfied.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A credential caching proxy server that handles credential caching for a set of wireless client devices is disclosed. The credential caching proxy server handles most credential transactions for wireless client devices that wish to access resources within a protected realm where the protected realm requires credentials. In one embodiment, the credential caching proxy server intercepts and caches a wireless client'"'"'s credentials when a credential is first sent from the wireless user agent to a protected server. The cached credential will then be used for all requests to resources within the same protected realm. Thus, after first sending a first credential for accessing the resource in a particular realm, the wireless user agent does not need to attach the credential for all the subsequent requests for any other resources belong to the same realm. In an alternate embodiment, the proxy server sends a special request to the wireless client device requesting a credential for a particular resource. The special request may take the form of a simple preformatted display page such that a “dumb terminal” wireless client device can be used to communicate with protected Internet resources even though the “dumb” wireless client device has no concept of authentication and authorization.

398 Citations

42 Claims

1. A method of caching credential information with a proxy server, said method comprising:
- proxying to a set of client devices on a wireless network using a proxy server, a set of services on a wireline network;
  
  enabling caching of credentials at a location accessible by the proxy server using a wireless user agent;
  
  creating a credential cache accessible by said proxy server;
  
  intercepting a first request to access a resource at a specified network locator on the wireline network using said proxy server, the first request transmitted by a client device and destined for a resource in said wireline network, the first request including a credential;
  
  storing said credential in a credential entry in said credential cache if said credential is not present in the cache; and
  
  in response to receiving a subsequent request from the client device to access the resource on the wireline network;
  
  accessing the credential stored in the credential cache; and
  
  sending the accessed credential for authentication to the resource with the subsequent request, such that the client device is not required to send the credential over the wireless network for the subsequent request to be satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as claimed in claim 1 wherein storing said credential in said credential cache comprises creating a proto credential entry, said credential is passed to said resource, and said proto credential entry is validated if said resource approves of said credential.
  - 3. The method as claimed in claim 1 wherein each credential entry comprises a credential and a realm name.
  - 4. The method as claimed in claim 3 wherein each credential entry further comprises a host name, a port number, and a path for a desired resource.
  - 5. The method as claimed in claim 4 wherein said proxy server compares a desired host and desired path in future requests against said host name and said path in said cache entry.
  - 6. The method as claimed in claim 1 further comprising:
7. The method as claimed in claim 1 wherein said proxy server uses said stored credential for all subsequent accesses to said resource.
8. The method as claimed in claim 1 wherein said entries in said credential cache expire according to a set of defined expiration rules.
9. The method as claimed in claim 1 wherein said credential was sent by said client device after being denied access to said resource.
10. The method as claimed in claim 1 wherein said credential specifies a protected realm wherein the credential applies.
11. The method as claimed in claim 10 wherein said proxy server uses said stored credential for all subsequent accesses to resources within said protected realm.
12. The method of claim 1 wherein the wireless user agent is a web browser.

13. A method comprising:
- enabling caching of credentials at a location accessible by an intermediary network node using a wireless user agent;
  
  intercepting a first request destined for a resource at a specified network locator on a wireline network transmitted by a client device over a wireless network, the first request including an associated credential;
  
  intercepting a subsequent request without the associated credential at the intermediary network node, the request transmitted by the client device over the wireless network and destined for a resource at a specified network locator on the wireline network; and
  
  , in response to the request;
  
  using the intermediary network node to locate a cached credential associated with the client device; and
  
  sending the request with the cached credential from the intermediary network node to the resource over the wireline network, the resource authenticating the client device using the credential.
- View Dependent Claims (14, 15, 16, 17)
- - 14. A method as recited in claim 13, wherein the intermediary network node comprises a proxy server to proxy requests from the client device to resources on the wireless network.
  - 15. A method as recited in claim 13, wherein the credential comprises a username and password.
  - 16. A method as recited in claim 13, wherein the credential is not cached if the user specifies that the credential is not to be cached.
  - 17. The method of claim 13 wherein the wireless user agent is a web browser.

18. An intermediary network node comprising:
- means for enabling caching of credentials at a location accessible by an intermediary network node using a wireless user agent;
  
  means for intercepting a first request including an associated credential from a mobile device over a wireless network, the first request destined for a resource at a specified network locator within a protected realm on a wireline network;
  
  means for intercepting a subsequent request without an associated credential at the intermediary network node from the mobile device over the wireless network, the request destined for a resource within the protected realm on the wireline network;
  
  means for using the intermediary network node to locate in a credential cache a credential associated with the mobile client device in response to the subsequent request; and
  
  means for sending the subsequent request with the credential from the intermediary network node to the resource at the specified network locator over the wireless network, the resource authenticating the client device using the credential.
- View Dependent Claims (19, 20, 21, 22, 24)
- - 19. An intermediary network node as recited in claim 18, wherein the intermediary network node operates as a proxy server for proxying requests from the mobile client device to resources on the wireline data network.
  - 20. An intermediary network node as recited in claim 18, wherein the credential comprises a username and password.
  - 21. An intermediary network node as recited in claim 18, wherein the credential is not cached if the user specifies that the credential is not to be cached.
  - 22. The network node of claim 18 wherein the wireless user agent is a web browser.
  - 24. A method as recited in claim 22, wherein the intermediary network node comprises a proxy server to proxy requests from the client device to resource on the wireless network.

23. A method comprising:
- receiving, at an intermediary network node enabled by a wireless user agent to store credentials, a credential from a client device over a wireless network, wherein the credential is associated with a first request by the client device destined for a first resource at a specified first network locator within a protected realm on a wireline network;
  
  caching the credential in a credential cache using the intermediary network node if the credential is not present in the cache;
  
  receiving, at the intermediary network node, a second request from the client device without an associated credential, the second request destined for a second resource at a specified second network locator within the protected realm on the wireline network;
  
  using the intermediary network node to locate the cached credential in the credential cache in response to the second request; and
  
  sending the cached credential with the second request from the intermediary network node to the resource over the wireline network, the resource authenticating the client device using the credential.
- View Dependent Claims (25, 26, 27, 28)
- - 25. A method as recited in claim 23, wherein the credential comprises a username and password.
  - 26. A method as recited in claim 23, wherein the credential is not cached if the user specifies that the credential is not to be cached.
  - 27. A method as recited in claim 23, wherein the credentials in the credential cache expire according to a set of defined expiration rules.
  - 28. The method of claim 23 wherein the wireless user agent is a web browser.

29. A method comprising:
- creating a credential cache accessible by a proxy server enabled by a wireless user agent to cache credentials, the proxy server proxying to a set of client devices on a wireless network a set of services on a wireline network;
  
  intercepting a first request to access a resource at a specified network locator on the wireline network using said proxy server, the first request transmitted by a client device and destined for a resource in said wireline network, the first request including a credential;
  
  storing said credential in a credential entry in said credential cache if said credentials is not present in the cache; and
  
  in response to receiving a subsequent request from the client device to access the resource on the wireline network;
  
  accessing the credential stored in the credential cache; and
  
  sending the accessed credential for authentication to the resource with the subsequent request, such that the client device is not required to send the credential over the wireless network for the subsequent request to be satisfied.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 30. The method as claimed in claim 29 wherein storing said credential in said credential cache comprises creating a proto credential entry, said credential is passed to said resource, and said proto credential entry is validated if said resource approves of said credential.
  - 31. The method as claimed in claim 29 wherein each credential entry comprises a credential and a realm name.
  - 32. The method as claimed in claim 31 wherein each credential entry further comprises a host name, a port number, and a path for a desired resource.
  - 33. The method as claimed in claim 32 wherein said proxy server compares a desired host and desired path in further requests against said host name and said path in said cache entry.
  - 34. The method as claimed in claim 29 further comprising:
35. The method as claimed in claim 29 wherein said proxy server uses said stored credential for all subsequent accesses to said resource.
36. The method as claimed in claim 29 wherein said entries in said credential cache expire according to a set of defined expiration rules.
37. The method as claimed in claim 29 wherein said credential was sent by said client device after being denied access to said resource.
38. The method as claimed in claim 29 wherein said credential specifies a protected realm wherein the credential applies.
39. The method as claimed in claim 38 wherein said proxy server uses said stored credential for all subsequent accesses to resources within said protected realm.
40. The method of claim 29 wherein the wireless user agent is a web browser.

41. A method comprising:
- receiving, at a proxy server enabled by a wireless user agent to store credentials, a credential, comprising a user name and a password, from a mobile client device over a wireless network, wherein the credential is associated with a first request by the mobile client destined for a first resource at a specified first network locator within a protected realm on a wireline data network;
  
  caching the credential in a credential cache if the credential is not present in the cache, wherein the credentials in the credential cache expire according to a set of defined expiration rules, using the proxy server unless the user specifies that the credential is not to be cached;
  
  receiving, at the proxy server, a second request without an associated credential from the mobile client over the wireless network, the second request destined for a second resource at a specified second network locator within the protected realm on the wireline data network;
  
  accessing the cached credential in the credential cache in response to the second request, using the proxy server; and
  
  proxying the second request to the resource over the wireline data network, including sending the cached credential to the resource with the second request for authentication of the mobile client at the resource, such that the mobile client is not required to send the credential over the wireless network for the second resource to satisfy the second request.
- View Dependent Claims (42)
- - 42. The method of claim 41 wherein the wireless user agent is a web browse.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unwired Planet LLC (JP Morgan Chase & Co)
Original Assignee
Openwave Systems Incorporated (JP Morgan Chase & Co)
Inventors
Liao, Hanqing, King, Peter F., Greer, Russell S.
Primary Examiner(s)
Jaroenchonwanit, Bunjob

Application Number

US09/163,050
Time in Patent Office

1,778 Days
Field of Search

709/229, 709/217, 709/213, 707/201, 707/202, 705/25, 713/156, 713/201
US Class Current

709/229
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

H04L 12/66   Arrangements for connecting...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

Method and apparatus for caching credentials in proxy servers for wireless user agents

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

398 Citations

42 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for caching credentials in proxy servers for wireless user agents

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

398 Citations

42 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others