Method and apparatus for caching credentials in proxy servers for wireless user agents
First Claim
1. A method of caching credential information with a proxy server, said method comprising:
- proxying to a set of client devices on a wireless network using a proxy server, a set of services on a wireline network;
enabling caching of credentials at a location accessible by the proxy server using a wireless user agent;
creating a credential cache accessible by said proxy server;
intercepting a first request to access a resource at a specified network locator on the wireline network using said proxy server, the first request transmitted by a client device and destined for a resource in said wireline network, the first request including a credential;
storing said credential in a credential entry in said credential cache if said credential is not present in the cache; and
in response to receiving a subsequent request from the client device to access the resource on the wireline network;
accessing the credential stored in the credential cache; and
sending the accessed credential for authentication to the resource with the subsequent request, such that the client device is not required to send the credential over the wireless network for the subsequent request to be satisfied.
6 Assignments
0 Petitions
Accused Products
Abstract
A credential caching proxy server that handles credential caching for a set of wireless client devices is disclosed. The credential caching proxy server handles most credential transactions for wireless client devices that wish to access resources within a protected realm where the protected realm requires credentials. In one embodiment, the credential caching proxy server intercepts and caches a wireless client'"'"'s credentials when a credential is first sent from the wireless user agent to a protected server. The cached credential will then be used for all requests to resources within the same protected realm. Thus, after first sending a first credential for accessing the resource in a particular realm, the wireless user agent does not need to attach the credential for all the subsequent requests for any other resources belong to the same realm. In an alternate embodiment, the proxy server sends a special request to the wireless client device requesting a credential for a particular resource. The special request may take the form of a simple preformatted display page such that a “dumb terminal” wireless client device can be used to communicate with protected Internet resources even though the “dumb” wireless client device has no concept of authentication and authorization.
398 Citations
42 Claims
-
1. A method of caching credential information with a proxy server, said method comprising:
-
proxying to a set of client devices on a wireless network using a proxy server, a set of services on a wireline network;
enabling caching of credentials at a location accessible by the proxy server using a wireless user agent;
creating a credential cache accessible by said proxy server;
intercepting a first request to access a resource at a specified network locator on the wireline network using said proxy server, the first request transmitted by a client device and destined for a resource in said wireline network, the first request including a credential;
storing said credential in a credential entry in said credential cache if said credential is not present in the cache; and
in response to receiving a subsequent request from the client device to access the resource on the wireline network;
accessing the credential stored in the credential cache; and
sending the accessed credential for authentication to the resource with the subsequent request, such that the client device is not required to send the credential over the wireless network for the subsequent request to be satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
informing said client device that said proxy server will perform credential caching such that said client device only sends each credential only once.
-
-
7. The method as claimed in claim 1 wherein said proxy server uses said stored credential for all subsequent accesses to said resource.
-
8. The method as claimed in claim 1 wherein said entries in said credential cache expire according to a set of defined expiration rules.
-
9. The method as claimed in claim 1 wherein said credential was sent by said client device after being denied access to said resource.
-
10. The method as claimed in claim 1 wherein said credential specifies a protected realm wherein the credential applies.
-
11. The method as claimed in claim 10 wherein said proxy server uses said stored credential for all subsequent accesses to resources within said protected realm.
-
12. The method of claim 1 wherein the wireless user agent is a web browser.
-
13. A method comprising:
-
enabling caching of credentials at a location accessible by an intermediary network node using a wireless user agent;
intercepting a first request destined for a resource at a specified network locator on a wireline network transmitted by a client device over a wireless network, the first request including an associated credential;
intercepting a subsequent request without the associated credential at the intermediary network node, the request transmitted by the client device over the wireless network and destined for a resource at a specified network locator on the wireline network; and
, in response to the request;
using the intermediary network node to locate a cached credential associated with the client device; and
sending the request with the cached credential from the intermediary network node to the resource over the wireline network, the resource authenticating the client device using the credential. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An intermediary network node comprising:
-
means for enabling caching of credentials at a location accessible by an intermediary network node using a wireless user agent;
means for intercepting a first request including an associated credential from a mobile device over a wireless network, the first request destined for a resource at a specified network locator within a protected realm on a wireline network;
means for intercepting a subsequent request without an associated credential at the intermediary network node from the mobile device over the wireless network, the request destined for a resource within the protected realm on the wireline network;
means for using the intermediary network node to locate in a credential cache a credential associated with the mobile client device in response to the subsequent request; and
means for sending the subsequent request with the credential from the intermediary network node to the resource at the specified network locator over the wireless network, the resource authenticating the client device using the credential. - View Dependent Claims (19, 20, 21, 22, 24)
-
-
23. A method comprising:
-
receiving, at an intermediary network node enabled by a wireless user agent to store credentials, a credential from a client device over a wireless network, wherein the credential is associated with a first request by the client device destined for a first resource at a specified first network locator within a protected realm on a wireline network;
caching the credential in a credential cache using the intermediary network node if the credential is not present in the cache;
receiving, at the intermediary network node, a second request from the client device without an associated credential, the second request destined for a second resource at a specified second network locator within the protected realm on the wireline network;
using the intermediary network node to locate the cached credential in the credential cache in response to the second request; and
sending the cached credential with the second request from the intermediary network node to the resource over the wireline network, the resource authenticating the client device using the credential. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A method comprising:
-
creating a credential cache accessible by a proxy server enabled by a wireless user agent to cache credentials, the proxy server proxying to a set of client devices on a wireless network a set of services on a wireline network;
intercepting a first request to access a resource at a specified network locator on the wireline network using said proxy server, the first request transmitted by a client device and destined for a resource in said wireline network, the first request including a credential;
storing said credential in a credential entry in said credential cache if said credentials is not present in the cache; and
in response to receiving a subsequent request from the client device to access the resource on the wireline network;
accessing the credential stored in the credential cache; and
sending the accessed credential for authentication to the resource with the subsequent request, such that the client device is not required to send the credential over the wireless network for the subsequent request to be satisfied. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
informing said client device that said proxy server will perform credential caching such that said client device only sends each credential only once.
-
-
35. The method as claimed in claim 29 wherein said proxy server uses said stored credential for all subsequent accesses to said resource.
-
36. The method as claimed in claim 29 wherein said entries in said credential cache expire according to a set of defined expiration rules.
-
37. The method as claimed in claim 29 wherein said credential was sent by said client device after being denied access to said resource.
-
38. The method as claimed in claim 29 wherein said credential specifies a protected realm wherein the credential applies.
-
39. The method as claimed in claim 38 wherein said proxy server uses said stored credential for all subsequent accesses to resources within said protected realm.
-
40. The method of claim 29 wherein the wireless user agent is a web browser.
-
41. A method comprising:
-
receiving, at a proxy server enabled by a wireless user agent to store credentials, a credential, comprising a user name and a password, from a mobile client device over a wireless network, wherein the credential is associated with a first request by the mobile client destined for a first resource at a specified first network locator within a protected realm on a wireline data network;
caching the credential in a credential cache if the credential is not present in the cache, wherein the credentials in the credential cache expire according to a set of defined expiration rules, using the proxy server unless the user specifies that the credential is not to be cached;
receiving, at the proxy server, a second request without an associated credential from the mobile client over the wireless network, the second request destined for a second resource at a specified second network locator within the protected realm on the wireline data network;
accessing the cached credential in the credential cache in response to the second request, using the proxy server; and
proxying the second request to the resource over the wireline data network, including sending the cached credential to the resource with the second request for authentication of the mobile client at the resource, such that the mobile client is not required to send the credential over the wireless network for the second resource to satisfy the second request. - View Dependent Claims (42)
-
Specification