De-authenticating in security environments only providing authentication

US 7,020,705 B2
Filed: 04/26/2001
Issued: 03/28/2006
Est. Priority Date: 04/26/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for de-authenticating from a first web server security realm protected by an authentication scheme lacking a de-authentication operation, the method comprising:

attempting to access a first resource in a first security realm protected by the authentication scheme;

receiving a request for authentication credentials in response to said attempting to access the first resource;

supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and

accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm such that accessing the logout resource results in de-authentication from the first security realm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a protocol providing for authentication to a first security realm, but failing to provide for a logout operation to de-authenticate from the first security realm, a logout operation is effected by providing a logout button, hyperlink, or other linking construct that causes a user to be transparently authenticated to a second security realm. For example, with respect to HTTP basic authentication, authentication with the second security realm removes, or logs out, the user from the first security realm.

23 Citations

View as Search Results

24 Claims

1. A method for de-authenticating from a first web server security realm protected by an authentication scheme lacking a de-authentication operation, the method comprising:
- attempting to access a first resource in a first security realm protected by the authentication scheme;
  
  receiving a request for authentication credentials in response to said attempting to access the first resource;
  
  supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and
  
  accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm such that accessing the logout resource results in de-authentication from the first security realm.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - providing a common access point executing a web browser;
      
      first displaying a login web page of the second security realm so that a first user may authenticate with the first security realm and access the first resource, the login page comprising a login resource configured to perform said attempting to access the first resource; and
      
      second displaying the login web page of the second security realm responsive to said accessing the logout resource so that a second user may authenticate with the first security realm and access the first resource.
  - 3. The method of claim 1, wherein the logout resource executes a script configured to authenticate a user with the second security realm.
  - 4. The method of claim 3, wherein the logout resource comprises a web page element comprising a link to the script, and wherein the web page element incorporates authentication credentials for the second security realm so that the user need not provide authentication credentials to access the second security realm.
  - 5. The method of claim 1, wherein the authentication scheme comprises HTTP basic authentication.

6. A method comprising:
- attempting to access a first resource in a first security realm protected by basic authentication;
  
  responsive to said attempting to access, receiving an authentication request for controlling access to the first resource;
  
  supplying authentication credentials responsive to said authentication request so as to authenticate with the first security realm;
  
  accessing a second resource in the first security realm; and
  
  responsive to said accessing the second resource, automatically authenticating with a second security realm and de-authenticating with the first security realm.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein HTTP basic authentication only provides for a single authentication so that said authenticating with the second security realm results in invalidation of said authentication with the first security realm.
  - 8. The method of claim 7, further comprising:
    - displaying a login element within a web browser, the login element configured to access the first resource upon activation thereof.
  - 9. The method of claim 8, further comprising:
    - displaying a logout element within the web browser for performing said automatically authenticating with the second security realm; and
      
      within a single browser session;
      
      authenticating a first user with the first security realm;
      
      authenticating the first user with the second security realm so as to de-authenticate the first user from the first security realm; and
      
      authenticating a second user with the first security realm.

10. An article of manufacture comprising a readable medium having instructions encoded thereon capable of directing a processor to perform:
- attempting to access a first resource in a first security realm protected by the authentication scheme;
  
  receiving a request for authentication credentials in response to said attempting to access the first resource;
  
  supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and
  
  accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm on accessing thereof and to de-authenticate from the first security realm.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The article of manufacture of claim 10, said instructions comprising further instructions capable of directing the processor to perform:
    - providing a common access point executing a web browser;
      
      first displaying a login web page of the second security realm so that a first user may authenticate with the first security realm and access the first resource, the login page comprising a login resource configured to perform said attempting to access the first resource; and
      
      second displaying the login web page of the second security realm responsive to said accessing the logout resource so that a second user may authenticate with the first security realm and access the first resource.
  - 12. The article of manufacture of claim 10, wherein said instructions for said logout resource comprise instructions capable of directing the processor to execute a script configured to authenticate a user with the second security realm.
  - 13. The article of manufacture of claim 12, further comprising:
    - said instructions for said logout resource further comprising instructions capable of directing the processor to provide a web page element comprising a link to the script; and
      
      said instructions for said web page element further comprising instructions capable of directing the processor to provide authentication credentials for the second security realm so that the user need not provide authentication credentials to access the second security realm.
  - 14. The article of manufacture of claim 10, wherein the authentication scheme comprises HTTP basic authentication.

15. An article of manufacture comprising a readable medium having instructions capable of directing a the processor to perform:
- attempting to access a first resource in a first security realm protected by basic authentication;
  
  responsive to said attempting to access, receiving an authentication request for controlling access to the first resource;
  
  supplying authentication credentials responsive to said authentication request so as to authenticate with the first security realm;
  
  accessing a second resource in the first security realm; and
  
  responsive to said accessing the second resource, automatically authenticating with a second security realm and de-authenticating from the first security realm.
- View Dependent Claims (16, 17, 18)
- - 16. The article of manufacture of claim 15, wherein said instructions for authenticating with the second security realm invalidates a prior authentication with the first security realm.
  - 17. The article of manufacture of claim 16, said instructions comprising further instructions capable of directing the processor to perform:
    - displaying a login element within a web browser, the login element configured to access the first resource upon activation thereof.
  - 18. The article of manufacture of claim 17, said instructions comprising further instructions capable of directing the processor to perform:
    - displaying a logout element within the web browser for performing said automatically authenticating with the second security realm; and
      
      within a single browser session;
      
      authenticating a first user with the first security realm;
      
      authenticating the first user with the second security realm so as to de-authenticate the first user from the first security realm; and
      
      authenticating a second user with the first security realm.

19. An apparatus comprising:
- means for attempting to access a first resource in a first security realm protected by the authentication scheme;
  
  means for receiving a request for authentication credentials in response to said attempting to access the first resource;
  
  means for supplying said authentication credentials in response to the request so as to become authenticated in the first security realm; and
  
  means for accessing a logout resource in the first security realm, said logout resource configured to automatically authenticate with a second security realm such that accessing the logout resource results in de-authentication from the first security realm.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, further comprising:
    - means for providing a common access point executing a web browser;
      
      means for first displaying a login web page of the second security realm so that a first user may authenticate with the first security realm and access the first resource, the login page comprising a login resource configured to perform said attempting to access the first resource; and
      
      means for second displaying the login web page of the second security realm responsive to said accessing the logout resource so that a second user may authenticate with the first security realm and access the first resource.

21. An apparatus for de-authenticating from an HTTP basic authentication comprising:
- means for attempting to access a first resource in a first security realm protected by HTTP basic authentication;
  
  responsive to said attempting to access, means for receiving an authentication request for controlling access to the first resource;
  
  means for supplying authentication credentials responsive to said authentication request so as to authenticate with the first security realm;
  
  means for accessing a second resource in the first security realm; and
  
  responsive to said accessing the second resource, means for automatically authenticating with a second security realm wherein said authentication results in automatically de-authenticating from the first security realm.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, further comprising:
    - means for displaying a logout element within the web browser for performing said automatically authenticating with the second security realm; and
      
      within a single browser session;
      
      means for authenticating a first user with the first security realm;
      
      means for authenticating the first user with the second security realm so as to de-authenticate the first user from the first security realm; and
      
      means for authenticating a second user with the first security realm.

23. A de-authentication method for a web browser, comprising:
- accessing a first resource of a first security realm of the web server with the web browser, the web browser operable to automatically cache authentication credentials for a current security realm to which the web browser is authenticated;
  
  receiving a request for authentication responsive to requesting the first resource;
  
  authenticating with the first security realm based at least in part on providing authentication credentials responsive to the request for authentication, so that the current security realm is first security realm; and
  
  de-authenticating from the first web server security realm based at least in part on accessing a second resource of a second security realm different from the first resource of the first security realm, so that the current security realm changes from the first security realm to the second security realm.
- View Dependent Claims (24)
- - 24. The method of claim 23, wherein the web browser and the web server communicate using a stateless communication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wang, Bing, Zhang, Jessica
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
JACOBS, LASHONDA T

Application Number

US09/843,599
Publication Number

US 20020161886A1
Time in Patent Office

1,797 Days
Field of Search

709/229, 709/203, 709223-225, 709/228, 713/153, 713/155, 713/168, 713201-202
US Class Current

709/229
CPC Class Codes

H04L 63/08 for authentication of entit...

De-authenticating in security environments only providing authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

De-authenticating in security environments only providing authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links