System and method for protecting user logoff from web business transactions

US 7,024,394 B1
Filed: 07/07/2000
Issued: 04/04/2006
Est. Priority Date: 07/07/2000
Status: Active Grant

First Claim

Patent Images

1. A system for assisting a user conducting a transaction on a secure site of a server to implicitly logoff from the secure site, comprising:

the server including;

a secure transaction protection module that tracks a user'"'"'s access state to the server;

a database in communication with the secure transaction protection module, for storing data to be accessed by the user;

an identification module for validating the user'"'"'s access to the database; and

a notification module for notifying the secure transaction protection module of a user'"'"'s request to initiate a session on the server;

wherein if the user selects an insecure site while logged on to the secure site of the server, the notification module sends a warning notice to the user to alert the user of an impending logoff from the secure site, and further sends a termination command to the secure transaction protection module for implicitly logging off the user from the secure site; and

wherein the secure transaction protection module causes the session to be terminated in response to the termination command, absent an instruction from the user to maintain a connection with the secure site.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer program product is provided as a system and associated method for use with a web browser and an Internet, to improve the access security to a secure web site and to protect the user from undesirable hacking. The system presents a novel, secure, implicit log-off procedure in addition to the conventional express log-off and cookie termination. The implicit log-off procedure reduces the risks resulting from transiting to an insecure site while remaining logged onto a secure site. The system is comprised of a secured transaction protection module implemented on a business server that includes a security/identification module and a local database; and a notification module which is implemented on the user'"'"'s browser. The system tracks the user'"'"'s access state to the server, and issues a termination command shortly as soon as the notification module detects migration to another site or to an insecure page on the same site.

Citations

15 Claims

1. A system for assisting a user conducting a transaction on a secure site of a server to implicitly logoff from the secure site, comprising:
- the server including;
  
  a secure transaction protection module that tracks a user'"'"'s access state to the server;
  
  a database in communication with the secure transaction protection module, for storing data to be accessed by the user;
  
  an identification module for validating the user'"'"'s access to the database; and
  
  a notification module for notifying the secure transaction protection module of a user'"'"'s request to initiate a session on the server;
  
  wherein if the user selects an insecure site while logged on to the secure site of the server, the notification module sends a warning notice to the user to alert the user of an impending logoff from the secure site, and further sends a termination command to the secure transaction protection module for implicitly logging off the user from the secure site; and
  
  wherein the secure transaction protection module causes the session to be terminated in response to the termination command, absent an instruction from the user to maintain a connection with the secure site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9)
- - 2. The system according to claim 1, wherein the secure transaction protection module provides the user with an option to set the time to termination.
  - 3. The system according to claim 1, wherein the secure transaction protection module sends a cookie with a short life to the notification module to terminate the session following the expiration of the cookie.
  - 4. The system according to claim 1, wherein the secure site is a web site with an address;
    - andwherein the user exits the secure site by transiting to another address.
  - 5. The system according to claim 1, wherein the transaction is an ebusiness transaction.
  - 6. The system according to claim 5, wherein the user accesses the secure site using a web browser.
  - 7. The system according to claim 6, wherein the notification module is implemented on the web browser.
  - 9. The computer program product according to claim 7, wherein the secure transaction protection module provides the user with an option to set the time to termination.

8. A computer program product for assisting a user conducting a transaction on a secure site of a server to implicitly logoff from the secure site, comprising:
- the server including;
  
  a secure transaction protection module that tracks a user'"'"'s access state to the server;
  
  a database in communication with the secure transaction protection module, for storing data to be accessed by the user;
  
  an identification module for validating the user'"'"'s access to the database; and
  
  a notification module for notifying the secure transaction protection module of a user'"'"'s request to initiate a session on the server;
  
  wherein if the user selects an insecure site while logged on to the secure site of the server, the notification module sends a warning notice to the user to alert the user of an impending logoff from the secure site, and further sends a termination command to the secure transaction protection module for implicitly logging off the user from the secure site; and
  
  wherein the secure transaction Protection module causes the session to be terminated in response to the termination command, absent an instruction from the user to maintain a connection with the secure site.

10. A method for implicitly logging off a user conducting a transaction on a secure site of a server from the secure site, comprising:
- tracking a user'"'"'s access state to the server;
  
  storing data to be accessed by the user;
  
  validating the user'"'"'s access to the database;
  
  notifying the secure transaction protection module of a user'"'"'s request to initiate a session on the server;
  
  wherein if the user selects an insecure site while logged on to the secure site of the server, sending a warning notice to the user to alert the user of an impending logoff from the secure site, and further issuing a termination command to the secure transaction protection module for implicitly logging off the user from the secure site; and
  
  causing the session to be terminated in response to the termination command, absent an instruction from the user to maintain a connection with the secure site.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method according to claim 10, further comprising providing the user with an option to set the time to termination.
  - 12. The method according to claim 10, wherein issuing the command includes sending a cookie with a short life to the notification module to terminate the session following the expiration of the cookie.
  - 13. The method according to claim 10, wherein exiting the secure site includes transiting to another site.
  - 14. The method according to claim 10, further including performing an ebusiness transaction.
  - 15. The method according to claim 14, wherein accessing the secure site includes using a web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sundaresan, Neelakantan, Ashour, Gal
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US09/611,934
Time in Patent Office

2,097 Days
Field of Search

705/77, 705/51, 705/58, 705/57, 705/64, 705/67, 705/50, 713/200, 713/201, 713/202, 713/165, 713/186
US Class Current

705/64
CPC Class Codes

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

H04L 63/10   for controlling access to d...

H04L 63/168   above the transport layer

System and method for protecting user logoff from web business transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting user logoff from web business transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links