Secure session management and authentication for web sites
First Claim
1. A method of secure session management and authentication between a web site and a web client, said web site having secure and non-secure web pages, said method comprising the steps of:
- a) utilizing a non-secure communication protocol and a session cookie when said web client requests access to said non-secure web pages;
b) utilizing a secure communication protocol and creating an authcode cookie when said web client requests access to said secure web pages, so that utilizations of said authcode cookie are interspersed between utilizations of said session cookie, and at least some utilizations of said session cookie take place after utilizations of said authcode cookie;
c) requesting said session cookie from said web client whenever said web client requests access to said non-secure web pages and verifying said requested session cookie;
d) requesting said authcode cookie from said web client whenever said web client requests access to said secure web pages and verifying said requested authcode cookie; and
wherein said method also comprises alternating between said secure communication protocol and said non-secure communication protocol when said web client alternates requests for access to said secure web pages and said non-secure web pages, respectively, and also repeatedly alternating between said utilizations of said authcode and said utilizations of said session code.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention comprises a system and method for secure session management and authentication between web sites and web clients. The method includes both secure and non-secure communication protocols, means for switching between secure and non-secure communication protocols, a session cookie and an authcode cookie. The session cookie is used for session management and the authcode cookie is used for authentication. The session cookie is transmitted using a non-secure communication protocol when the web client accesses a non-secure web page, whereas, the authcode cookie is transmitted using a secure communication protocol when the web client accesses a secure web page. Session management architecture and usage of two distinct cookies along with both secure and non-secure communication protocols prevents unauthorized users from accessing sensitive web client or web site information.
60 Citations
26 Claims
-
1. A method of secure session management and authentication between a web site and a web client, said web site having secure and non-secure web pages, said method comprising the steps of:
-
a) utilizing a non-secure communication protocol and a session cookie when said web client requests access to said non-secure web pages; b) utilizing a secure communication protocol and creating an authcode cookie when said web client requests access to said secure web pages, so that utilizations of said authcode cookie are interspersed between utilizations of said session cookie, and at least some utilizations of said session cookie take place after utilizations of said authcode cookie; c) requesting said session cookie from said web client whenever said web client requests access to said non-secure web pages and verifying said requested session cookie; d) requesting said authcode cookie from said web client whenever said web client requests access to said secure web pages and verifying said requested authcode cookie; and wherein said method also comprises alternating between said secure communication protocol and said non-secure communication protocol when said web client alternates requests for access to said secure web pages and said non-secure web pages, respectively, and also repeatedly alternating between said utilizations of said authcode and said utilizations of said session code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, for secure session management and authentication between a web site and a web client, said system comprising a web server, a web client and a communication channel, said web server coupled to said web client via said communication channel, said web server having a web site, said web site including:
-
a) secure and non-secure web pages; b) a non-secure communication protocol and a session cookie that is used for allowing said web client access to each one of said non-secure web pages; c) a secure communication protocol and an authcode cookie that is used for allowing said web client access only to said secure web pages; d) verification means for verifying said session cookie when said session cookie is requested from said web client; and e) verification means for verifying said authcode cookie when said authcode cookie is requested from said web client; wherein said web server further comprises; a security alternating means for alternating between said secure communication protocol and said non-secure communication protocol. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer program embodied on a computer readable medium, said computer program providing for secure session management and authentication between a web site and a web client, said web site having secure and non-secure web pages, said computer program adapted to:
-
a) use a non-secure communication protocol and a session cookie when said web client requests access to said non-secure web pages; b) use a secure communication protocol and an authcode cookie when said web client requests access to said secure web pages; c) request said session cookie from said web client when said web client requests access to said non-secure web pages and to verify said requested session cookie; and d) request said authcode cookie from said web client when said web client requests access to said secure web pages and to verify said requested authcode cookie; wherein said computer program is further adapted to alternate between said secure communication protocol and said non-secure communication protocol when said web client alternates requests for access to said secure web pages and said non-secure web pages. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification