Device independent authentication system and method

US 7,222,363 B2
Filed: 12/09/2002
Issued: 05/22/2007
Est. Priority Date: 10/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating authentication between a communication device and a host web server over a communication network, comprising the steps of:

receiving an HTTP request file from said communication device, wherein said HTTP request file includes client agent data and communication device model data;

comparing at least one of;

said client agent data to authorized client agents and said communication device model data to authorized communication device models on an associated database to at least one of;

configure, grant, and deny access to said host web server;

analyzing said HTTP request file for presence of a security token when said access to said host web server has been granted; and

issuing a security token when no security token is present by transmitting said security token to said communication device within an HTML tag.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client'"'"'s communication device is issued a security token using standard HTML—INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.

103 Citations

View as Search Results

9 Claims

1. A method for facilitating authentication between a communication device and a host web server over a communication network, comprising the steps of:
- receiving an HTTP request file from said communication device, wherein said HTTP request file includes client agent data and communication device model data;
  
  comparing at least one of;
  
  said client agent data to authorized client agents and said communication device model data to authorized communication device models on an associated database to at least one of;
  
  configure, grant, and deny access to said host web server;
  
  analyzing said HTTP request file for presence of a security token when said access to said host web server has been granted; and
  
  issuing a security token when no security token is present by transmitting said security token to said communication device within an HTML tag.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising the step of determining when each additional HTTP request file received from said communication device includes said security token before responding to said communications device.
  - 3. The method of claim 1, wherein said communication device is at least one of a wireless device and a PC-based device.
  - 4. The method of claim 1, wherein said step of receiving an HTTP request file from said communication device further includes receiving URL information identifying a type of communication device issuing said HTTP request file.
  - 5. The method of claim 1, wherein said step of receiving an HTTP request file from a said communication device further includes receiving device-specific browser information identifying a type of communication device issuing said HTTP request.
  - 6. The method of claim 1, wherein said step of analyzing said file for a presence of said security token further includes the steps of:
    - issuing a login page to said communication device when no security token is located, wherein said login page requests input of at least one of a user name and a password;
      
      receiving and analyzing said login information from said communication device; and
      
      issuing said security token to said communication device upon validation of said login information.
  - 7. The method of claim 1, wherein said security token facilitates at least one of establishing a secure session with a web server and tracking a particular web session within a web site.

8. A method for facilitating authentication between a communication device and a host web server over a communication network, comprising the steps of:
- transmitting an HTTP request file to said host web server from said communication device, wherein said HTTP request file includes client agent data and communication device model data;
  
  causing a comparison at said host web server, of at least one of said client agent data and said communication device model data to authorized communication device models to authorized client agents on an associated database to cause said host web server to at least one of;
  
  configure, grant, and deny access to said host web server;
  
  receiving, from said host web server, a login page when said access to said host web server has been granted;
  
  transmitting, from said communication device, login information comprising at least one of a user name and a password; and
  
  receiving, from said host server, a security token, wherein said security token is contained within an HTML tag.

9. A system for facilitating authentication processes with a communication device, comprising:
- a host web server including a database with client identification data wherein said host web server is configured to receive an HTTP request file including client agent data and communication device model data;
  
  wherein said host web server serves an HTML tag to a wireless device to facilitate said authentication processes, when at least one of;
  
  said client agent data and communication device model data matches an authorized client agent stored in said database, wherein said wireless device has a memory configured to temporarily accept and store HTML tags.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Keshav, Sineesh, Rice, Mike
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
HERRING, VIRGIL A

Application Number

US10/314,736
Publication Number

US 20040078604A1
Time in Patent Office

1,625 Days
Field of Search

380/248, 380/249, 380/250, 726/5
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/168   above the transport layer

Device independent authentication system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Device independent authentication system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links