Separate client state object and user interface domains

US 7,234,158 B1
Filed: 04/01/2002
Issued: 06/19/2007
Est. Priority Date: 04/01/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of routing communication between a client computer and network servers, said client computer and said network servers being coupled to a data communication network, said client computer operating a browser configured to permit a user of the client computer to communicate on the data communication network, said method comprising:

providing a user interface from a first network server coupled to the data communication network, said first network server providing the user interface to the user of the client computer via the browser, said user interface requesting information to be retrieved from the user;

receiving the information retrieved from the user directly at a second network server coupled to the data communication network, said first and second network servers being in different domains on the data communication network;

validating, by the second network server, the information retrieved from the user;

providing a client state object from the second network server to the browser of the client computer after the information retrieved from the user is validated, said client state object having a domain attribute corresponding to the domain of the second network server;

receiving a request from the user via the browser of the client computer, said request being for a selected service to be provided by a third network server coupled to the data communication network;

issuing a first redirect command from the third network server to the client computer for directing the client computer to the second network server in response to the request from the user;

issuing a second redirect command from the second network server to the client computer for directing the client computer to the first network server for providing the user interface to the user; and

issuing a third redirect command from the second network server directly to the client computer for directing the client computer to the third network server coupled to the data communication network, said third network server providing the selected service requested by the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and system for routing communication between a client computer and network servers on a data communication network. In response to a request from a web server on the network to authenticate a user of the client computer, an authentication network server directs the client to a user interface network server. The user interface server provides a user interface to the user requesting login information. The authentication server, which is in a different domain than the user interface server, receives and validates the login information. The authentication server further provides a cookie to the client computer if the information retrieved from the user is valid. The cookie has a domain attribute corresponding to the domain of the authentication server.

78 Citations

View as Search Results

30 Claims

1. A method of routing communication between a client computer and network servers, said client computer and said network servers being coupled to a data communication network, said client computer operating a browser configured to permit a user of the client computer to communicate on the data communication network, said method comprising:
- providing a user interface from a first network server coupled to the data communication network, said first network server providing the user interface to the user of the client computer via the browser, said user interface requesting information to be retrieved from the user;
  
  receiving the information retrieved from the user directly at a second network server coupled to the data communication network, said first and second network servers being in different domains on the data communication network;
  
  validating, by the second network server, the information retrieved from the user;
  
  providing a client state object from the second network server to the browser of the client computer after the information retrieved from the user is validated, said client state object having a domain attribute corresponding to the domain of the second network server;
  
  receiving a request from the user via the browser of the client computer, said request being for a selected service to be provided by a third network server coupled to the data communication network;
  
  issuing a first redirect command from the third network server to the client computer for directing the client computer to the second network server in response to the request from the user;
  
  issuing a second redirect command from the second network server to the client computer for directing the client computer to the first network server for providing the user interface to the user; and
  
  issuing a third redirect command from the second network server directly to the client computer for directing the client computer to the third network server coupled to the data communication network, said third network server providing the selected service requested by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein providing the user interface comprises rendering the user interface in a separate domain from the client state object.
  - 3. The method of claim 1 further comprising directing the client computer from the second network server to the first network server for providing the user interface.
  - 4. The method of claim 1 wherein the information retrieved from the user is posted to the second network server directly from the client computer.
  - 5. The method of claim 1 wherein the information retrieved from the user comprises login information and further comprising:
    - receiving, at the second network server, a request from the third network server to authenticate the user when the user requests the selected service;
      
      determining whether the user was already authenticated;
      
      retrieving the login information from the user with the user interface provided by the first network server in response to when the user is determined not to have been authenticated; and
      
      authenticating the user with the second network server by comparing the login information with authentication information stored in a database associated with the second network server.
  - 6. The method of claim 5 further comprising directing the client computer back to the third network server providing the selected service after the user is authenticated by the second network server.
  - 7. The method of claim 1 wherein the third network server is a portal for providing the user with a gateway to services provided by one or more other network servers coupled to the data communication network.
  - 8. The method of claim 1 wherein the network servers are web servers and the data communication network is the Internet.
  - 9. The method of claim 1 wherein the second network server is an authentication server associated with a multi-site user authentication system.
  - 10. The method of claim 9 wherein the first network server is a user interface server associated with the authentication server.
  - 11. The method of claim 1 wherein the client state object provided to the browser of the client computer by the second network server contains user profile and authentication information.
  - 12. The method of claim 1 wherein the retrieved confidential information includes a login ID and a password associated with the login ID.

13. A method comprising:
- receiving a request from a web server to authenticate a user of a client computer, said web server and said client computer being coupled to the data communication network and said user seeking access to the web server via the data communication network, said client computer operating a browser configured to permit the user to communicate on a data communication network;
  
  directing the client computer from the web server to an authentication server in response to the request from the web server and then directing the client computer from the authentication server to a user interface server, said authentication server and said user interface server also being coupled to the data communication network, said authentication server and said user interface server being in different domains on the data communication network;
  
  providing a user interface to the user via the browser for retrieving login information from the user, said user interface being provided to the user by the user interface server;
  
  posting the login information retrieved from the user directly to the authentication server;
  
  authenticating the user by the authentication server based on the login information retrieved from the user; and
  
  when the user is determined to have been authenticated;
  
  providing a cookie from the authentication server to the browser of the client computer, said cookie having a domain attribute corresponding to the domain of the authentication server; and
  
  issuing a redirect command from the authentication server to the browser of the client computer for directing the client computer to directly back to the web server.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13 further comprising, before authenticating the user, determining whether the user was already authenticated and, when the user is determined not to have been authenticated, then retrieving the login information from the user with the user interface provided by the user interface server and authenticating the user with the authentication server by comparing the login information with authentication information stored in a database associated with the authentication server.
  - 15. The method of claim 13 wherein the cookie provided to the browser of the client computer by the authentication server contains user profile and authentication information.
  - 16. The method of claim 13 wherein directing the client computer from the web server to the authentication server and from the authentication server to the user interface server includes carrying over encoded information relating to the request from the web server.
  - 17. The method of claim 13 wherein the user interface server is identified by a uniform resource locator and displayed to the user via the browser and further comprising removing query string information from the uniform resource locator of the user interface server before displaying to the user.
  - 18. The method of claim 13 wherein the web server is a portal for providing the user with a gateway to services provided by one or more network servers coupled to the data communication network.
  - 19. The method of claim 13 wherein the retrieved login information includes a login ID and a password associated with the login ID.

20. A system comprising:
- a first network server coupled to a data communication network, said first network server providing a user interface to the user of a client computer, said user interface requesting information to be retrieved from the user and being provided to the user via a browser operating on the client computer, said client computer being coupled to the data communication network, said browser being configured to permit a user of the client computer to communicate on the data communication network;
  
  a second network server coupled to the data communication network, said first and second network servers being in different domains on the data communication network, said second network server receiving and validating the information retrieved directly from the user, said information retrieved from the user is posted to the second network server from the client computer, said second network server further providing a client state object to the browser of the client computer after the information retrieved from the user is validated, said client state object having a domain attribute corresponding to the domain of the second network server; and
  
  a third network server coupled to the data communication network, said third network server receiving a request from the user via the browser of the client computer for a selected service to be provided by the third network server, wherein the third network server issues a redirect command for directing the client computer to the second network server in response to the request from the user, wherein the second network server issues a redirect command to the client computer for directing the client computer to the first network server for providing the user interface to the user, and wherein the second network server issues another redirect command for directing the client computer directly to the third network server when the second server validates the information retrieved from the user.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The system of claim 20 wherein the second network server directs the client computer to the first network server for providing the user interface.
  - 22. The system of claim 20 wherein the information retrieved from the user comprises login information and further comprising a database associated with the second network server storing authentication information for comparison with the login information to authenticate the user.
  - 23. The system of claim 22 wherein the second network server receives a request to authenticate the user when the user requests the selected service from the third network server, determines whether the user was already authenticated and, when the user is determined not to have been authenticated, then retrieves the login information from the user with the user interface provided by the first network server to authenticate the user.
  - 24. The system of claim 23 wherein the second network server directs the client computer directly back to the third network server providing the selected service after authenticating the user.
  - 25. The system of claim 20 wherein the third network server is a portal for providing the user with a gateway to services provided by one or more other network servers coupled to the data communication network.
  - 26. The system of claim 20 wherein the network servers are web servers and the data communication network is the Internet.
  - 27. The system of claim 20 wherein the second network server is an authentication server associated with a multi-site user authentication system.
  - 28. The system of claim 27 wherein the first network server is a user interface server associated with the authentication server.
  - 29. The system of claim 20 wherein the client state object provided to the browser of the client computer by the second network server contains user profile and authentication information.
  - 30. The system of claim 20 wherein the retrieved login information includes a login ID and a password associated with the login ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Jiang, Wei, Guo, Wei-Quiang Michael, Chow, Colin
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
Patel; Nirav

Application Number

US10/113,868
Time in Patent Office

1,905 Days
Field of Search

713/201, 713/202, 713/155, 713/150, 713/168, 713/182, 713/172, 709/224, 709/225, 709/229, 709/227, 709/219, 709/226, 705/26, 705/27, 705/50, 726/2, 726/3, 726/5, 726 8- 10, 726 27- 29, 455/411, 707/1, 707/2, 707/10
US Class Current

726/2
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 67/563   Data redirection of data ne...

Separate client state object and user interface domains

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Separate client state object and user interface domains

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links