Cross-site timed out authentication management

US 7,237,024 B2
Filed: 10/15/2002
Issued: 06/26/2007
Est. Priority Date: 10/15/2002
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user, the method comprising the steps of:

(a) requesting, by a user, a page from a site in said network;

(b) checking, by said site, whether the user has already been authenticated;

(c) if the check result in step (b) is yes, then updating the user'"'"'s SATr parameters and storing them into said SATr cookie;

(d) checking said SATr cookie to determine whether the user has been inactive at said site for longer than said site'"'"'s maximum allowable inactivity period P_max;

(e) if the check result in step (d) is yes, then redirecting the user along with said P_maxand said site'"'"'s return URL to a network authentication server (NAS) associated with said network to check the user'"'"'s network-wide activity;

(f) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie;

(g) inspecting the user'"'"'s NATr parameters in said NATr cookie to determine whether the user has been inactive for longer than said P_max; and

(h) if the check result in step (g) is yes, then forcing the user to re-authenticate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A solution is provided to monitor Web browsing activity across an Internet based network of affiliated Web sites and to enable the Web sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period. The network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie. The NATr cookie comprises a set of network-wide activity tracking (NATr) parameters for each registered user. Each of the Web sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user. The NATr parameters for each user are reset whenever the user authenticates to the network. When a user requests a page from a site, an NAS forces the user to re-authenticate when the NAS determines that the user'"'"'s network-wide inactivity duration is longer than the site'"'"'s maximum allowable inactivity period.

Citations

21 Claims

1. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user, the method comprising the steps of:
- (a) requesting, by a user, a page from a site in said network;
  
  (b) checking, by said site, whether the user has already been authenticated;
  
  (c) if the check result in step (b) is yes, then updating the user'"'"'s SATr parameters and storing them into said SATr cookie;
  
  (d) checking said SATr cookie to determine whether the user has been inactive at said site for longer than said site'"'"'s maximum allowable inactivity period P_max;
  
  (e) if the check result in step (d) is yes, then redirecting the user along with said P_maxand said site'"'"'s return URL to a network authentication server (NAS) associated with said network to check the user'"'"'s network-wide activity;
  
  (f) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie;
  
  (g) inspecting the user'"'"'s NATr parameters in said NATr cookie to determine whether the user has been inactive for longer than said P_max; and
  
  (h) if the check result in step (g) is yes, then forcing the user to re-authenticate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising the steps of:
    - (i) reinitializing, by said NAS, the user'"'"'s NATr parameters and storing them into said NATr cookie;
      
      (j) redirecting the user back to said site'"'"'s return URL;
      
      (k) initializing, by said site, the user'"'"'s site-specific activity tracking (SATr) parameters and storing them into said SATr cookie;
      
      (l) generating said requested page and returning said requested page to the user'"'"'s browser;
      
      (m) receiving, by the user'"'"'s browser, said requested page;
      
      (n) checking whether requested page contains a NATr element;
      
      (o) if the check result in step (n) is yes, then requesting, by the user'"'"'s browser, said NATr element from said NAS, wherein if the check result in step (n) is no, then starting from step (a);
      
      (p) updating, by said NAS, the user'"'"'s NATr parameters and storing them into said NATr cookie; and
      
      (q) returning said requested NATr element to the user'"'"'s browser, and starting from step (a);
      
      wherein if the check result of step (2d) is no, then step (2d) is followed by step (5l), and wherein if the check result of step (2g) is no, then step (2g) is followed by step (5j).
  - 3. The method of claim 2, wherein step (i) further comprises the steps of:
    - (r) checking whether a local cookie exists;
      
      (s) if the check result in step (r) is no, then embedding an NATr element, along with an image tag into said requested page;
      
      (t) writing into said requested page the local cookie with expiration time n minutes in the future; and
      
      (u) returning said requested page to the user'"'"'s browser;
      
      wherein if the check result In step (r) is yes, then step (r) is followed by step (u).
  - 4. The method of claim 3, wherein said embedded NATr element is placed on every page whose viewing counts towards activity.
  - 5. The method of claim 4, wherein said NATr element is included via a JavaScript code snippet which writes the image tag into said every page every n minutes.
  - 6. The method of claim 5, wherein said embedded NATr element comprises a specified URL for said NAS, said URL being used to:
    - update said NATr parameters in said NATr cookie; and
      
      /or return image.
  - 7. The method of claim 1, wherein the step (c) further comprises the steps of:
    - (c1) extracting, by said site, the values of a last-activity-time and the maximum inactivity duration in said site from said SATr cookie;
      
      (c2) obtaining the current time;
      
      (c3) computing a recent duration of Inactivity in said site by computing the difference between the current time and said last-activity-time from said SATr cookie;
      
      (c4) checking whether said recent duration of Inactivity in said site is longer than the maximum inactivity duration in said site;
      
      (c5) if the check result in step (c4) is yes, setting the maximum inactivity duration in said site to said recent duration of inactivity in said site;
      
      (c6) if the check result in step (c4) is no, keeping the maximum inactivity duration in said site as the value obtained from said SATr cookie; and
      
      (c7) updating said SATr cookie with the current time and value for the maximum inactivity duration in said site;
      
      wherein step (c5) is followed by step (c7).
  - 8. The method of claim 1, wherein the step (f) further comprises the steps of:
    - (f1) extracting, by said NAS, the values of a last-activity-time and the maximum network-wide inactivity duration from said NATr cookie;
      
      (f2) obtaining the current time;
      
      (f3) computing a recent duration of network-wide inactivity by computing the difference between the current time and said last-activity-time from said NATr cookie;
      
      (f4) checking whether said recent duration of network-wide inactivity is longer than the maximum network-wide inactivity duration;
      
      (f5) if the check result in step (f4) is yes, setting the maximum network-wide inactivity duration to said recent duration of network-wide inactivity;
      
      (f6) if the check result in step (f4) is no, keeping the maximum network-wide inactivity duration as the value obtained from said NATr cookie; and
      
      (f7) updating said NATr cookie with the current time and value for the maximum network-wide inactivity duration;
      
      wherein step (f5) is followed by step (f7).
  - 9. The method of claim 1, wherein if the check result in step (b) is no, then further comprising the steps of:
    - (v) redirecting the user along with said P_maxand said site'"'"'s return URL to said NAS;
      
      (w) checking whether the user has already been authenticated to said NAS;
      
      (x) if the check result in step (w) is yes, then continuing on Step (f); and
      
      (y) if the check result in step (w) is no, then authenticating the user to said NAS;
      
      wherein step (y) is followed by step (j).

10. An apparatus of network communications, comprising:
- at least one client communicatively coupled to the Internet;
  
  at least two network sites communicatively coupled to the Internet;
  
  at least one authentication server which authenticates a user via said at least one client to said network;
  
  means for tracking the user'"'"'s site-specific inactivity duration;
  
  means for tracking the user'"'"'s network-wide inactivity duration, said network-wide inactivity duration being reset whenever the user authenticates to said network;
  
  wherein when the user requests a page from a network site in said network, said network site inspects the user'"'"'s inactivity duration at said network site;
  
  wherein if the user has been inactive in said network site longer than said network site'"'"'s maximum allowable duration, said network site redirects the user to said at least one authentication server;
  
  wherein said at least one authentication server inspects the user'"'"'s maximum network-wide inactivity duration in said network;
  
  wherein if said at least one authentication server determines that the user'"'"'s maximum network-wide inactivity duration is not longer than said network site'"'"'s maximum allowable inactivity duration, said network site initializes said means for tracking the user'"'"'s site-specific inactivity duration;
  
  wherein if the user'"'"'s maximum network-wide inactivity duration is longer than said network site'"'"'s maximum allowable inactivity duration, said at least one authentication server forces the user to re-authenticate.
- View Dependent Claims (11)
- - 11. The apparatus of claim 10, wherein if the user who requests a page from the network site has been inactive in said network site not longer than said network site'"'"'s maximum allowable inactivity duration, said network site returns said requested page to the user.

12. An apparatus of network communications, comprising:
- at least one client communicatively coupled to the Internet;
  
  at least two network sites communicatively coupled to the Internet, each of said network sites maintaining a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user;
  
  at least one authentication server which authenticates a user via said at least one client to said network, said at least one authentication server maintaining a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, wherein upon the user'"'"'s every authentication to said network, said NATr parameters for the user are reset;
  
  wherein when the user requests a page from the network site in said network, said network site checks its SATr cookie to determine the user'"'"'s inactivity duration at said network site;
  
  wherein if the user has been inactive in said network site longer than said network site'"'"'s maximum allowable duration, said network site redirects the user to said at least one authentication server; and
  
  wherein said at least one authentication server updates the user'"'"'s NATr parameters and, if said at least one authentication server determines that the user'"'"'s maximum network-wide inactivity duration longer than said network site'"'"'s maximum allowable inactivity duration, then forces the user to re-authenticate.
- View Dependent Claims (13, 14)
- - 13. The apparatus of claim 12, wherein if the user who requests a page from the network site has been inactive in said network site not longer than said network site'"'"'s maximum allowable duration, said network site returns said requested page to the user.
  - 14. The apparatus of claim 12, wherein upon updating the user'"'"'s NATr parameters, if said at least one authentication server determines that the user'"'"'s maximum network-wide inactivity duration is not longer than said network site'"'"'s maximum allowable inactivity duration, said network site initializes the user'"'"'s SATr parameters and stores them into said SATr cookie.

15. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon user'"'"'s who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites includes in its pages an HTML SCRIPT tag that causes the user'"'"'s browser to request a Javascript activity-tracking source file from said site'"'"'s Web server, the method comprising the steps of:
- (a) requesting, by a user, a page from a site in said network;
  
  (b) returning a page containing a first SCRIPT tag and a second SCRIPT tag to the user'"'"'s browser;
  
  (C) requesting, by the browser, from said site Javascript URL in said first SCRIPT tag;
  
  (d) checking for existence of a local cookie in the browser request;
  
  (e) if the check result in step (d) is no, then issuing a redirect to said NAS, passing along said site'"'"'s maximum allowable period of network-wide inactivity (P_max) as query data, wherein if the check result of step (d) is yes, then said site returns an empty Javascript file;
  
  (f) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie;
  
  (g) comparing the user'"'"'s maximum period of network-wide inactivity to said P_max;
  
  (h) if the user'"'"'s maximum period of network-wide inactivity exceeds said P_max, then returning a Javascript code that sets a Javascript inactive var to true;
  
  (i) executing, by the user'"'"'s browser, Javascript code in said second SCRIPT tag which redirects the user to said NAS for reauthentication;
  
  (j) If the user'"'"'s maximum period of network-wide inactivity does not exceed said P_max, then returning Javascript code that sets a Javascript inactive false; and
  
  (k) executing, by the user'"'"'s browser, Javascript code in said second SCRIPT tag which does nothing.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein step (f) further comprising the steps of:
    - (f1) extracting, by said NAS, the values of a last-activity-time and the maximum network-wide inactivity duration from said NATr cookie;
      
      (f2) obtaining the current time;
      
      (f3) computing a recent duration of network-wide inactivity by computing the difference between the current time and said last-activity-time from said NATr cookie;
      
      (f4) checking whether said recent duration of network-wide inactivity is longer than the maximum network-wide inactivity duration;
      
      (f5) if the check result in step (f4) is yes, setting the maximum network-wide inactivity duration to said recent duration of network-wide inactivity;
      
      (f6) if the check result in step (f4) is no, keeping the maximum network-wide inactivity duration as the value obtained from said NATr cookie; and
      
      (f7) updating said NATr cookie with the current time and value for the maximum network-wide inactivity duration;
      
      wherein step (f5) is followed by step (f7).

17. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon user'"'"'s who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, the method comprising the steps of:
- (a) requesting, by a user, a page from a site in said network;
  
  (b) checking for existence of a local cookie in the browser request;
  
  (c) if the check result in Step (b) is no, then issuing a redirect to said NAS, passing along as query data(1) said site'"'"'s maximum allowable period of network-wide inactivity (P_max) and(2) said site'"'"'s return URL,wherein if the check result in step (b) is yes, then said site returns the requested page;
  
  (d) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie;
  
  (e) comparing the user'"'"'s maximum period of network-wide inactivity to said P_maxand(f) if the check result in step (e) is yes, then returning, by said NAS, a authentication page to the browser;
  
  (g) forcing the user to authenticate; and
  
  (h) returning, by said NAS, redirect to said site'"'"'s return URL;
  
  wherein if the check result of step (e) is no, then step (e) is followed by step (h).
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein step (d) further comprising the steps of:
    - (d1) extracting, by said NAS, the values of a last-activity-time and the maximum network-wide inactivity duration from said NATr cookie;
      
      (d2) obtaining the current time;
      
      (d3) computing a recent duration of network-wide inactivity by computing the difference between the current time and said last-activity-time from said NATr cookie;
      
      (d4) checking whether said recent duration of network-wide inactivity is longer than the maximum network-wide inactivity duration;
      
      (d5) if the check result in step (d4) is yes, selling the maximum network-wide inactivity duration to said recent duration of network-wide inactivity;
      
      (d6) if the check result in step (d4) is no, keeping the maximum network-wide inactivity duration as the value obtained from said NATr cookie; and
      
      (d7) updating said NATr cookie with the current time and value for the maximum network-wide inactivity duration;
      
      wherein step (d5) is followed by step (d7).

19. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user, the method comprising the steps of:
- updating the user'"'"'s NATr parameters in said NATr cookie upon performance of each activity indicating event by the user in the network;
  
  updating the user'"'"'s SATr parameters in said SATr cookie upon performance of each activity indicating event by the user in the site;
  
  determining upon request the maximum period of site-specific inactivity experienced by the user since his last network authentication;
  
  checking the user'"'"'s network-wide inactivity if the maximum period of site-specific inactivity exceeds a predefined threshold;
  
  determining upon request the maximum period of network-wide inactivity experienced by the user since his last network authentication; and
  
  re-authenticating the user if the maximum period of network-wide inactivity exceeds the predefined threshold.

20. An apparatus of network communications, comprising:
- at least one client communicatively coupled to the Internet;
  
  at least two network sites communicatively coupled to the Internet, each of which includes in its pages a first SCRIP tag and a second SCRIP tag that cause a user'"'"'s browser to request a Javascript activity tracking source file from said site'"'"'s Web server;
  
  at least one authentication server which authenticates a user via said at least one client to said network, said at least one authentication server maintaining a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, wherein upon the user'"'"'s every authentication to said network, said NATr parameters for the user are reset;
  
  wherein when the user requests a page from a site, said site'"'"'s Web server checks for existence of a local cookie in the user'"'"'s browser request;
  
  wherein if the local cookie is found, said site'"'"'s Web server returns an empty Javascript file;
  
  wherein if the local cookie is not found, said site'"'"'s Web server issues a redirect to said NAS, passing along said site'"'"'s maximum allowable period of network-wide inactivity (P_max) as query data;
  
  wherein said NAS updates the user'"'"'s network-wide activity tracking (NATr) parameters and stores them into said NATr cookie;
  
  wherein said NAS compares the user'"'"'s maximum period of network-wide inactivity to said P_max;
  
  wherein if the user'"'"'s maximum period of network-wide inactivity exceeds said P_max, said NAS returns a Javascript code that sets a Javascript Inactive var to true, and the user'"'"'s browser executes the Javascript code in said second SCRIPT tag which redirects the user to said NAS for reauthentication; and
  
  wherein if the user'"'"'s maximum period of network-wide inactivity does not exceed said P_max, said NAS returns a Javascript code that sets a Javascript inactive var to false, and the user'"'"'s browser, executes the Javascript code in said second SCRIPT tag which does nothing.

21. An apparatus of network communications, comprising:
- at least one client communicatively coupled to the Internet;
  
  at least two network sites communicatively coupled to the Internet;
  
  at least one authentication server which authenticates a user via said at least one client to said network, said at least one authentication server maintaining a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, wherein upon the user'"'"'s every authentication to said network, said NATr parameters for the user are reset;
  
  wherein when the user requests a page from a site, said site'"'"'s Web server checks for existence of a local cookie in the user'"'"'s browser request;
  
  wherein if the local cookie is found, said site'"'"'s Web server returns the requested page;
  
  wherein if the local cookie is not found, said site'"'"'s Web server issues a redirect to said NAS, passing along as query data(1) said site'"'"'s maximum allowable period of network-wide inactivity (P_max) and(2) said site'"'"'s return URL;
  
  wherein said NAS updates the user'"'"'s network-wide activity tracking (NATr) parameters and stores them into said NATr cookie;
  
  wherein said NAS compares the user'"'"'s maximum period of network-wide inactivity to said P_max;
  
  wherein it the user'"'"'s maximum period of network-wide inactivity exceeds said P_max, said NAS returns a user authentication page to reauthenticate the user; and
  
  wherein if the user'"'"'s maximum period of network-wide inactivity does not exceed said P_max, said NAS returns redirect to said site'"'"'s return URL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AOL LLC (Apollo Global Management, Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Toomey, Christopher Newell
Primary Examiner(s)
Cardone, Jason
Assistant Examiner(s)
NGUYEN, MINH CHAU

Application Number

US10/272,033
Publication Number

US 20040073660A1
Time in Patent Office

1,715 Days
Field of Search

709200-201, 709/225
US Class Current

709/224
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/108 when the policy decisions a...

Cross-site timed out authentication management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Cross-site timed out authentication management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links