Cross-site timed out authentication management
First Claim
1. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user, the method comprising the steps of:
- (a) requesting, by a user, a page from a site in said network;
(b) checking, by said site, whether the user has already been authenticated;
(c) if the check result in step (b) is yes, then updating the user'"'"'s SATr parameters and storing them into said SATr cookie;
(d) checking said SATr cookie to determine whether the user has been inactive at said site for longer than said site'"'"'s maximum allowable inactivity period Pmax;
(e) if the check result in step (d) is yes, then redirecting the user along with said Pmax and said site'"'"'s return URL to a network authentication server (NAS) associated with said network to check the user'"'"'s network-wide activity;
(f) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie;
(g) inspecting the user'"'"'s NATr parameters in said NATr cookie to determine whether the user has been inactive for longer than said Pmax; and
(h) if the check result in step (g) is yes, then forcing the user to re-authenticate.
2 Assignments
0 Petitions
Accused Products
Abstract
A solution is provided to monitor Web browsing activity across an Internet based network of affiliated Web sites and to enable the Web sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period. The network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie. The NATr cookie comprises a set of network-wide activity tracking (NATr) parameters for each registered user. Each of the Web sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user. The NATr parameters for each user are reset whenever the user authenticates to the network. When a user requests a page from a site, an NAS forces the user to re-authenticate when the NAS determines that the user'"'"'s network-wide inactivity duration is longer than the site'"'"'s maximum allowable inactivity period.
-
Citations
21 Claims
-
1. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user, the method comprising the steps of:
-
(a) requesting, by a user, a page from a site in said network; (b) checking, by said site, whether the user has already been authenticated; (c) if the check result in step (b) is yes, then updating the user'"'"'s SATr parameters and storing them into said SATr cookie; (d) checking said SATr cookie to determine whether the user has been inactive at said site for longer than said site'"'"'s maximum allowable inactivity period Pmax; (e) if the check result in step (d) is yes, then redirecting the user along with said Pmax and said site'"'"'s return URL to a network authentication server (NAS) associated with said network to check the user'"'"'s network-wide activity; (f) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie; (g) inspecting the user'"'"'s NATr parameters in said NATr cookie to determine whether the user has been inactive for longer than said Pmax; and (h) if the check result in step (g) is yes, then forcing the user to re-authenticate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus of network communications, comprising:
-
at least one client communicatively coupled to the Internet;
at least two network sites communicatively coupled to the Internet;at least one authentication server which authenticates a user via said at least one client to said network; means for tracking the user'"'"'s site-specific inactivity duration; means for tracking the user'"'"'s network-wide inactivity duration, said network-wide inactivity duration being reset whenever the user authenticates to said network; wherein when the user requests a page from a network site in said network, said network site inspects the user'"'"'s inactivity duration at said network site; wherein if the user has been inactive in said network site longer than said network site'"'"'s maximum allowable duration, said network site redirects the user to said at least one authentication server; wherein said at least one authentication server inspects the user'"'"'s maximum network-wide inactivity duration in said network; wherein if said at least one authentication server determines that the user'"'"'s maximum network-wide inactivity duration is not longer than said network site'"'"'s maximum allowable inactivity duration, said network site initializes said means for tracking the user'"'"'s site-specific inactivity duration; wherein if the user'"'"'s maximum network-wide inactivity duration is longer than said network site'"'"'s maximum allowable inactivity duration, said at least one authentication server forces the user to re-authenticate. - View Dependent Claims (11)
-
-
12. An apparatus of network communications, comprising:
-
at least one client communicatively coupled to the Internet;
at least two network sites communicatively coupled to the Internet, each of said network sites maintaining a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user;at least one authentication server which authenticates a user via said at least one client to said network, said at least one authentication server maintaining a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, wherein upon the user'"'"'s every authentication to said network, said NATr parameters for the user are reset; wherein when the user requests a page from the network site in said network, said network site checks its SATr cookie to determine the user'"'"'s inactivity duration at said network site; wherein if the user has been inactive in said network site longer than said network site'"'"'s maximum allowable duration, said network site redirects the user to said at least one authentication server; and wherein said at least one authentication server updates the user'"'"'s NATr parameters and, if said at least one authentication server determines that the user'"'"'s maximum network-wide inactivity duration longer than said network site'"'"'s maximum allowable inactivity duration, then forces the user to re-authenticate. - View Dependent Claims (13, 14)
-
-
15. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon user'"'"'s who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites includes in its pages an HTML SCRIPT tag that causes the user'"'"'s browser to request a Javascript activity-tracking source file from said site'"'"'s Web server, the method comprising the steps of:
-
(a) requesting, by a user, a page from a site in said network; (b) returning a page containing a first SCRIPT tag and a second SCRIPT tag to the user'"'"'s browser; (C) requesting, by the browser, from said site Javascript URL in said first SCRIPT tag; (d) checking for existence of a local cookie in the browser request; (e) if the check result in step (d) is no, then issuing a redirect to said NAS, passing along said site'"'"'s maximum allowable period of network-wide inactivity (Pmax) as query data, wherein if the check result of step (d) is yes, then said site returns an empty Javascript file; (f) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie; (g) comparing the user'"'"'s maximum period of network-wide inactivity to said Pmax; (h) if the user'"'"'s maximum period of network-wide inactivity exceeds said Pmax, then returning a Javascript code that sets a Javascript inactive var to true; (i) executing, by the user'"'"'s browser, Javascript code in said second SCRIPT tag which redirects the user to said NAS for reauthentication; (j) If the user'"'"'s maximum period of network-wide inactivity does not exceed said Pmax, then returning Javascript code that sets a Javascript inactive false; and (k) executing, by the user'"'"'s browser, Javascript code in said second SCRIPT tag which does nothing. - View Dependent Claims (16)
-
-
17. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon user'"'"'s who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, the method comprising the steps of:
-
(a) requesting, by a user, a page from a site in said network; (b) checking for existence of a local cookie in the browser request; (c) if the check result in Step (b) is no, then issuing a redirect to said NAS, passing along as query data (1) said site'"'"'s maximum allowable period of network-wide inactivity (Pmax) and (2) said site'"'"'s return URL, wherein if the check result in step (b) is yes, then said site returns the requested page; (d) updating, by said NAS, the user'"'"'s network-wide activity tracking (NATr) parameters and storing them into said NATr cookie; (e) comparing the user'"'"'s maximum period of network-wide inactivity to said Pmax and (f) if the check result in step (e) is yes, then returning, by said NAS, a authentication page to the browser; (g) forcing the user to authenticate; and (h) returning, by said NAS, redirect to said site'"'"'s return URL;
wherein if the check result of step (e) is no, then step (e) is followed by step (h). - View Dependent Claims (18)
-
-
19. A method for monitoring Web browsing activity across a network of affiliated sites and for enabling said sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period, wherein said network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, and wherein each of said sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user, the method comprising the steps of:
-
updating the user'"'"'s NATr parameters in said NATr cookie upon performance of each activity indicating event by the user in the network; updating the user'"'"'s SATr parameters in said SATr cookie upon performance of each activity indicating event by the user in the site; determining upon request the maximum period of site-specific inactivity experienced by the user since his last network authentication; checking the user'"'"'s network-wide inactivity if the maximum period of site-specific inactivity exceeds a predefined threshold; determining upon request the maximum period of network-wide inactivity experienced by the user since his last network authentication; and re-authenticating the user if the maximum period of network-wide inactivity exceeds the predefined threshold.
-
-
20. An apparatus of network communications, comprising:
-
at least one client communicatively coupled to the Internet; at least two network sites communicatively coupled to the Internet, each of which includes in its pages a first SCRIP tag and a second SCRIP tag that cause a user'"'"'s browser to request a Javascript activity tracking source file from said site'"'"'s Web server; at least one authentication server which authenticates a user via said at least one client to said network, said at least one authentication server maintaining a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, wherein upon the user'"'"'s every authentication to said network, said NATr parameters for the user are reset; wherein when the user requests a page from a site, said site'"'"'s Web server checks for existence of a local cookie in the user'"'"'s browser request; wherein if the local cookie is found, said site'"'"'s Web server returns an empty Javascript file; wherein if the local cookie is not found, said site'"'"'s Web server issues a redirect to said NAS, passing along said site'"'"'s maximum allowable period of network-wide inactivity (Pmax) as query data; wherein said NAS updates the user'"'"'s network-wide activity tracking (NATr) parameters and stores them into said NATr cookie; wherein said NAS compares the user'"'"'s maximum period of network-wide inactivity to said Pmax;
wherein if the user'"'"'s maximum period of network-wide inactivity exceeds said Pmax, said NAS returns a Javascript code that sets a Javascript Inactive var to true, and the user'"'"'s browser executes the Javascript code in said second SCRIPT tag which redirects the user to said NAS for reauthentication; andwherein if the user'"'"'s maximum period of network-wide inactivity does not exceed said Pmax, said NAS returns a Javascript code that sets a Javascript inactive var to false, and the user'"'"'s browser, executes the Javascript code in said second SCRIPT tag which does nothing.
-
-
21. An apparatus of network communications, comprising:
-
at least one client communicatively coupled to the Internet;
at least two network sites communicatively coupled to the Internet;at least one authentication server which authenticates a user via said at least one client to said network, said at least one authentication server maintaining a network-wide activity tracking (NATr) cookie, said NATr cookie comprising a set of network-wide activity tracking (NATr) parameters for each registered user, wherein upon the user'"'"'s every authentication to said network, said NATr parameters for the user are reset; wherein when the user requests a page from a site, said site'"'"'s Web server checks for existence of a local cookie in the user'"'"'s browser request; wherein if the local cookie is found, said site'"'"'s Web server returns the requested page;
wherein if the local cookie is not found, said site'"'"'s Web server issues a redirect to said NAS, passing along as query data(1) said site'"'"'s maximum allowable period of network-wide inactivity (Pmax) and (2) said site'"'"'s return URL; wherein said NAS updates the user'"'"'s network-wide activity tracking (NATr) parameters and stores them into said NATr cookie; wherein said NAS compares the user'"'"'s maximum period of network-wide inactivity to said Pmax; wherein it the user'"'"'s maximum period of network-wide inactivity exceeds said Pmax, said NAS returns a user authentication page to reauthenticate the user; and wherein if the user'"'"'s maximum period of network-wide inactivity does not exceed said Pmax, said NAS returns redirect to said site'"'"'s return URL.
-
Specification