Systems and methods for authenticating a user to a web server

US 7,356,833 B2
Filed: 08/13/2003
Issued: 04/08/2008
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing browser access to network resources protected by a web server, the method comprising:

intercepting a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication having been sent in response to a request by the browser for access to resources protected by the web server;

determining whether the device has the requested authentication data;

providing the authentication data from the server to the web server if the device has the requested authentication data;

requesting the authentication data from the browser if the device does not include the authentication data;

receiving the authentication data from a user through a web browser interface;

providing the authentication data from the web browser to the server; and

providing the authentication data from the server to the web server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for automatically and transparently providing access to resources associated with a web server which requires authentication. A server is provided for a web browser, which intercepts and responds to authentication requests from web servers. The method and system allows a user to access multiple network resources with a single initial authentication procedure.

Citations

30 Claims

1. A method for providing browser access to network resources protected by a web server, the method comprising:
- intercepting a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication having been sent in response to a request by the browser for access to resources protected by the web server;
  
  determining whether the device has the requested authentication data;
  
  providing the authentication data from the server to the web server if the device has the requested authentication data;
  
  requesting the authentication data from the browser if the device does not include the authentication data;
  
  receiving the authentication data from a user through a web browser interface;
  
  providing the authentication data from the web browser to the server; and
  
  providing the authentication data from the server to the web server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the server provides the authentication data by formatting a response according to a hypertext transfer protocol.
  - 3. The method of claim 1, wherein the authentication data includes a role of a user of the browser.
  - 4. The method of claim 3, wherein the authentication data further includes user identification information.
  - 5. The method of claim 1, wherein the request for authentication data includes a hypertext transfer protocol authentication header.
  - 6. The method of claim 5, wherein the step of providing the authentication data includes providing a hypertext transfer protocol authorization header.
  - 7. The method of claim 1, wherein the request for authentication data includes a challenge to the request for access and wherein the providing of the authentication data in response to the challenge includes returning the challenge in an encrypted form, wherein the encrypted form indicates a shared secret.
  - 8. The method of claim 7, wherein the web browser is a non-NTLM browser and the web server is a NTLM server.

9. A method for providing browser access to network resources protected by a web server, the method comprising:
- detecting an access denial issued by a web server in response to an access request by a browser to resources protected by the web server, the access denial including an authentication header;
  
  adding a supplemental authentication header to the authentication header;
  
  intercepting a request for authentication data from the web server to the browser at a server located on the same device as the browser, the request for authentication data being associated with the denial and including the supplemental authentication header;
  
  detecting the supplemental authentication header;
  
  determining whether the device has the requested authentication data; and
  
  responding to the supplemental authentication header by extracting the authentication data, and forwarding the authentication data to the web server in an authorization header.

10. A method for providing browser access to network resources protected by a web server, the method comprising:
- intercepting a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication having been sent in response to a request by the browser for access to resources protected by the web server;
  
  determining whether the device has the requested authentication data;
  
  providing the authentication data from the server to the web server if the device has the requested authentication data;
  
  intercepting a request for authentication data from a second web server to the browser at the server, the second request for authentication data having been sent in response to a request by the browser for access to resources protected by the second web server;
  
  determining whether the device has the authentication data for the second web server; and
  
  providing the authentication data from the server to the second web server if the device has the requested authentication data.

11. A system for providing browser access to network resources protected by a web server, the system comprising:
- means for intercepting a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication sent in response to a request for access by the browser to resources protected by the web server;
  
  means for determining whether the device has the requested authentication data;
  
  means for providing the authentication data from the server to the web server if the device has the requested authentication data;
  
  means for requesting the authentication data from the browser if the device does not include the authentication data;
  
  means for receiving the authentication data from a user through a web browser interface;
  
  means for providing the authentication data from the web browser to the server; and
  
  means for providing the authentication data from the server to the web server.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, wherein the server provides the authentication data by formatting a response according to a hypertext transfer protocol.
  - 13. The system of claim 11, wherein the authentication data includes a role of a user of the browser.
  - 14. The system of claim 13, wherein the authentication data further includes user identification information.
  - 15. The system of claim 11, wherein the request for authentication data includes a hypertext transfer protocol authentication header.
  - 16. The system of claim 15, wherein the means for providing the authentication data includes means for providing a hypertext transfer protocol authorization header.
  - 17. The system of claim 11, wherein the request for authentication data includes a challenge to the request for access and wherein the means for providing of the authentication data in response to the challenge includes means for returning the challenge in an encrypted form, wherein the encrypted form indicates a shared secret.
  - 18. The system of claim 17, wherein the web browser is a non-NTLM browser and the web server is a NTLM server.

19. A system for providing browser access to network resources protected by a web server, the system comprising:
- means for detecting an access denial issued by a web server in response to an access request by a browser to resources protected by the web server, the access denial including an authentication header;
  
  means for adding a supplemental authentication header to the authentication header;
  
  means for intercepting a request for authentication data from the web server to the browser at a server located on the same device as the browser, the request for authentication data being associated with the denial and including the supplemental authentication header;
  
  means for detecting the supplemental authentication header;
  
  means for determining whether the device has the requested authentication data; and
  
  means for responding to the supplemental authentication header by extracting the authentication data, and forwarding the authentication data to the web server in an authorization header.

20. A system for providing browser access to network resources protected by a web server, the system comprising:
- means for intercepting a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication sent in response to a request for access by a browser to resources protected by the web server;
  
  means for determining whether the device has the requested authentication data;
  
  means for providing the authentication data from the server to the web server if the device has the requested authentication data;
  
  means for requesting access by the browser to resources protected by a second web server;
  
  means for intercepting a request for authentication data from the second web server to the browser at the server;
  
  means for determining whether the device has the authentication data for the second web server; and
  
  means for providing the authentication data from the server to the second web server if the device has the requested authentication data.

21. An information storage media comprising:
- information that intercepts a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication sent in response to a request for access by the browser to resources protected by the web server;
  
  information that determines whether the requested authentication data is available; and
  
  information that provides the authentication data from the server to the web server if the requested authentication data is available;
  
  information that requests the authentication data from the browser if the device does not include the authentication data;
  
  information that receives the authentication data from a user through a web browser interface;
  
  information that provides the authentication data from the web browser to the server; and
  
  information that provides the authentication data from the server to the web server.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The information storage media of claim 21, wherein the information which provides the authentication data further comprises information that formats a response according to a hypertext transfer protocol.
  - 23. The information storage media of claim 21, wherein the authentication data includes a role of a user of the browser.
  - 24. The information storage media of claim 23, wherein the authentication data further includes user identification information.
  - 25. The information storage media of claim 21, wherein the request for authentication data includes a hypertext transfer protocol authentication header.
  - 26. The information storage media of claim 25, wherein the information that provides the authentication data further comprises information that provides a hypertext transfer protocol authorization header.
  - 27. The information storage media of claim 21, wherein the request for authentication data includes a challenge to the request for access and wherein the information that provides the authentication data in response to the challenge further includes information that returns the challenge in an encrypted form, wherein the encrypted form indicates a shared secret.
  - 28. The information storage media of claim 27, wherein the web browser is a non-NTLM browser and the web server is a NTLM server.

29. An information storage media comprising:
- information that detects an access denial issued by web server in response to an access request by a browser to resources protected by the web server, the access denial including an authentication header;
  
  information that adds a supplemental authentication header to the authentication header;
  
  information that intercepts a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication data being associated with the denial and including the supplemental authentication header;
  
  information that detects the supplemental authentication header;
  
  information that determines whether the requested authentication data is available; and
  
  information that responds to the supplemental authentication header by extracting the authentication data, and forwards the authentication data to the web server in an authorization header.

30. An information storage media comprising:
- information that intercepts a request for authentication data from a web server to a browser at a server located on the same device as the browser, the request for authentication sent in response to a request for access by the browser to resources protected by the web server;
  
  information that determines whether the requested authentication data is available; and
  
  information that provides the authentication data from the server to the web server if the requested authentication data is available;
  
  information that requests access by the browser to resources protected by a second web server;
  
  information that intercepts a request for authentication data from the second web server to the browser at the server;
  
  information that determines whether the device has the authentication data for the second web server; and
  
  information that provides the authentication data from the server to the second web server if the device has the requested authentication data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Byrne, Barry A.
Primary Examiner(s)
Song; Hosuk

Application Number

US10/640,228
Publication Number

US 20040193921A1
Time in Patent Office

1,700 Days
Field of Search

726 2- 4, 726/27, 713/150, 713/168, 713160-162
US Class Current

726/2
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

Systems and methods for authenticating a user to a web server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating a user to a web server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links