Maintaining authentication states for resources accessed in a stateless environment

US 7,421,730 B2
Filed: 05/09/2002
Issued: 09/02/2008
Est. Priority Date: 05/09/2002
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the computer system, a method for validating authentication information that is associated with a request to access a resource so as to determine the state of the resource, the method comprising:

receiving a request via a stateless protocol to access a resource that requires authentication information inherent to access control mechanisms of the stateless protocol; and

using the authentication information inherent to access control mechanisms of the stateless protocol and resource access requirements attributes for determining a session state for access to the resource;

determining validation information, the validation information being distinct from the authentication information, the validation information containing information other than authentication information and the validation information incorporating the previously determined session state information, and wherein the validation information is subsequently used with the distinct authentication information to determine whether access to the resource should be granted;

setting the validation information within the system requesting access to the resource;

the requesting system sending the previously set validation information and sending the authentication information inherent to access control mechanisms of the stateless protocol with a subsequent request to access a resource included in the computer system;

using the previously set validation information and the authentication information inherent to the stateless protocol'"'"'s access control mechanisms to determine a session state; and

using the validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine if access to the resource is to be granted wherebyif and only if both the validation information is appropriate for accessing the resource and the authentication information is appropriate for accessing the resource, then access to the resource is granted, butif either the validation information is not appropriate for accessing the resource or if the authentication information is not appropriate for accessing the resource, then access to the resource is not granted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A providing computer system may receive a request, via a stateless protocol, to access a resource. An access control application may refer to administrative rules to set validation information associated with the request. Validation information may be in the form of electronic text that is stored in a location such as a cookie or state-table. Validation information may indicate the state of a session associated with a resource, such as whether a session is in a logged-in or logged-out state. When a request is received, validation information and authentication information may be utilized together to determine if access to a resource should be granted. When access to a resource is granted or denied, validation information may be updated to indicate that the state of the session has changed.

Citations

34 Claims

1. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the computer system, a method for validating authentication information that is associated with a request to access a resource so as to determine the state of the resource, the method comprising:
- receiving a request via a stateless protocol to access a resource that requires authentication information inherent to access control mechanisms of the stateless protocol; and
  
  using the authentication information inherent to access control mechanisms of the stateless protocol and resource access requirements attributes for determining a session state for access to the resource;
  
  determining validation information, the validation information being distinct from the authentication information, the validation information containing information other than authentication information and the validation information incorporating the previously determined session state information, and wherein the validation information is subsequently used with the distinct authentication information to determine whether access to the resource should be granted;
  
  setting the validation information within the system requesting access to the resource;
  
  the requesting system sending the previously set validation information and sending the authentication information inherent to access control mechanisms of the stateless protocol with a subsequent request to access a resource included in the computer system;
  
  using the previously set validation information and the authentication information inherent to the stateless protocol'"'"'s access control mechanisms to determine a session state; and
  
  using the validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine if access to the resource is to be granted wherebyif and only if both the validation information is appropriate for accessing the resource and the authentication information is appropriate for accessing the resource, then access to the resource is granted, butif either the validation information is not appropriate for accessing the resource or if the authentication information is not appropriate for accessing the resource, then access to the resource is not granted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method as recited in claim 1, wherein receiving a request, via a stateless protocol, to access a resource that requires authentication information comprises the following:
    - receiving an HTTP request to access a resource that requires authentication information.
  - 3. The method as recited in claim 1, wherein receiving a request to access a resource that requires authentication information comprises the following:
    - receiving a request that includes a WWW-Authenticate header.
  - 4. The method as recited in claim 1, wherein receiving a request to access a resource that requires authentication information comprises the following:
    - receiving a request that includes authentication information that was retrieved from a storage location.
  - 5. The method as recited in claim 1, wherein receiving a request to access a resource that requires authentication information comprises the following:
    - receiving a request that includes authentication information that was manually entered in response to a form being presented to a user.
  - 6. The method as recited in claim 1, wherein receiving a request to access a resource that requires authentication information comprises the following:
    - receiving a request to access a Web page that requires authentication information to access.
  - 7. The method as recited in claim 1, wherein adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - adding validation information contained in a cookie that is subsequently used along with the authentication information.
  - 8. The method as recited in claim 1, wherein adding validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - adding validation information contained in a state-table that is subsequently used along with the authentication information.
  - 9. The method as recited in claim 1, wherein setting validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - setting validation information indicative of the validation state of the resource that is subsequently used along with the authentication information.
  - 10. The method as recited in claim 1, wherein setting validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - setting validation information, which was caused to be set by the execution of an express log-out command, that is subsequently used along with the authentication information.
  - 11. The method as recited in claim 1, wherein setting validation information that is subsequently used along with the authentication information to determine whether access to the resource should be granted comprises the following:
    - setting validation information, which is indicative of access to the resource being expired, and is subsequently used along with the authentication information.
  - 12. A method as recited in claim 1, the method further comprising the following:
    - referring to administrative rules to determine validation information associated with the resource;
      
      receiving a second request to access the resource, the second request including the validation information; and
      
      using the validation information along with authentication information to determine whether access to the resource should be granted.
  - 13. The method as recited in claim 12, wherein receiving an initial request to access the resource comprises the following:
    - receiving a request to access a resource that is in a validation state.
  - 14. The method as recited in claim 12, wherein receiving an initial request to access the resource comprises the following:
    - receiving a request that includes authentication information that was cached to a memory location by a browser.
  - 15. The method as recited in claim 12, wherein referring to administrative rules to set validation information associated with the resource comprises the following:
    - rejecting the initial request and returning an unauthorized message.
  - 16. The method as recited in claim 12, wherein referring to administrative rules to set validation information associated with the resource comprises the following:
    - referring to administrative rules to determine validation information indicative of a validation state.
  - 17. The method as recited in claim 13, wherein referring to administrative rules to set validation information associated with the resource comprises the following:
    - referring to administrative rules to set a cookie with validation information.
  - 18. The method as recited in claim 12, wherein referring to administrative rules to set validation information associated with the resource comprises the following:
    - referring to administrative rules to set a state-table with validation information.
  - 19. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource that includes authentication information that was manually entered.
  - 20. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource that is associated with validation information contained in a cookie.
  - 21. The method as recited in claim 12, wherein receiving a second request to access the resource the second request including the validation information comprises the following:
    - receiving a second request to access the resource that is associated with validation information contained in a state-table.
  - 22. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a validation begin state.
  - 23. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a validation end state.
  - 24. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a valid state.
  - 25. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a logged-in state.
  - 26. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource, the second request including the validation information indicative of the resource being in a logged-out state.
  - 27. The method as recited in claim 12, wherein receiving a second request to access the resource, the second request including the validation information comprises the following:
    - receiving a second request to access the resource, the second request including the validation information indicating access to the resource has expired.
  - 28. The method as recited in claim 12, wherein using the validation information along with authentication information to determine whether access to the resource should be granted comprises the following:
    - using validation information contained in a cookie along with authentication information to determine whether access to the resource should be granted.
  - 29. The method as recited in claim 12, wherein using the validation information along with authentication information to determine whether access to the resource should be granted comprises the following:
    - using validation information contained in a state-table along with authentication information to determine whether access to the resource should be granted.
  - 30. The method as recited in claim 12, wherein using the validation information along with authentication information to determine whether access to the resource should be granted comprises the following:
    - using validation information along with authentication information that was manually entered to determine whether access to the resource should be granted.
  - 31. The method as recited in claim 12, wherein request to access the resource are received via HTTP.
  - 32. The method as recited in claim 12, further comprising:
    - receiving a third request to access the resource that is associated with validation information indicative of a session associated with the resource being in a validation state that allows access to be granted to the resource.

33. A computer program product for use in a providing computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the providing computer system, the computer program product for implementing a method for validating authentication information received in a request to access a resource so as to determine the state of the resource, the computer program product comprising the following:
- one or more computer-readable storage media carrying computer-executable instructions, that when executed at the computer system, cause the computer system to perform the method for validating authentication information, wherein the method includes;
  
  receiving a request via a stateless protocol to access a resource that requires authentication information inherent to access control mechanisms of the stateless protocol; and
  
  using the authentication information inherent to access control mechanisms of the stateless protocol and resource access requirements attributes for determining a session state for access to the resource;
  
  determining validation information, the validation information being distinct from the authentication information, the validation information containing information other than authentication information and the validation information incorporating the previously determined session state information, and wherein the validation information is subsequently used with the distinct authentication information to determine whether access to the resource should be granted;
  
  setting the validation information within the system requesting access to the resource;
  
  the requesting system sending the previously set validation information and sending the authentication information inherent to the stateless protocol'"'"'s access control mechanisms with a subsequent request to access a resource included in the computer system;
  
  using the previously set validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine a session state; and
  
  using the validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine if access to the resource is to be granted wherebyif and only if both the validation information is appropriate for accessing the resource and the authentication information is appropriate for accessing the resource, then access to the resource is granted, butif either the validation information is not appropriate for accessing the resource or if the authentication information is not appropriate for accessing the resource, then access to the resource is not granted.
- View Dependent Claims (34)
- - 34. The computer program product as recited claim 33, wherein the one or more computer-readable media include system memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Walther, Dan E., Kramer, Michael, Kueh, Anthony Y., Mazur, Leszek
Primary Examiner(s)
Vu, Kimyen
Assistant Examiner(s)
To, Baotran N

Application Number

US10/142,068
Publication Number

US 20030212887A1
Time in Patent Office

2,308 Days
Field of Search

711/164, 709/255, 709/223, 709/225, 709/229, 726/2, 726/8, 726/5, 713/182, 713/185, 713/151, 713/168, 713155-156, 713/164, 713/175
US Class Current

726/2
CPC Class Codes

H04L 63/08 for authentication of entit...

Maintaining authentication states for resources accessed in a stateless environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining authentication states for resources accessed in a stateless environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links