Virtual folders for tracking HTTP sessions

US 7,502,835 B1
Filed: 11/17/2004
Issued: 03/10/2009
Est. Priority Date: 11/17/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating requests from a client made to a network device, the method comprising:

obtaining a session identification (ID) value when a session is initiated;

transmitting a hyper-text markup language (HTML) document to the client that embeds the session ID as a hidden field within the HTML so that a request to the network device based on the HTML document includes the session ID in the request, wherein the transmitting the HTML document is performed without using cookies, an administrator login name, credential information, or an Internet protocol address associated with the client; and

authenticating the request based on a determination of whether the session ID is included in the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Requests from a client to a network device are authenticated based on a session ID obtained by the network device. Requests may be authenticated by obtaining a session ID value when a session is initiated and transmitting a document to the client that embeds the session ID in such a manner that additional requests to the network device based on the document include the session ID in the request. The additional requests are authenticated based on a determination of whether the session ID is included in the additional requests.

39 Citations

View as Search Results

33 Claims

1. A method for authenticating requests from a client made to a network device, the method comprising:
- obtaining a session identification (ID) value when a session is initiated;
  
  transmitting a hyper-text markup language (HTML) document to the client that embeds the session ID as a hidden field within the HTML so that a request to the network device based on the HTML document includes the session ID in the request, wherein the transmitting the HTML document is performed without using cookies, an administrator login name, credential information, or an Internet protocol address associated with the client; and
  
  authenticating the request based on a determination of whether the session ID is included in the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - satisfying the request when the session ID is determined to be included.
  - 3. The method of claim 1, wherein the request is a hyper-text transfer protocol (HTTP) request.
  - 4. The method of claim 1, wherein the HTML document additionally embeds the session ID as part of one or more links to the HTML document from which the request is based.
  - 5. The method of claim 4, wherein the session ID is embedded within the one or more links as a name of a virtual folder.
  - 6. The method of claim 1, wherein the HTML document embeds the session ID as a query string within the HTML.
  - 7. The method of claim 1, wherein obtaining the session ID is performed in response to the client presenting valid initial credentials to the network device.
  - 8. The method of claim 1, wherein the session ID is a random value.
  - 9. The method of claim 8, wherein the random value is large enough to ensure that the session ID is essentially unique.

10. A network device comprising:
- means for generating a random value and converting the random value to a session identification (ID) value assigned to a session that is initiated by a client with the network device;
  
  means for transmitting a document to the client which embeds the session ID so that requests to the network device from the client based on the document include the session ID in the requests; and
  
  means for authenticating a request, without using cookies, an administrator login name, credential information, or an Internet protocol address associated with the client, based on a determination of whether the session ID is included in the request.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The network device of claim 10, wherein the requests are hyper-text transfer protocol (HTTP) requests.
  - 12. The network device of claim 10, wherein the session ID is associated with the document as references in the document stored in a virtual folder.
  - 13. The network device of claim 10, wherein the document embeds the session ID as a query string within HTML code that defines the document.
  - 14. The network device of claim 10, wherein the document embeds the session ID in a hidden field within HTML code that defines the document.

15. A device for authenticating requests from a client made to the device without using cookies, an administrator login name, credential information, or an Internet protocol address associated with the client, comprising:
- a processor; and
  
  a computer memory operatively coupled to the processor, the computer memory including;
  
  programming instructions configured to generate a session identification (ID) value when an initial session request is received;
  
  programming instructions configured to transmit a hyper-text markup language (HTML) document to the client that includes the session ID as a query string within the HTML so that additional requests to the device based on the HTML document include the session ID in the request; and
  
  programming instructions configured to authenticate the additional requests based on a determination of whether the session ID is included in the additional requests.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The device of claim 15, wherein the requests are hyper-text transfer protocol (HTTP) requests.
  - 17. The device of claim 15, wherein the HTML document includes the session ID as part of links within the HTML document from which the additional requests are based.
  - 18. The device of claim 17, wherein the session ID is associated with the links as a name of a virtual folder.
  - 19. The device of claim 15, wherein the HTML document includes the session ID as a hidden field within the HTML.
  - 20. The device of claim 15, wherein the session ID is a random value.
  - 21. The device of claim 20, wherein the random value is large enough to ensure that the session ID is essentially unique.

22. A system comprising:
- a client computing device; and
  
  a network device communicating with the client computing device via a network using hyper-text transfer protocol (HTTP), the network device configured to;
  
  authenticate the client computing device in response to receiving initial login information from the client computing device for a first session;
  
  obtain a first session identification (ID) value for the first session;
  
  transmit a management interface to the client computing device, the management interface embedding the session ID in such a manner that requests to the network device from the management interface include the session ID in the requests; and
  
  authenticating the requests based on the session ID included in the requests and without using cookies, an administrator login name, credential information, or an Internet protocol address of the client computing device.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The system of claim 22, wherein the network device is further configured to:
    - receive initial login information from the client computing device for a second session;
      
      generate a second session ID value for the second session;
      
      transmit a second instance of the management interface to the client computing device, the second instance of the management interface embedding the second session ID in such a manner that requests to the network device from the management interface include the second session ID in the requests; and
      
      authenticate requests associated with the second session based on the session ID.
  - 24. The system of claim 22, further comprising:
    - a firewall coupled between the client computing device and the network device, the firewall performing network address translation between the client computing device and the network device.
  - 25. The system of claim 22, wherein the network device is further configured to:
    - satisfy the requests when the first session ID is determined to be included in the requests.
  - 26. The system of claim 22, wherein the management interface embeds the first session ID as part of links to the document from which the requests are based.
  - 27. The system of claim 26, wherein the first session ID is embedded within the links as a name of a virtual folder.
  - 28. The system of claim 22, wherein the management interface is a hyper-text markup language (HTML) document.
  - 29. The system of claim 28, wherein the management interface embeds the first session ID as a query string within the HTML of the document.
  - 30. The system of claim 28, wherein the management interface embeds the first session ID in a hidden field within the HTML of the document.
  - 31. The system of claim 30, wherein the first session ID is a random value.

32. A method comprising:
- receiving a request from a client device relating to a hyper-text transfer protocol (HTTP) communication session;
  
  determining whether the received request includes an embedded session ID, as a name of a virtual folder, within one or more links to a document from which the request is based, which was created specifically for the communication session, wherein the determining whether the received request includes the embedded session ID is performed without using cookies, an administrator login name, credential information, or an IP address of the client device; and
  
  granting the request when the received request includes the session ID.

33. A method for authenticating requests from a client made to a network device, the method comprising:
- obtaining a session identification (ID) value when a session is initiated;
  
  recording a client local time when the session is initiated;
  
  transmitting a document to the client that embeds the session ID so that a request to the network device based on the document includes the session ID in the request, wherein the transmitting the document is performed without using cookies, an administrator login name, credential information, or an Internet protocol address associated with the client; and
  
  authenticating the request when the session ID is included in the request and the session ID corresponds to the client local time and to source/destination information relating to the client or the network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Cheng, Chunqing
Primary Examiner(s)
Hu; Jinsong

Application Number

US10/990,347
Time in Patent Office

1,574 Days
Field of Search

709/217, 709/223, 709/227, 709/228, 715/811, 717/101
US Class Current

709/217
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

Virtual folders for tracking HTTP sessions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual folders for tracking HTTP sessions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links