Method and system of integrating third party authentication into internet browser code

US 7,698,735 B2
Filed: 04/24/2006
Issued: 04/13/2010
Est. Priority Date: 03/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. In a networked computing environment, a method of authenticating a client request utilizing HTTP-based authentication, comprising:

requesting content from a remote server;

receiving an HTTP redirect response from the remote server identifying a first URL corresponding to a first login server of an authentication service;

providing a login request to the first login server in response to the HTTP redirect response;

receiving a domain authority redirect response from the first login server, the domain authority redirect response identifying a second URL of a second login server of the authentication service;

providing a login request to the second login server in response to the domain authority redirect response; and

receiving an authentication ticket from the second login server, wherein the authentication ticket provides access to the requested content on the remote server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for using an Internet client'"'"'s local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data'"'"'s presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party'"'"'s Internet page that provides a form for credential entry.

53 Citations

View as Search Results

20 Claims

1. In a networked computing environment, a method of authenticating a client request utilizing HTTP-based authentication, comprising:
- requesting content from a remote server;
  
  receiving an HTTP redirect response from the remote server identifying a first URL corresponding to a first login server of an authentication service;
  
  providing a login request to the first login server in response to the HTTP redirect response;
  
  receiving a domain authority redirect response from the first login server, the domain authority redirect response identifying a second URL of a second login server of the authentication service;
  
  providing a login request to the second login server in response to the domain authority redirect response; and
  
  receiving an authentication ticket from the second login server, wherein the authentication ticket provides access to the requested content on the remote server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first login server is not the correct server to handle the login request.
  - 3. The method of claim 1, wherein the first login server is too busy to handle the login request.
  - 4. The method of claim 1 further comprising, collecting credentials to be provided as part of the login request, wherein the credentials include a sign-in name and a password.
  - 5. The method of claim 4 further comprising, associating the second URL with the sign-in name so that future login requests utilizing the sign-in name are initially directed to the second login server.
  - 6. The method of claim 4 further comprising, associating the second URL with a domain portion of the sign-in name so that future login requests to the same domain are initially directed to the second login server.
  - 7. The method of claim 6, wherein the step of associating the second URL with the domain portion of the sign-in name comprises populating a domain authority map with a name-value pair, where the name comprises the domain portion of the sign-in name and the value comprises the second URL.
  - 8. The method of claim 7, wherein the domain authority map is stored within a registry of the client.
  - 9. The method of claim 1 further comprising, providing the authentication ticket to the remote server and receiving content from the remote server.

10. A computer-readable storage medium having computer-executable instructions for performing a method of authenticating a client request utilizing HTTP-based authentication, comprising:
- requesting content from a remote server;
  
  receiving an HTTP redirect response from the remote server identifying a first URL corresponding to a first login server of an authentication service;
  
  providing a login request to the first login server in response to the HTTP redirect response;
  
  receiving a domain authority redirect response from the first login server, the domain authority redirect response identifying a second URL of a second login server of the authentication service;
  
  providing a login request to the second login server in response to the domain authority redirect response; and
  
  receiving an authentication ticket from the second login server, wherein the authentication ticket provides access to the requested content on the remote server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-readable storage medium of claim 10, wherein the first login server is not the correct server to handle the login request.
  - 12. The computer-readable storage medium of claim 10, wherein the first login server is too busy to handle the login request.
  - 13. The computer-readable storage medium of claim 10, wherein the method of authenticating a client request further includes collecting credentials to be provided as part of the login request, and wherein the credentials include a sign-in name and a password.
  - 14. The computer-readable storage medium of claim 13, wherein the method of authenticating a client request further includes associating the second URL with the sign-in name so that future login requests utilizing the sign-in name are initially directed to the second login server.
  - 15. The computer-readable storage medium of claim 13, wherein the method of authenticating a client request further includes associating the second URL with a domain portion of the sign-in name so that future login requests to the same domain are initially directed to the second login server.
  - 16. The computer-readable storage medium of claim 15, wherein the step of associating the second URL with the domain portion of the sign-in name comprises populating a domain authority map with a name-value pair, where the name comprises the domain portion of the sign-in name and the value comprises the second URL.
  - 17. The computer-readable storage medium of claim 16, wherein the domain authority map is stored within a registry of the client.
  - 18. The computer-readable storage medium of claim 10, wherein the method of authenticating a client request further includes providing the authentication ticket to the remote server and receiving content from the remote server.

19. A method of authenticating a client in order to provide the client access to content on a remote server within a domain authority, comprising:
- receiving a login request at a first login server within the domain authority, wherein the login request is directed to the first login server by the client following redirection by the remote server;
  
  determining that the first login server is unable to handle the login request;
  
  redirecting the login request to a second login server within the domain authority;
  
  authenticating client credentials at the second login server; and
  
  providing an authentication ticket from the second login server to the client, wherein the authentication ticket allows the client to access the content on the remote server.
- View Dependent Claims (20)
- - 20. The method of claim 19 wherein the login request is redirected from the first login server to the second login server in order to balance workloads between the first and second login servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rouskov, Yordan, Erdogan, Samim, Dujari, Rajeev, Wang, Biao, Hawkins, John M.
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US11/380,002
Publication Number

US 20060185021A1
Time in Patent Office

1,450 Days
Field of Search

713/151, 713/171, 726 5- 10, 726 27- 30
US Class Current

726/8
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Method and system of integrating third party authentication into internet browser code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and system of integrating third party authentication into internet browser code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others