Method and system for terminating an authentication session upon user sign-off

US 7,769,845 B2
Filed: 05/02/2002
Issued: 08/03/2010
Est. Priority Date: 05/04/2001
Status: Active Grant

First Claim

Patent Images

1. A method for terminating an authentication session following a user'"'"'s indication that the user intends to terminate the user'"'"'s interaction with an application comprising:

monitoring, by a computer, transactions between the user and the application to detect a request which serves as a predefined termination indication, wherein the monitoring is performed by an authentication component which receives requests from the user and relays them to the application;

detecting the request which serves as the termination indication in one of the monitored transactions;

marking an authentication session as termination pending in a session table;

communicating the request which serves as the termination indication to the application;

presenting in response to receiving the termination indication a preconfigured logoff page provided by the authentication component to the user that includes additional options for the user;

intercepting one or more transactions from the user after presenting the preconfigured logoff page;

responding to the one or more transactions before terminating the authentication session;

continuing to monitor the transactions between the user and the application until the application replies with a response to the termination indication;

terminating the authentication session in response to detecting the termination indication, the terminating is performed by the authentication component, and wherein only predetermined transactions are permitted between the detecting and the terminating;

after detecting the response which serves as the termination indication, blocking, by the authentication component, any further response from the application; and

relaying to the application any request made between the detecting and the terminating which is in a pre-defined set of requests.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication component resides between a server and a client, or on a server, and monitors one or more transactions communicated between the server and the client. When the authentication component detects a transaction that contains a termination indication, the authentication session is terminated, forcing the client to re-authenticate the next time a transaction with the server is desired. The termination indication may have been provided by an application running on the server, or alternatively, the termination indication may be provided by the authentication component.

31 Citations

View as Search Results

36 Claims

1. A method for terminating an authentication session following a user'"'"'s indication that the user intends to terminate the user'"'"'s interaction with an application comprising:
- monitoring, by a computer, transactions between the user and the application to detect a request which serves as a predefined termination indication, wherein the monitoring is performed by an authentication component which receives requests from the user and relays them to the application;
  
  detecting the request which serves as the termination indication in one of the monitored transactions;
  
  marking an authentication session as termination pending in a session table;
  
  communicating the request which serves as the termination indication to the application;
  
  presenting in response to receiving the termination indication a preconfigured logoff page provided by the authentication component to the user that includes additional options for the user;
  
  intercepting one or more transactions from the user after presenting the preconfigured logoff page;
  
  responding to the one or more transactions before terminating the authentication session;
  
  continuing to monitor the transactions between the user and the application until the application replies with a response to the termination indication;
  
  terminating the authentication session in response to detecting the termination indication, the terminating is performed by the authentication component, and wherein only predetermined transactions are permitted between the detecting and the terminating;
  
  after detecting the response which serves as the termination indication, blocking, by the authentication component, any further response from the application; and
  
  relaying to the application any request made between the detecting and the terminating which is in a pre-defined set of requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the terminating includes deleting an entry associated with the authentication session from the session table.
  - 3. The method of claim 1, wherein the terminating includes marking a session entry in an authentication session table as expired.
  - 4. The method of claim 1, wherein the terminating includes denoting an encrypted token associated with the authentication session as invalid.
  - 5. The method of claim 1, wherein the terminating includes entering a session cookie associated with the authentication session into a table of disallowed cookies.
  - 6. The method of claim 1, wherein the terminating includes terminating the authentication session after predetermined period of time has passed after detecting the termination indication.
  - 7. The method of claim 6, wherein the terminating includes allowing only a predetermined set of transactions to be communicated between the user and the application during the predetermined period of time.
  - 8. The method of claim 6, wherein the terminating includes, after receiving the termination indication, terminating the authentication session upon the earlier of the expiration of the predetermined period of time or an invalid request is received from the user.
  - 9. The method of claim 1, wherein the terminating includes terminating the authentication session after a first request is received from the user that is not among a predefined set of allowed requests or is one of a predefined set of disallowed requests.
  - 10. The method of claim 1, wherein the terminating includes:
    - denoting the authentication session as termination pending; and
      
      allowing one or more pre-defined URL requests and responses to and from the user and the application.
  - 11. The method of claim 10, wherein the one or more predefined URL requests and responses include one or more requests and responses used for the application'"'"'s logoff sequence.
  - 12. The method of claim 1, further comprising allowing only selected, pre-defined requests from the user to the application after the presenting and before terminating.

13. A computing device comprising:
- a processor; and
  
  a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor for;
  
  monitoring transactions between a user and an application to detect a request which serves as a predefined termination indication, wherein the monitoring is performed by an authentication component which receives requests from the user and relays them to the application;
  
  detecting the request which serves as the termination indication in one of the monitored transactions;
  
  marking an authentication session as termination pending in a session table;
  
  communicating the request which serves as the termination indication to the application;
  
  presenting in response to receiving the termination indication a preconfigured logoff page provided by the authentication component to the user that includes additional options for the user;
  
  intercepting one or more transactions from the user after presenting the preconfigured logoff page;
  
  responding to the one or more transactions before terminating the authentication session;
  
  continuing to monitor the transactions between the user and the application until the application replies with a response to the termination indication;
  
  terminating the authentication session in response to detecting the termination indication, the terminating is performed by the authentication component, and wherein only predetermined transactions are permitted between the detecting and the terminating;
  
  after detecting the response which serves as the termination indication, blocking, by the authentication component, any further response from the application; and
  
  relaying to the application any request made between the detecting and the terminating which is in a pre-defined set of requests.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The computing device of claim 13, wherein the terminating includes deleting an entry associated with the authentication session from the session table.
  - 15. The computing device of claim 13, wherein the terminating includes marking a session entry in an authentication session table as expired.
  - 16. The computing device of claim 13, wherein the terminating includes denoting an encrypted token associated with the authentication session as invalid.
  - 17. The computing device of claim 13, wherein the terminating includes entering a session cookie associated with the authentication session into a table of disallowed cookies.
  - 18. The computing device of claim 13, wherein the terminating includes terminating the authentication session after predetermined period of time has passed after detecting the termination indication.
  - 19. The computing device of claim 18, wherein the terminating includes allowing only a predetermined set of transactions to be communicated between the user and the application during the predetermined period of time.
  - 20. The computing device of claim 18, wherein the terminating includes, after receiving the termination indication, terminating the authentication session upon the earlier of the expiration of the predetermined period of time or an invalid request is received from the user.
  - 21. The computing device of claim 13, wherein the terminating includes terminating the authentication session after a first request is received from the user that is not among a predefined set of allowed requests or is one of a predefined set of disallowed requests.
  - 22. The computing device of claim 13, wherein the terminating includes:
    - denoting the authentication session as termination pending; and
      
      allowing one or more pre-defined URL requests and responses to and from the user and the application.
  - 23. The computing device of claim 22, wherein the one or more predefined URL requests and responses include one or more requests and responses used for the application'"'"'s logoff sequence.
  - 24. The computing device of claim 13, further comprising allowing only selected, pre-defined requests from the user to the application after the presenting and before terminating.

25. One or more processor-accessible storage media comprising processor-executable instructions that, when executed, cause a device to perform actions comprising:
- monitoring transactions between a user and an application to detect a request which serves as a predefined termination indication, wherein the monitoring is performed by an authentication component which receives requests from the user and relays them to the application;
  
  detecting the request which serves as the termination indication in one of the monitored transactions;
  
  marking an authentication session as termination pending in a session table;
  
  communicating the request which serves as the termination indication to the application;
  
  presenting in response to receiving the termination indication a preconfigured logoff page provided by the authentication component to the user that includes additional options for the user;
  
  intercepting one or more transactions from the user after presenting the preconfigured logoff page;
  
  responding to the one or more transactions before terminating the authentication session;
  
  continuing to monitor the transactions between the user and the application until the application replies with a response to the termination indication;
  
  terminating the authentication session in response to detecting the termination indication, the terminating is performed by the authentication component, and wherein only predetermined transactions are permitted between the detecting and the terminating;
  
  after detecting the response which serves as the termination indication, blocking, by the authentication component, any further response from the application; and
  
  relaying to the application any request made between the detecting and the terminating which is in a pre-defined set of requests.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The one or more processor-accessible storage media of claim 25, wherein the terminating includes deleting an entry associated with the authentication session from the session table.
  - 27. The one or more processor-accessible storage media of claim 25, wherein the terminating includes marking a session entry in an authentication session table as expired.
  - 28. The one or more processor-accessible storage media of claim 25, wherein the terminating includes denoting an encrypted token associated with the authentication session as invalid.
  - 29. The one or more processor-accessible storage media of claim 25, wherein the terminating includes entering a session cookie associated with the authentication session into a table of disallowed cookies.
  - 30. The one or more processor-accessible storage media of claim 25, wherein the terminating includes terminating the authentication session after predetermined period of time has passed after detecting the termination indication.
  - 31. The one or more processor-accessible storage media of claim 30, wherein the terminating includes allowing only a predetermined set of transactions to be communicated between the user and the application during the predetermined period of time.
  - 32. The one or more processor-accessible storage media of claim 30, wherein the terminating includes, after receiving the termination indication, terminating the authentication session upon the earlier of the expiration of the predetermined period of time or an invalid request is received from the user.
  - 33. The one or more processor-accessible storage media of claim 25, wherein the terminating includes terminating the authentication session after a first request is received from the user that is not among a predefined set of allowed requests or is one of a predefined set of disallowed requests.
  - 34. The one or more processor-accessible storage media of claim 25, wherein the terminating includes:
    - denoting the authentication session as termination pending; and
      
      allowing one or more pre-defined URL requests and responses to and from the user and the application.
  - 35. The one or more processor-accessible storage media of claim 34, wherein the one or more predefined URL requests and responses include one or more requests and responses used for an application'"'"'s logoff sequence.
  - 36. The one or more processor-accessible storage media of claim 25, further comprising allowing only selected, pre-defined requests from the user to the application after the presenting and before terminating.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Whale Communications Ltd.
Inventors
Baron, Elad
Primary Examiner(s)
Hamza; Faruk

Application Number

US10/139,587
Publication Number

US 20020165971A1
Time in Patent Office

3,015 Days
Field of Search

709223-228, 709/203, 709/229
US Class Current

709/224
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/08 for authentication of entit...

Method and system for terminating an authentication session upon user sign-off

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for terminating an authentication session upon user sign-off

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links