Device independent authentication system and method

US 8,156,549 B2
Filed: 04/30/2007
Issued: 04/10/2012
Est. Priority Date: 10/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method including:

receiving, by a computer based system for initiating a secure communication session, a http request file and browser identification data;

analyzing, by the computer based system, the browser identification data to selectively grant access to proceed based upon a determination that a device sending the http request file is a supported type of device, wherein an error message is transmitted to the device sending the http request file in response to the device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device;

analyzing, by the computer based system, the HTTP request file for presence of a security token, wherein the http request file includes the client agent data and the communication device model data;

at least one of, by the computer based system, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database;

based on the comparing, at least one of;

configure, grant, or deny access to the host web server;

transmitting, by the computer based system and in response to a determination of no security token being present in the HTTP request file, an encrypted security token in a reply communication within an HTML INPUT tag; and

receiving, by the computer based system, a request to initiate a secure session including the encrypted security token.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client'"'"'s communication device is issued a security token using standard HTML-INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.

91 Citations

View as Search Results

14 Claims

1. A method including:
- receiving, by a computer based system for initiating a secure communication session, a http request file and browser identification data;
  
  analyzing, by the computer based system, the browser identification data to selectively grant access to proceed based upon a determination that a device sending the http request file is a supported type of device, wherein an error message is transmitted to the device sending the http request file in response to the device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device;
  
  analyzing, by the computer based system, the HTTP request file for presence of a security token, wherein the http request file includes the client agent data and the communication device model data;
  
  at least one of, by the computer based system, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database;
  
  based on the comparing, at least one of;
  
  configure, grant, or deny access to the host web server;
  
  transmitting, by the computer based system and in response to a determination of no security token being present in the HTTP request file, an encrypted security token in a reply communication within an HTML INPUT tag; and
  
  receiving, by the computer based system, a request to initiate a secure session including the encrypted security token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further including receiving authentication credentials, by the computer based system, over a secure communication channel.
  - 3. The method of claim 1, further including receiving authentication credentials, by the computer based system, over a secure communication channel and transmitting the security token in response to authentication credentials having been authenticated.
  - 4. The method of claim 1, wherein a communication device associated with at least one of the client agent data and the communication device model data is at least one of a wireless device or a PC-based device.
  - 5. The method of claim 1, further including receiving, by the computer based system, URL information identifying a type of a communication device issuing the request.
  - 6. The method of claim 1, further including receiving, by the computer based system, device-specific browser information identifying a type of communication device issuing the request.
  - 7. The method of claim 1, further including:
    - issuing, by the computer based system, a login page in response to the determination of no security token being present in the HTTP request file, wherein the login page requests input of at least one of a user name or a password;
      
      validating, by the computer based system, the user name or the password; and
      
      issuing the security token in response to the successful validating.
  - 8. The method of claim 1, wherein the security token facilitates at least one of:
    - establishing a secure session with a web server or tracking a particular web session within a web site.

9. A method including:
- transmitting, by a communication device, a http request file and browser identification data, wherein the http request file includes the client agent data and the communication device model data, wherein the request is transmitted to a host web server, wherein access to proceed is granted based upon a determination that the communication device is a supported type of device, wherein an error message is received by the communication device in response to the communication device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device;
  
  at least one of, by the communication device, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database;
  
  based on the comparing, at least one of;
  
  configure, grant, or deny access to the host web server; and
  
  receiving, by the communication device, over a secure communication channel, a security token within an HTML INPUT tag, wherein the host web server transmits the received HTML INPUT tag, wherein the host web server does not detect the security token in the http request file.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, further including:
    - transmitting authentication credentials, by the communication device, wherein the authentication credentials are transmitted to the host web server over the secure communication channel.
  - 11. The method of claim 9, further including:
    - transmitting authentication credentials, by the communication device, wherein the authentication credentials are transmitted to the host web server over the secure communication channel; and
      
      receiving the security token, wherein the security token is transmitted from the host web server in response to the authentication credentials from the communications device having been authenticated by the host web server.
  - 12. The method of claim 9, further including:
    - receiving an authentication request, by the communication device, wherein the authentication request is transmitted from the host web server in response to a determination of the security token not being present in the http request file.
  - 13. The method of claim 12, wherein the authentication request is a HTTP request.

14. A system comprising:
- a tangible, non-transitory memory communicating with a processor for initiating a secure communication session,the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  receiving, by the processor, a HTTP request file and browser identification data;
  
  analyzing, by the processor, the browser identification data to selectively grant access to proceed based upon a determination that a device sending the http request file is a supported type of device, wherein an error message is transmitted to the device sending the http request file in response to the device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device;
  
  analyzing, by the processor, the HTTP request file for presence of a security token, wherein the http request file includes the client agent data and the communication device model data;
  
  at least one of, by the processor, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database;
  
  based on the comparing, at least one of;
  
  configure, grant, or deny access to the host web server;
  
  transmitting, by the processor, in response to a determination of no security token being present, an encrypted security token in a reply communication within an HTML INPUT tag; and
  
  receiving, by the processor, a request to initiate a secure session including the encrypted security token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Keshav, Sineesh, Rice, Mike
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Gregory, Shaun

Application Number

US11/741,867
Publication Number

US 20070204044A1
Time in Patent Office

1,807 Days
Field of Search

380247-250, 380/278, 713/155, 713/159, 713/172, 713/185, 726 4- 5, 726 9- 10
US Class Current

726/9
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/168   above the transport layer

Device independent authentication system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Device independent authentication system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others