Device independent authentication system and method
First Claim
1. A method including:
- receiving, by a computer based system for initiating a secure communication session, a http request file and browser identification data;
analyzing, by the computer based system, the browser identification data to selectively grant access to proceed based upon a determination that a device sending the http request file is a supported type of device, wherein an error message is transmitted to the device sending the http request file in response to the device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device;
analyzing, by the computer based system, the HTTP request file for presence of a security token, wherein the http request file includes the client agent data and the communication device model data;
at least one of, by the computer based system, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database;
based on the comparing, at least one of;
configure, grant, or deny access to the host web server;
transmitting, by the computer based system and in response to a determination of no security token being present in the HTTP request file, an encrypted security token in a reply communication within an HTML INPUT tag; and
receiving, by the computer based system, a request to initiate a secure session including the encrypted security token.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client'"'"'s communication device is issued a security token using standard HTML-INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.
91 Citations
14 Claims
-
1. A method including:
-
receiving, by a computer based system for initiating a secure communication session, a http request file and browser identification data; analyzing, by the computer based system, the browser identification data to selectively grant access to proceed based upon a determination that a device sending the http request file is a supported type of device, wherein an error message is transmitted to the device sending the http request file in response to the device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device; analyzing, by the computer based system, the HTTP request file for presence of a security token, wherein the http request file includes the client agent data and the communication device model data; at least one of, by the computer based system, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database; based on the comparing, at least one of;
configure, grant, or deny access to the host web server;transmitting, by the computer based system and in response to a determination of no security token being present in the HTTP request file, an encrypted security token in a reply communication within an HTML INPUT tag; and receiving, by the computer based system, a request to initiate a secure session including the encrypted security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method including:
-
transmitting, by a communication device, a http request file and browser identification data, wherein the http request file includes the client agent data and the communication device model data, wherein the request is transmitted to a host web server, wherein access to proceed is granted based upon a determination that the communication device is a supported type of device, wherein an error message is received by the communication device in response to the communication device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device; at least one of, by the communication device, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database; based on the comparing, at least one of;
configure, grant, or deny access to the host web server; andreceiving, by the communication device, over a secure communication channel, a security token within an HTML INPUT tag, wherein the host web server transmits the received HTML INPUT tag, wherein the host web server does not detect the security token in the http request file. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A system comprising:
-
a tangible, non-transitory memory communicating with a processor for initiating a secure communication session, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising; receiving, by the processor, a HTTP request file and browser identification data; analyzing, by the processor, the browser identification data to selectively grant access to proceed based upon a determination that a device sending the http request file is a supported type of device, wherein an error message is transmitted to the device sending the http request file in response to the device not being a supported device, and wherein access to proceed is not established in response to the device not being a supported device; analyzing, by the processor, the HTTP request file for presence of a security token, wherein the http request file includes the client agent data and the communication device model data; at least one of, by the processor, comparing the client agent data to authorized client agents, or comparing the communication device model data to authorized communication device models on an associated database; based on the comparing, at least one of;
configure, grant, or deny access to the host web server;transmitting, by the processor, in response to a determination of no security token being present, an encrypted security token in a reply communication within an HTML INPUT tag; and receiving, by the processor, a request to initiate a secure session including the encrypted security token.
-
Specification