Method and an apparatus to generate message authentication codes at a proxy server for validating a web session
First Claim
1. A method comprising:
- generating, by a proxy server communicatively coupled between an application server and a client, a first message authentication code upon receiving a message generated by the application server in response to an authentication request to initiate a web session from the client, the message generated by the application server comprising an access control token that indicates a specific type of static content that the client is allowed to access, wherein the message generated by the application server does not include a message authentication code;
adding, by the proxy server, the first message authentication code and a timestamp to the message generated by the application server, wherein the timestamp signifies when the message generated by the application server has reached the proxy server, wherein the client uses the first message authentication code and the timestamp to request access to predetermined content during the web session;
during the web session, computing, by the proxy server, a second message authentication code based on one or more previously obtained access control tokens in an access request from the client;
using the proxy server to compare the second message authentication code computed against a third message authentication code in the access request;
validating the third message authentication code in the access request in response to the second message authentication code matching the third message authentication code; and
denying the access request in response to the second message authentication code being different from the third message authentication code.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments of a method and an apparatus to validate a web session in a proxy server have been presented. In one embodiment, a first message authentication code is generated at a proxy server communicatively coupled between an application server and a client upon receiving a message from the application server. The message is generated by the application server in response to an authentication request from the client to initiate a web session. The proxy server then adds the first message authentication code and one or more timestamps to the message. Then the proxy server may send the message to the client, wherein the client may use the first message authentication code and the one or more timestamps to request access to predetermined content during the web session.
52 Citations
25 Claims
-
1. A method comprising:
-
generating, by a proxy server communicatively coupled between an application server and a client, a first message authentication code upon receiving a message generated by the application server in response to an authentication request to initiate a web session from the client, the message generated by the application server comprising an access control token that indicates a specific type of static content that the client is allowed to access, wherein the message generated by the application server does not include a message authentication code; adding, by the proxy server, the first message authentication code and a timestamp to the message generated by the application server, wherein the timestamp signifies when the message generated by the application server has reached the proxy server, wherein the client uses the first message authentication code and the timestamp to request access to predetermined content during the web session; during the web session, computing, by the proxy server, a second message authentication code based on one or more previously obtained access control tokens in an access request from the client; using the proxy server to compare the second message authentication code computed against a third message authentication code in the access request; validating the third message authentication code in the access request in response to the second message authentication code matching the third message authentication code; and denying the access request in response to the second message authentication code being different from the third message authentication code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A proxy server comprising:
-
a storage device to store instructions; and a network interface, executable by a processing device, to retrieve the instructions and, in response to the instructions, to communicatively couple to a network to receive a message generated by an application server in response to an authentication request from a client to initiate a web session, the message comprising an access control token that indicates a specific type of static content that the client is allowed to access, wherein the message generated by the application server does not include a message authentication code; and an authentication module, executable by the processing device, to add a timestamp to the message generated by the application server, wherein the timestamp signifies when the message generated by the application server has reached the proxy server, wherein the authentication module comprises a message authentication code computation module to generate a first message authentication code for the message generated by the application server, wherein the authentication module is to add the first message authentication code to the message generated by the application server, wherein the client uses the first message authentication code and the timestamp to request access to predetermined content during the web session, wherein the message authentication code computation module is further to compute, during the web session, a second message authentication code based on one or more previously obtained access control tokens in an access request from the client, to compare the second message authentication code computed against a third message authentication code in the access request, to validate the third message authentication code in the access request in response to the second message authentication code matching the third message authentication code, and to deny the access request in response to the second message authentication code being different from the third message authentication code. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory machine-readable medium that provides instructions that, if executed by a processor, will cause the processor to perform operations comprising:
-
generating, by a proxy server comprising the processor and communicatively coupled between an application server and a client, a first message authentication code upon receiving a message generated by the application server in response to an authentication request to initiate a web session from the client, the message generated by the application server comprising an access control token that indicates a specific type of static content that the client is allowed to access, wherein the message generated by the application server does not include a message authentication code; adding, by the proxy server, the first message authentication code and a timestamp to the message generated by the application server, wherein the timestamp signifies when the message generated by the application server has reached the proxy server, wherein the client uses the first message authentication code and the timestamp to request access to predetermined content during the web session; during the web session, computing, by the proxy server, a second message authentication code based on one or more previously obtained access control tokens in an access request from the client; using the proxy server to compare the second message authentication code computed against a third message authentication code in the access request; validating the third message authentication code in the access request in response to the second message authentication code matching the third message authentication code; and denying the access request in response to the second message authentication code being different from the third message authentication code. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification