Asynchronous identity establishment through a web-based application

US 9,088,414 B2
Filed: 06/01/2009
Issued: 07/21/2015
Est. Priority Date: 06/01/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for a client computer for establishing identity through a web-based application, the computer-implemented method comprising computer-implemented operations for:

allowing a user to log on to a web-based application provided by a server through a web browser executing on a client computer by allowing the user to enter user credentials, the web-based application having an authentication token;

determining, by the client computer, whether the user has been logged off from the web-based application;

responsive to determining that the user has been logged off from the web-based application, providing a new user interface through the web browser executing on the client computer without user initiation, the new user interface enabling the user to enter user credentials;

receiving, by the client computer, the user credentials entered by the user through the new user interface;

determining, by the client computer, whether the user credentials entered by the user through the new user interface match original user credentials entered when the user initially accessed the web-based application;

if the new and original user credentials match, then transmitting, from the client computer to the server, the user credentials entered by the user through the new user interface and a request to validate the user based on whether the user credentials entered by the user through the new user interface are valid;

receiving, by the client computer, an instruction to remove the new user interface; and

upon receiving the instruction to remove the new user interface, the client computer transforming a display of the web-based application by removing the new user interface; and

if the new and original user credentials do not match, the client computer then displaying an error message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A determination is made as to whether a user has been logged off from the web-based application accessed through a web browser on a computer. If it is determined that the user has been logged off from the web-based application, then a new user interface is provided through the web browser. The new user interface may enable the user to enter user credentials. The user credentials are received through the new user interface. A request to validate the user based on the user credentials is transmitted. Upon transmitting the request to validate the user, an instruction to remove the new user interface is received when the user is validated. Upon receiving the instruction, a display of the web-based application is transformed by removing the new user interface.

Citations

15 Claims

1. A computer-implemented method for a client computer for establishing identity through a web-based application, the computer-implemented method comprising computer-implemented operations for:
- allowing a user to log on to a web-based application provided by a server through a web browser executing on a client computer by allowing the user to enter user credentials, the web-based application having an authentication token;
  
  determining, by the client computer, whether the user has been logged off from the web-based application;
  
  responsive to determining that the user has been logged off from the web-based application, providing a new user interface through the web browser executing on the client computer without user initiation, the new user interface enabling the user to enter user credentials;
  
  receiving, by the client computer, the user credentials entered by the user through the new user interface;
  
  determining, by the client computer, whether the user credentials entered by the user through the new user interface match original user credentials entered when the user initially accessed the web-based application;
  
  if the new and original user credentials match, then transmitting, from the client computer to the server, the user credentials entered by the user through the new user interface and a request to validate the user based on whether the user credentials entered by the user through the new user interface are valid;
  
  receiving, by the client computer, an instruction to remove the new user interface; and
  
  upon receiving the instruction to remove the new user interface, the client computer transforming a display of the web-based application by removing the new user interface; and
  
  if the new and original user credentials do not match, the client computer then displaying an error message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein determining that the user has been logged off from the web-based application comprises identifying that a previous authentication token has expired or has been deleted.
  - 3. The computer-implemented method of claim 1, wherein the user is logged off from the web-based application as a result of a passive log off.
  - 4. The computer-implemented method of claim 1, wherein the new user interface blocks user access to a server-side representation of the web-based application through the web browser and permits access to a local representation of that web-based application through the web browser.
  - 5. The computer-implemented method of claim 1, wherein subsequent requests by the web browser to access the web-based application include a new authentication token.
  - 6. The computer-implemented method of claim 5, wherein the new authentication token is contained in a browser cookie.
  - 7. The computer-implemented method of claim 1, wherein a state of a local representation of the web-based application displayed on the web browser after the new user interface is removed is the same as a state of the local representation of the web-based application displayed on the web browser prior to the new user interface being provided.
  - 8. The computer-implemented method of claim 1, the computer-implemented method comprising further computer-implemented operations for:
    - maintaining a second token indicating whether a document edited by the user through the web-based application has been remotely edited by another user since the document was last loaded;
      
      determining whether the second token indicates that the document has been remotely edited by the other user since the document was last loaded; and
      
      upon determining that the second token indicates that the document has been remotely edited by the other user since the document was last loaded, providing a message notifying the user to take preventative measures to save any content entered into a local representation of the web-based application.

9. A client computer system that operates with a server computer system, the client computer system comprising:
- a processor;
  
  a memory operatively coupled to the processor; and
  
  a program module (i) which executes in the processor from the memory and (ii) which, when executed by the processor, causes the client computer system to establish identity through a web-based application by;
  
  allowing a user to log on to a web-based application on the server computer system through a web browser by allowing the user to enter user credentials, the web-based application having an authentication token;
  
  determining whether the user has been logged off from the web-based application,responsive to determining that the user has been logged off from the web-based application by identifying that the authentication token has expired or has been deleted, providing a new user interface through the web browser without user initiation, the new user interface enabling the user to enter user credentials,receiving new user credentials entered by the user through the new user interface,determining whether the new user credentials entered by the user through the new user interface match original user credentials entered when the user initially accessed the web-based application,if the new and original user credentials match, then transmitting, to the server computer system, the new user credentials entered by the user through the new user interface and a request to validate the user based on whether the new user credentials entered by the user through the new user interface are valid,receiving an instruction to remove the new user interface and receiving a notification that the user has been validated, andupon receiving the instruction to remove the new user interface and the notification that the user has been validated, transforming a display of the web-based application by removing the new user interface; and
  
  if the new and original user credentials do not match, then displaying an error message.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The client computer system of claim 9, wherein the instruction to remove the new user interface is received from a web page to which the new user interface is directed.
  - 11. The client computer system of claim 9, the program module, wherein the new user interface blocks user access to a server-side representation of the web-based application through the web browser and permits access to a local representation of the web-based application through the web browser.
  - 12. The client computer system of claim 9, wherein subsequent requests by the web browser to access the web-based application includes a new authentication token.
  - 13. The client computer system of claim 12, wherein the new authentication token is contained in a browser cookie.
  - 14. The client computer system of claim 9, wherein the program module, when executed by the processor, further causes the computer system to establish identity through a web-based application by:
    - maintaining a second token indicating whether a document edited by the user through the web-based application has been remotely edited by another user since the document was last loaded,determining whether the second token indicates that the document has been remotely edited by the other user since the document was last loaded, andupon determining that the second token indicates that the document has been remotely edited by the other user since the document was last loaded, providing a message notifying the user to take preventative measures to save any content entered into a local representation of the web-based application.

15. A computer-storage medium comprising one of an optical disk, a magnetic storage device or a solid state storage device having computer-executable instructions stored thereon which, when executed by a client computer, cause the client computer to:
- allow a user to log on to a web-based application through a web browser by allowing the user to enter user credentials, the web-based application having an authentication token;
  
  determine whether the user has been logged off from the web-based application, the user being logged off as a result of a passive log off or an active log off;
  
  responsive to determining that the user has been logged off from the web-based application by identifying that a previous authentication token has expired or has been deleted, provide a new user interface through the web browser without user initiation, the new user interface enabling the user to enter user credentials, the new user interface configured to block user access to a server-side representation of the web-based application through the web browser;
  
  receive the user credentials entered by the user through the new user interface,determine whether the user credentials entered by the user through the new user interface match original user credentials entered when the user initially accessed the web-based application,if the new and original credentials match, then transmit, to an authentication server, the new user credentials entered by the user through the new user interface and a request to validate the user based on whether the new user credentials entered by the user through the new user interface are valid;
  
  receive an instruction to remove the new user interface, wherein the instruction to remove the new user interface is received from a web page to which new user interface is directed by the authentication server;
  
  upon receiving the instruction to remove the new user interface, transform a display of the web-based application by removing the new user interface; and
  
  if the new and original credentials do not match, then displaying an error message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Williams, Sam Franklin III, Barton, Jeremy Scott, Vandekerkhof, Michael Peter
Primary Examiner(s)
Bycer, Eric J

Application Number

US12/475,616
Publication Number

US 20100306668A1
Time in Patent Office

2,241 Days
Field of Search

715/741, 715/742, 715/781, 726/7, 726/8, 726/10, 709227-229
US Class Current

1/1
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/02   based on web technology, e....

H04L 9/32   including means for verifyi...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Asynchronous identity establishment through a web-based application

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Asynchronous identity establishment through a web-based application

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links