Method for securely associating data with HTTP and HTTPS sessions

US 9,088,416 B2
Filed: 11/24/2006
Issued: 07/21/2015
Est. Priority Date: 11/24/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

causing transmission of a service request from a client to a server at a first location via a Secure Sockets Layer connection, the client being identified by a pre-defined mobile credential which is unavailable to the client and is unrelated to the service being requested;

receiving from the server at the first location, in response to the transmitted service request, a token and a redirection to a server at a second location; and

appending said token to said service request and causing retransmission of said service request together with said token to the server at said second location via an intermediate node that serves as a gateway between the client and the server at the second location and that has access to the mobile credential, thereby causing said intermediate node to append the mobile credential to said retransmitted service request and transmit said service request, said token and said mobile credential to the server at the second location; and

receiving an acknowledgment of correct reception of said redirected service request in an instance in which said redirected service request includes said token.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system, method and product comprising a server, a mobile device comprising a client interconnected with the server via a data network, the client identified by a credential which is unavailable to the client and an intermediate node interconnected to the client and the server via the data network wherein the credential is available to the intermediate node. Upon reception of a service request from the client at a first server address the server redirects the client to transmit the service request to a second server address via the intermediate node together with a token, wherein the intermediate node appends a credential identifying the client to the redirected service request and the token and relays the redirected service request, the token and the credential to the second server address.

38 Citations

View as Search Results

23 Claims

1. A method comprising:
- causing transmission of a service request from a client to a server at a first location via a Secure Sockets Layer connection, the client being identified by a pre-defined mobile credential which is unavailable to the client and is unrelated to the service being requested;
  
  receiving from the server at the first location, in response to the transmitted service request, a token and a redirection to a server at a second location; and
  
  appending said token to said service request and causing retransmission of said service request together with said token to the server at said second location via an intermediate node that serves as a gateway between the client and the server at the second location and that has access to the mobile credential, thereby causing said intermediate node to append the mobile credential to said retransmitted service request and transmit said service request, said token and said mobile credential to the server at the second location; and
  
  receiving an acknowledgment of correct reception of said redirected service request in an instance in which said redirected service request includes said token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein said server at the first location is the same as said server at the second location and said receiving act further comprises receiving an indication that said service request is to be retransmitted to said server at the first location via said intermediate node.
  - 3. The method of claim 1, wherein said receiving act further comprises receiving a second token.
  - 4. The method of claim 3, further comprising causing transmission of an additional request to the server at said first location wherein said additional request includes said second token.
  - 5. The method of claim 4, wherein said additional request further includes said token.
  - 6. The method of claim 3, wherein said second token is a Cookie.
  - 7. The method of claim 3, further comprising receiving a third token from the server at the first location.
  - 8. The method of claim 7, further comprising causing transmission of an additional request to the server at said first location and wherein said additional request includes said third token.
  - 9. The method of claim 8, wherein said additional request includes said second token.
  - 10. The method of claim 1, wherein said token is a Cookie.
  - 11. The method of claim 1, wherein the mobile credential is a Mobile Directory Number (MDN).
  - 12. The method of claim 1, wherein the network is trusted and further comprising prior to said causing transmission, causing an unsecured transport connection to be opened with the server at the first location and wherein said causing transmission comprises causing transmission of said service request via said transport connection.
  - 13. The method of claim 12, further comprising closing said transport connection following said receiving act.
  - 14. The method of claim 1, wherein at least a portion of the network interconnecting the client and the server at the first location is untrusted and further comprising prior to said causing transmission, causing a secure transport connection to be opened with the server at said first location and wherein said causing transmission comprises causing transmission of said service request via said transport connection.
  - 15. The method of claim 14, wherein said secure transport connection is a Secure Sockets Layer (SSL) session.
  - 16. The method of claim 1, wherein said first location is different from said second location and said receiving act further comprises receiving an indication that said service request is to be retransmitted to the server at said second location via said intermediate node.
  - 17. The method of claim 1, further comprising:
    - generating at least one additional service request;
      
      appending said token to each of said at least one additional service request; and
      
      causing transmission of said at least one additional service request to the server at the second location.
  - 18. The method of claim 1, wherein the network is trusted and said service request is an Hypertext Transfer Protocol (HTTP) Request using the POST method.
  - 19. The method of claim 1, wherein at least a portion of the network interconnecting the client and the server at the first location is untrusted and said service request is an Hypertext Transfer Protocol Secure (HTTPS) Request using the POST method.

20. A computer program product comprising a non-transitory computer readable medium storing computer readable program instructions, the instructions, when executed by a processor, instruct the processor to:
- generate a service request;
  
  cause transmission of said service request from a client to a server at a first location via a Secure Sockets Layer connection, the client being identified by a pre-defined mobile credential which is unavailable to the client and is unrelated to the service being requested;
  
  receive from the server at the first location, in response to the transmitted service request, a token, a redirection to a server at a second location, and an indication that said service request is to be retransmitted to the server at the second location via an intermediate node that serves as a gateway between the client and the server at the second location and that has access to the mobile credential; and
  
  append said token to said service request and causing retransmission of said service request together with said token to the server at the second location via said intermediate node, thereby causing said intermediate node to append the mobile credential to said retransmitted service request and transmit said service request, said token and said mobile credential to the server at the second location; and
  
  receive an acknowledgment of correct reception of said redirected service request in an instance in which said redirected service request includes said token.
- View Dependent Claims (21, 22)
- - 21. The computer program product of claim 20, further comprising instructions for receiving a second token from the server, instructions for generating at least one additional service request, instructions for appending said second token to each of said at least one additional service request and instructions for causing transmission of said at least one additional service request to the server.
  - 22. The computer program product of claim 20, wherein at least a portion of the network interconnecting the client and the server is untrusted and further comprising instructions for causing a secure transport connection to be opened with the server.

23. An apparatus comprising at least one hardware processor and at least one memory storing computer program code, the at least one memory and stored computer program code being configured, with the at least one hardware processor, to cause the apparatus to at least:
- cause, by the at least one hardware processor, transmission of a service request from a client to a server at a first location via a Secure Sockets Layer connection, the client being identified by a pre-defined mobile credential which is unavailable to the client and is unrelated to the service being requested;
  
  receive, by the at least one hardware processor from the server at the first location, in response to the transmitted service request, a token and a redirection to a server at a second location; and
  
  append, by the at least one hardware processor, said token to said service request and cause retransmission of said service request together with said token to the server at said second location via an intermediate node that serves as a gateway between the client and the server at the second location and that has access to the mobile credential, thereby causing said intermediate node to append the mobile credential to said retransmitted service request and transmit said service request, said token and said mobile credential to the server at the second location; and
  
  receive, by the at least one processor, an acknowledgment of correct reception of said redirected service request in an instance in which said redirected service request includes said token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synchronica PLC (Myriad Group AG)
Original Assignee
Synchronica PLC (Myriad Group AG)
Inventors
Thorkelsson, Haraldur, Legault, Sylvain, Caron, Alain, Grigoriev, Nikolai
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/094,894
Publication Number

US 20080307517A1
Time in Patent Office

3,161 Days
Field of Search

713/150, 713/153, 726 2- 5, 726/9, 726/10
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 9/3213   using tickets or tokens, e....

Method for securely associating data with HTTP and HTTPS sessions

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securely associating data with HTTP and HTTPS sessions

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links