Authentication system and method for embedded applets

US 9,608,983 B2
Filed: 04/30/2013
Issued: 03/28/2017
Est. Priority Date: 04/30/2013
Status: Active Grant

First Claim

Patent Images

1. A web-accessible security system, comprising:

a server system connected to a security network that receives information, which includes video images, from security devices on the security network, wherein the video images are generated by video camera security devices, and wherein the server system generates authentication tokens associated with user credentials for each user, and stores the authentication tokens in an authentication database; and

one or more user devices that access the information including the video images from the security devices via the server system using embedded applets that receive the authentication tokens that were provided by the server system, save the authentication tokens as applet tokens, include the applet tokens in Universal Resource Locators (URLs) that identify the video images on the server system, and then include the URLs in messages to the server system; and

wherein in response to the server system receiving the messages sent from the embedded applets which include the URLs that identify the video images on the server system and that include the applet tokens, the server system finds a match between the a let tokens in the URLs and the authentication tokens to identify the users as trusted users and responds to the embedded applets with the video images.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating user requests issued from embedded applets running on web-accessible user devices. The server system generates authentication tokens associated with user credentials, in response to user requests for HTML pages that include the embedded applets. The server system stores the authentication tokens on the server system, and includes the authentication tokens in URLs within applet tags in the HTML pages returned to the user devices. When the applets download and request content from the server system, the applets supply the previously included authentication tokens in the URLs that identify the requested content. Upon finding a match between the applet-supplied authentication tokens and the stored authentication tokens, the server identifies the user as a trusted user, and responds with the requested content. This can be used to eliminate HTTP-based authentication challenges for subsequent user access.

Citations

38 Claims

1. A web-accessible security system, comprising:
- a server system connected to a security network that receives information, which includes video images, from security devices on the security network, wherein the video images are generated by video camera security devices, and wherein the server system generates authentication tokens associated with user credentials for each user, and stores the authentication tokens in an authentication database; and
  
  one or more user devices that access the information including the video images from the security devices via the server system using embedded applets that receive the authentication tokens that were provided by the server system, save the authentication tokens as applet tokens, include the applet tokens in Universal Resource Locators (URLs) that identify the video images on the server system, and then include the URLs in messages to the server system; and
  
  wherein in response to the server system receiving the messages sent from the embedded applets which include the URLs that identify the video images on the server system and that include the applet tokens, the server system finds a match between the a let tokens in the URLs and the authentication tokens to identify the users as trusted users and responds to the embedded applets with the video images.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein the user devices access the server system over a network cloud.
  - 3. The system of claim 1, wherein the server system further comprises:
    - an authentication system for validating users that includes an authentication database, wherein the authentication system receives user credentials for each user, generates the authentication tokens associated with the user credentials, and stores the authentication tokens in the authentication database;
      
      HTML pages that include the embedded applets, the embedded applets accessing the information including the video images from the security devices; and
      
      a content management system that generates dynamic content for the HTML pages.
  - 4. The system of claim 1, wherein the user devices include web browsers which request HTML pages on the server system, the HTML pages including the embedded applets, the embedded applets accessing the information including the video images from the security devices.
  - 5. The system of claim 4, wherein the web browsers download the embedded applets, and, in response, the embedded applets receive the authentication tokens from the server system, and save the authentication tokens as applet tokens.
  - 6. The system of claim 1, wherein the server system further comprises a content management system and an authentication system, and wherein the authentication system includes an authentication database, and in response to requests by the user devices for HTML pages on the server system that include the embedded applets for accessing the information including the video images from the security devices:
    - the server system generates the authentication tokens associated with user credentials for each user, and stores the authentication tokens in the authentication database;
      
      the content management system includes the authentication tokens within the HTML pages; and
      
      the server system provides the HTML pages to the user devices.
  - 7. The system of claim 6, wherein the authentication system generates new authentication tokens, associated with user credentials on the user devices, each time the user devices request the HTML pages that include the embedded applets.
  - 8. The system of claim 5, further comprising a communications channel for communicating the authentication tokens, wherein the communications channel comprises:
    - a server-side portion that includes the authentication tokens in messages that the server system sends to the web browsers; and
      
      an applet-side portion that includes the applet tokens in the messages that the embedded applets send to the server system.
  - 9. The system of claim 8, wherein the messages from the server-side portion of the communications channel include an applet tag within the HTML pages requested by the user devices, the applet tag including a first Uniform Resource Locator (“
    - URL”
      
      ) that includes the authentication tokens.
  - 10. The system of claim 8, wherein the messages from the applet-side portion of the communications channel include the URLs that include the applet tokens, the URLs identifying a location of content on the server system requested by the embedded applets.
  - 11. The system of claim 10, wherein each of the URLs comprises a URL query string that includes the applet tokens.
  - 12. The system of claim 10, wherein each of the URLs comprises a path that includes the applet tokens.
  - 13. The system of claim 8, wherein the server system further comprises an authentication system that includes an authentication database, and wherein the server system stores the authentication tokens in the authentication database.
  - 14. The system of claim 13, wherein the authentication system accepts the applet tokens within the messages from the applet-side portion of the communications channel, and compares the applet tokens to the stored authentication tokens to validate the user.
  - 15. The system of claim 14, wherein the authentication system removes the stored authentication tokens for each user after performing the user validation to prevent reuse of the stored authentication tokens.
  - 16. The system of claim 13, wherein the authentication system removes the stored authentication tokens for each user after a timeout period.
  - 17. The system of claim 13, wherein the authentication system ignores the stored authentication tokens for each user after a timeout period.
  - 18. The system of claim 1, wherein the embedded applets execute within a web browser running on the user devices.
  - 19. The system of claim 1, wherein the embedded applets enable the users to outline areas defining regions of interest upon the video images generated by the video camera security devices, and wherein the embedded applets display the video images including the regions of interest on the users devices and indicate the regions of interest within the video images.
  - 20. The system of claim 19, wherein an analytics system of the server system monitors the regions of interest indicated within the video images and generates alerts for the users to events that occur within the regions of interest.

21. A method for accessing information, which includes video images, from security devices in a web-accessible security system including a security network, a server system, and user devices running embedded applets, wherein the video images are generated by video camera security devices, the method comprising:
- the server system connecting to the security network and receiving the information including the video images from security devices on the security network;
  
  the server system generating authentication tokens associated with user credentials for each user;
  
  storing the authentication tokens in an authentication database;
  
  the user devices accessing the information including the video images from the security devices via the server system using the embedded applets; and
  
  the embedded applets receiving the authentication tokens that were provided by the server system, saving the authentication tokens as applet tokens, including the applet tokens in URLs that identify the video images on the server system, and then including the URLs in messages to the server system; and
  
  in response to the server system receiving the messages sent from the embedded applets which include the URLs that identify the video images on the server system and that include the applet tokens, the server system finding a match between the applet tokens in the URLs and the authentication tokens to identify the users as trusted users and responding to the embedded applets with the video images.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 22. The method of claim 21, further comprising accessing the server system over a network cloud.
  - 23. The method of claim 21, further including an authentication system for validating users, an authentication database, HTML pages, and a content management system, the method comprising:
    - the authentication system receiving user credentials for each user, generating the authentication tokens associated with the user credentials, and storing the authentication tokens in the authentication database;
      
      the embedded applets accessing the information including the video images from the security devices;
      
      the HTML pages including the embedded applets; and
      
      the content management system generating dynamic content for the HTML pages.
  - 24. The method of claim 21, further including web browsers which request HTML pages on the server system, the HTML pages including the embedded applets, the method comprising the embedded applets accessing the information including the video images from the security devices.
  - 25. The method of claim 24, further comprising the web browsers downloading the embedded applets, and in response, the embedded applets receiving the authentication tokens from the server system, and saving the authentication tokens as applet tokens.
  - 26. The method of claim 21, wherein the server system further comprises a content management system and an authentication system, and wherein the authentication system includes an authentication database, and wherein, in response to the user devices requesting HTML pages on the server system that include the embedded applets for accessing the information including the video images from the security devices:
    - the server system generating the authentication tokens associated with user credentials for each user, and storing the authentication tokens in the authentication database;
      
      the content management system including the authentication tokens within the HTML pages; and
      
      the server system providing the HTML pages to the user devices.
  - 27. The method of claim 26, further comprising the authentication system generating new authentication tokens, associated with user credentials on the user devices, each time the user devices request HTML pages that include the embedded applets.
  - 28. The method of claim 24, further including a communications channel for communicating the authentication tokens, the communications channel including a server-side portion and an applet-side portion, the method comprising:
    - the server-side portion including the authentication tokens in messages that the server system sends to the web browsers; and
      
      the applet-side portion including applet tokens in the messages that the embedded applets send to the server system.
  - 29. The method of claim 27, further including an applet tag within the HTML pages requested by the user devices, the applet tag including a first Uniform Resource Locator (“
    - URL”
      
      ), the method comprising the first Uniform Resource Locator (“
      
      URL”
      
      ) including the authentication tokens.
  - 30. The method of claim 28, further comprising the messages from the applet-side portion of the communications channel including the URLs that include the applet tokens, the method comprising the URLs identifying a location of content on the server system requested by the embedded applets.
  - 31. The method of claim 30, further including a URL query string within the URLs, the method comprising including the applet tokens in the URL query string.
  - 32. The method of claim 30, further including a path within the URLs, the method comprising including the applet tokens in the path.
  - 33. The method of claim 28, further comprising storing the authentication tokens in the authentication database.
  - 34. The method of claim 33, further comprising the authentication system accepting the applet tokens within the messages from the applet-side portion of the communications channel, and comparing the applet tokens to the stored authentication tokens to validate the user.
  - 35. The method of claim 34, further comprising the authentication system removing the stored authentication tokens for each user after performing the user validation to prevent reuse of the stored authentication tokens.
  - 36. The method of claim 21, further comprising the embedded applets executing within a web browser running on the user devices.

37. A web-accessible security system, comprising:
- a server system connected to a security network that receives information, which includes video images, from security devices on the security network, wherein the video images are generated by video camera security devices, and wherein the server system generates authentication tokens associated with user credentials for each user, and stores the authentication tokens in an authentication database; and
  
  one or more user devices that access the information including the video images from the security devices via the server system using embedded applets that receive the authentication tokens that were provided by the server system, save the authentication tokens as applet tokens, and include the applet tokens in messages to the server system;
  
  wherein the user devices access the server system over a network cloud, the user devices include web browsers which request HTML pages on the server system, the HTML pages including the embedded applets, the embedded applets accessing the information including the video images from the security devices, the server system sending messages which include an applet tag within the HTML pages requested by the user devices, the applet tag including a first Uniform Resource Locator (“
  
  URL”
  
  ) that includes the authentication tokens, and the server system removes the stored authentication tokens for each user after a timeout period.

38. A system for validating user access to information from security devices in a security system, the system comprising:
- a server system connected to a security network that receives information, which includes video images, from the security devices on the security network, wherein the video images are generated by video camera security devices, and wherein the server system generates authentication tokens associated with user credentials for each user, and stores the authentication tokens in an authentication database; and
  
  one or more user devices of the users including web browsers requesting HTML pages from the server, wherein the HTML pages include embedded applets, wherein the embedded applets are downloaded from the server system and access the information including the video images from the security devices via the server system, and wherein the embedded applets receive the authentication tokens that were provided by the server system, save the authentication tokens as applet tokens on the user devices, and include the applet tokens in messages to the server system when accessing the information including the video images from the security devices, and wherein the server system compares the applet tokens in the received messages to the stored authentication tokens to validate the users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tyco Fire & Security GmbH (Johnson Controls International plc)
Original Assignee
Sensormatic Electronics LLC (Johnson Controls International plc)
Inventors
Fee, Paul
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US13/873,747
Publication Number

US 20140325627A1
Time in Patent Office

1,428 Days
Field of Search

726/4, 726/7, 726/8, 713/153
US Class Current

1/1
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

Authentication system and method for embedded applets

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system and method for embedded applets

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links