Internet server access control and monitoring systems
DCFirst Claim
Patent Images
1. A method of controlling access to a content server from a plurality of clients, comprising:
- receiving an access request at a content server from one of a plurality of clients;
based on the access request received by the content server, generating a session identifier for controlling access to the content server by the requesting client, wherein the session identifier includes a plurality of data fields having information associated with the access request including a digital signature field that is created using a secret key and information in one or more other fields of the session identifier;
transmitting the session identifier to the requesting client to enable the requesting client to access the content server;
receiving a subsequent access request at the content server from the requesting client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests; and
validating the session identifier in the subsequent access request to authorize access to the content server, the session identifier being validated by creating a second digital signature using the secret key and information in the one or more other fields of the received session identifier and comparing the second digital signature with the received digital signature field.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.
211 Citations
28 Claims
-
1. A method of controlling access to a content server from a plurality of clients, comprising:
-
receiving an access request at a content server from one of a plurality of clients; based on the access request received by the content server, generating a session identifier for controlling access to the content server by the requesting client, wherein the session identifier includes a plurality of data fields having information associated with the access request including a digital signature field that is created using a secret key and information in one or more other fields of the session identifier; transmitting the session identifier to the requesting client to enable the requesting client to access the content server; receiving a subsequent access request at the content server from the requesting client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests; and validating the session identifier in the subsequent access request to authorize access to the content server, the session identifier being validated by creating a second digital signature using the secret key and information in the one or more other fields of the received session identifier and comparing the second digital signature with the received digital signature field. - View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 22)
-
-
7. A method of controlling access to a web server computer from a plurality of clients operating web browser software applications, comprising:
-
receiving an HTTP access request at the web server from a web browser on a client; based on the HTTP access request received by the web server, generating a session identifier for controlling access to the web server by the requesting web browser, wherein the session identifier comprises a plurality of data fields including a digital signature field that is created using a secret key and information from one or more other fields of the session identifier; transmitting the session identifier to the client, enabling the web browser on the client to access the web server; receiving a subsequent HTTP access request at the web server from the web browser on the client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests; and validating the session identifier in the subsequent HTTP access request to authorize access to the content server, the session identifier being validated by creating a second digital signature using the secret key and information from one or more fields of the received session identifier and comparing the second digital signature with the received digital signature field. - View Dependent Claims (8, 9, 10, 11, 12, 23)
-
-
16. A method of controlling access to a content server from, a plurality of clients, comprising:
-
receiving an access request at the content server from one of the plurality of clients; in response to receiving the access request, redirecting the access request from the content server to an authentication server; in response to receiving the redirected access request, authenticating the client at the authentication server, and generating a session identifier for controlling access to the content server by the requesting client, the session identifier including a plurality of data fields having information associated with the access request including a digital signature field, wherein the digital signature field is generated by the authentication server using a first copy of a secret key and information from one or more other fields of the session identifier; generating a modified access request at the authentication server by appending the session identifier to the redirected access request, wherein the session identifier identifies the modified access request as being part of a session of requests; transmitting the modified access request from the authentication server to the requesting client; subsequently receiving the modified access request at the content server from the requesting client, the modified access request including the session identifier and the digital signature field in the session identifier; validating, at the content server, the session identifier in the modified access request to grant access to the requesting client, the session identifier being validated by creating a second digital signature using a second copy of the secret key and information from one or more other fields of the session identifier and comparing the second digital signature with the digital signature field in the modified access request. - View Dependent Claims (17, 18, 19)
-
-
20. A method of controlling access to a server from a plurality of clients, comprising:
-
receiving an access request at the server to access a first protected domain of the server, the access request coming from one of the plurality of clients, the server controlling access to a plurality of protected domains; based on the access request received by the server, generating a first session identifier for controlling access to the first protected domain h the requesting client, wherein the first session identifier includes a plurality of data fields having information associated with the access request, and wherein at least one of the plurality of data fields comprises an identification of the first protected domain and a digital signature field that is created using a secret key and information from one or more other fields of the first session identifier; transmitting the first session identifier to the requesting client to enable the requesting client to access the first protected domain; receiving a subsequent access request at the server from the requesting client, the subsequent access request including the first session identifier and the digital signature field in the session identifier, wherein the first session identifier identifies the subsequent access request as being part of a session of requests; validating the session identifier in the subsequent access request to authorize access to the server, the session identifier being validated by creating a second digital signature using the secret key and information from one or more other fields of the first session identifier and comparing the second digital signature with the received digital signature field; allowing access to the requesting client when the subsequent access request includes the first session identifier and requests access to the first protected domain; and denying access to the requesting client when the subsequent access request includes the first session identifier and requests access to a second protected domain of the server. - View Dependent Claims (21)
-
-
24. A system, comprising:
-
a content server configured to receive an access request from one of a plurality of clients; an authentication server configured to generate a session identifier based on the access request received by the content server, the session identifier for controlling access to the content server by the requesting client, wherein the session identifier includes a plurality of data fields having information associated with the access request including a digital signature field, and wherein the digital signature field is created using information in one or more other fields of the session identifier and a first copy of a secret key; the authentication server being further configured to transmit the session identifier to the requesting client to enable the requesting client to access the content server; and the content server being further configured to receive a subsequent access request from the requesting client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests and wherein the session identifier is validated to authorize access to the content server, the content server being configured to validate the session identifier by creating a second digital signature using a second copy of the secret key and information in one or more other fields of the session identifier and comparing the second digital signature with the received digital signature field. - View Dependent Claims (25, 26, 27, 28)
-
Specification