Using an IP multimedia subsystem for HTTP session authentication

US 9,992,183 B2
Filed: 10/11/2013
Issued: 06/05/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method for operating a processor in an Internet Protocol Multimedia Subsystem (IMS) to authenticate a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, the method comprising:

receiving a request from a communication device to initiate an HTTP session with an online application that is hosted by a Web server on a public network;

determining whether the communication device is registered on the Internet Protocol Multimedia Subsystem, wherein the Internet Protocol Multimedia Subsystem and the Web server are operated by different network organizations;

in response to determining that the communication device is registered on the Internet Protocol Multimedia Subsystem;

generating an initial authentication token,wherein the generating is performed in the Internet Protocol Multimedia Subsystem; and

sending the generated initial authentication token to the communication device,wherein the initial authentication token is sent prior to receiving an HTTP session request from the communication device;

receiving an HTTP session request from the communication device;

determining whether the received HTTP session request includes a copy of the authentication token;

in response to determining that the received HTTP session request does not include a copy of the authentication token,requesting a copy of the authentication token, andreceiving the copy of the authentication token in response to the request;

determining whether the copy of the authentication token is valid; and

in response to determining that the authentication token is valid, transmitting the HTTP session request and the authentication token to the Web server to authenticate the communication device to the online application hosted by the Web server without an additional login from the communication device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method and system for utilizing an Internet Protocol Multimedia Subsystem (IMS) to authenticate an HTTP session between a communication device and an online application program. The method includes registering a communication device on an IMS, and generating an authorization token which is sent to the communication device. The communication device then embeds the authorization token in HTTP request communication directed to the IMS. The IMS, after verifying the authorization token, forwards the HTTP request and token to a selected Web server that hosts an online application to authenticate an HTTP session.

25 Citations

View as Search Results

20 Claims

1. A method for operating a processor in an Internet Protocol Multimedia Subsystem (IMS) to authenticate a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, the method comprising:
- receiving a request from a communication device to initiate an HTTP session with an online application that is hosted by a Web server on a public network;
  
  determining whether the communication device is registered on the Internet Protocol Multimedia Subsystem, wherein the Internet Protocol Multimedia Subsystem and the Web server are operated by different network organizations;
  
  in response to determining that the communication device is registered on the Internet Protocol Multimedia Subsystem;
  
  generating an initial authentication token,wherein the generating is performed in the Internet Protocol Multimedia Subsystem; and
  
  sending the generated initial authentication token to the communication device,wherein the initial authentication token is sent prior to receiving an HTTP session request from the communication device;
  
  receiving an HTTP session request from the communication device;
  
  determining whether the received HTTP session request includes a copy of the authentication token;
  
  in response to determining that the received HTTP session request does not include a copy of the authentication token,requesting a copy of the authentication token, andreceiving the copy of the authentication token in response to the request;
  
  determining whether the copy of the authentication token is valid; and
  
  in response to determining that the authentication token is valid, transmitting the HTTP session request and the authentication token to the Web server to authenticate the communication device to the online application hosted by the Web server without an additional login from the communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the HTTP session request is received from the communication device using a Session Initiation Protocol (SIP).
  - 3. The method of claim 1, further comprising:
    - receiving an HTTP response from the Web server, the response being addressed to the communication device; and
      
      transmitting the received HTTP response to the communication device.
  - 4. The method of claim 1, further comprising assigning an expiration time to the initial authentication token.
  - 5. The method of claim 4, wherein determining whether the copy of the authentication token is valid comprises determining whether the assigned expiration time to the initial authentication token has expired.
  - 6. The method of claim 1, further comprising storing a copy of the initial authentication token.
  - 7. The method of claim 6, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication token with the copy of the initial authentication token to confirm that the copy of the authentication token and the initial authentication token are the same.
  - 8. The method of claim 1, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to an access control list.
  - 9. The method of claim 1, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to subscriber settings associated with the communication device.
  - 10. The method of claim 1, further comprising:
    - determining whether the initial authentication token has expired; and
      
      in response to determining that the initial authentication token has expired;
      
      generating a new replacement token;
      
      assigning a new expiration time; and
      
      sending the new replacement token to the communication device.

11. At least one non-transitory computer-readable medium storing instructions, which when executed by at least one processor in an Internet Protocol Multimedia Subsystem (IMS), authenticates a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, comprising:
- receiving a request from a communication device to initiate an HTTP session with an online application that is hosted by a Web server on a public network;
  
  detecting whether a communication device is registered on the Internet Protocol Multimedia Subsystem, wherein the Internet Protocol Multimedia Subsystem and the Web server are operated by different network organizations;
  
  in response to determining that a communication device is registered on the Internet Protocol Multimedia Subsystem;
  
  generating an initial authentication token,wherein the initial authentication token is generated in the Internet Protocol Multimedia Subsystem; and
  
  causing the generated initial authentication token to be sent to the communication device,wherein the generated initial authentication token is sent to the communication device before an HTTP session request is received from the communication device;
  
  receiving an HTTP session request from the communication device;
  
  determining whether the received HTTP session request includes an authentication token;
  
  in response to determining that that the received HTTP session request does not include an authentication token, requesting an authentication token from the communication device;
  
  receiving a copy of the authentication token from the communication device;
  
  determining whether the copy of the authentication token is valid; and
  
  in response to determining that the copy of the authentication token is valid, causing the HTTP session request and authentication token to be sent to the Web server to authenticate the communication device to the online application hosted by the Web server without an additional login from the communication device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The non-transitory computer-readable medium of claim 11, further comprising assigning an expiration time to the initial authentication token.
  - 13. The non-transitory computer-readable medium of claim 12, wherein determining whether the copy of the authentication token is valid comprises determining whether the copy of the initial authentication token has expired.
  - 14. The non-transitory computer-readable medium of claim 11, further comprising storing a copy of the initial authentication token.
  - 15. The non-transitory computer-readable medium of claim 14, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication token with the copy of the initial authentication token to confirm that the copy of the authentication token and the initial authentication token are the same.
  - 16. The non-transitory computer-readable medium of claim 11, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to an access control list.
  - 17. The non-transitory computer-readable medium of claim 11, wherein determining whether the copy of the authentication token is valid comprises comparing the copy of the authentication component to subscriber settings associated with the communication device.

18. A communication device including a processor configured to execute program instructions to initiate a Hypertext Transfer Protocol (HTTP) session with an online application, comprising:
- a memory for securely storing a received token;
  
  a processor for executing a sequence of stored instructions in order to;
  
  register the communication device with an Internet Protocol Multimedia Subsystem;
  
  receive a token from the Internet Protocol Multimedia Subsystem, wherein the received token was generated in the Internet Protocol Multimedia Subsystem;
  
  store the received token in the memory,wherein the received token is stored in the memory before the creation of a request to establish an HTTP session with an online application program that is hosted by a Web server on a public network,wherein the Web server and the Internet Protocol Multimedia Subsystem are operated by different network organizations;
  
  create a request to establish an HTTP session with the online application program; and
  
  wherein the processor is for executing a sequence of stored instructions further in order to;
  
  (a) embed the stored token in the request to establish an HTTP session such that an HTTP session is authenticated with the application program without having to perform a log-in procedure with the application program;
  
  or(b) receive a request for the stored token in response to a determination that the request to establish an HTTP session does not include a copy of the token, andtransmit the stored token in response to the received request for the stored token such that an HTTP session is authenticated with the application program without having to perform a log-in procedure with the application program.
- View Dependent Claims (19, 20)
- - 19. The communication device of claim 18, wherein the token is stored in an IP Multimedia Services Identity Module (ISIM).
  - 20. The communication device of claim 18, wherein the token has an expiration time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Engelhart, Robert L.
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/051,448
Publication Number

US 20140282990A1
Time in Patent Office

1,698 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

Using an IP multimedia subsystem for HTTP session authentication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using an IP multimedia subsystem for HTTP session authentication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links