Using an IP multimedia subsystem for HTTP session authentication
First Claim
1. A method for operating a processor in an Internet Protocol Multimedia Subsystem (IMS) to authenticate a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, the method comprising:
- receiving a request from a communication device to initiate an HTTP session with an online application that is hosted by a Web server on a public network;
determining whether the communication device is registered on the Internet Protocol Multimedia Subsystem, wherein the Internet Protocol Multimedia Subsystem and the Web server are operated by different network organizations;
in response to determining that the communication device is registered on the Internet Protocol Multimedia Subsystem;
generating an initial authentication token,wherein the generating is performed in the Internet Protocol Multimedia Subsystem; and
sending the generated initial authentication token to the communication device,wherein the initial authentication token is sent prior to receiving an HTTP session request from the communication device;
receiving an HTTP session request from the communication device;
determining whether the received HTTP session request includes a copy of the authentication token;
in response to determining that the received HTTP session request does not include a copy of the authentication token,requesting a copy of the authentication token, andreceiving the copy of the authentication token in response to the request;
determining whether the copy of the authentication token is valid; and
in response to determining that the authentication token is valid, transmitting the HTTP session request and the authentication token to the Web server to authenticate the communication device to the online application hosted by the Web server without an additional login from the communication device.
7 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method and system for utilizing an Internet Protocol Multimedia Subsystem (IMS) to authenticate an HTTP session between a communication device and an online application program. The method includes registering a communication device on an IMS, and generating an authorization token which is sent to the communication device. The communication device then embeds the authorization token in HTTP request communication directed to the IMS. The IMS, after verifying the authorization token, forwards the HTTP request and token to a selected Web server that hosts an online application to authenticate an HTTP session.
25 Citations
20 Claims
-
1. A method for operating a processor in an Internet Protocol Multimedia Subsystem (IMS) to authenticate a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, the method comprising:
-
receiving a request from a communication device to initiate an HTTP session with an online application that is hosted by a Web server on a public network; determining whether the communication device is registered on the Internet Protocol Multimedia Subsystem, wherein the Internet Protocol Multimedia Subsystem and the Web server are operated by different network organizations; in response to determining that the communication device is registered on the Internet Protocol Multimedia Subsystem; generating an initial authentication token, wherein the generating is performed in the Internet Protocol Multimedia Subsystem; and sending the generated initial authentication token to the communication device, wherein the initial authentication token is sent prior to receiving an HTTP session request from the communication device; receiving an HTTP session request from the communication device; determining whether the received HTTP session request includes a copy of the authentication token; in response to determining that the received HTTP session request does not include a copy of the authentication token, requesting a copy of the authentication token, and receiving the copy of the authentication token in response to the request; determining whether the copy of the authentication token is valid; and in response to determining that the authentication token is valid, transmitting the HTTP session request and the authentication token to the Web server to authenticate the communication device to the online application hosted by the Web server without an additional login from the communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. At least one non-transitory computer-readable medium storing instructions, which when executed by at least one processor in an Internet Protocol Multimedia Subsystem (IMS), authenticates a Hypertext Transfer Protocol (HTTP) session between a communication device and an online application, comprising:
-
receiving a request from a communication device to initiate an HTTP session with an online application that is hosted by a Web server on a public network; detecting whether a communication device is registered on the Internet Protocol Multimedia Subsystem, wherein the Internet Protocol Multimedia Subsystem and the Web server are operated by different network organizations; in response to determining that a communication device is registered on the Internet Protocol Multimedia Subsystem; generating an initial authentication token, wherein the initial authentication token is generated in the Internet Protocol Multimedia Subsystem; and causing the generated initial authentication token to be sent to the communication device, wherein the generated initial authentication token is sent to the communication device before an HTTP session request is received from the communication device; receiving an HTTP session request from the communication device; determining whether the received HTTP session request includes an authentication token; in response to determining that that the received HTTP session request does not include an authentication token, requesting an authentication token from the communication device; receiving a copy of the authentication token from the communication device; determining whether the copy of the authentication token is valid; and in response to determining that the copy of the authentication token is valid, causing the HTTP session request and authentication token to be sent to the Web server to authenticate the communication device to the online application hosted by the Web server without an additional login from the communication device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A communication device including a processor configured to execute program instructions to initiate a Hypertext Transfer Protocol (HTTP) session with an online application, comprising:
-
a memory for securely storing a received token; a processor for executing a sequence of stored instructions in order to; register the communication device with an Internet Protocol Multimedia Subsystem; receive a token from the Internet Protocol Multimedia Subsystem, wherein the received token was generated in the Internet Protocol Multimedia Subsystem; store the received token in the memory, wherein the received token is stored in the memory before the creation of a request to establish an HTTP session with an online application program that is hosted by a Web server on a public network, wherein the Web server and the Internet Protocol Multimedia Subsystem are operated by different network organizations; create a request to establish an HTTP session with the online application program; and wherein the processor is for executing a sequence of stored instructions further in order to; (a) embed the stored token in the request to establish an HTTP session such that an HTTP session is authenticated with the application program without having to perform a log-in procedure with the application program;
or(b) receive a request for the stored token in response to a determination that the request to establish an HTTP session does not include a copy of the token, and transmit the stored token in response to the received request for the stored token such that an HTTP session is authenticated with the application program without having to perform a log-in procedure with the application program. - View Dependent Claims (19, 20)
-
Specification