Distributed file system web server user authentication with cookies

US 5,875,296 A
Filed: 01/28/1997
Issued: 02/23/1999
Est. Priority Date: 01/28/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:

(a) responsive to receipt by the Web server of a user id and password from the client, executing a login protocol with the security service and storing a credential resulting therefrom;

(b) returning to the client a persistent client state object having an identifier therein; and

(c) having the client use the persistent client state object including the identifier in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt by the Web server of a user id and password from the Web client, a login protocol is executed with the security service. If the user can be authenticated, a credential is stored in a database of credentials associated with authenticated users. The Web server then returns to the Web client a persistent client state object having a unique identifier therein. This object, sometimes referred to as a cookie, is then used to enable the Web client to browse Web documents in the distributed file system. In particular, when the Web client desires to make a subsequest request to the distributed file system, the persistent client state object including the identifier is used in lieu of the user'"'"'s id and password, which makes the session much more secure. In this operation, the cookie identifier is used as a pointer into the credential storage table, and the credential is then retrieved and used to facilitate multiple file accessess from the distributed file system. At the same time, the Web client may obtain access to Web server (as opposed to distributed file system) documents via conventional user id and password in an HTTP request.

922 Citations

20 Claims

1. A method of authenticating a client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
- (a) responsive to receipt by the Web server of a user id and password from the client, executing a login protocol with the security service and storing a credential resulting therefrom;
  
  (b) returning to the client a persistent client state object having an identifier therein; and
  
  (c) having the client use the persistent client state object including the identifier in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system.
- View Dependent Claims (2, 3, 4)
- - 2. The method of authenticating as described in claim 1 wherein the identifier in the persistent client state object is used to retrieve the stored credential.
  - 3. The method of authenticating as described in claim 1 wherein the user id and password are provided to the Web server in an HTML form.
  - 4. The method of authenticating as described in claim 3 wherein the HTML form is completed by a user of the client.

5. A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
- (a) for an HTTP request received by the Web server, determining whether the Web client has a browser that supports persistent client state objects;
  
  (b) if the Web client has a browser that supports persistent client state objects, having the Web server sends the Web client a login HTML form and a first persistent client state object including a URL identified by the HTTP request;
  
  (c) having the user complete the HTML form with user id and password;
  
  (d) transmitting the completed form along with the first persistent client state object including the URL back to the Web server;
  
  (e) extracting information from the completed form and executing a login protocol with the security service to generate a credential;
  
  (f) returning to the Web client a second persistent client state object having an identifier therein; and
  
  (g) having the Web client use the second persistent client state object including the identifier in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system.
- View Dependent Claims (6)
- - 6. The method of authenticating as described in claim 5 wherein the identifier is used to access the credential.

7. A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
- (a) responsive to receipt of a transaction request from the Web client, executing a login protocol with the security service to determine whether the Web client has access rights to the distributed file system;
  
  (b) if the Web client does not have access rights to the distributed file system, returning an error message to the Web client;
  
  (c) if the Web client does have access rights to the distributed file system, storing a credential resulting from the login protocol in a database of credentials associated with authenticated users;
  
  (d) returning to the Web client a cookie having an identifier uniquely associated with the Web client; and
  
  (e) having the Web client use the cookie in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system.
- View Dependent Claims (8)
- - 8. The method of authenticating as described in claim 7 wherein the identifier in the cookie is used to retrieve the stored credential from the database.

9. A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
- maintaining credentials of the users authenticated to access the distributed file system in a storage;
  
  responsive to receipt from a Web client of a persistent client state object having an identifier therein, using the identifier to access one of the credentials in the storage; and
  
  using the credential to facilitate multiple file accesses in the distributed file system.

10. A computer program product for use in authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, the computer program product comprising:
- a computer-readable storage medium having a substrate; and
  
  program data encoded in the substrate of the computer-readable storage medium, wherein the program data comprises;
  
  means, responsive to receipt by the Web server of a user id and password from the Web client, for executing a login protocol with the security service and storing a credential resulting therefrom;
  
  means for returning to the Web client a persistent client state object having an identifier therein; and
  
  means responsive to receipt of the persistent client state object including the identifier for controlling subsequent access to Web documents in the distributed file system.
- View Dependent Claims (11, 12, 13)
- - 11. The computer program product as described in claim 10 wherein the program data further includes means for generating error messages responsive to the login protocol.
  - 12. The computer program product as described in claim 10 wherein the program data further includes means for establishing a store of the credentials of users authenticated to the distributed file system.
  - 13. The computer program product as described in claim 10 wherein the persistent client state object is a cookie.

14. A computer program product for use in authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, the computer program product comprising:
- a computer-readable storage medium having a substrate; and
  
  program data encoded in the substrate of the computer-readable storage medium, wherein the program data comprises;
  
  means for maintaining a storage of the credentials of the users authenticated to access the distributed file system; and
  
  means, responsive to receipt from a Web client of a persistent client state object having an identifier therein, for using the identifier to access one of the credentials in the storage to facilitate access to documents in the distributed file system.

15. A computer connectable to a distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising:
- a processor;
  
  an operating system;
  
  a Web server program for providing World Wide Web information retrieval to Web clients connectable to the Web server program via a stateless computer network;
  
  a server plug-in for authenticating Web clients to the Web server program, comprising;
  
  means, responsive to receipt by the Web server of a user id and password from a Web client, for executing a login protocol with the security service and storing a credential resulting therefrom;
  
  means for returning to the Web client a persistent client state object having an identifier therein; and
  
  means responsive to subsequent receipt of the persistent client state object including the identifier in lieu of a user id and password to control access to Web documents in the distributed file system.
- View Dependent Claims (16)
- - 16. The computer as described in claim 15 wherein the control means uses the identifier to access the credential.

17. A method of accessing documents from a Web server and a distributed file system to which the Web server is connected, the distributed file system supported in a distributed computing environment having a security service for returning a credential to a user authenticated to access the distributed file system, the method comprising the steps of:
- (a) responsive to receipt by the Web server of a user id and password from the Web client, executing a login protocol with the security service and storing a credential resulting therefrom;
  
  (b) returning to the Web client a persistent client state object having an identifier therein;
  
  (c) having the Web client use the persistent client state object including the identifier in lieu of a user id and password to obtain access to Web documents in the distributed file system; and
  
  (d) having the Web client use the user id and password to obtain access to Web documents in the Web server.
- View Dependent Claims (18, 19, 20)
- - 18. The method as described in claim 17 further including maintaining a storage of the credentials of the users authenticated to use the distributed file system.
  - 19. The method as described in claim 18 wherein the identifier is used to retrieve a credential from the storage.
  - 20. The method as described in claim 17 further including the step of providing a custom error message from the Web server to the Web client if the login protocol is unsuccessful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alibaba Group Holding Ltd.
Original Assignee
International Business Machines Corporation
Inventors
Shi, Shaw-Ben, Ault, Michael Bradford, Plassmann, Ernst Robert, Rich, Bruce Arland, Rosiles, Mickella Ann, Shrader, Theodore Jack London
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US08/790,041
Time in Patent Office

756 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/200.59, 395/200.33, 395/200.54, 395/200.47, 395/200.48, 395/200.49, 380/4, 380/24, 380/49
US Class Current

726/5
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/168   above the transport layer

Distributed file system web server user authentication with cookies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

922 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed file system web server user authentication with cookies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

922 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links