Method for restricting access to a web site by remote users
First Claim
1. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
- a. installing a client-side software program on the client machine for generating a client machine-specific identifier, the client machine-specific identifier being substantially unique to the particular machine upon which such client-side software program is initially installed;
b. operating the client-side software program on the client machine to generate the client machine-specific identifier;
c. generating a password remote from the client machine and providing the password to a user of the client machine, the password being derived from the client machine-specific identifier generated in step b., and uniquely corresponding thereto;
d. issuing a request by the client machine to the server computer for access to data maintained on the server computer;
e. responding to the request for access of step d. by having the client machine re-generate its machine-specific identifier;
f. verifying on the client machine whether the client machine-specific identifier re-generated in step e. uniquely corresponds with the password generated in step c.; and
g. recognizing the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is true, and refusing to recognize the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is false.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of restricting access to data maintained on a server computer by one or more authorized, networked client machines includes the step of installing a client-side software program on the client machine for generating a client machine-specific identifier determined by particular characteristics of the client machine. The machine-specific identifier is used by the server administrator to generate a unique password, which the user enters into the client-side software program. Server-side software is embedded on protected Web pages of the server computer that hosts the protected Web site. When a user desires access to protected content, the client-side software is prompted to re-generate its machine-specific identifier and valid client password list for comparison with the password previously entered by the user. Access is granted if they correspond, and denied if they do not. If the client machine is recognized as being authorized to access data on the protected Web site during a first access request, then the current session identifier is saved in a temporary storage table remote from the client machine for indicating current working sessions of authorized client machines. The client machine returns such session identifier with each additional request for access, and the temporary storage table is consulted to search for such session identifier before granting access.
51 Citations
18 Claims
-
1. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
-
a. installing a client-side software program on the client machine for generating a client machine-specific identifier, the client machine-specific identifier being substantially unique to the particular machine upon which such client-side software program is initially installed; b. operating the client-side software program on the client machine to generate the client machine-specific identifier; c. generating a password remote from the client machine and providing the password to a user of the client machine, the password being derived from the client machine-specific identifier generated in step b., and uniquely corresponding thereto; d. issuing a request by the client machine to the server computer for access to data maintained on the server computer; e. responding to the request for access of step d. by having the client machine re-generate its machine-specific identifier; f. verifying on the client machine whether the client machine-specific identifier re-generated in step e. uniquely corresponds with the password generated in step c.; and g. recognizing the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is true, and refusing to recognize the client machine as being authorized to access data maintained on the server computer if the verification performed by step f. is false. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of restricting access to data maintained on a server computer by an authorized client machine, said method comprising the steps of:
-
a. creating a session identifier in a computer remote from the client machine for a current browsing session of the client machine; b. transmitting to the client machine the session identifier created in step a.; c. storing the session identifier transmitted in step b. within the client machine; d. verifying, on the client machine, that the client machine is authorized to access data maintained on the server computer; e. obtaining the session identifier stored in step c., and storing such session identifier within a storage table remote from the client machine if such client machine was verified in step d.; f. transmitting a request by the client machine for access to data maintained on the server computer, such request including the session identifier stored in step c.; g. comparing the session identifier transmitted in step f. with the session identifier stored in the storage table during step e. to determine whether the request for access transmitted in step f. is authorized; and h. permitting access by the client machine to the requested data maintained on the server computer if the comparison made in step g. shows that the request for access is authorized, and denying access by the client machine to the requested data maintained on the server computer if the comparison made in step g. shows that the request for access is not authorized. - View Dependent Claims (12, 13)
-
-
14. A computer program product tangibly embodied in an information carrier, the computer program product including instructions that, when executed, perform operations for restricting access to data maintained on a server computer, the method comprising:
-
a. receiving a request from a client machine for access to data stored on a server; b. generating a password remote from the client machine, and providing the password to the client machine or to a user of the client machine, the password being derived from, and corresponding to, a client machine-specific identifier generated on the client machine; c. transmitting to the client machine instructions to re-generate the password and to verify, on the client machine, whether the client machine-specific identifier uniquely corresponds with the password generated at step b.; and d. allowing access to the data if the verification performed by step c. is true, and denying access to the data if the verification performed by step c. is false.
-
-
15. A method for determining authorization to access data, comprising:
-
a. receiving, from a client machine, a request for data on a server; b. verifying on the client machine the existence of, or providing to the client machine, a client application that is adapted to calculate, with a client-machine key, a machine-specific identifier; c. transmitting, to the client machine, the client-machine key, if the client machine did not contain the client-machine key when the request for data was received; d. generating a password remote from the client machine and providing the password to the client machine or to a user of the client machine, the password being derived from, and corresponding to, the machine-specific identifier; e. receiving, from the client machine, the machine-specific identifier, verified by the client machine by re-generation of the machine-specific identifier using the client application and client-machine key; and f. allowing access to the data on the server if the verification in step e. is true, and not allowing access to the data on the server if the verification in step e. is false. - View Dependent Claims (16, 17, 18)
-
Specification