Internet server access control and monitoring systems

US 9,900,305 B2
Filed: 12/13/2005
Issued: 02/20/2018
Est. Priority Date: 01/12/1998
Status: Expired due to Fees

- Alert
- Pin

First Claim

Patent Images

1. A method of controlling access to a content server from a plurality of clients, comprising:

receiving an access request at a content server from one of a plurality of clients;

based on the access request received by the content server, generating a session identifier for controlling access to the content server by the requesting client, wherein the session identifier includes a plurality of data fields having information associated with the access request including a digital signature field that is created using a secret key and information in one or more other fields of the session identifier;

transmitting the session identifier to the requesting client to enable the requesting client to access the content server;

receiving a subsequent access request at the content server from the requesting client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests; and

validating the session identifier in the subsequent access request to authorize access to the content server, the session identifier being validated by creating a second digital signature using the secret key and information in the one or more other fields of the received session identifier and comparing the second digital signature with the received digital signature field.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.

211 Citations

28 Claims

1. A method of controlling access to a content server from a plurality of clients, comprising:
- receiving an access request at a content server from one of a plurality of clients;
  
  based on the access request received by the content server, generating a session identifier for controlling access to the content server by the requesting client, wherein the session identifier includes a plurality of data fields having information associated with the access request including a digital signature field that is created using a secret key and information in one or more other fields of the session identifier;
  
  transmitting the session identifier to the requesting client to enable the requesting client to access the content server;
  
  receiving a subsequent access request at the content server from the requesting client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests; and
  
  validating the session identifier in the subsequent access request to authorize access to the content server, the session identifier being validated by creating a second digital signature using the secret key and information in the one or more other fields of the received session identifier and comparing the second digital signature with the received digital signature field.
- View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 22)
- - 2. The method of claim 1, wherein the plurality of data fields comprise a user identifier field and the digital signature field, and wherein the digital signature field comprises a cryptographic hash of the information in the user identifier field.
  - 3. The method of claim 2, wherein the plurality of data fields comprise a key identifier field having information for accessing the secret key, and wherein the cryptographic hash of the information in the user identifier field is encrypted using the secret key.
  - 4. The method of claim 3, wherein the digital signature comprises a cryptographic hash of the information in the user identifier field and the information in the key identifier field.
  - 5. The method of claim 1, wherein the session identifier further includes an expiration time field, and wherein the session identifier in the subsequent access request is further validated by verifying that the received expiration time field is later than a current time.
  - 6. The method of claim 1, wherein the plurality of data fields comprise a domain identifier field having information that enables the client to access a specific domain of the content server, and wherein the session identifier in the subsequent access request is further validated by verifying that the received domain identifier field identifies an authorized domain of the content server.
  - 13. The method of claim 1, wherein the access request includes a uniform resource locator, wherein generating a session identifier includes determining whether the access request is directed to a protected domain, wherein when the access request is directed to a protected domain, the content server determines whether the access request includes a session identifier, and wherein when the access request does not include a session identifier, a session identifier is generated.
  - 14. The method of claim 1, wherein the generated session identifier is appended to the subsequent access request received from the requesting client.
  - 15. The method of claim 1, farther comprising:
    - using the subsequent access request at the content server to grant access to the requesting client.
  - 22. The method of claim 1, wherein the plurality of data fields include a user identifier field that includes user profile information, further comprising:
    - in response to the subsequent access request, using the user identifier field in the session identifier to customize a page of information from the content server based on the user profile information; and
      
      transmitting the customized page of information to the requesting client.

7. A method of controlling access to a web server computer from a plurality of clients operating web browser software applications, comprising:
- receiving an HTTP access request at the web server from a web browser on a client;
  
  based on the HTTP access request received by the web server, generating a session identifier for controlling access to the web server by the requesting web browser, wherein the session identifier comprises a plurality of data fields including a digital signature field that is created using a secret key and information from one or more other fields of the session identifier;
  
  transmitting the session identifier to the client, enabling the web browser on the client to access the web server;
  
  receiving a subsequent HTTP access request at the web server from the web browser on the client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests; and
  
  validating the session identifier in the subsequent HTTP access request to authorize access to the content server, the session identifier being validated by creating a second digital signature using the secret key and information from one or more fields of the received session identifier and comparing the second digital signature with the received digital signature field.
- View Dependent Claims (8, 9, 10, 11, 12, 23)
- - 8. The method of claim 7, wherein the digital signature field comprises a cryptographic hash of the information from the one or more other fields of the session identifier.
  - 9. The method of claim 8, wherein the one or more other fields of the session identifier comprise a user identifier.
  - 10. The method of claim 7, wherein the subsequent requests for access to the web server comprise URL requests, and wherein the session identifier is embedded in the URL request.
  - 11. The method of claim 7, wherein the session identifier further includes an expiration time field, and wherein the session identifier in the subsequent HTTP access request is further validated by verifying that the received expiration time field is later than a current time.
  - 12. The method of claim 7, wherein the session identifier further includes a domain identifier field having information that enables the web browser to access a specific domain of the web server, and wherein the session identifier in the subsequent HTTP access request is further validated by verifying that the received domain identifier field identifies an authorized domain of the content server.
  - 23. The method of claim 7, wherein the plurality of data fields include a user identifier field that includes user profile information, further comprising:
    - in response to the subsequent HTTP access request, using the user identifier field in the session identifier to customize a page of information from the web server based on the user profile information; and
      
      transmitting the customized page of information to the web browser.

16. A method of controlling access to a content server from, a plurality of clients, comprising:
- receiving an access request at the content server from one of the plurality of clients;
  
  in response to receiving the access request, redirecting the access request from the content server to an authentication server;
  
  in response to receiving the redirected access request, authenticating the client at the authentication server, and generating a session identifier for controlling access to the content server by the requesting client, the session identifier including a plurality of data fields having information associated with the access request including a digital signature field, wherein the digital signature field is generated by the authentication server using a first copy of a secret key and information from one or more other fields of the session identifier;
  
  generating a modified access request at the authentication server by appending the session identifier to the redirected access request, wherein the session identifier identifies the modified access request as being part of a session of requests;
  
  transmitting the modified access request from the authentication server to the requesting client;
  
  subsequently receiving the modified access request at the content server from the requesting client, the modified access request including the session identifier and the digital signature field in the session identifier;
  
  validating, at the content server, the session identifier in the modified access request to grant access to the requesting client, the session identifier being validated by creating a second digital signature using a second copy of the secret key and information from one or more other fields of the session identifier andcomparing the second digital signature with the digital signature field in the modified access request.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the modified access request is automatically forwarded from the requesting client to the content server;
    - andin response to receiving the modified access request, the content server first validates the session identifier and then grants access to the requesting client.
  - 18. The method of claim 17, wherein an access request includes a request to transmit a document for display at the requesting client;
    - and wherein granting access to the requesting client includes transmitting the requested document to and displaying the requested document at the requesting client.
  - 19. The method of claim 16, wherein authentication includes determining whether the requesting client is a new requesting client, wherein when the requesting client is determined to be a new requesting client, the authentication server opens a new account prior to generating the session identifier.

20. A method of controlling access to a server from a plurality of clients, comprising:
- receiving an access request at the server to access a first protected domain of the server, the access request coming from one of the plurality of clients, the server controlling access to a plurality of protected domains;
  
  based on the access request received by the server, generating a first session identifier for controlling access to the first protected domain h the requesting client, wherein the first session identifier includes a plurality of data fields having information associated with the access request, and wherein at least one of the plurality of data fields comprises an identification of the first protected domain and a digital signature field that is created using a secret key and information from one or more other fields of the first session identifier;
  
  transmitting the first session identifier to the requesting client to enable the requesting client to access the first protected domain;
  
  receiving a subsequent access request at the server from the requesting client, the subsequent access request including the first session identifier and the digital signature field in the session identifier, wherein the first session identifier identifies the subsequent access request as being part of a session of requests;
  
  validating the session identifier in the subsequent access request to authorize access to the server, the session identifier being validated by creating a second digital signature using the secret key and information from one or more other fields of the first session identifier and comparing the second digital signature with the received digital signature field;
  
  allowing access to the requesting client when the subsequent access request includes the first session identifier and requests access to the first protected domain; and
  
  denying access to the requesting client when the subsequent access request includes the first session identifier and requests access to a second protected domain of the server.
- View Dependent Claims (21)
- - 21. The method of claim 20, further comprising:
    - generating a second session identifier including a plurality of data fields having information associated with the subsequent access request, wherein at least one of the plurality of data fields comprises an identification of the second protected domain;
      
      transmitting the second session identifier to the requesting client to enable the requesting client to access the second protected domain;
      
      receiving a subsequent access request at the server from the requesting client, the subsequent access request including the stored second session identifier;
      
      allowing access to the requesting client when the subsequent access request includes the second session identifier and requests access to the second protected domain.

24. A system, comprising:
- a content server configured to receive an access request from one of a plurality of clients;
  
  an authentication server configured to generate a session identifier based on the access request received by the content server, the session identifier for controlling access to the content server by the requesting client, wherein the session identifier includes a plurality of data fields having information associated with the access request including a digital signature field, and wherein the digital signature field is created using information in one or more other fields of the session identifier and a first copy of a secret key;
  
  the authentication server being further configured to transmit the session identifier to the requesting client to enable the requesting client to access the content server; and
  
  the content server being further configured to receive a subsequent access request from the requesting client, the subsequent access request including the session identifier and the digital signature field in the session identifier, wherein the session identifier identifies the subsequent access request as being part of a session of requests and wherein the session identifier is validated to authorize access to the content server, the content server being configured to validate the session identifier by creating a second digital signature using a second copy of the secret key and information in one or more other fields of the session identifier and comparing the second digital signature with the received digital signature field.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The system of claim 24, wherein the plurality of data fields comprise a user identifier field and the digital signature field, and wherein the digital signature field comprises a cryptographic hash of the information in the user identifier field.
  - 26. The system of claim 24, wherein the session identifier further includes an expiration time field, and wherein the content server further validates the session identifier by verifying that the received expiration time field is later than a current time.
  - 27. The system of claim 24, wherein the plurality of data fields comprise a domain identifier field having information that enables the client to access a specific domain of the content server, and wherein the content server further validates the session identifier by verifying that the received domain identifier identifies an authorized domain of the content server.
  - 28. The system of claim 24, wherein the plurality of data fields include a user identifier field that includes user profile information, and wherein the content server is further configured to customize a page of information from the content server based on the user profile information, and transmit the customized page of infoimation to the requesting client.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Soverain IP, LLC
Original Assignee
Soverain IP, LLC
Inventors
Morris, Stephen Jeffrey, Stewart, Lawrence C., Levergood, Thomas Mark, Treese, George Winfield, Payne, Andrew C.
Primary Examiner(s)
WINDER, PATRICE L

Application Number

US11/300,245
Publication Number

US 20060095526A1
Time in Patent Office

4,452 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/102   Bill distribution or payments

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0209   Incentive being awarded or ...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

Internet server access control and monitoring systems

First Claim

4 Assignments

Litigations

0 Petitions

Accused Products

Abstract

211 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Internet server access control and monitoring systems

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

211 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others