Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1999-07-08
2003-06-24
Luu, Le Hien (Department: 2141)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S227000, C709S229000
Reexamination Certificate
active
06584505
ABSTRACT:
TECHNICAL FIELD
This invention relates to user authentication systems. More particularly, the invention relates to the authentication of a user through an authentication server prior to granting access to an affiliate server. The authentication system also provides a mechanism for the central storage of user profile information.
BACKGROUND OF THE INVENTION
The recent growth in popularity of the Internet has significantly increased the number of Internet users and the number of Internet sites (also referred to as “web sites”). Web sites may provide various types of information to users, offer products or services for sale, and provide games and other forms of entertainment. Many web sites require users to “register” by providing information about themselves before the web server grants access to the site. This registration information may include the user's name, account number, address, telephone number, email address, computer platform, age, gender, or hobbies. The registration information collected by the web site may be necessary to complete transactions (such as commercial or financial transactions). Additionally, information can be collected which allows the web site operator to learn about the visitors to the site to better target its future marketing activities or adjust the information provided on the web site. The collected information may also be used to allow the web site to contact the user directly (e.g., via email) in the future to announce, for example, special promotions, new products, or new features of the web site.
When registering with a web site for the first time, the web site typically requests that the user select a login ID and an associated password. The login ID allows the web site to identify the user and retrieve the user's information during subsequent user visits to the web site. Generally, the login ID must be unique to the web site such that no two users have the same login ID. The password associated with the login ID allows the web site to authenticate the user during subsequent visits to the web site. The password also prevents others (who do not know the password) from accessing the web site using the user's login ID. This password protection is particularly important if the web site stores private or confidential information about the user, such as financial information or medial records.
If a user visits several different web sites, each web site may require entry of similar registration information about the user, such as the user's name, mailing address, and email address. This repeated entry of identical data is tedious when visiting multiple web sites in a short period of time. Many web sites require the user to register before accessing any information provided on the web site. Thus, the user must enter the requested registration information before they can determine whether the site contains any information of interest.
After registering with multiple web sites, the user must remember the specific login ID and password used with each web site or other Internet service. Without the correct login ID and password, the user must re-enter the registration information. A particular user is likely to have different login IDs and associated passwords on different web sites. For example, a user named Bob Smith may select “smith” as his login ID for a particular site. If the site already has a user with a login ID of “smith” or requires a login ID of at least six characters, then the user must select a different login ID. After registering at numerous web sites, Bob Smith may have a collection of different login IDs, such as: smith, smith1, bmith, smithb, bobsmith, bob_smith, and smithbob. Further, different passwords may be associated with different login IDs due to differing password requirements of the different web sites (e.g., password length requirements or a requirement that each password include at least one numeric character). Thus, Bob Smith must maintain a list of web sites, login IDs, and associated passwords for all sites that he visits regularly.
SUMMARY OF THE INVENTION
The invention allows a web user to maintain a single login ID (and associated password) that provides access to multiple web servers or services. Once the user has logged into an authentication server, it is not necessary to re-enter the login ID or user information when accessing other affiliated web servers. The single login ID has an associated user profile that contains the registration information typically requested by web servers during a user registration process. The authentication server authenticates each login ID using the associated password. The individual web servers are not required to authenticate the individual users. Further, to protect the user's password, the individual web servers do not receive the user's password. Instead, the individual web servers receive an indication of whether the user is logged into the authentication server and how long since the user login ID was last authenticated by the authentication server. The web servers execute a code sequence that allows each web server to interact with the authentication server.
An implementation of the invention receives a request from a network server to authenticate a user who is attempting to gain access to the network server. The process determines whether the user was already authenticated by the authentication server. If the user was already authenticated, then the network server is notified that the user is authenticated. If the user was not already authenticated by the authentication server, then login information is retrieved from the user and compared to authentication information maintained by the authentication server. The network server is notified that the user is authenticated if the retrieved login information matches the authentication information.
Other aspects of the invention provide for the determination of an elapsed time since the last authentication of the user. If the elapsed time since the last authentication of the user exceeds a timeout period identified by the network server, then the authentication of the user is refreshed.
In the described implementation of the invention, the user's login information and the authentication information maintained by the authentication server is concealed from the network server.
In accordance with another aspect of the invention, a user profile is communicated to the network server when providing notice that the user is authenticated.
Another aspect of the invention provides a cookie to an Internet browser operated by the user if the retrieved login information matches the authentication information. The cookie may contain user profile information, user authentication information, or a list of network servers previously visited by the user.
REFERENCES:
patent: 5586260 (1996-12-01), Hu
patent: 5590199 (1996-12-01), Krajewski, Jr. et al.
patent: 5649099 (1997-07-01), Theimer et al.
patent: 5684950 (1997-11-01), Dare et al.
patent: 5778065 (1998-07-01), Hauser et al.
patent: 6088450 (2000-07-01), Davis et al.
patent: 6105131 (2000-08-01), Carroll
patent: 6148402 (2000-11-01), Campbell
patent: 6189103 (2001-02-01), Nevarez et al.
patent: 6198824 (2001-03-01), Shambroom
patent: 6256741 (2001-07-01), Stubblebine
patent: 6263432 (2001-07-01), Sasmazel et al.
patent: 6278705 (2001-08-01), Chau et al.
patent: 6279111 (2001-08-01), Jensenworth et al.
patent: 6292895 (2001-09-01), Baltzley
patent: 6301658 (2001-10-01), Koehler
patent: 6317838 (2001-11-01), Baize
patent: 6321333 (2001-11-01), Murray
patent: 6405318 (2002-06-01), Rowland
patent: 2002/0002688 (2002-01-01), Gregg et al.
Kohl et al., “The Kerberos Network Authentication Server (V5),” Network Working Group RFC 1510, www.CIC.ohio.edu, Sep. 1999 (retrieved at http://www.ietf.org/rfc/rfc1510.txt?number=1510).
Anderson Darren L.
Battle Ryan W.
Howard John Hal
Kunins Jeffrey C.
Metral Max E.
Lee & Hayes PLLC
Luu Le Hien
Microsoft Corporation
LandOfFree
Authenticating access to a network server without... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authenticating access to a network server without..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authenticating access to a network server without... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3136388