公开(公告)号：US20060277596A1

公开(公告)日：2006-12-07

申请号：US11146969

申请日：2005-06-06

申请人： Peter Calvert ,  Brian Eaton ,  Benjamin Harmon ,  Eric Wood

发明人： Peter Calvert ,  Brian Eaton ,  Benjamin Harmon ,  Eric Wood

IPC分类号： H04L9/32

CPC分类号： H04L67/1034 ,  H04L9/3271 ,  H04L63/0218 ,  H04L63/0428 ,  H04L63/0807 ,  H04L67/02 ,  H04L67/1002 ,  H04L67/1023 ,  H04L2209/76

摘要： A method is presented for managing session identifiers amongst a set of servers. The servers receive resource requests from clients, and the servers maintain sessions having session state information wherein each session is associated with a session identifier. When a server sends a response to a client, the response is accompanied by a first cookie and a second cookie, wherein the first cookie contains a copy of the session identifier and the second cookie contains a copy of the session identifier that has been cryptographically protected using a cryptographic key, wherein each server in the set of servers possesses a copy of the cryptographic key. If a server does not recognize the session identifier in the first cookie, the server decrypts the second cookie, and if the session identifier from the cookies are identical, the server will reuse the session identifier rather than generating a new session identifier.

摘要翻译： 呈现一种用于在一组服务器之间管理会话标识符的方法。 服务器接收来自客户端的资源请求，并且服务器维护具有会话状态信息的会话，其中每个会话与会话标识符相关联。 当服务器向客户端发送响应时，响应伴随着第一个cookie和第二个cookie，其中第一个cookie包含会话标识符的副本，第二个cookie包含密码保护的会话标识符的副本 使用加密密钥，其中该组服务器中的每个服务器具有加密密钥的副本。 如果服务器不识别第一个cookie中的会话标识符，则服务器解密第二个cookie，如果来自cookie的会话标识符相同，则服务器将重用会话标识符，而不是生成新的会话标识符。

公开(公告)号：US20060021004A1

公开(公告)日：2006-01-26

申请号：US10896314

申请日：2004-07-21

申请人： Anthony Moran ,  Brian Eaton ,  Heather Hinton ,  Benjamin Harmon

发明人： Anthony Moran ,  Brian Eaton ,  Heather Hinton ,  Benjamin Harmon

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  H04L63/0815

摘要： A method is presented for providing an HTTP-based authentication mechanism. A request for a controlled resource is received from a client at a first server, which sends a request for an uncontrolled resource to a second server, which may be an HTTP-based authentication server, e.g., by redirecting a request via the client to the second server or by forwarding a request directly to the second server. The second server then obtains authentication information from the client. The second server returns the authentication credential or the authenticated identify to the first server within a response message, e.g., by storing the authentication credential within one or more HTTP headers. In response to receiving the authentication information, the first server builds a session for the client and processes the original request for the controlled resource, e.g., by sending a redirection for the controlled resource through the client.

摘要翻译： 提出了一种提供基于HTTP的认证机制的方法。 从第一服务器的客户端接收对受控资源的请求，第一服务器向第二服务器发送对不受控资源的请求，第二服务器可以是基于HTTP的认证服务器，例如通过经由客户端将请求重定向到 通过将请求直接转发到第二台服务器。 然后，第二服务器从客户端获取认证信息。 第二服务器例如通过将认证凭证存储在一个或多个HTTP头部内，在响应消息内将认证凭证或认证标识返回给第一服务器。 响应于接收到认证信息，第一服务器为客户端建立会话并且处理对受控资源的原始请求，例如通过通过客户端发送受控资源的重定向。

公开(公告)号：US08006289B2

公开(公告)日：2011-08-23

申请号：US11305646

申请日：2005-12-16

申请人： Heather M. Hinton ,  Benjamin Harmon ,  Anthony Moran

发明人： Heather M. Hinton ,  Benjamin Harmon ,  Anthony Moran

IPC分类号： G06F21/00

CPC分类号： H04L63/08 ,  H04L63/0815

摘要： A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.

摘要翻译： 呈现用于管理用户的认证凭证的方法。 会话管理服务器针对包含受保护资源的域对用户执行会话管理。 会话管理服务器接收访问受保护资源的请求，该请求需要为第一类型的认证上下文生成的认证凭证。 为了响应于确定用于第二类型的认证上下文的用户的认证凭证，会话管理服务器向认证代理服务器发送包含用户的认证凭证的第一消息和用于第一类型的认证凭证的指示符 认证上下文。 会话管理服务器随后接收第二消息，该第二消息包含用于指示为第一类型的认证上下文生成了更新的认证凭证的用户的更新认证证书。

公开(公告)号：US20080134305A1

公开(公告)日：2008-06-05

申请号：US11305646

申请日：2005-12-16

申请人： Heather M. Hinton ,  Benjamin Harmon ,  Anthony Moran

发明人： Heather M. Hinton ,  Benjamin Harmon ,  Anthony Moran

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  H04L63/0815

摘要： A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.

摘要翻译： 呈现用于管理用户的认证凭证的方法。 会话管理服务器针对包含受保护资源的域对用户执行会话管理。 会话管理服务器接收访问受保护资源的请求，该请求需要为第一类型的认证上下文生成的认证凭证。 为了响应于确定用于第二类型的认证上下文的用户的认证凭证，会话管理服务器向认证代理服务器发送包含用户的认证凭证的第一消息和用于第一类型的认证凭证的指示符 认证上下文。 会话管理服务器随后接收第二消息，该第二消息包含用于指示为第一类型的认证上下文生成了更新的认证凭证的用户的更新认证证书。