Patent · US Expired

Secure session management and authentication for web sites

US7216236B2 · kind B2 · utility

29Cited by

10References

26Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Wei Dong Kou · Hong Kong, CN
Lev Mirlas · Thornhill, CA
Yan Zhao · Toronto, CA

Key dates

Filing date	Mar 16, 2001
Grant date	May 8, 2007
Priority date	—
Expiry date	Feb 3, 2024

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0428
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The present invention comprises a system and method for secure session management and authentication between web sites and web clients. The method includes both secure and non-secure communication protocols, means for switching between secure and non-secure communication protocols, a session cookie and an authcode cookie. The session cookie is used for session management and the authcode cookie is used for authentication. The session cookie is transmitted using a non-secure communication protocol when the web client accesses a non-secure web page, whereas, the authcode cookie is transmitted using a secure communication protocol when the web client accesses a secure web page. Session management architecture and usage of two distinct cookies along with both secure and non-secure communication protocols prevents unauthorized users from accessing sensitive web client or web site information.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.