Secure transmission of a session identifier during service authentication
US9578007B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 31, 2015 |
| Grant date | Feb 21, 2017 |
| Priority date | — |
| Expiry date | Mar 31, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/563
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.