US20070282909A1 - Secure authentication proxy architecture for a web-based wireless intranet application - Google Patents

Secure authentication proxy architecture for a web-based wireless intranet application Download PDF

Info

Publication number
US20070282909A1
US20070282909A1 US11702896 US70289607A US2007282909A1 US 20070282909 A1 US20070282909 A1 US 20070282909A1 US 11702896 US11702896 US 11702896 US 70289607 A US70289607 A US 70289607A US 2007282909 A1 US2007282909 A1 US 2007282909A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
intranet
server
described
link
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11702896
Inventor
David Watson
Mark Stantz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Palm Inc
Original Assignee
Palm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/28Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network
    • H04L67/2814Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network for data redirection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0884Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/02Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/04Network-specific arrangements or communication protocols supporting networked applications adapted for terminals or networks with limited resources or for terminal portability, e.g. wireless application protocol [WAP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/32Network-specific arrangements or communication protocols supporting networked applications for scheduling or organising the servicing of application requests, e.g. requests for application data transmissions involving the analysis and optimisation of the required network resources
    • H04L67/327Network-specific arrangements or communication protocols supporting networked applications for scheduling or organising the servicing of application requests, e.g. requests for application data transmissions involving the analysis and optimisation of the required network resources whereby the routing of a service request to a node providing the service depends on the content or context of the request, e.g. profile, connectivity status, payload or application type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/08Protocols for interworking or protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32High level architectural aspects of 7-layer open systems interconnection [OSI] type protocol stacks
    • H04L69/322Aspects of intra-layer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Aspects of intra-layer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer, i.e. layer seven
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99932Access augmentation or optimizing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99933Query processing, i.e. searching
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99941Database schema or data structure
    • Y10S707/99944Object-oriented database structure
    • Y10S707/99945Object-oriented database structure processing

Abstract

A method and server system for exchanging data between a wireless electronic device and another computer system. This system allows a wireless electronic device to securely communicate with an Intranet by verifying authentication parameters. The first authentication parameter is the device serial number and a password which authenticates the network connection. The second authentication parameter is a user name and password that authenticates the user's access to applications on the Intranet. The system uniquely integrates the authentication parameters into every query the wireless device makes to the Intranet to maintain the session between the wireless device and the Intranet. Beneficially, the authentication parameters are not stored on any particular network device and do not burden either the server or the wireless device with maintaining the session. In another embodiment of the present invention, the server system uses a link rewriter service for examining web pages generated by applications of the Intranet to identify links that target any application that is resident on the Intranet. The link rewriter uses a look up table in a database to rewrite the link to include a keyword that designates the targeted application and its Intranet server. The keyword is then used to route links to the Intranet and if a link is not resident on the Intranet, the query will be routed to the Internet.

Description

    RELATED APPLICATIONS
  • This Application is a Continuation of co-pending commonly owned U.S. patent application Ser. No. 10/703,006, Attorney Docket Palm-3685.CON, filed Nov. 05, 2003, to Watson and Stantz, entitled “Secure Authentication Proxy Architecture for a Web-Based Wireless Intranet Application,” which in turn was a Continuation of U.S. patent application Ser. No. 09/917,391, now U.S. Pat. No. 6,732,105, filed Jul. 27, 2001 entitled “Secure Authentication Proxy Architecture for a Web-Based Wireless Intranet Application” to Watson and Stantz. Both applications are incorporated herein in their entirety by reference for all purposes.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to the field of data processing. More specifically, embodiments of the present invention relate to providing a method for a wireless electronic device (e.g., a portable computer system, a palmtop computer system, cell phone, pager or any other hand held electronic device) to connect with authenticated access to Intranet web applications.
  • 2. Related Art
  • Computer systems have evolved into extremely sophisticated devices that may be found in many different settings. Computer systems typically include a combination of hardware (e.g., semiconductors, circuit boards, etc.) and software (e.g., computer programs). As advances in semiconductor processing and computer architecture push the performance of computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than just a few years ago.
  • Other changes in technology have also profoundly affected how people use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed to allow individual users to communicate with each other. In this manner, a large number of people within a company could communicate at the same time with a central software application running on one computer system.
  • As corporations utilize increasingly distributed and open computing environments, the security requirements of an enterprise typically grow accordingly. The complexity of employee, customer and partner access to critical information, while assuring proper security, has proven to be a major hurdle. For example, many organizations implement applications that allow their external business partners, as well as their own internal employees, to access sensitive information resources within the enterprise. In the absence of adequate security measures, an enterprise may be subject to the risk of decreased security and confidentiality.
  • As a result, authentication mechanisms are usually implemented to protect information resources from unauthorized users. Examples of network security products include firewalls, digital certificates, virtual private networks, and single sign-on systems. Some of these products provide limited support for resource-level authorization. For example, a firewall can screen access requests to an application or a database, but does not provide object-level authorization within an application or database.
  • Single Sign-On (SSO) products, for example, maintain a list of resources an authenticated user can access by managing the login process to many different applications. However, firewalls, SSO and other related products are very limited in their ability to implement a sophisticated security policy characteristic of many of today's enterprises. They are limited to attempting to manage access at a login, or “launch level, ” which is an all or nothing approach that can't implement an acceptable level of security that is demanded by businesses supporting Intranets.
  • FIG. 1A illustrates a prior art system 100 of a palmtop or “palm sized” computer system 104 connected to other computing systems and an Intranet via a cradle. Specifically, system 100 comprises a palmtop device 104 connected to PC 103, which can be a serial communication bus, but could be any of a number of well known communication standards and protocols, e.g., a parallel bus, Ethernet, Local Area Network (LAN), and the like. PC 103 is connected to server 101 and database 102 by an authenticated network connection. In the prior art system 100, two authentication parameters are achieved to provide a secure connection. First, PC 103 is physically connected to the server 101 to establish a network connection. The physical location of PC 103 is usually sufficient for the network connection to be approved. Secondly, when applications on server 101 are used, the user of PC 103 must provide a user name and password to authorize use. In this configuration, security and authentication is achieved first on the network level by authenticating the user's login name and password or device identification over the network and secondly on the application level by again authenticating the users login name and password.
  • Similarly, FIG. 1B is a prior art system 105 illustrating a palmtop computer connected to other computer systems and the Internet via a modem or dial up device. Specifically, palm device 104 is connected to modem 106, which can be a serial communication bus, but could be of any of a number of well known communication standards and protocols, e.g., a parallel bus, Ethernet, Local Area Network (LAN), and the like. Modem 106 is connected to server 101 and database 102 by an authenticated dial-up network connection. In the prior art system 105, two authentication parameters are achieved to provide a secure connection. First, modem 106 must provide a correct user name and password to the server 101 to establish a network connection. Secondly, when applications on server 101 are used, the user of palm device 104 must provide a user name and password to authenticate use. In this configuration, security and authentication is achieved first on the network level by authenticating the user's login name and password or device identification when the modem makes a connection to the network and secondly on the application level by again authenticating the users login name and password.
  • In these two configurations, a secure authentication process occurs in which two layers of authentication occur. First a network authentication is processed and secondly, an application authentication occurs. At least one of the authentication processes rely on the user supplying a user name and a password and both require network level authentication.
  • Unfortunately, most wireless communications do not support double authentication. Due to the differences between ECC encryption associated with wireless protocol and SSL encryption associated with traditional IP protocol, security and authentication mechanisms associated with mobile and wireless need to be modified to provide the same level of security as does the traditional land based communications. For example, mobile and wireless devices often access web servers through Internet gateways that provide no assurance of the identity of a device or user. In other words, they provide no network level of security. Intranet security guidelines for most companies usually require both authentication of a device to the network and of a user to each application before access to internal resource can be permitted.
  • Therefore, there exists a need for a mechanism which allows wireless devices to establish secure and authenticated connections to applications that reside on Intranet networks.
  • SUMMARY OF THE INVENTION
  • In accordance with the present invention, a system and method are disclosed to permit portable wireless devices secure and authenticated access to applications that are on an Intranet server. Embodiments of the present invention provide a flexible, inexpensive way for wireless network users to access Intranet applications while protecting Intranet resources (e.g., enterprise resources) against unauthorized access. In addition, the invention does not impose the authentication burden upon individual applications or require the use of application specific middleware or specific mobile application framework.
  • Embodiments of the present invention include a method and server system for exchanging data between a hand-held wireless electronic device and another computer system. This system allows a wireless electronic device to securely communicate with an Intranet by verifying two authentication parameters to provide network level authentication. The first authentication parameter is the device serial number and a password which authenticates the network connection. The second authentication parameter is a user name and password that authenticates the user's access to applications on the Intranet. In one embodiment of the present invention, the system uniquely integrates the authentication parameters into every query the wireless device makes to the Intranet by adding the parameters to each link that is communicated to the device from the Intranet service. In this configuration, the authentication parameters maintain the session between the wireless device and the Intranet. Beneficially, the authentication parameters are not stored on any particular network device and do not burden either the server or the wireless device with maintaining the session. In another embodiment of the present invention, the server system uses a link rewriter service for examining web pages generated by applications of the Intranet to identify links that point to any application that is resident on the Intranet. Once an Intranet link is queried, the link rewriter uses a look up table in a database to rewrite the link to include a keyword that designates both the targeted application and its Intranet server. If a link is not resident on the Intranet, it will not be rewritten thereby causing it to be executed/routed over the Internet.
  • More specifically, the present invention includes a server system comprising a network translator for communicating with wireless electronic devices and translating between wireless communication protocol and IP communication protocol. The server system also contains an Intranet comprising a plurality of Intranet servers, each comprising applications. In addition is a proxy server coupled to the network translator and Intranet. The proxy server is for routing queries received from the wireless electronic device to an appropriate server destination and for routing responses to wireless electronic devices. The proxy server comprises a link rewriter service for examining web pages generated by applications of the Intranet to identify links that point to any application that resides in the Intranet, translating each identified link to include a keyword that designates both the targeted application and its Intranet server. The proxy server also comprises a routing service for examining queries sent from the wireless electronic device and for routing queries with recognized keywords to the Intranet and for routing others to the Internet.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
  • FIG. 1A is a prior art system illustration of a palmtop or “palm sized” computer system connected to other computer systems and the Internet via a cradle device and having network authorization.
  • FIG. 1B is a prior art system illustration of a palmtop or “palm sized” computer system connected to other computer systems and the Internet via a modem or dial-up device and having network authorization.
  • FIG. 2 illustrates a block diagram of an exemplary wireless communication network environment including a wireless electronic device in accordance with an embodiment of the present invention.
  • FIG. 3 is a logical block diagram of an exemplary palmtop computer system in accordance with an embodiment of the present invention.
  • FIG. 4 is a flow diagram showing the sequence and pathway of data communication over an exemplary wireless communication network in accordance with an embodiment of the present invention.
  • FIG. 5 illustrates a system environment in which embodiments of the present invention can operate including a mobile wireless electronic device and one or more available remotely located resources.
  • FIG. 6 illustrates a system environment in which embodiments of the present device can operate including a proxy server containing one or more system based applications.
  • FIG. 7 is a flow diagram illustrating a discovery process of one embodiment of the present invention for discovering if a query includes a recognized link for Intranet data accessing and routing the query accordingly.
  • FIG. 8 is a flow diagram illustrating a link rewriting process of one embodiment of the present invention for rewriting specific links to specify the Intranet server(s).
  • FIG. 9 is a flow diagram illustrating a registration process of one embodiment of the present invention for registering a device to have network access on the network gateway.
  • FIG. 10 is an illustration of a keyword look up table used in one embodiment of the present invention.
  • DETAILED DESCRIPTION OF THE INVENTION
  • Reference will now be made in detail to the preferred embodiments of the invention, examples of which are illustrated in the accompanying drawings. While the invention will be described in conjunction with the preferred embodiments, it will be understood that they are not intended to limit the invention to these embodiments. On the contrary, the invention is intended to cover alternatives, modifications and equivalents, which may be included within the spirit and scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present invention, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be obvious to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present invention.
  • Notation and Nomenclature
  • Some portions of the detailed descriptions that follow are presented in terms of procedures, logic blocks, processing, and other symbolic representations of operations on data bits within a computer memory. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. A procedure, logic block, process, etc., is here, and generally, conceived to be a self-consistent sequence of steps or instructions leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, bytes, values, elements, symbols, characters, terms, numbers, or the like.
  • It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present invention, discussions utilizing terms such as “setting,” “storing,” “scanning,” “receiving,” “sending,” “disregarding,” “entering,” or the like, refer to the action and processes (e.g., processes 700, 800 and 900) of a computer system or similar intelligent electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
  • Although the server system of the present invention may be implemented in a variety of different electronic systems such as a pager, a mobile phone, a calculator, a portable electronic device, a personal digital assistant (PDA), etc., one exemplary embodiment includes the server system with a portable computing system. It should be understood that the descriptions corresponding to FIGS. 1-4 provide some general information about an exemplary portable computing system.
  • FIG. 2 is a block diagram of an exemplary network environment 200 including an exemplary portable electronic system 201 (e.g., a personal digital assistant). The personal digital assistant 201 is also known as a palmtop or palm-sized electronic system. The personal digital assistant 201 has the ability to transmit and receive data and information over a wireless communication interface. The personal digital assistant 201 is one exemplary implementation on which the present invention can operate. The present invention can operate with most portable electronic system/device having wireless communication capabilities.
  • Base station 202 is both a transmitter and receiver base station which can be implemented by coupling it into an existing public telephone network 203. Implemented in this manner, base station 202 enables the personal digital assistant 201 to communicate with a proxy server computer system 205, which is coupled by wire 204 to the existing telephone network 203. Furthermore, proxy server computer system 205 is coupled to the Internet 507 or with Intranet 508, thereby enabling the personal digital assistant to communicate with the Internet 507 or with an Intranet 508. It should be appreciated that within the present embodiment, one of the functions of the proxy server 205 is to perform operations over the Internet 507 on behalf of the personal digital assistant 201. For example, proxy server 205 has a particular Internet address and acts as a proxy device for the personal digital assistant 201 over the Internet 507. It should be further appreciated that other embodiments of a communications network may be utilized in accordance with the present invention.
  • The data and information which are communicated between base station 202 and the personal digital assistant 201 are a type of communication and data that can conventionally be transferred and received over a public telephone wire network system. However, a wireless communication interface is utilized to communicate data and information between the personal digital assistant 201 and the base station 202. It should be appreciated that one embodiment of a wireless communication system in accordance with the present invention is the Cingular wireless communication system.
  • FIG. 3 is a block diagram of exemplary circuitry of portable computing system 201 in accordance with one embodiment of the present invention. The computer system 201 includes a central processor for processing information and instructions. It is appreciated that central processor unit 301 may be a microprocessor or any other type of processor. The computer system 201 also includes data storage features such as a volatile memory 303 (e.g., random access memory, static RAM, dynamic RAM, etc.) for storing information and instructions for the central processor 301 and a non-volatile memory 302 (e.g., read only memory, programmable ROM, flash memory, EPROM, EEPROM, etc.) for storing static information and instructions for the processor 301. Computer system 201 may also include an optional data storage device 304 (e.g., thin profile removable memory) for storing information and instructions. It should be understood that device 304 may be removable. Furthermore, device 304 may also be a secure digital (SD) card reader or equivalent removable memory reader.
  • Also included in computer system 201 of FIG. 3 is an alphanumeric input device 306 which in one implementation is a handwriting recognition pad (“digitizer”) and may include integrated push buttons in one embodiment. Device 306 can communicate information (spatial data and pressure data) and command selections to the central processor 301. The coordinate values (spatial information) and pressure data are then output on separate channels for sampling by the processor 301. In one implementation, there are many different discrete levels of pressure that can be detected by the digitizer 306.
  • System 201 of FIG. 3 also includes an optional cursor control or directing device 307 for communicating user input information and command selections to the central processor 301. In one implementation, device 307 is a touch screen device (also a digitizer) incorporated with screen 305. Device 307 is capable of registering a position on the screen 305. The digitizer of 306 or 307 may be implemented using well known devices, for instance, using the ADS-7846 device by Burr-Brown that provides separate channels for spatial stroke information and pressure information.
  • Computer system 201 also contains a flat panel display device 305 for displaying information to the computer user. The display device 305 utilized with the computer system 201 may be a liquid crystal device (LCD), cathode ray tube (CRT), field emission device (FED, also called flat panel CRT), plasma or other display technology suitable for creating graphic images and alphanumeric characters recognizable to the user. In one embodiment, the display 305 is a flat panel multi-mode display capable of both monochrome and color display modes.
  • Also included in computer system 201 of FIG. 3 is a signal communication device 308 that may be a serial port (or USB port) for enabling system 201 to communicate PC 103. As mentioned above, in one embodiment, the communication interface is a serial communication port, but could also alternatively be of any of a number of well known communication standards and protocols, e.g., parallel, SCSI, Ethernet, FireWire (IEEE 1394), USB, etc. including wireless communication.
  • In one implementation, the Cingular wireless communication system may be used to provide two way communication between computer system 201 and other networked computers and/or the Internet (e.g., via a proxy server). In other embodiments, transmission control protocol (TCP) can be used or Short Message Service (SMS) can be used.
  • FIG. 4 is a block diagram of a communication pathway in accordance with the present invention. In the present embodiment, the device is a wireless device 201; however, it is appreciated that the wireless device may be another type of intelligent electronic device. FIG. 4 illustrates the flow of data starting with a wireless device 201. From wireless device 201, the data is transmitted to base station 202 where it enters the existing telephone network 204. From the existing telephone network 204, data is transmitted over wire to translation server 404. The translation server 404 is necessary because wireless communications networks operate using a series of wireless protocols and the proxy server 205 communicates using IP protocol. Accordingly, to transfer data from a wireless device 201 to the proxy server 205 network, the communication protocol must be converted by the translation server 404 from wireless protocol to IP protocol. Once the data is converted to IP protocol, the data is sent to proxy server 205 where it then may enter the Intranet 508.
  • FIG. 5 illustrates a system environment 500 including a mobile wireless electronic device 201 and an Intranet 508 coupled to a proxy server 205, a protocol translator 404 and the Internet 507. Portal launcher 503 is an application that resides on portable wireless electronic device 201 and aids in connecting to the network gateway. The launcher 503 provides authentication parameters to the browser 502. Browser 502 is very similar to a web browser or “mini-browser” used to browse web pages on the Internet. Browser 502 is used to browse wireless communications received on wireless electronic device 201. When Portal launcher 503 executed, an authenticated connection is required to gain a network connection. In the case of one embodiment of the present invention, the serial number belonging to the wireless electronic device 201 in addition to a security password is used to authenticate the network connection on the first message. When the browser application 502 is executed, the portable electronic device 201 transmits the serial number and password via browser 502 to protocol translator 404 and proxy server 205.
  • Proxy server 205 checks with a database in LDAP 509 to validate that the portable electronic device 201 is a registered user of the network. If the serial number of the portable wireless device 201 is a registered user of the network, the password must match the record in LDAP 509 to secure a network connection. If the serial number of the portable electronic device 201 and/or the password do not match the LDAP 509 database, the device 201 will not be authenticated to use the network 508. If the records in LDAP 509 match the provided authentication parameters, the device 201 will be allowed to communicate over the gateway.
  • In one embodiment of the present invention, an approved network user has the capability to register a device that is not currently registered with LDAP 509. On the portable electronic device 201, there is an application named register 504. This application allows the user to register a device on LDAP 509 by supplying a user name and password. If the user name and password that are supplied match the user name and password stored in network authentication table 511, the serial number of the device will then be updated in LDAP 509 as a registered device of the network. If the user name and password do not match the record in network authentication table 511, the device 201 will not be registered as an authenticated device on the network. This is described in more detail in FIG. 9.
  • Now referring to FIG. 6 which represents a system 600 illustrating the components of proxy server 205 that include link rewriter 604, server user authenticator 605, router 606, server authentication adder 607 and keyword table 608. In FIG. 6, proxy server 205 is coupled to translation server 404, Intranet 508 and the Internet 507. System 600 includes a uniquely intelligent active proxy server 205 designed to operate between a web client device (or gateway representing such a device) and a non-Internet accessible corporate network (“Intranet”) 508 containing one or more web servers 609. Proxy server 205 accepts authentication parameters provided by wireless device 201 as a query or form parameter in HTTP. The authentication parameters could include, but are not limited to, the serial number of wireless device 201 and a password. The authentication parameters are the basis of the authenticated session and every authenticated query must contain the authentication parameters either as GET query parameters or form variables to maintain a session. Server user authenticator 605 checks the authentication parameters against an internal LDAP 509 database which maps user-names to authorized serial numbers, and permits only queries with valid authentication parameters.
  • Proxy server 205 also efficiently examines and potentially alters every URL found in content returned from internal web servers 609 so that each URL hosted with the Intranet 508 appears relative to proxy server 205 when viewed on wireless device 201. When content returned from Intranet 508 (from the wireless device) contains URLs, link rewriter 604 only rewrites links that target the Intranet 508. Links that reside on Internet 507 will be routed by router 606 to Internet 507. Router 606 is responsible for recognizing links that reside on Intranet 508 and routing them to link rewriter 604.
  • When Link rewriter 604 receives a web page from the Intranet 508, it examines links therein. When the rewriter 604 sees a link that targets the Intranet 508, it looks to keyword table 608 to match the path of the link's URL to the appropriate table URL to rewrite the link with. The rewritten link then includes a keyword that designates the application and the Intranet server that hosts the application. Keyword table 608 contains a database of appropriate keywords for the links (applications) that reside on Intranet 508. When prompted by link rewriter, the keyword table uses the URL in the link as an index and locates a corresponding keyword and rewrites the URL in the returned rewritten link. The rewritten link uses the keyword to point to the correct application and server on Intranet 508. This feature makes the link rewriting process seamless to the user of wireless device 201.
  • Server authentication adder 607 appends the original authentication parameters to each link in any returned content, causing an authenticated session state to persist between queries. Beneficially, server authentication adder 607 maintains an authenticated session without requiring any storage of session state in the application or in proxy server 205. The session state is stored in the queries between wireless device 201 and proxy server 205.
  • FIG. 7 is a flow diagram illustrating a process 700 of link rewriting and routing for links received from a wireless electronic device, e.g., a “query.” In FIG. 7, in the first step 701, the translator server receives a query from wireless device 201. The query (containing a link), is translated from wireless communications protocol (and encryption) to IP protocol (and encryption) in the second step 702. Once translated, the query is checked by the proxy server 205 using LDAP 509 to determine if the device 201 is a registered device and the supplied password is correct 703. If device 201 is not registered, a network connection will not be established. If the user is an authorized user, they will then have the option of registering the device using registration application 504. If the authentication parameters are authenticated, a network connection will be established and the proxy server 205 will examine the query to see if it contains a link having a recognized keyword 704. Keywords are used to determine if a link targets the Intranet or the Internet.
  • Proxy server 205 then completes the step 704 of checking if the query includes a link having a recognized keyword. Recognized keywords are stored in keyword look up table 608 that contains the appropriate keyword and the corresponding file path to the server on the Intranet. At step 705, if a link includes a recognized keyword, the query is routed to the Intranet 508 not the Internet 507. At step 706, if the query does not contain a recognized keyword, the query is routed to the Internet 507. At step 707, once a query containing a recognized keyword is routed to the Intranet 508, keyword look up table 608 obtains the corresponding file path of the URL to the recognized keyword in the keyword look up table 608. The link can now be rewritten with the corresponding top level pathway to the correct application and web server on the Intranet. At step 708, once the link has been rewritten, the query is routed to the appropriate Intranet web server 609 and application.
  • FIG. 8 represents a flow diagram of the link rewriting process 800 for rewriting specific links to specify the correct web server. The link rewriting process 800 begins when proxy server 205 receives a web page response from an application 801 of the Intranet and the web page is scanned for links 802. At step 803, the proxy server 205 decides whether the links point to a server on the Intranet 508 or on the Internet 507. If a link does not target on the Intranet 508, at step 804 and step 806, the link is not rewritten and is routed to the Internet. If the link contains a recognizable path to the Intranet 508 and the link resides on a server on the Intranet 508, at step 805, the proxy server 205 uses the keyword table to rewrite the link to specify a particular keyword corresponding to the correct application and server on the Intranet. Once the link has been rewritten, proxy server 205 adds the authentication parameters, originally attached to the initial query that generated the web page, to the link 806. The query is then routed to the translator server for wireless communication with the electronic device 807. In this configuration, the authentication parameters maintain the session between the wireless device and the Intranet. Beneficially, the authentication parameters are not stored on any particular network device and do not burden either the server or the wireless device with maintaining the session.
  • When the user of the wireless device clicks on a rewritten link containing a recognized keyword, the proxy server decides where to target the link (e.g., to the Intranet) by using the keyword look up table to find the pathway that corresponds to the recognizable keyword. With the corresponding pathway, the query is routed to the correct web server on the Intranet. Without a keyword, the query is forwarded over the Internet.
  • FIG. 9 represents a flowchart 900 of the process of registering a device with the LDAP database. When an authorized user desires to establish a network connection between the Intranet and a wireless device not registered as an authorized network device, they have the option to register the device with the LDAP database of the Intranet. At step 901, when a query from a wireless device is received at the translation server 404, it is translated from wireless communication protocol to IP 902. The query is then checked for authentication parameters before a network connection can be established 903. The authentication server looks to the LDAP server to see if the device is authorized 904. At step 908, if the serial number of the device and the password match the record in LDAP, the connection in established and the user will have access to the Intranet 508. If the device is not registered, authentication will fail and the device will not establish a network connection with the Intranet 508.
  • At any point, the user has the option to register the device if they are a registered user of the Intranet. A registration application can be used to register the device. The registration application transmits a query to the proxy server 205. The query contained the device serial number, a login name and a password. The authentication parameters are checked against network authentication table 511. At step 905, if the login name and password match the record in network authentication table 511, the serial number will be added in the network authentication tables and the device will now be a registered device. If the login name and password do not match the network authentication table record for the user, access will be denied and the device will not be registered as an authorized device 907.
  • FIG. 10 illustrates a keyword look up table 608 that is used to rewrite links that target web servers on an Intranet. As mentioned above, the link rewriting process begins when proxy server 205 receives a web page response from an application of the Intranet and the web page is scanned for links. The proxy server 205 determines whether the link targets a server on the Intranet 508 or on the Internet 507. If a link does not target an application on the Intranet 508, the link is not rewritten. If the link contains a recognizable path to the Intranet 508 from the keyword look up table and the link originated on a server on the Intranet 508, the proxy server 205 rewrites the link to specify a particular keyword (from the key word look up table) corresponding to the file path and replaces the path with the recognized keyword 805. The rewritten link is then returned to the wireless device. The keyword look up table contains keywords and corresponding pathways for all links and applications that reside on the Intranet web servers.
  • As such, keyword table 608 contains individual entries each having keywords and associated file paths, e.g., keyword 1001 is associated with filepath 1002, ect. For exemplary entries are shown in FIG. 10.
  • The preferred embodiment of the present invention, a proxy server system for providing portable wireless devices authenticated access to an Intranet, is thus described. While the present invention has been described in particular embodiments, it should be appreciated that the present invention should not be construed as limited by such embodiments, but rather construed according to the following claims.
  • The foregoing descriptions of specific embodiments of the present invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the Claims appended hereto and their equivalents.

Claims (20)

  1. 1. A server system comprising:
    a network translator for communicating with wireless electronic devices and translating between a wireless communication protocol and an IP communication protocol;
    an Intranet comprising a plurality of Intranet servers, each Intranet server comprising applications;
    a proxy server coupled to said network translator and said Intranet and for routing queries received from said wireless electronic devices to an appropriate server destination and also for routing responses to said wireless electronic devices, said proxy server comprising:
    a link rewriter service for examining web pages generated by applications of said Intranet to identify links that point to any application that is resident in said Intranet, said link rewriter service also for translating each identified link to include a keyword that designates both the targeted application and its Intranet server; and
    a router service for examining queries sent from said wireless electronic devices and for routing queries with recognized keywords to said Intranet and for routing others to the Internet.
  2. 2. A server system as described in claim 1 wherein said proxy server also comprises an authentication adder service for adding authentication parameters to said links that target any application that is resident in said Intranet.
  3. 3. A server system as described in claim 1 further comprising a keyword database in which each recognized keyword has an associated URL that specifies an Intranet server and an application within said Intranet server.
  4. 4. A server system as described in claim 1 wherein said proxy server is also coupled to the Internet.
  5. 5. A server system as described in claim 2 wherein said authentication parameters include a user name and a device serial number.
  6. 6. A server system as described in claim 1 wherein said network translator translates between wireless protocol and said IP protocol.
  7. 7. A server system as described in claim 1 wherein said proxy server also comprises an authentication user service for confirming received queries as being associated with an valid user based on a database of valid user information.
  8. 8. A server system comprising:
    a translator means for communicating with wireless electronic devices and translating between a wireless communication protocol and an IP communication protocol;
    a routing means for examining queries sent from said wireless electronic devices and for routing queries with recognized keywords to said Intranet and for routing others to the Internet;
    an Intranet comprising a plurality of Intranet servers, each Intranet server comprising applications;
    a proxy server coupled to said translator means, said routing means, and said Intranet, said proxy server including:
    link rewriting means for examining web pages generated by
    applications of said Intranet to identify links that point to any application that is resident in said Intranet, said link rewriting means also for translating each identified link to include a keyword that designates both the targeted application and its Intranet server.
  9. 9. A server system as described in claim 8 wherein said proxy server also comprises an authentication adder means for adding authentication parameters to said links that target any application that is resident in said Intranet.
  10. 10. A server system as described in claim 8 further comprising a keyword database in which each recognized keyword has an associated file path that specifies an Intranet server and an application within said Intranet server.
  11. 11. A server system as described in claim 8 wherein said proxy server is also coupled to the Internet.
  12. 12. A server system as described in claim 9 wherein said authentication parameters include a user name and a device identifying number.
  13. 13. A server system as described in claim 8 wherein said translator means translates between ECC wireless protocol and said IP protocol.
  14. 14. A server system as described in claim 8 wherein said proxy server also comprises an authentication user means for confirming received queries as being associated with an valid user based on a database of valid user information.
  15. 15. In a server system, a method of communicating with wireless electronic devices comprising the steps of:
    a) receiving a web page representing a response to a query sent by a wireless electronic device, said web page generated by an application residing in an Intranet that comprises a plurality of Intranet servers, each having applications;
    b) identifying links within said web page that point to any application of said Intranet;
    c) for links identified in step b), rewriting each identified link to include a keyword that designates both the targeted application and its Intranet server;
    d) routing rewritten links to an appropriate wireless electronic device; and
    e) for queries received by said server system and sent by said wireless electronic devices, routing those queries having a recognized keyword to said Intranet and otherwise routing received queries to the Internet.
  16. 16. A method as described in claim 15 wherein said step c) further comprises the step of adding authentication parameters to links generated from said applications of said Intranet server.
  17. 17. A method as described in claim 16 wherein said authentication parameters include a user name and a device serial number.
  18. 18. A method as described in claim 16 further comprising a keyword database in which each recognized keyword has an associated URL that specifies an Intranet server and an application within said Intranet server.
  19. 19. A method as described in claim 18 wherein said step e) further comprises the steps of:
    analyzing said queries for keywords that match a keyword database;
    replacing recognized keywords with the corresponding file pathways from said keyword database; and
    routing said links to appropriate applications of said Intranet as indicated by said file pathways.
  20. 20. A method as described in claim 15 further comprising the step of performing a protocol translation on received queries between an ECC wireless protocol and said IP protocol.
US11702896 2001-07-27 2007-02-05 Secure authentication proxy architecture for a web-based wireless intranet application Abandoned US20070282909A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US09917391 US6732105B1 (en) 2001-07-27 2001-07-27 Secure authentication proxy architecture for a web-based wireless intranet application
US10703006 US7184999B1 (en) 2001-07-27 2003-11-05 Secure authentication proxy architecture for a web-based wireless Intranet application
US11702896 US20070282909A1 (en) 2001-07-27 2007-02-05 Secure authentication proxy architecture for a web-based wireless intranet application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11702896 US20070282909A1 (en) 2001-07-27 2007-02-05 Secure authentication proxy architecture for a web-based wireless intranet application

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10703006 Continuation US7184999B1 (en) 2001-07-27 2003-11-05 Secure authentication proxy architecture for a web-based wireless Intranet application

Publications (1)

Publication Number Publication Date
US20070282909A1 true true US20070282909A1 (en) 2007-12-06

Family

ID=32177060

Family Applications (3)

Application Number Title Priority Date Filing Date
US09917391 Active 2022-05-07 US6732105B1 (en) 2001-07-27 2001-07-27 Secure authentication proxy architecture for a web-based wireless intranet application
US10703006 Active 2022-11-13 US7184999B1 (en) 2001-07-27 2003-11-05 Secure authentication proxy architecture for a web-based wireless Intranet application
US11702896 Abandoned US20070282909A1 (en) 2001-07-27 2007-02-05 Secure authentication proxy architecture for a web-based wireless intranet application

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US09917391 Active 2022-05-07 US6732105B1 (en) 2001-07-27 2001-07-27 Secure authentication proxy architecture for a web-based wireless intranet application
US10703006 Active 2022-11-13 US7184999B1 (en) 2001-07-27 2003-11-05 Secure authentication proxy architecture for a web-based wireless Intranet application

Country Status (1)

Country Link
US (3) US6732105B1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070004453A1 (en) * 2002-01-10 2007-01-04 Berkana Wireless Inc. Configurable wireless interface
US20110276555A1 (en) * 2002-09-23 2011-11-10 Alex Fiero Broadcast Network Platform System
WO2013147378A1 (en) * 2012-03-30 2013-10-03 Focusone Inc. Device for connecting to intranet, and apparatus and method for controlling connection of the device to intranet
US9544287B1 (en) * 2014-09-18 2017-01-10 Symantec Corporation Systems and methods for performing authentication at a network device

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002215582A (en) * 2000-12-28 2002-08-02 Morgan Stanley Dean Witter Japan Ltd Method and device for authentication
US6732105B1 (en) * 2001-07-27 2004-05-04 Palmone, Inc. Secure authentication proxy architecture for a web-based wireless intranet application
US7243163B1 (en) 2001-08-07 2007-07-10 Good Technology, Inc. System and method for full wireless synchronization of a data processing apparatus with a messaging system
US7962622B2 (en) * 2001-08-07 2011-06-14 Motorola Mobility, Inc. System and method for providing provisioning and upgrade services for a wireless device
US7802108B1 (en) 2002-07-18 2010-09-21 Nvidia Corporation Secure storage of program code for an embedded system
US7644279B2 (en) * 2001-12-05 2010-01-05 Nvidia Corporation Consumer product distribution in the embedded system market
GB2386522B (en) * 2002-03-14 2005-04-27 Livedevices Ltd Improvements relating to secure internet communication with small embedded devices
US7624437B1 (en) * 2002-04-02 2009-11-24 Cisco Technology, Inc. Methods and apparatus for user authentication and interactive unit authentication
US20040044913A1 (en) * 2002-08-29 2004-03-04 Wu Kuang Ming Method for coordinating built-in bluetooth modules
US7669229B2 (en) * 2002-11-13 2010-02-23 Intel Corporation Network protecting authentication proxy
US7167905B2 (en) * 2003-01-31 2007-01-23 Sierra Wireless, Inc. Token-based Web browsing with visual feedback of disclosure
US20050138004A1 (en) * 2003-12-17 2005-06-23 Microsoft Corporation Link modification system and method
US7904065B2 (en) 2004-06-21 2011-03-08 Varia Holdings Llc Serving data/applications from a wireless mobile phone
US7840707B2 (en) * 2004-08-18 2010-11-23 International Business Machines Corporation Reverse proxy portlet with rule-based, instance level configuration
US7698734B2 (en) * 2004-08-23 2010-04-13 International Business Machines Corporation Single sign-on (SSO) for non-SSO-compliant applications
US7873911B2 (en) * 2004-08-31 2011-01-18 Gopalakrishnan Kumar C Methods for providing information services related to visual imagery
EP1810182A4 (en) * 2004-08-31 2010-07-07 Kumar Gopalakrishnan Method and system for providing information services relevant to visual imagery
US20060230073A1 (en) * 2004-08-31 2006-10-12 Gopalakrishnan Kumar C Information Services for Real World Augmentation
US8370323B2 (en) 2004-08-31 2013-02-05 Intel Corporation Providing information services related to multimodal inputs
US20070005490A1 (en) * 2004-08-31 2007-01-04 Gopalakrishnan Kumar C Methods and System for Distributed E-commerce
US7577132B2 (en) * 2004-10-28 2009-08-18 Microsoft Corporation User interface for securing lightweight directory access protocol traffic
US20060092948A1 (en) * 2004-10-28 2006-05-04 Microsoft Corporation Securing lightweight directory access protocol traffic
US20060155822A1 (en) * 2005-01-11 2006-07-13 Industrial Technology Research Institute System and method for wireless access to an application server
US7467189B2 (en) * 2005-01-21 2008-12-16 Microsoft Corporation Resource identifier zone translation
US20060253304A1 (en) * 2005-05-09 2006-11-09 David Patricia H Providing an independent practitioner medical opinion via a network
US7769742B1 (en) * 2005-05-31 2010-08-03 Google Inc. Web crawler scheduler that utilizes sitemaps from websites
US7801881B1 (en) 2005-05-31 2010-09-21 Google Inc. Sitemap generating client for web crawler
US20070027841A1 (en) * 2005-07-26 2007-02-01 Williams Michael G Messaging middleware dynamic, continuous search and response agent system
US20080261562A1 (en) * 2005-10-28 2008-10-23 Ivas Korea Corp System and Method for Providing Bidirectional Message Communication Services with Portable Terminals
FR2898238B1 (en) * 2006-03-02 2008-06-06 Customer Product Relationship Method of transaction between two servers with a prior step of validation using two mobile phones.
US8920343B2 (en) 2006-03-23 2014-12-30 Michael Edward Sabatino Apparatus for acquiring and processing of physiological auditory signals
EP1850254B1 (en) * 2006-04-28 2008-12-31 InterComponentWare AG Method for assigning measuring devices to personal databases
US7930400B1 (en) * 2006-08-04 2011-04-19 Google Inc. System and method for managing multiple domain names for a website in a website indexing system
US8533226B1 (en) 2006-08-04 2013-09-10 Google Inc. System and method for verifying and revoking ownership rights with respect to a website in a website indexing system
US7599920B1 (en) 2006-10-12 2009-10-06 Google Inc. System and method for enabling website owners to manage crawl rate in a website indexing system
US8205790B2 (en) * 2007-03-16 2012-06-26 Bank Of America Corporation System and methods for customer-managed device-based authentication
US9462060B2 (en) * 2007-04-23 2016-10-04 Alcatel Lucent System and method for sending notification message to a mobile station using session initiation protocol (SIP)
US20080268815A1 (en) * 2007-04-26 2008-10-30 Palm, Inc. Authentication Process for Access to Secure Networks or Services
US9218469B2 (en) * 2008-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp System and method for installing authentication credentials on a network device
EP2415226A1 (en) * 2009-03-31 2012-02-08 Nokia Siemens Networks OY Mechanism for authentication and authorization for network and service access
US9276901B2 (en) * 2010-05-21 2016-03-01 Brian Heder Method, system, and apparatus for transitioning from IPv4 to IPv6
WO2013085884A1 (en) * 2011-12-07 2013-06-13 Siemens Healthcare Diagnostics Inc. Web-based data and instrument management solution
US8949954B2 (en) * 2011-12-08 2015-02-03 Uniloc Luxembourg, S.A. Customer notification program alerting customer-specified network address of unauthorized access attempts to customer account
US9917820B1 (en) * 2015-06-29 2018-03-13 EMC IP Holding Company LLC Secure information sharing

Citations (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061448A (en) * 1997-04-01 2000-05-09 Tumbleweed Communications Corp. Method and system for dynamic server document encryption
US20010009025A1 (en) * 2000-01-18 2001-07-19 Ahonen Pasi Matti Kalevi Virtual private networks
US20010037254A1 (en) * 2000-03-09 2001-11-01 Adi Glikman System and method for assisting a customer in purchasing a commodity using a mobile device
US6324564B1 (en) * 1998-06-02 2001-11-27 Nettech Systems, Inc. Optimized wireless communication system
US6397259B1 (en) * 1998-05-29 2002-05-28 Palm, Inc. Method, system and apparatus for packet minimized communications
US20020138635A1 (en) * 2001-03-26 2002-09-26 Nec Usa, Inc. Multi-ISP controlled access to IP networks, based on third-party operated untrusted access stations
US20020199015A1 (en) * 2001-05-30 2002-12-26 Mitsubishi Materials Corporation Communications system managing server, routing server, mobile unit managing server, and area managing server
US20030050041A1 (en) * 2001-09-07 2003-03-13 Robert Wu Network system for providing prepaid wireless remote access service
US20030099213A1 (en) * 2001-11-29 2003-05-29 Gui-Jung Lee Wireless radio data protective device for private/public network wireless packet data services and authentication method according to internet connection request of mobile terminals receiving the services
US20030194090A1 (en) * 2002-04-12 2003-10-16 Hirohide Tachikawa Access point for authenticating apparatus, communicating apparatus subjected to authentication of access point, and system having them
US20030200455A1 (en) * 2002-04-18 2003-10-23 Chi-Kai Wu Method applicable to wireless lan for security control and attack detection
US20040030895A1 (en) * 2002-08-09 2004-02-12 Canon Kabushiki Kaisha Network configuration method and communication system and apparatus
US6715131B2 (en) * 1997-12-09 2004-03-30 Openwave Systems Inc. Method and system for providing resource access in a mobile environment
US20040066769A1 (en) * 2002-10-08 2004-04-08 Kalle Ahmavaara Method and system for establishing a connection via an access network
US6725056B1 (en) * 2000-02-09 2004-04-20 Samsung Electronics Co., Ltd. System and method for secure over-the-air provisioning of a mobile station from a provisioning server via a traffic channel
US6725050B1 (en) * 2000-05-25 2004-04-20 Sprint Communications Company L.P. Wireless communication system for an enterprise
US6732105B1 (en) * 2001-07-27 2004-05-04 Palmone, Inc. Secure authentication proxy architecture for a web-based wireless intranet application
US6766160B1 (en) * 2000-04-11 2004-07-20 Nokia Corporation Apparatus, and associated method, for facilitating authentication of communication stations in a mobile communication system
US20040152446A1 (en) * 2001-05-24 2004-08-05 Saunders Martyn Dv Method for providing network access to a mobile terminal and corresponding network
US20040158716A1 (en) * 2001-02-08 2004-08-12 Esa Turtiainen Authentication and authorisation based secure ip connections for terminals
US20040165546A1 (en) * 2003-01-13 2004-08-26 Roskind James A. Time based wireless access provisioning
US20040192309A1 (en) * 2002-04-11 2004-09-30 Docomo Communications Laboratories Usa, Inc. Method and associated apparatus for pre-authentication, preestablished virtual private network in heterogeneous access networks
US20040196806A1 (en) * 2002-05-30 2004-10-07 Siegried Loeffler Method and device for access control to a wireless local access network
US20040230536A1 (en) * 2000-03-01 2004-11-18 Passgate Corporation Method, system and computer readable medium for web site account and e-commerce management from a central location
US20050060434A1 (en) * 2003-09-12 2005-03-17 Lookman Fazal Detection of hidden wireless routers
US6898628B2 (en) * 2001-03-22 2005-05-24 International Business Machines Corporation System and method for providing positional authentication for client-server systems
US20050159151A1 (en) * 2002-02-28 2005-07-21 Manfred Eckelt Communication system for passengers in transport
US6941307B2 (en) * 2001-01-24 2005-09-06 Telefonaktiebolaget Lm Ericsson (Publ) Arrangement and a method relating to session management in a portal structure
US20050210288A1 (en) * 2004-03-22 2005-09-22 Grosse Eric H Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services
US20060010484A1 (en) * 2004-06-15 2006-01-12 Nec Corporation Network connection system, network connection method, and switch used therefor
US20060059265A1 (en) * 2002-08-27 2006-03-16 Seppo Keronen Terminal connectivity system
US7016334B2 (en) * 2001-08-17 2006-03-21 Ixi Mobile ( Israel) Ltd. Device, system, method and computer readable medium for fast recovery of IP address change
US20060068756A1 (en) * 2002-12-18 2006-03-30 Stefan Aberg Mobile user authentication in connection with access to mobile services
US20060088020A1 (en) * 2004-10-26 2006-04-27 Alcatel Restricted WLAN profile for unknown wireless terminal
US20060155822A1 (en) * 2005-01-11 2006-07-13 Industrial Technology Research Institute System and method for wireless access to an application server
US20060176852A1 (en) * 2005-02-04 2006-08-10 Industrial Technology Research Institute System and method for connection handover in a virtual private network
US7110745B1 (en) * 2001-12-28 2006-09-19 Bellsouth Intellectual Property Corporation Mobile gateway interface
US7152160B2 (en) * 2000-06-29 2006-12-19 Alice Systems Ab Method and arrangement to secure access to a communications network
US20070025302A1 (en) * 2003-04-15 2007-02-01 Junbiao Zhang Techniques for offering seamless accesses in enterprise hot spots for both guest users and local users
US7174564B1 (en) * 1999-09-03 2007-02-06 Intel Corporation Secure wireless local area network
US7188179B1 (en) * 2000-12-22 2007-03-06 Cingular Wireless Ii, Llc System and method for providing service provider choice over a high-speed data connection
US7216231B2 (en) * 2001-02-16 2007-05-08 Telefonaktiebolaget L M Ericsson (Publ) Method and system for establishing a wireless communication link
US20070150732A1 (en) * 2005-12-28 2007-06-28 Fujitsu Limited Wireless network control device and wireless network control system
US20080222412A1 (en) * 2007-03-08 2008-09-11 Kinghood Technology Co., Ltd. Network data security system and protecting method thereof
US7441043B1 (en) * 2002-12-31 2008-10-21 At&T Corp. System and method to support networking functions for mobile hosts that access multiple networks

Patent Citations (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061448A (en) * 1997-04-01 2000-05-09 Tumbleweed Communications Corp. Method and system for dynamic server document encryption
US6715131B2 (en) * 1997-12-09 2004-03-30 Openwave Systems Inc. Method and system for providing resource access in a mobile environment
US6397259B1 (en) * 1998-05-29 2002-05-28 Palm, Inc. Method, system and apparatus for packet minimized communications
US6324564B1 (en) * 1998-06-02 2001-11-27 Nettech Systems, Inc. Optimized wireless communication system
US7174564B1 (en) * 1999-09-03 2007-02-06 Intel Corporation Secure wireless local area network
US6976177B2 (en) * 2000-01-18 2005-12-13 Telefonaktiebolaget Lm Ericsson (Publ) Virtual private networks
US20010009025A1 (en) * 2000-01-18 2001-07-19 Ahonen Pasi Matti Kalevi Virtual private networks
US6725056B1 (en) * 2000-02-09 2004-04-20 Samsung Electronics Co., Ltd. System and method for secure over-the-air provisioning of a mobile station from a provisioning server via a traffic channel
US20040230536A1 (en) * 2000-03-01 2004-11-18 Passgate Corporation Method, system and computer readable medium for web site account and e-commerce management from a central location
US20010037254A1 (en) * 2000-03-09 2001-11-01 Adi Glikman System and method for assisting a customer in purchasing a commodity using a mobile device
US6766160B1 (en) * 2000-04-11 2004-07-20 Nokia Corporation Apparatus, and associated method, for facilitating authentication of communication stations in a mobile communication system
US7123915B1 (en) * 2000-05-25 2006-10-17 Sprint Communications Company L.P. Wireless communication system for an enterprise
US6725050B1 (en) * 2000-05-25 2004-04-20 Sprint Communications Company L.P. Wireless communication system for an enterprise
US7152160B2 (en) * 2000-06-29 2006-12-19 Alice Systems Ab Method and arrangement to secure access to a communications network
US7188179B1 (en) * 2000-12-22 2007-03-06 Cingular Wireless Ii, Llc System and method for providing service provider choice over a high-speed data connection
US6941307B2 (en) * 2001-01-24 2005-09-06 Telefonaktiebolaget Lm Ericsson (Publ) Arrangement and a method relating to session management in a portal structure
US20040158716A1 (en) * 2001-02-08 2004-08-12 Esa Turtiainen Authentication and authorisation based secure ip connections for terminals
US7216231B2 (en) * 2001-02-16 2007-05-08 Telefonaktiebolaget L M Ericsson (Publ) Method and system for establishing a wireless communication link
US6898628B2 (en) * 2001-03-22 2005-05-24 International Business Machines Corporation System and method for providing positional authentication for client-server systems
US20020138635A1 (en) * 2001-03-26 2002-09-26 Nec Usa, Inc. Multi-ISP controlled access to IP networks, based on third-party operated untrusted access stations
US20040152446A1 (en) * 2001-05-24 2004-08-05 Saunders Martyn Dv Method for providing network access to a mobile terminal and corresponding network
US20020199015A1 (en) * 2001-05-30 2002-12-26 Mitsubishi Materials Corporation Communications system managing server, routing server, mobile unit managing server, and area managing server
US7184999B1 (en) * 2001-07-27 2007-02-27 Palm, Inc. Secure authentication proxy architecture for a web-based wireless Intranet application
US6732105B1 (en) * 2001-07-27 2004-05-04 Palmone, Inc. Secure authentication proxy architecture for a web-based wireless intranet application
US7016334B2 (en) * 2001-08-17 2006-03-21 Ixi Mobile ( Israel) Ltd. Device, system, method and computer readable medium for fast recovery of IP address change
US20030050041A1 (en) * 2001-09-07 2003-03-13 Robert Wu Network system for providing prepaid wireless remote access service
US20030099213A1 (en) * 2001-11-29 2003-05-29 Gui-Jung Lee Wireless radio data protective device for private/public network wireless packet data services and authentication method according to internet connection request of mobile terminals receiving the services
US20070015491A1 (en) * 2001-12-28 2007-01-18 Smith Steven G Mobile gateway interface
US7110745B1 (en) * 2001-12-28 2006-09-19 Bellsouth Intellectual Property Corporation Mobile gateway interface
US20050159151A1 (en) * 2002-02-28 2005-07-21 Manfred Eckelt Communication system for passengers in transport
US20040192309A1 (en) * 2002-04-11 2004-09-30 Docomo Communications Laboratories Usa, Inc. Method and associated apparatus for pre-authentication, preestablished virtual private network in heterogeneous access networks
US7072657B2 (en) * 2002-04-11 2006-07-04 Ntt Docomo, Inc. Method and associated apparatus for pre-authentication, preestablished virtual private network in heterogeneous access networks
US20030194090A1 (en) * 2002-04-12 2003-10-16 Hirohide Tachikawa Access point for authenticating apparatus, communicating apparatus subjected to authentication of access point, and system having them
US20030200455A1 (en) * 2002-04-18 2003-10-23 Chi-Kai Wu Method applicable to wireless lan for security control and attack detection
US7376098B2 (en) * 2002-05-30 2008-05-20 Alcatel Method and device for access control to a wireless local access network
US20040196806A1 (en) * 2002-05-30 2004-10-07 Siegried Loeffler Method and device for access control to a wireless local access network
US20040030895A1 (en) * 2002-08-09 2004-02-12 Canon Kabushiki Kaisha Network configuration method and communication system and apparatus
US7418591B2 (en) * 2002-08-09 2008-08-26 Canon Kabushiki Kaisha Network configuration method and communication system and apparatus
US20060059265A1 (en) * 2002-08-27 2006-03-16 Seppo Keronen Terminal connectivity system
US20040066769A1 (en) * 2002-10-08 2004-04-08 Kalle Ahmavaara Method and system for establishing a connection via an access network
US20060068756A1 (en) * 2002-12-18 2006-03-30 Stefan Aberg Mobile user authentication in connection with access to mobile services
US20090022152A1 (en) * 2002-12-31 2009-01-22 Paul Shala Henry System and method to support networking functions for mobile hosts that access multiple networks
US7441043B1 (en) * 2002-12-31 2008-10-21 At&T Corp. System and method to support networking functions for mobile hosts that access multiple networks
US20070135060A1 (en) * 2003-01-13 2007-06-14 Roskind James A Time based wireless access provisioning
US20050043021A1 (en) * 2003-01-13 2005-02-24 Roskind James A. Time based wireless access provisioning
US6891807B2 (en) * 2003-01-13 2005-05-10 America Online, Incorporated Time based wireless access provisioning
US7177285B2 (en) * 2003-01-13 2007-02-13 America Online, Incorporated Time based wireless access provisioning
US7463596B2 (en) * 2003-01-13 2008-12-09 Aol Llc Time based wireless access provisioning
US20040165546A1 (en) * 2003-01-13 2004-08-26 Roskind James A. Time based wireless access provisioning
US20070025302A1 (en) * 2003-04-15 2007-02-01 Junbiao Zhang Techniques for offering seamless accesses in enterprise hot spots for both guest users and local users
US20050060434A1 (en) * 2003-09-12 2005-03-17 Lookman Fazal Detection of hidden wireless routers
US20050210288A1 (en) * 2004-03-22 2005-09-22 Grosse Eric H Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services
US20060010484A1 (en) * 2004-06-15 2006-01-12 Nec Corporation Network connection system, network connection method, and switch used therefor
US20060088020A1 (en) * 2004-10-26 2006-04-27 Alcatel Restricted WLAN profile for unknown wireless terminal
US20060155822A1 (en) * 2005-01-11 2006-07-13 Industrial Technology Research Institute System and method for wireless access to an application server
US20060176852A1 (en) * 2005-02-04 2006-08-10 Industrial Technology Research Institute System and method for connection handover in a virtual private network
US20070150732A1 (en) * 2005-12-28 2007-06-28 Fujitsu Limited Wireless network control device and wireless network control system
US20080222412A1 (en) * 2007-03-08 2008-09-11 Kinghood Technology Co., Ltd. Network data security system and protecting method thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070004453A1 (en) * 2002-01-10 2007-01-04 Berkana Wireless Inc. Configurable wireless interface
US20110276555A1 (en) * 2002-09-23 2011-11-10 Alex Fiero Broadcast Network Platform System
US8626752B2 (en) * 2002-09-23 2014-01-07 Peach Wiz, Inc. Broadcast network platform system
WO2013147378A1 (en) * 2012-03-30 2013-10-03 Focusone Inc. Device for connecting to intranet, and apparatus and method for controlling connection of the device to intranet
US9544287B1 (en) * 2014-09-18 2017-01-10 Symantec Corporation Systems and methods for performing authentication at a network device

Also Published As

Publication number Publication date Type
US6732105B1 (en) 2004-05-04 grant
US7184999B1 (en) 2007-02-27 grant

Similar Documents

Publication Publication Date Title
Groß Security analysis of the SAML single sign-on browser/artifact profile
Oppliger Security technologies for the world wide web
US7793342B1 (en) Single sign-on with basic authentication for a transparent proxy
US6438600B1 (en) Securely sharing log-in credentials among trusted browser-based applications
US6006258A (en) Source address directed message delivery
US6823454B1 (en) Using device certificates to authenticate servers before automatic address assignment
US6311269B2 (en) Trusted services broker for web page fine-grained security labeling
US6385730B2 (en) System and method for restricting unauthorized access to a database
US5805803A (en) Secure web tunnel
US6105027A (en) Techniques for eliminating redundant access checking by access filters
US6510464B1 (en) Secure gateway having routing feature
US6807181B1 (en) Context based control data
US6823452B1 (en) Providing end-to-end user authentication for host access using digital certificates
US7412720B1 (en) Delegated authentication using a generic application-layer network protocol
US6826690B1 (en) Using device certificates for automated authentication of communicating devices
US8117344B2 (en) Global server for authenticating access to remote services
US6366950B1 (en) System and method for verifying users' identity in a network using e-mail communication
US6880079B2 (en) Methods and systems for secure transmission of information using a mobile device
US6993582B2 (en) Mixed enclave operation in a computer network
US6032260A (en) Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same
US7016964B1 (en) Selectively passing network addresses through a server
US7287271B1 (en) System and method for enabling secure access to services in a computer network
US6718388B1 (en) Secured session sequencing proxy system and method therefor
US6934848B1 (en) Technique for handling subsequent user identification and password requests within a certificate-based host session
US6839761B2 (en) Methods and systems for authentication through multiple proxy servers that require different authentication data

Legal Events

Date Code Title Description
AS Assignment

Owner name: PALM, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WATSON, DAVID M., JR.;STANTZ, MARK;REEL/FRAME:019328/0812;SIGNING DATES FROM 20010718 TO 20010721

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:PALM, INC.;REEL/FRAME:020341/0285

Effective date: 20071219

Owner name: JPMORGAN CHASE BANK, N.A.,NEW YORK

Free format text: SECURITY AGREEMENT;ASSIGNOR:PALM, INC.;REEL/FRAME:020341/0285

Effective date: 20071219

AS Assignment

Owner name: PALM, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:024630/0474

Effective date: 20100701