| US 7,478,434 B1 | ||
| Authentication and authorization protocol for secure web-based access to a protected resource | ||
| Heather Maria Hinton, Austin, Tex. (US); and Mark Vandenwauver, Austin, Tex. (US) | ||
| Assigned to International Business Machines Corporation, Armonk, N.Y. (US) | ||
| Filed on May 31, 2000, as Appl. No. 9/583,406. | ||
| Int. Cl. G06F 17/30 (2006.01) | ||
| U.S. Cl. 726—27 [726/28; 726/29; 726/30] | 35 Claims |
| 1. A method for determining whether to allow access to a protected resource from a server, comprising the steps of:
at a client, responsive to a request to retrieve the protected resource, generating a one-time only use piece of data which
can be used to authenticate that the request is bound to a given identity contained in a cookie previously set by an authentication
server;
forwarding the piece of data to the server in the request;
at the server, determining whether the piece of data is valid; and
if the piece of data is valid, executing an access control decision to determine whether to invoke the request.
|