As the industry increases the use of mobile devices, there is a problem when users work in a mixed environment of desktop machines and mobile devices. There are times that a user is working on his/her desktop machine and needs to continue a browser session on his/her mobile device. The information on the desktop is many times in the form of protected Hypertext Markup Language (HTML) page/document that is being viewed by the desktop browser. The page/document may be secured and protected by an authentication mechanism that was earlier achieved by the user, such as a name and password pair, Kerberos, or Windows® NT Local Area Network (LAN) Manager (NTLM). This means that simply copying the Uniform Resource Locator (URL) link for the document onto another device will not give the user access on that mobile device. In addition, under current approaches in the industry there is no mechanism to transfer (or migrate) the security and Access Control List (ACL) rights associated with the page/document securely and in a trusted manner to a mobile device.
Moreover, session transfer should be done transparently, so that it does not require the user to re-authenticate on the mobile device, which would be perceived as a huge hassle to the user. Both the location of the document and the rights to the document need to be transferred (or accessible) to the mobile device. In addition, there are times when authenticated users entire sessions may need to be transferred from their desktops to their mobile devices. In solving this problem, it is noted that any substantial changes to existing/legacy web services and/or mobile devices are likely not feasible and will likely prevent any significant adoption of device independent session migration techniques. In addition, security is of substantial import, such that unauthorized viewing or modifications to transferred sessions are eliminated. It is also critical that the session migration rights be controlled.
In summary, any technique addressing the portability and migration of a secure session needs to be able to transfer a complete authenticated session with access rights to mobile device in an optimal manner that is as transparent and seamless to the users but also in a manner that is secure and trusted.