In many computer networks, client authentication is required for network security purposes. When a client attempts to access a server on a computer network, the server may require the client to be authenticated first before a connection for subsequent communication can be established. Client authentication may be implemented in various ways based on different protocols. The ability of a server to authenticate a client enables the server to effectively control and monitor the access and use of its resources by the client.
Under current network communication protocols, client authentication is typically enforced by the server that the client wants to access. If both authenticated and non-authenticated connections can be formed between the client and the server, the server will determine whether the connection should be authenticated or not. For example, the Hypertext Transfer Protocol (HTTP) has become the standard protocol for transferring HTML (hypertext markup language) data over the World-Wide Web (“WWW”) on the Internet and has been implemented in many other networks for other operations. The HTTP protocol allows a server to form both anonymous (i.e., non-authenticated) and authenticated connections with different clients. Nevertheless, only the HTTP server is given the ability to enforce the authentication. In other words, a client that wants to access the HTTP server is not allowed to decide whether the connection should be anonymous or authenticated.
There are, however, many situations in which it is desirable give the client the ability to decide to form an authenticated connection. For example, the HTTP protocol has been implemented in some computer systems for a client to communicate with a printing server for remote printing. For a printing operation, the client and the printing server pass printing data and instructions by exchanging HTTP requests and responses, with the printing data and instructions included in Internet Printing Protocol (“IPP”) packets contained in the HTTP requests and responses. The printer server by default forms anonymous connections with clients on the network to allow every client to use the printer. A system administrator, however, may want to form an authenticated connection with the printing server for performing operations that regular clients are not allowed to do, such as canceling queued print jobs or changing the configurations of the printing server. The existing HTTP implementations, however, do not allow the system administrator or any client to force the printing server to establish an authenticated connection.
This problem of the lack of a mechanism for a client to force the formation of an authenticated connection with a server is further complicated by the need for backward compatibility. An existing network system may have many servers and clients, and it is typically impractical to require all of the existing servers and clients to be updated together to implement any new feature. For instance, most clients and servers on the World-Wide Web (“WWW”) communicate with one another under the HTTP protocol. Any proposed protocol changes to enable a client to force a server to establish an authenticated HTTP connection would be unacceptable if the client and server implementing such changes can no longer communicate with existing servers and clients under the current HTTP protocol.