Method of identifying participants in secure web sessions
First Claim
1. A method of identifying a user participating in a network communication session comprising the steps of:
- creating a master database having a first table with a first plurality of cells for a set of binary keys, a second plurality of cells for a plurality of key pointers, and third plurality of cells for markers identifying an instance of an application;
creating a second table in the master database with a first plurality of cells for information related to eligible users and a second plurality of cells for user-associated tokens;
creating an application to be accessed by eligible users over a communications network;
associating the master database with the application to be accessed by the eligible users identified in a second table of the master database;
generating a plurality of binary key pointers and a plurality of binary keys of a predetermined length and associating each binary pointer with a unique one of the binary keys;
associating the key pointers with a first instance of the application;
entering information relating to the eligible users for the first instance into the first plurality of cells in the second table;
generating a plurality of tokens;
associating each eligible user with a unique one of the tokens from the plurality of tokens by placing the associated token in a position in the second plurality of cells in the second table corresponding to the eligible user in the first plurality of cells in the second table;
encrypting each user-associated token with a randomly selected one of the plurality of binary keys;
prepending each encrypted token with the key pointer associated with the binary key used to encrypt the token;
providing the combined key pointer and encrypted token to the associated eligible user;
receiving the combined key pointer and encrypted token returned by a user through the communications network;
finding the key pointer in the second plurality of cells of the first table;
retrieving the corresponding binary key from the first plurality of cells in the first table if the key pointer is found in the second plurality of cells of the first table and the key pointer received is not marked as disabled;
decrypting the encrypted token sent by the user using the retrieved binary key from the first plurality of cells of the first table if the binary key is found in the first plurality of cells in the first table and the binary key is not marked as disabled;
retrieving the corresponding information relating to the eligible user from the first plurality of cells in the second table if the token is found in the second plurality of cells of the second table and the token is not marked as disabled; and
using this information to give the eligible user access to the corresponding instance of the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and computer product are disclosed that permit the creation of secure invitations containing no sensitive information. The invitations contain encrypted tokens that are received by authorized invitees, thereby providing secure access to a communications session that may involve the exchange of sensitive information. Invitations contain only pointers to information about invitees and the communications session, so that all sensitive information may be retained in a master database on the host server rather than being communicated to the invitee in the invitation. Secure communication sessions may thus be conducted by sending invitations with encrypted tokens to eligible participants without the risk of the information in the tokens being decrypted and used by unauthorized parties to gain access to the secure session, because the tokens contain no information about the invitee or the session.
-
Citations
23 Claims
-
1. A method of identifying a user participating in a network communication session comprising the steps of:
-
creating a master database having a first table with a first plurality of cells for a set of binary keys, a second plurality of cells for a plurality of key pointers, and third plurality of cells for markers identifying an instance of an application;
creating a second table in the master database with a first plurality of cells for information related to eligible users and a second plurality of cells for user-associated tokens;
creating an application to be accessed by eligible users over a communications network;
associating the master database with the application to be accessed by the eligible users identified in a second table of the master database;
generating a plurality of binary key pointers and a plurality of binary keys of a predetermined length and associating each binary pointer with a unique one of the binary keys;
associating the key pointers with a first instance of the application;
entering information relating to the eligible users for the first instance into the first plurality of cells in the second table;
generating a plurality of tokens;
associating each eligible user with a unique one of the tokens from the plurality of tokens by placing the associated token in a position in the second plurality of cells in the second table corresponding to the eligible user in the first plurality of cells in the second table;
encrypting each user-associated token with a randomly selected one of the plurality of binary keys;
prepending each encrypted token with the key pointer associated with the binary key used to encrypt the token;
providing the combined key pointer and encrypted token to the associated eligible user;
receiving the combined key pointer and encrypted token returned by a user through the communications network;
finding the key pointer in the second plurality of cells of the first table;
retrieving the corresponding binary key from the first plurality of cells in the first table if the key pointer is found in the second plurality of cells of the first table and the key pointer received is not marked as disabled;
decrypting the encrypted token sent by the user using the retrieved binary key from the first plurality of cells of the first table if the binary key is found in the first plurality of cells in the first table and the binary key is not marked as disabled;
retrieving the corresponding information relating to the eligible user from the first plurality of cells in the second table if the token is found in the second plurality of cells of the second table and the token is not marked as disabled; and
using this information to give the eligible user access to the corresponding instance of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of identifying a user participating in a network communication session comprising the steps of:
-
creating a master database having a first table with a first plurality of cells for a set of binary keys, a second plurality of cells for a plurality of key pointers, and third plurality of cells for markers identifying an instance of an application;
creating a second table in the master database with a first plurality of cells for information related to eligible users and a second plurality of cells for user-associated tokens;
creating an application to be accessed by eligible users over a communications network;
associating the master database with the application to be accessed by the eligible users identified in a second table of the master database;
generating a plurality of binary key pointers and a plurality of binary keys of a predetermined length and associating each binary pointer with a unique one of the binary keys;
associating the key pointers with a first instance of the application;
entering information relating to the eligible users for the first instance into the first plurality of cells in the second table;
generating a plurality of tokens;
associating each eligible user with a unique one of the tokens from the plurality of tokens by placing the associated token in a position in the second plurality of cells in the second table corresponding to the eligible user in the first plurality of cells in the second table;
encrypting each user-associated token with a randomly selected one of the plurality of binary keys; and
prepending each encrypted token with the key pointer associated with the binary key used to encrypt the token. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification