Systems, methods and computer program products for sharing state information between a stateless server and a stateful client

US 6,065,117 A
Filed: 07/16/1997
Issued: 05/16/2000
Est. Priority Date: 07/16/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing state information between a stateless server and a stateful client, said method comprising the steps of:

receiving a client request to perform a server action;

responsive to receiving the client request, performing the action and creating a token containing post-action state information;

encrypting the created token; and

sending the encrypted token and action output to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and computer program products for sharing state information between a stateless server and a stateful client are provided. A client request to perform an action on the server is accompanied by an encrypted token which contains state information. The server receiving the client request decrypts the token using a symmetric key generated from variable data. The server verifies that the received token is valid and uses the state information contained therein to perform the requested action. The server also provides clients with encrypted tokens using a symmetric key generated from variable data.

169 Citations

23 Claims

1. A method of providing state information between a stateless server and a stateful client, said method comprising the steps of:
- receiving a client request to perform a server action;
  
  responsive to receiving the client request, performing the action and creating a token containing post-action state information;
  
  encrypting the created token; and
  
  sending the encrypted token and action output to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, further comprising the steps of:
    - receiving from the client the encrypted token with a subsequent client request to perform a server action; and
      
      responsive to receiving the subsequent client request, decrypting the received encrypted token; and
      
      responsive to decrypting the received encrypted token, verifying that the received token is valid.
  - 3. A method according to claim 2, wherein the step of decrypting a received encrypted token comprises the steps of:
    - selecting a second value of the first variable seed;
      
      generating a second symmetric key using the selected seed second value; and
      
      decrypting the received encrypted token using the second symmetric key.
  - 4. A method according to claim 3, wherein the step of generating a second symmetric key comprises using the selected variable seed second value as input to a pseudorandom number generator used by a symmetric encryption routine to generate the second symmetric key.
  - 5. A method according to claim 1, wherein said step of encrypting the token comprises the steps of:
    - selecting a first value of a first variable seed;
      
      generating a first symmetric key using the selected seed first value; and
      
      encrypting the token using the first symmetric key.
  - 6. A method according to claim 5, wherein the step of generating a first symmetric key comprises using the selected variable seed first value as input to a pseudorandom number generator used by a symmetric encryption routine to generate the first symmetric key.
  - 7. A method according to claim 5, wherein the step of generating a first symmetric key comprises generating the selected variable seed first value from a plurality of variable inputs.

8. A method of providing state information between a stateless server and a stateful client, said method comprising the steps of:
- sending a client request to perform a server action; and
  
  receiving from the server an encrypted token.
- View Dependent Claims (9)
- - 9. A method according to claim 8, further comprising sending the encrypted token with a subsequent client request to perform a server action.

10. A method of providing state information between a stateless server and a stateful client, said method comprising the steps of:
- sending an encrypted token with a client request to perform a server action;
  
  receiving the encrypted token with the client request to perform a server action from the client;
  
  responsive to receiving the client request, decrypting the received encrypted token;
  
  responsive to decrypting the received encrypted authentication token, verifying that the received token is valid;
  
  responsive to verifying that the received token is valid, using state information contained therein to perform the requested action;
  
  responsive to performing the requested action, replacing previous state information with new state information in the token;
  
  encrypting the token; and
  
  sending encrypted token and action output to the client.
- View Dependent Claims (11, 12)
- - 11. A method according to claim 10, wherein the step of decrypting a received encrypted token comprises the steps of:
    - selecting a variable seed value;
      
      generating a symmetric key using the selected variable seed value; and
      
      decrypting the received encrypted token using the symmetric key.
  - 12. A method according to claim 11, wherein the step of encrypting a received token comprises the steps of:
    - using the symmetric key generated key generated during decryption; and
      
      encrypting the decrypted token with updated state information using the symmetric key.

13. A data processing system for providing state information between a stateless server and a stateful client, said data processing system comprising:
- means for receiving a client request to perform a server action;
  
  means, responsive to said client request receiving means, for performing the action and creating a token containing post-action state information;
  
  means for encrypting the created token; and
  
  means, responsive to said encrypting means, for sending the encrypted token and action output to the client.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. A data processing system according to claim 13, further comprising:
    - means for receiving from the client the encrypted token with a subsequent client request to perform a server action; and
      
      means, responsive to said means for receiving the subsequent client request, for decrypting the received encrypted token; and
      
      means, responsive to said decrypting means, for verifying that the received token is valid.
  - 15. A data processing system according to claim 14, wherein said means for decrypting a received encrypted token comprises:
    - means for selecting a second value of the first variable seed;
      
      means, responsive to said selecting means, for generating a second symmetric key using the selected seed second value; and
      
      means, responsive to said generating means, for decrypting the received encrypted token using the second symmetric key.
  - 16. A data processing system according to claim 15, wherein said means for generating a second symmetric key comprises means for using the selected variable seed second value as input to a pseudorandom number generator used by a symmetric encryption routine to generate the second symmetric key.
  - 17. A data processing system according to claim 13, wherein said means for encrypting the token comprises:
    - means for selecting a first value of a first seed;
      
      means, responsive to said selecting means, for generating a first symmetric key using the selected seed first value; and
      
      means, responsive to said generating means, for encrypting the token using the first symmetric key.
  - 18. A data processing system according to claim 17, wherein said means for generating a first symmetric key comprises means for using the selected variable seed first value as input to a pseudorandom number generator used by a symmetric encryption routine to generate the first symmetric key.
  - 19. A data processing system according to claim 17, wherein said means for generating a first symmetric key comprises means for generating the selected variable first seed value from a plurality of variable inputs.

20. A data processing system for providing state information between a stateless server and a stateful client, said data processing system comprising:
- means for sending an encrypted token with a client request to perform a server action;
  
  means for receiving the encrypted token with the client request to perform a server action from the client;
  
  means, responsive to said means for receiving the client request, for decrypting the received encrypted token;
  
  means, responsive to said decrypting means, for verifying that the received token is valid;
  
  means, responsive to said verifying means, for using state information contained therein to perform the requested action;
  
  means, responsive to said performing means, for replacing previous state information with new state information in the token;
  
  means for encrypting the token; and
  
  means for sending the encrypted token and action output to the client.
- View Dependent Claims (21)
- - 21. A data processing system according to claim 20, wherein said means for decrypting a received encrypted token comprises:
    - means for selecting a variable seed value;
      
      means for generating a symmetric key using the selected variable seed value; and
      
      means for decrypting the received encrypted token using the symmetric key.

22. A computer program product for providing state information between a stateless server and a stateful client, said computer program product comprising:
- a computer usable medium having computer readable program code means embodied in said medium for receiving a client request to perform a server action;
  
  the computer usable medium having computer readable program code means embodied in said medium, responsive to said client request receiving means, for performing the action and creating a token containing post-action state information;
  
  the computer usable medium having computer readable program code means embodied in said medium for encrypting the created token; and
  
  the computer usable medium having computer readable program code means embodied in said medium, responsive to said encrypting means, for sending the encrypted token and action output to the client.
- View Dependent Claims (23)
- - 23. A computer program product according to claim 22, further comprising:
    - computer readable program code means embodied in said medium for receiving from the client the encrypted token with a subsequent client request to perform a server action;
      
      computer readable program code means embodied in said medium, responsive to said means for receiving the subsequent client request, for decrypting the received encrypted token; and
      
      computer readable program code means embodied in said medium, responsive to said decrypting means, for verifying that the received token is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
White, John Gregg
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/895,514
Time in Patent Office

1,035 Days
Field of Search

380/4, 380/9, 380/21, 380/23, 380/25, 380/49, 380/50, 380/59, 380/29, 380/30, 380/255, 380/259, 380/277, 380/278, 380/287, 395/186, 713/200, 713/150-153, 713/155, 713/159, 713/164, 713/168, 713/169, 713/170, 713/172, 713/182, 713/185, 713/188, 713/189, 713/201, 705/50, 705/51, 705/64-67
US Class Current

713/159
CPC Class Codes

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0869   involving random numbers or...

H04L 9/3234   involving additional secure...

Systems, methods and computer program products for sharing state information between a stateless server and a stateful client

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

169 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods and computer program products for sharing state information between a stateless server and a stateful client

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links