Application interface method and system for encryption control

US 6,070,245 A
Filed: 11/25/1997
Issued: 05/30/2000
Est. Priority Date: 11/25/1997
Status: Expired due to Fees

First Claim

Patent Images

1. Method for controlling encryption mode selectively in a first mode and a second mode during a connection oriented session between a server application and a client workstation, comprising the steps of:

establishing said session in said first mode;

while communicating a data stream from said server application to said client workstation in said first mode detecting an encrypt structured field in said data stream;

responsive to said encrypt structured field;

flushing old data in the data stream prior to said encrypt structure field to said client workstation in said first mode;

switching mode on the communication link between said server application and said client workstation to said second mode;

removing said encrypt structured field from said data stream; and

thereafter,communicating new data in said data stream subsequent to said encrypt structured field to said client workstation in said second mode.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided whereby a system or application programmer may control encryption on or off during a connection oriented session between a client and a server over the Internet/intranet. This is done by providing a keyword or command, such as a Data Description Specification (DDS) keyword or a User Defined Data Stream (UDDS), to insert into a data stream intended for the client an architecture command, the 5250 Write Single Structured Field (WSSF) architecture command carrying an unique structured field to indicate when encrypted mode should be made active or inactive.

150 Citations

11 Claims

1. Method for controlling encryption mode selectively in a first mode and a second mode during a connection oriented session between a server application and a client workstation, comprising the steps of:
- establishing said session in said first mode;
  
  while communicating a data stream from said server application to said client workstation in said first mode detecting an encrypt structured field in said data stream;
  
  responsive to said encrypt structured field;
  
  flushing old data in the data stream prior to said encrypt structure field to said client workstation in said first mode;
  
  switching mode on the communication link between said server application and said client workstation to said second mode;
  
  removing said encrypt structured field from said data stream; and
  
  thereafter,communicating new data in said data stream subsequent to said encrypt structured field to said client workstation in said second mode.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, said first mode selectively being encryption on mode or encryption off mode, and said second mode being the other of said encryption on mode or said encryption off mode.
  - 3. The method of claim 1, said encrypt structured field including a parameter specifying length, further comprising the step of switching mode on said communication link after transmitting new data of said specified length.

4. System for controlling encryption mode during a connection oriented session between a server application and a client workstation, comprising:
- a server application;
  
  a display data stream file;
  
  a virtual terminal associated with said client workstation;
  
  an interactive subsystem for generating from said server application and said display data stream file a data stream for putting to said virtual terminal;
  
  a virtual terminal manager for formatting said data stream for communication to said client workstation; and
  
  said virtual terminal manager being responsive to an encrypt structured field in said data stream to transmit old data in said data stream to said client workstation, to initiate changing of the encryption mode, to remove said encrypt structured field from said data stream, and thereafter to communicate new data in said data stream to said client workstation.

5. System for switching encryption mode during a connection oriented session between a server application and a client workstation, comprising:
- a server application;
  
  a virtual terminal associated with said client workstation;
  
  an interactive subsystem for generating from said server application a data stream for putting to said virtual terminal;
  
  a virtual terminal manager for formatting said data stream for communication to said client workstation; and
  
  said virtual terminal manager being responsive to a user defined mode controlling command in said data stream to transmit old data in said data stream to said client workstation, to initiate switching of the encryption mode, to remove said switching command from said data stream, and thereafter to communicate new data in said data stream to said client workstation in the switched encryption mode.

6. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for setting encryption mode during a connection oriented session between a server application and a client workstation, said method steps comprising:
- establishing said session in a first mode;
  
  while communicating a data stream from said server application to said client workstation in said first mode detecting an encrypt mode command in said data stream from said application;
  
  responsive to said encrypt mode command;
  
  flushing old data in the data stream prior to said encrypt mode command to said client workstation;
  
  switching encryption mode on the communication link between said server application and said client workstation to a second mode;
  
  removing said encrypt mode command from said data stream; and
  
  thereafter,communicating new data in said data stream subsequent to said encrypt mode command to said client workstation in said second mode.

7. An article of manufacture comprising:
- a computer usable medium having computer readable program code means embodied therein for toggling encryption mode between a first mode and a second mode during a connection oriented session between a server application and a client workstation, the computer readable program means in said article of stream; and
  
  computer readable program code means for causing a computer to communicate new data in said data stream to said client workstation in said second mode.

8. Method for controlling encryption mode during a connection oriented session between a server application having an associated screen display data stream (DDS) file and a client workstation, comprising the steps of:
- establishing said session in a first encryption mode;
  
  communicating a data stream from said server application to said client workstation;
  
  putting an encrypt mode command in said data stream from said application or screen DDS file, said encrypt mode command separating old data and new data in said data stream;
  
  responsive to said encrypt mode command;
  
  flushing said old data in the data manufacture comprising;
  
  computer readable program code means for causing a computer to establish said session in said first mode;
  
  computer readable program code means for causing a computer to communicate a data stream from said server application to said client workstation in said first mode;
  
  computer readable program code means for causing a computer to put an encrypt mode command in said data stream from said application;
  
  computer readable program code means for causing a computer responsive to said encrypt mode command to;
  
  flush old data in the data stream to said client workstation;
  
  switch encryption mode on the communication link between said server application and said client workstation to said second mode;
  
  remove said encrypt mode command from said data stream to said client workstation; and
  
  thereafterswitching encryption mode to a second encryption mode on the communication link between said server application and said client workstation; and
  
  thereaftercommunicating said new data in said data stream to said client workstation.

9. System for controlling encryption mode during a connection oriented session between a server application and a client workstation, comprising:
- a server application;
  
  a display data stream file;
  
  a virtual terminal associated with said client workstation;
  
  an interactive subsystem for generating from said server application and said display data stream file a data stream for putting to said virtual terminal;
  
  a virtual terminal manager for formatting said data stream for communication to said client workstation; and
  
  said virtual terminal manager being responsive to an encrypt command in said data stream to transmit old data in said data stream to said client workstation, to initiate changing of the encryption mode, and thereafter to communicate new data in said data stream to said client workstation.

10. System for switching encryption mode during a connection oriented session between a server application and a client workstation, comprising:
- a server application;
  
  a virtual terminal associated with said client workstation;
  
  an interactive subsystem for generating from said server application a data stream for putting to said virtual terminal;
  
  a virtual terminal manager for formatting said data stream for communication to said client workstation; and
  
  said virtual terminal manager being responsive to a user defined mode controlling command in said data stream to transmit old data in said data stream to said client workstation, to initiate switching of the encryption mode, and thereafter to communicate new data in said data stream to said client workstation in the switched encryption mode.

11. Method for controlling encryption mode during a connection oriented session between a server application and a client workstation, comprising the steps of:
- establishing said session by connecting said client workstation to said server application with encryption off;
  
  communicating a data stream from said server application to said client workstation, said data stream including an encrypt structured field, said encrypt structured field including an encryption on keyword followed by a password field followed by an encryption off keyword;
  
  upon detecting said encryption on keyword, flushing old data before said keyword in the data stream from said server to said client workstation;
  
  switching encryption mode on the communication link between said server application and said client workstation by renegotiating said connection to have encryption on;
  
  removing said encrypt structured field from said data stream; and
  
  thereafter,communicating new data subsequent to said keyword in said data stream to said client workstation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Murphy, Thomas Edwin Jr., Stevens, Jeffrey Scott, Rieth, Paul Francis
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US08/978,324
Time in Patent Office

917 Days
Field of Search

713/201, 713/184, 713/190, 713/202, 380/255, 380/239, 380/258, 380/37, 380/42, 380/287
US Class Current

726/3
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 69/18   Multiprotocol handlers, e.g...

H04N 21/23476   by partially encrypting, e....

H04N 21/44055   by partially decrypting, e....

Application interface method and system for encryption control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

150 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Application interface method and system for encryption control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links