Security mechanisms in a web server
First Claim
1. A session processing module for a server adapted to communicate across a packet switched network with a plurality of clients, wherein the server includes means for running simultaneous communication sessions with a plurality of the clients via a single network connection to the server, said processing module comprising:
- means for allocating a session identifier in response to a first input stream of a session between a client and said server;
means for negotiating communication characteristics specifically for said client-server session; and
means for instantiating, according to said negotiated communication characteristics for said session, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data.
1 Assignment
0 Petitions
Accused Products
Abstract
A session processing module for a server is adapted to communicate across the Internet with a plurality of clients. The processing module runs within a servlet and allocates a session identifier in response to a first input stream of a session between a client and the server; negotiates communication characteristics for the session; and instantiates, according to the communication characteristics, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data. A variable depth of penetration to be applied to a dynamically specified quality of service for a session is enabled. Thus, in one embodiment the module relays encrypted request data for a session to a back-end server, and receives from the back-end server encrypted response data for the session for the client. Alternatively, the module itself decrypts input streams containing request data and processes the data to generate output streams containing encrypted response data for the client.
88 Citations
12 Claims
-
1. A session processing module for a server adapted to communicate across a packet switched network with a plurality of clients, wherein the server includes means for running simultaneous communication sessions with a plurality of the clients via a single network connection to the server, said processing module comprising:
-
means for allocating a session identifier in response to a first input stream of a session between a client and said server;
means for negotiating communication characteristics specifically for said client-server session; and
means for instantiating, according to said negotiated communication characteristics for said session, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product stored on a computer readable storage medium for, when executed on a computer, session processing in a virtual machine for managing a plurality of simultaneous communication sessions via a single network connection to the server, the virtual machine being for operating with a computer processing system, the product comprising:
-
means for allocating a session identifier in response to a first input stream of a session between a client and said server;
means for negotiating communication characteristics specifically for said client-server session; and
means for instantiating, according to said negotiated communication characteristics for said session, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data.
-
-
12. A method for processing communication sessions between a server and a plurality of clients in a data communications system, wherein the server has means for running simultaneous communication sessions with a plurality of said clients via a single network connection to the server, comprising the steps of:
-
allocating a session identifier in response to a first input stream of a session between a client and said server;
negotiating communication characteristics specifically for said client-server session; and
instantiating, according to said negotiated communication characteristics for said session, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data.
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWright, Steven, Lambert, Howard Shelton
-
Primary Examiner(s)Swann, Tod
-
Assistant Examiner(s)Darrow, Justin T.
-
Application NumberUS09/154,645Time in Patent Office1,286 DaysField of Search713/151, 713/153, 713/155, 380/262, 380/269, 705/56, 705/64, 709/203, 709/206, 709/227, 709/228, 709/230, 709/246, 709/247US Class Current713/151CPC Class CodesH04L 63/045 wherein the sending and rec...H04L 63/166 at the transport layerH04L 9/40 Network security protocols
