Secure session tracking method and system for client-server environment
First Claim
1. A method for tracking communications in a stateless client-server environment, the method comprising:
- sending a first request from a client to a server over a first link;
sending a first identifier from the server to said client over the first link;
sending the first identifier from the client and another request to the server over another link; and
sending a response to the another request and a another identifier distinct from the first identifier from the server to the client over the second link.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system for tracking communications in a client-server environment. The method includes the steps of sending a first request from the client to the server over a first connection, sending a first key from the server to the client over the first connection, sending the first key from the client and a second request to the server over a second connection, and sending a response to the second request and a second key distinct from the first key from the server to the client over the second connection. The system includes a client for establishing a terminal connection with a server and a server in communication with the client. The server further includes key generator means generating a plurality of keys for transmission to the client, authentication means in communication with the key generator means receiving the keys from the client to recognize the keys at the server, and discarding means linked to the key generator means for disposing of previously transmitted keys.
158 Citations
94 Claims
-
1. A method for tracking communications in a stateless client-server environment, the method comprising:
-
sending a first request from a client to a server over a first link;
sending a first identifier from the server to said client over the first link;
sending the first identifier from the client and another request to the server over another link; and
sending a response to the another request and a another identifier distinct from the first identifier from the server to the client over the second link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 53, 54, 55, 56, 57, 58, 59)
-
-
11. A method for tracking communications in a stateless client-server environment, the method comprising:
-
receiving a request from a client over a link;
sending an identifier to the client over the link;
receiving the identifier from the client and another request over another; and
sending a response to the another request and another identifier distinct from the identifier to the client over the another link. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for tracking communications in a client-server environment, the method comprising:
-
establishing a connection between a client and a server;
authenticating the client at the server;
generating a key in the server corresponding to a session between the client and the server, the being stored at the server;
sending the key to the client;
disconnecting the connection between the client and the server;
establishing another connection between the client and the server;
generating a request at the client and sending the request and the key to the server through the another connection;
verifying the key at the server;
generating a response to the request and another key at the server; and
sending the response and the another key back to the client over the another connection. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 60, 61)
providing a user name for the client and a password indicative of the user name to the server; and
verifying the password in the server against a plurality of known password associations.
-
-
27. The method of claim 26, wherein generating the keys comprises:
-
providing a set of distinct random keys;
choosing a selected key from the set; and
removing the selected key from the set.
-
-
28. The method of claim 27, wherein the method further comprises confirming that the another key is distinct from the key before sending the another key to the client.
-
29. The method of claim 27, wherein the method further comprises retaining all of the keys in a memory at the server.
-
30. The method of claim 27, wherein the key comprise a random string having a defined length.
-
31. The method of claim 22, wherein the client further comprises a personal computer terminal.
-
32. The method of claim 31, wherein the server comprises a server operating to exchange information with a database.
-
33. The method of claim 22, wherein the keys and the response are encrypted before being sent to the client.
-
34. The method of claim 30, wherein the first key and the another key are not sequential.
-
35. The method of claim 22, wherein verifying the key further comprises associating the key with a list of stored keys at the server.
-
36. The method of claim 35, wherein the method further comprises invalidating the key if the elapsed time exceeds a preset value of time.
-
60. The method of claim 22, wherein the key and the response are encrypted before being sent to the server.
-
61. The method of claim 35, wherein in the method further comprises monitoring an elapsed time between sending a key to the client and sending the key back to the server.
-
37. A system for authentication in a stateless client-server environment, the system comprising:
-
a client;
a server communicating with the client, the server comprising means for generating a plurality of keys for transmission to the client;
means, in communication with the key generator means, for receiving the keys from the client, and recognizing the keys at the server, and means, linked to said key generator means, for preventing further use of previously transmitted keys.- View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. A method for tracking communications in a client-server environment, the method comprising:
-
establishing a connection between a client and a server;
generating a key in the server corresponding to a session between the client and the server;
sending the key to said client;
disconnecting the connection between the client and the server;
establishing another connection between the client and the server;
generating a request at the client, sending the request and the key to the server through the another connection;
recognizing the key at the server;
generating the another at the server, the another key being unrelated to the key;
processing the request at the server, generating a response;
sending the response and the another key back to the client over the another connection; and
disconnecting the another connection between the client and the server. - View Dependent Claims (44, 45, 46, 47, 48)
-
-
49. A method for tracking communications in a client-server environment, the method comprising:
-
communicating between a client and a server;
receiving a key from the server;
sending a request and the key to the server; and
receiving a response to the request and a new key from the server.
-
-
50. A method for tracking communications in a client-server environment, the method comprising:
-
communicating between a client and a server;
receiving an initial key from the server;
generating a request at the client;
sending the request and the initial key to the server;
utilizing the initial key to recall client'"'"'s state information at the server;
generating a response to the request in the server;
generating a new key in the server;
sending the response and the new key back to the client.
-
-
51. A method for tracking communication in a stateless client-server computer environment, the method comprising:
-
communicating between a client and a server;
identifying the user;
generating a key in the server corresponding to a session between the client and the server, the key being stored at the server;
sending the key to the client; and
ending communication between the client and the server.
-
-
52. A method for tracking communications in a client-server environment wherein a key comprising a character string uniquely identifies stored state information of a client in a server database, the method comprising:
-
sending a request and a key to a server;
verifying the key by comparing the key with a stored key in the server database;
generating a new key of an unused string of a desired length;
invalidating the previously sent key; and
sending the new key to the client.
-
-
62. A method of tracking requests from and responses to a user in a stateless environment, the method comprising:
-
a) receiving a request;
b) preparing a response to the request, the response comprising a distinct key;
c) storing session state data and the distinct key; and
d) sending the response. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
determining if a distinct key is in the request;
retrieving the stored session state data based upon the recognized distinct key; and
preparing the response with regard to the request and the stored session state data.
-
-
64. The method of claim 63, wherein the method further comprises:
e) repeating steps a-d for each of multiple requests.
-
65. The method of claim 64, wherein each of the multiple requests is from a single user.
-
66. The method of claim 65, wherein the multiple requests are from multiple users.
-
67. The method of claim 63, wherein preparing the response further comprises:
-
determining if the distinct key is not in the request; and
requesting unique identifying information; and
verifying the unique identifying information.
-
-
68. The method of claim 67, wherein the unique identifying information comprises a user name and a password.
-
69. The method of claim 62, wherein the method further comprises:
-
generating a set of available distinct keys; and
wherein preparing a response comprises;
selecting a distinct key from the set; and
removing the selected distinct key from the set.
-
-
70. The method of claim 63, wherein the method further comprises:
-
generating a set of available distinct keys; and
wherein preparing a response comprises;
selecting a distinct key from the set; and
removing the selected distinct key from the set.
-
-
71. The method of claim 64, wherein the method further comprises:
-
generating a set of available distinct keys; and
wherein preparing a response comprises;
selecting a distinct key from the set; and
removing the selected distinct key from the set.
-
-
72. The method of claim 70, wherein preparing the response further comprises:
-
invalidating the recognized key; and
removing the stored session data based upon the invalidated key.
-
-
73. The method of claim 63, wherein preparing the response further comprises:
-
invalidating the recognized key; and
removing the stored session data based upon the invalidated key.
-
-
74. The method of claim 64, wherein preparing the response further comprises:
-
invalidating the recognized key; and
removing the stored session data based upon the invalidated key.
-
-
75. The method of claim 63, wherein the method further comprises:
-
invalidating the distinct key after a predetermined time period; and
removing the stored session data indicated by the invalidated key.
-
-
76. The method of claim 64, wherein the method further comprises:
-
invalidating the distinct key after a predetermined time period; and
removing the stored session data indicated by the invalidated key.
-
-
77. The method of claim 64, wherein repeating steps a-d further comprises:
confirming each key is distinct.
-
78. The method of claim 62, wherein the distinct key is a random string of defined length.
-
79. The method of claim 63, wherein the distinct key is a random string of defined length.
-
80. The method of claim 64, wherein the distinct key is a random string of defined length.
-
81. The method of claim 62, wherein preparing the response further comprises:
communicating with a database to retrieve information with regard to the request and the stored session data.
-
82. The method of claim 63, wherein preparing the response further comprises:
communicating with a database to retrieve information with regard to the request and the stored session data.
-
83. The method of claim 62, wherein the key is non-indicative of the stored data.
-
84. The method of claim 63, wherein the key is non-indicative of the stored data.
-
85. The method of claim 63, wherein preparing the response further comprises:
-
determining if the district key is not in the request;
the request;
requesting unique identifying information; and
verifying the unique identifying information.
-
-
86. The method of claim 63, wherein the method further comprises:
-
invalidating the district key after a predetermined time period; and
removing the stored session data indicated by the invalidated key.
-
-
87. A server system that securely communicates in a stateless environment, the system comprising:
-
a server that receives requests, prepares a corresponding response to each request, and sends each response;
a storage database connected to the server that stores each request such that each request is quickly retrievable; and
wherein the server places the secure identifier in the corresponding response. - View Dependent Claims (88, 89, 90, 91, 92, 93, 94)
-
Specification