Secure session tracking method and system for client-server environment

US 6,496,932 B1
Filed: 09/05/2000
Issued: 12/17/2002
Est. Priority Date: 01/20/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for tracking communications in a stateless client-server environment, the method comprising:

sending a first request from a client to a server over a first link;

sending a first identifier from the server to said client over the first link;

sending the first identifier from the client and another request to the server over another link; and

sending a response to the another request and a another identifier distinct from the first identifier from the server to the client over the second link.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for tracking communications in a client-server environment. The method includes the steps of sending a first request from the client to the server over a first connection, sending a first key from the server to the client over the first connection, sending the first key from the client and a second request to the server over a second connection, and sending a response to the second request and a second key distinct from the first key from the server to the client over the second connection. The system includes a client for establishing a terminal connection with a server and a server in communication with the client. The server further includes key generator means generating a plurality of keys for transmission to the client, authentication means in communication with the key generator means receiving the keys from the client to recognize the keys at the server, and discarding means linked to the key generator means for disposing of previously transmitted keys.

158 Citations

View as Search Results

94 Claims

1. A method for tracking communications in a stateless client-server environment, the method comprising:
- sending a first request from a client to a server over a first link;
  
  sending a first identifier from the server to said client over the first link;
  
  sending the first identifier from the client and another request to the server over another link; and
  
  sending a response to the another request and a another identifier distinct from the first identifier from the server to the client over the second link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 53, 54, 55, 56, 57, 58, 59)
- - 2. The method of claim 1, wherein the method further comprises replacing the first identifier with another identifier after sending the first identifier from the client and the another request to the server over the another link.
  - 3. The method of claim 2, wherein replacing the first identifier with the another identifier further comprises invalidating the first identifier for a determined period of time.
  - 4. The method of claim 3 wherein invalidating the first identifier further comprises removing the identifier from a queue of available identifiers.
  - 5. The method of claim 1, wherein the method further comprises disconnecting the first link after the step of sending the first identifier from the server to the client over the first link.
  - 6. The method of claim 5, wherein sending a first identifier from the server to the client further comprises sending a response to the first request along with the first identifier to the client.
  - 7. The method of claim 5, wherein the method further comprises authenticating the client after sending a first request from the client to the server over the first link.
  - 8. The method of claim 5, wherein the method further comprises authenticating the client after sending the first identifier from the client and the second request to the server over the second link.
  - 9. The method of claim 8, wherein authenticating the client further comprises recognizing the first identifier and retrieving data relating to the state of the client linked to the first identifier.
  - 10. The method of claim 9, wherein recognizing the first identifier further comprises determining an age of the first identifier and has the age exceeded a pre-determined time period of acceptability.
  - 53. The method of claim 1, wherein the another request is a second request.
  - 54. The method of claim 1, wherein the another link is a second link.
  - 55. The method of claim 1, wherein the another identifier is a second identifier.
  - 56. The method of claim 2, wherein the another link is a second link.
  - 57. The method of claim 2, wherein the another identifier is a second identifier.
  - 58. The method of claim 2, wherein the another request is a second request.
  - 59. The method of claim 3, wherein the another request is a second request.

11. A method for tracking communications in a stateless client-server environment, the method comprising:
- receiving a request from a client over a link;
  
  sending an identifier to the client over the link;
  
  receiving the identifier from the client and another request over another; and
  
  sending a response to the another request and another identifier distinct from the identifier to the client over the another link.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11, wherein the method further comprises replacing the identifier with the another identifier after receiving the identifier from the client and the another request over the another link.
  - 13. The method of claim 12, wherein replacing the identifier with the another identifier further comprises invalidating the identifier for a determined period of time.
  - 14. The method of claim 13, wherein invalidating the identifier further comprises removing the identifier from a queue of available identifiers.
  - 15. The method of claim 11, wherein the method further comprises disconnecting the link after sending the identifier to the client over the link.
  - 16. The method of claim 15, wherein sending the identifier to the client further comprises sending a response to the request along with the identifier to the client.
  - 17. The method of claim 15, wherein the method further comprises authenticating said client after receiving the request from the client over the link.
  - 18. The method of claim 15, wherein the method further comprises authenticating the client after receiving the identifier from the client and the another request over the link.
  - 19. The method of claim 18, wherein authenticating the client further comprises recognizing the identifier and retrieving data relating to a state of the client linked to the identifier.
  - 20. The method of claim 19, wherein the identifier comprises values independently nonindicative of the data relating to the state of the client.
  - 21. The method of claim 19, wherein of recognizing the identifier further comprises determining whether an age of the identifier and has the age exceeded a pre-determined time period of acceptability for the identifier.

22. A method for tracking communications in a client-server environment, the method comprising:
- establishing a connection between a client and a server;
  
  authenticating the client at the server;
  
  generating a key in the server corresponding to a session between the client and the server, the being stored at the server;
  
  sending the key to the client;
  
  disconnecting the connection between the client and the server;
  
  establishing another connection between the client and the server;
  
  generating a request at the client and sending the request and the key to the server through the another connection;
  
  verifying the key at the server;
  
  generating a response to the request and another key at the server; and
  
  sending the response and the another key back to the client over the another connection.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 60, 61)
- - 23. The method of claim 22, wherein the method further comprises retaining a value representative of the key in memory at the client.
  - 24. The method of claim 22, wherein the method further comprises the step of replacing the key at the server with the another key after verifying the key at the server.
  - 25. The method of claim 24, wherein the method further comprises invalidating the key before replacing the key with the another key.
  - 26. The method of claim 22, wherein authenticating the client further comprises:
27. The method of claim 26, wherein generating the keys comprises:
- providing a set of distinct random keys;
  
  choosing a selected key from the set; and
  
  removing the selected key from the set.
28. The method of claim 27, wherein the method further comprises confirming that the another key is distinct from the key before sending the another key to the client.
29. The method of claim 27, wherein the method further comprises retaining all of the keys in a memory at the server.
30. The method of claim 27, wherein the key comprise a random string having a defined length.
31. The method of claim 22, wherein the client further comprises a personal computer terminal.
32. The method of claim 31, wherein the server comprises a server operating to exchange information with a database.
33. The method of claim 22, wherein the keys and the response are encrypted before being sent to the client.
34. The method of claim 30, wherein the first key and the another key are not sequential.
35. The method of claim 22, wherein verifying the key further comprises associating the key with a list of stored keys at the server.
36. The method of claim 35, wherein the method further comprises invalidating the key if the elapsed time exceeds a preset value of time.
60. The method of claim 22, wherein the key and the response are encrypted before being sent to the server.
61. The method of claim 35, wherein in the method further comprises monitoring an elapsed time between sending a key to the client and sending the key back to the server.

37. A system for authentication in a stateless client-server environment, the system comprising:
- a client;
  
  a server communicating with the client, the server comprising means for generating a plurality of keys for transmission to the client;
  
  means, in communication with the key generator means, for receiving the keys from the client, and recognizing the keys at the server, and means, linked to said key generator means, for preventing further use of previously transmitted keys.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The system of claim 37, wherein the server further comprises a network server operating in communication with the Internet.
  - 39. The system of claim 38, wherein the client further comprises a personal computer, the terminal connection with the server being via the Internet.
  - 40. The system of claim 39, wherein the system further comprises a database linked to the server that stores information to be requested by the client.
  - 41. The system of claim 40, wherein the system further comprises a hypertext interface at the client.
  - 42. The system of claim 41, wherein the system further comprises means for selecting and retrieving information from the database based on requests made by the client.

43. A method for tracking communications in a client-server environment, the method comprising:
- establishing a connection between a client and a server;
  
  generating a key in the server corresponding to a session between the client and the server;
  
  sending the key to said client;
  
  disconnecting the connection between the client and the server;
  
  establishing another connection between the client and the server;
  
  generating a request at the client, sending the request and the key to the server through the another connection;
  
  recognizing the key at the server;
  
  generating the another at the server, the another key being unrelated to the key;
  
  processing the request at the server, generating a response;
  
  sending the response and the another key back to the client over the another connection; and
  
  disconnecting the another connection between the client and the server.
- View Dependent Claims (44, 45, 46, 47, 48)
- - 44. The method of claim 43, wherein the another key links the client to information relating to the session.
  - 45. The method of claim 43, wherein the connection is established after recognizing an authorized user to the server.
  - 46. The method of claim 45, the method further comprises invalidating keys received from the client after the keys are recognized by the server.
  - 47. The method of claim 43, wherein the connection is established through the Internet.
  - 48. The method of claim 43 wherein the client further comprises a browser interface program.

49. A method for tracking communications in a client-server environment, the method comprising:
- communicating between a client and a server;
  
  receiving a key from the server;
  
  sending a request and the key to the server; and
  
  receiving a response to the request and a new key from the server.

50. A method for tracking communications in a client-server environment, the method comprising:
- communicating between a client and a server;
  
  receiving an initial key from the server;
  
  generating a request at the client;
  
  sending the request and the initial key to the server;
  
  utilizing the initial key to recall client'"'"'s state information at the server;
  
  generating a response to the request in the server;
  
  generating a new key in the server;
  
  sending the response and the new key back to the client.

51. A method for tracking communication in a stateless client-server computer environment, the method comprising:
- communicating between a client and a server;
  
  identifying the user;
  
  generating a key in the server corresponding to a session between the client and the server, the key being stored at the server;
  
  sending the key to the client; and
  
  ending communication between the client and the server.

52. A method for tracking communications in a client-server environment wherein a key comprising a character string uniquely identifies stored state information of a client in a server database, the method comprising:
- sending a request and a key to a server;
  
  verifying the key by comparing the key with a stored key in the server database;
  
  generating a new key of an unused string of a desired length;
  
  invalidating the previously sent key; and
  
  sending the new key to the client.

62. A method of tracking requests from and responses to a user in a stateless environment, the method comprising:
- a) receiving a request;
  
  b) preparing a response to the request, the response comprising a distinct key;
  
  c) storing session state data and the distinct key; and
  
  d) sending the response.
- View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
- - 63. The method of claim 62, wherein preparing the response further comprises:
64. The method of claim 63, wherein the method further comprises:
- e) repeating steps a-d for each of multiple requests.
65. The method of claim 64, wherein each of the multiple requests is from a single user.
66. The method of claim 65, wherein the multiple requests are from multiple users.
67. The method of claim 63, wherein preparing the response further comprises:
- determining if the distinct key is not in the request; and
  
  requesting unique identifying information; and
  
  verifying the unique identifying information.
68. The method of claim 67, wherein the unique identifying information comprises a user name and a password.
69. The method of claim 62, wherein the method further comprises:
- generating a set of available distinct keys; and
  
  wherein preparing a response comprises;
  
  selecting a distinct key from the set; and
  
  removing the selected distinct key from the set.
70. The method of claim 63, wherein the method further comprises:
- generating a set of available distinct keys; and
  
  wherein preparing a response comprises;
  
  selecting a distinct key from the set; and
  
  removing the selected distinct key from the set.
71. The method of claim 64, wherein the method further comprises:
- generating a set of available distinct keys; and
  
  wherein preparing a response comprises;
  
  selecting a distinct key from the set; and
  
  removing the selected distinct key from the set.
72. The method of claim 70, wherein preparing the response further comprises:
- invalidating the recognized key; and
  
  removing the stored session data based upon the invalidated key.
73. The method of claim 63, wherein preparing the response further comprises:
- invalidating the recognized key; and
  
  removing the stored session data based upon the invalidated key.
74. The method of claim 64, wherein preparing the response further comprises:
- invalidating the recognized key; and
  
  removing the stored session data based upon the invalidated key.
75. The method of claim 63, wherein the method further comprises:
- invalidating the distinct key after a predetermined time period; and
  
  removing the stored session data indicated by the invalidated key.
76. The method of claim 64, wherein the method further comprises:
- invalidating the distinct key after a predetermined time period; and
  
  removing the stored session data indicated by the invalidated key.
77. The method of claim 64, wherein repeating steps a-d further comprises:
- confirming each key is distinct.
78. The method of claim 62, wherein the distinct key is a random string of defined length.
79. The method of claim 63, wherein the distinct key is a random string of defined length.
80. The method of claim 64, wherein the distinct key is a random string of defined length.
81. The method of claim 62, wherein preparing the response further comprises:
- communicating with a database to retrieve information with regard to the request and the stored session data.
82. The method of claim 63, wherein preparing the response further comprises:
- communicating with a database to retrieve information with regard to the request and the stored session data.
83. The method of claim 62, wherein the key is non-indicative of the stored data.
84. The method of claim 63, wherein the key is non-indicative of the stored data.
85. The method of claim 63, wherein preparing the response further comprises:
- determining if the district key is not in the request;
  
  the request;
  
  requesting unique identifying information; and
  
  verifying the unique identifying information.
86. The method of claim 63, wherein the method further comprises:
- invalidating the district key after a predetermined time period; and
  
  removing the stored session data indicated by the invalidated key.

87. A server system that securely communicates in a stateless environment, the system comprising:
- a server that receives requests, prepares a corresponding response to each request, and sends each response;
  
  a storage database connected to the server that stores each request such that each request is quickly retrievable; and
  
  wherein the server places the secure identifier in the corresponding response.
- View Dependent Claims (88, 89, 90, 91, 92, 93, 94)
- - 88. The system of claim 87, wherein the server monitors each request for a secure identifier.
  - 89. The system of claim 87, wherein the server further retrieves the stored request based on the secure identifier and prepares the corresponding response based upon the received request and the stored request.
  - 90. The system of claim 87, wherein the secure identifier is distinct.
  - 91. The system of claim 88, wherein the secure identifier is distinct.
  - 92. The system of claim 89, wherein the secure identifier is unique.
  - 93. The system of claim 92, wherein the secure identifier is sequential.
  - 94. The system of claim 92, wherein the secure identifier is random.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stevens Law Group PC
Original Assignee
ProAct Technologies Corp. (HRSoft, Inc.)
Inventors
Trieger, Andrew W.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/655,040
Time in Patent Office

833 Days
Field of Search

713/168, 713/169, 713/170, 713/171, 713/182, 380/277, 380/278
US Class Current

713/168
CPC Class Codes

H04L 67/01   Protocols

H04L 67/14   Session management for real...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Secure session tracking method and system for client-server environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

94 Claims

Specification

Solutions

Use Cases

Quick Links

Secure session tracking method and system for client-server environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

94 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links