Secure internet user state creation method and system with user supplied key and seeding
First Claim
1. A method for creating secure Internet user states between one or more servers and one or more Internet users, a server comprising an operable Internet connection, a server memory, server software, cryptography software, and a CPU for executing said server software and said cryptography software, wherein said server CPU, said server memory and said server Internet connection are operatively connected to each other by at least one bus, associated with each of said one or more users, a remote computer comprising an operable Internet connection, Internet software, one or more computer memories, one or more input devices and a CPU for executing said Internet software, wherein said computer Internet connection, each of said one or more computer memories, each of said one or more input devices and said computer CPU are operatively connected to each other by at least one bus, said method comprising the steps of:
- a) sending by a user initial private data relating to said user over the Internet to a first server by one or more user inputs via one or more of said input devices connected to a remote computer of said user;
b) receiving said initial private data from the Internet by said first server, said first server storing said initial private data in said first server memory;
c) sending by said user a user key associated with said user over the Internet to said first server by one or more user inputs via one or more of said input devices, said user key having a size of U bits, where U>
0;
d) receiving said user key from the Internet by said first server, said first server storing said user key in said first server memory;
e) creating by said first server an encryption key having a size of E bits from said user key, wherein said step of creating comprises inserting one or more bits into said user key at a position K of said user key, where 1≧
K≧
U+1 and E>
0;
f) encrypting said initial private data by said first server by input of said initial private data and said encryption key into said cryptography software, the output of said cryptography software being encrypted private data;
g) assigning by said first server said encrypted private data to the value field of a cookie and a name to the name field of said cookie;
h) sending by said first server said cookie over the Internet to said remote computer;
i) receiving by said remote computer said cookie from the Internet, wherein said remote computer stores said cookie in a first computer memory;
j) sending by said remote computer said cookie over the Internet to said first server;
k) receiving by said first server said cookie from the Internet, wherein said first server extracts said encrypted private data from said cookie and stores said encrypted private data in said first server memory;
l) resending by said user said user key over the Internet to said first server;
m) receiving said user key from the Internet by said first server, said first server storing said user key in said first server memory;
n) recreating by said first server said encryption key from said user key, wherein said step of recreating comprises inserting said one or more bits into said user key at said position K of said user key;
o) decrypting said encrypted private data by said first server by input of said encrypted private data and said encryption key into said cryptography software, the output of said cryptography software being said initial private data; and
p) establishing a state between said first server and said user by said first server based on said initial private data.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for creating secure Internet user states between one or more servers and one or more users. The invention is carried out by a server receiving over the Internet from a user private data relating to the user and a user key; creating an encryption key from the user key; encrypting the private data with the encryption key; assigning the encrypted private data to the data field of a cookie; and sending the cookie back to the user'"'"'s computer for storage, so that when the user later requests data from the server or a related server, the cookie is sent back by the user'"'"'s computer to the server or related server, which extracts the encrypted private data; receives the user key; recreates the encryption key; decrypts the encrypted private data with the encryption key and uses the decrypted private data to establish an Internet state between that server and the user. Optionally, the private data may be seeded by a server prior to encryption and assignment.
-
Citations
72 Claims
-
1. A method for creating secure Internet user states between one or more servers and one or more Internet users, a server comprising an operable Internet connection, a server memory, server software, cryptography software, and a CPU for executing said server software and said cryptography software, wherein said server CPU, said server memory and said server Internet connection are operatively connected to each other by at least one bus, associated with each of said one or more users, a remote computer comprising an operable Internet connection, Internet software, one or more computer memories, one or more input devices and a CPU for executing said Internet software, wherein said computer Internet connection, each of said one or more computer memories, each of said one or more input devices and said computer CPU are operatively connected to each other by at least one bus, said method comprising the steps of:
-
a) sending by a user initial private data relating to said user over the Internet to a first server by one or more user inputs via one or more of said input devices connected to a remote computer of said user;
b) receiving said initial private data from the Internet by said first server, said first server storing said initial private data in said first server memory;
c) sending by said user a user key associated with said user over the Internet to said first server by one or more user inputs via one or more of said input devices, said user key having a size of U bits, where U>
0;
d) receiving said user key from the Internet by said first server, said first server storing said user key in said first server memory;
e) creating by said first server an encryption key having a size of E bits from said user key, wherein said step of creating comprises inserting one or more bits into said user key at a position K of said user key, where 1≧
K≧
U+1 and E>
0;
f) encrypting said initial private data by said first server by input of said initial private data and said encryption key into said cryptography software, the output of said cryptography software being encrypted private data;
g) assigning by said first server said encrypted private data to the value field of a cookie and a name to the name field of said cookie;
h) sending by said first server said cookie over the Internet to said remote computer;
i) receiving by said remote computer said cookie from the Internet, wherein said remote computer stores said cookie in a first computer memory;
j) sending by said remote computer said cookie over the Internet to said first server;
k) receiving by said first server said cookie from the Internet, wherein said first server extracts said encrypted private data from said cookie and stores said encrypted private data in said first server memory;
l) resending by said user said user key over the Internet to said first server;
m) receiving said user key from the Internet by said first server, said first server storing said user key in said first server memory;
n) recreating by said first server said encryption key from said user key, wherein said step of recreating comprises inserting said one or more bits into said user key at said position K of said user key;
o) decrypting said encrypted private data by said first server by input of said encrypted private data and said encryption key into said cryptography software, the output of said cryptography software being said initial private data; and
p) establishing a state between said first server and said user by said first server based on said initial private data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
q) before step f), modifying said initial private data by said first server by inserting a seed into said initial private data according to a particular format;
r) after step o) and before step p), determining by said first server if said seed is contained in said initial private data according to said particular format; and
s) if said seed is not contained in said decrypted private data according to said particular format, sending an error message to said remote computer by said first server and skipping step p).
-
-
3. The method of claim 1, wherein an input device of a remote computer is a pointing device.
-
4. The method of claim 1, wherein an input device of a remote computer is a keyboard.
-
5. The method of claim 1, wherein a first input device of said remote computer is a keyboard and a second input device of said remote computer is a pointing device.
-
6. The method of claim 1, wherein said Internet software of a remote computer is Internet browser software.
-
7. The method of claim 1, wherein said first server and said remote computer communicate, in whole or in part, over a secure connection.
-
8. The method of claim 1, wherein the size of said user key in bits is evenly divisible by the value 8.
-
9. The method of claim 1, wherein the size of said encryption key in bits is evenly divisible by the value 8.
-
10. The method of claim 1, wherein E>
- U.
-
11. The method of claim 1, wherein E=U.
-
12. The method of claim 1, wherein E<
- U.
-
13. The method of claim 1, where in step g), said first server additionally assigns an expiration date to the expires field of said cookie.
-
14. The method of claim 1, where in step g), said first server additionally assigns its base domain value to the domain field of said cookie.
-
15. The method of claim 1, where in step g), said first server additionally assigns the value TRUE to the secure flag field of said cookie;
- and the sending and receiving of said cookie between said first server and said remote computer are over a secure connection.
-
16. The method of claim 1, said method further comprising the steps of:
-
t) sending by said remote computer said cookie over the Internet to a second server, wherein said second server is within the domain set of said domain value of said cookie;
u) receiving by said second server said cookie from the Internet, wherein said second server extracts said encrypted private data from said cookie and stores said encrypted private data in said second server memory;
v) sending by said user said user key over the Internet to said second server;
w) receiving said user key from the Internet by said second server, said second server storing said user key in said second server memory;
x) recreating by said second server said encryption key from said user key, wherein said step of recreating comprises inserting said one or more bits into said user key at said position K of said user key;
y) decrypting said encrypted private data by said second server by input of said encrypted private data and said encryption key into said cryptography software, the output of said cryptography software being said initial private data; and
z) establishing a state between said second server and said user by said second server based on said initial private data.
-
-
17. The method of claim 16, said method further comprising the steps of:
-
aa) before step f), modifying said initial private data by said first server by inserting a seed into said initial private data according to a particular format;
ab) after step y) and before step z), determining by said second server if said seed is contained in said initial private data according to said particular format; and
ac) if said seed is not contained in said initial private data according to said particular format, sending an error message by said second server to said remote computer and skipping step z).
-
-
18. A method for creating secure Internet user states between one or more servers and one or more Internet users, a server comprising an operable Internet connection, a server memory, server software, cryptography software, and a CPU for executing said server software and said cryptography software, wherein said server CPU, said server memory and said server Internet connection are operatively connected to each other by at least one bus, associated with each of said one or more users, a remote computer comprising an operable Internet connection, Internet software, one or more computer memories, one or more input devices and a CPU for executing said Internet software, wherein said computer Internet connection, each of said one or more computer memories, each of said one or more input devices and said computer CPU are operatively connected to each other by at least one bus, said method comprising the steps of:
-
a) sending by a user initial private data relating to said user over the Internet to a first server by one or more user inputs via one or more of said input devices connected to a remote computer of said user;
b) receiving said initial private data from the Internet by said first server, said first server storing said initial private data in said first server memory;
c) sending by said user a user key associated with said user over the Internet to said first server by one or more user inputs via one or more of said input devices, said user key having a size of U bits, where (U>
0);
d) receiving said user key from the Internet by said first server, said first server storing said user key in said first server memory;
e) creating by said first server an encryption key having a size of E bits from said user key, wherein said step of creating comprises deleting I bits from said user key from a position K of said user key, where (1≧
I>
U), (1≧
K≧
[U−
I+1]) and (E>
0);
f) encrypting said initial private data by said first server by input of said initial private data and said encryption key into said cryptography software, the output of said cryptography software being encrypted private data;
g) assigning by said first server said encrypted private data to the value field of a cookie and a name to the name field of said cookie;
h) sending by said first server said cookie over the Internet to said remote computer;
i) receiving by said remote computer said cookie from the Internet, wherein said remote computer stores said cookie in a first computer memory;
j) sending by said remote computer said cookie over the Internet to said first server;
k) receiving by said first server said cookie from the Internet, wherein said first server extracts said encrypted private data from said cookie and stores said encrypted private data in said first server memory;
l) resending by said user said user key over the Internet to said first server;
m) receiving said user key from the Internet by said first server, said first server storing said user key in said first server memory;
n) recreating by said first server said encryption key from said user key, wherein said step of recreating comprises deleting I bits from said user key at said position K of said user key;
o) decrypting said encrypted private data by said first server by input of said encrypted private data and said encryption key into said cryptography software, the output of said cryptography software being said initial private data; and
p) establishing a state between said first server and said user by said first server based on said initial private data. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
q) before step f), modifiing said initial private data by said first server by inserting a seed into said initial private data according to a particular format;
r) after step o) and before step p), determining by said first server if said seed is contained in said initial private data according to said particular format; and
s) if said seed is not contained in said decrypted private data according to said particular format, sending an error message to said remote computer by said first server and skipping step p).
-
-
20. The method of claim 18, wherein an input device of a remote computer is a pointing device.
-
21. The method of claim 18, wherein an input device of a remote computer is a keyboard.
-
22. The method of claim 18, wherein a first input device of said remote computer is a keyboard and a second input device of said remote computer is a pointing device.
-
23. The method of claim 18, wherein said Internet software of a remote computer is Internet browser software.
-
24. The method of claim 18, wherein said first server and said remote computer communicate, in whole or in part, over a secure connection.
-
25. The method of claim 18, wherein the size of said user key in bits is evenly divisible by the value 8.
-
26. The method of claim 18, wherein the size of said encryption key in bits is evenly divisible by the value 8.
-
27. The method of claim 18, wherein E>
- U.
-
28. The method of claim 18, wherein E=U.
-
29. The method of claim 18, wherein E<
- U.
-
30. The method of claim 18, where in step g), said first server additionally assigns an expiration date to the expires field of said cookie.
-
31. The method of claim 18, where in step g), said first server additionally assigns its base domain value to the domain field of said cookie.
-
32. The method of claim 18, where in step g), said first server additionally assigns the value TRUE to the secure flag field of said cookie;
- and the sending and receiving of said cookie between said first server and said remote computer are over a secure connection.
-
33. The method of claim 18, said method further comprising the steps of:
-
t) sending by said remote computer said cookie over the Internet to a second server, wherein said second server is within the domain set of said domain value of said cookie;
u) receiving by said second server said cookie from the Internet, wherein said second server extracts said encrypted private data from said cookie and stores said encrypted private data in said second server memory;
v) sending by said user said user key over the Internet to said second server;
w) receiving said user key from the Internet by said second server, said second server storing said user key in said second server memory;
x) recreating by said second server said encryption key from said user key, wherein said step of recreating comprises deleting I bits from said user key at said position K of said user key;
y) decrypting said encrypted private data by said second server by input of said encrypted private data and said encryption key into said cryptography software, the output of said cryptography software being said initial private data; and
z) establishing a state between said second server and said user by said second server based on said initial private data.
-
-
34. The method of claim 33, said method furter comprising the steps of:
-
aa) before step f), modifying said initial private data by said first server by inserting a seed into said initial private data according to a particular format;
ab) after step y) and before step z), determining by said second server if said seed is contained in said initial private data according to said particular fonnat; and
ac) if said seed is not contained in said initial private data according to said particular format, sending an error message by said second server to said remote computer and skipping step z).
-
-
35. A system for creating secure Internet user states between one or more servers and one or more users, said system comprising:
-
a first server comprising an operable Internet connection, a server memory, server software, cryptography software, and a CPU for executing said server software and said cryptography software, wherein said server CPU, each of said server memories and said server Internet connection are operatively connected to each other by at least one bus;
a first user;
associated with said first user, a remote computer comprising an operable Internet connection, Internet software, one or more computer memories, one or more input devices and a CPU for executing said Internet software, wherein said computer Internet connection, each of said one or more computer memories, each of said one or more input devices and said computer CPU are operatively connected to each other by at least one bus;
associated with said first user, a user key having a size of U bits where U>
0, said user key sent by said first user over the Internet to said first server by one or more inputs by said first user via one or more of said input devices;
an encryption key having a size of E bits where E>
0, said encryption key created by said first server by at least inserting one or more bits into said user key at a position K of said user key, where 1≧
K≧
U+1;
initial private data relating to said first user, said initial private data sent by said first user over the Internet to said first server by one or more inputs by said first user via one or more of said input devices;
encrypted private data encrypted by said first server by input of said initial private data and said encryption key into said cryptography software;
a cookie transmitted between said first server and the remote computer of said first user and stored in a computer memory of said remote computer, said cookie comprising a value field and a name field, wherein said first server assigns said encrypted private data to said value field and a name to said name field;
decrypted private data decrypted by said first server by input of said encrypted private data and said encryption key into said cryptography software; and
a secure state between said first server and said first user, said state established by said first server based on said decrypted private data. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
a seed, said seed inserted into said initial private data by said first server according to a particular format, wherein said secure state is established by said first server only if said seed is contained in said decrypted private data according to said particular format.
-
-
37. The system of claim 35, said system flirther comprising:
-
a seed, said seed inserted into said initial private data by said first server according to a particular format; and
an error message, wherein said secure state is established by said first server only if said seed is contained in said decrypted private data according to said particular format, and said error message is sent by said first server to the remote computer of said first user if said seed is not contained in said decrypted private data according to said particular format.
-
-
38. The system of claim 35, wherein an input device of a remote computer is a pointing device.
-
39. The system of claim 35, wherein an input device of a remote computer is a keyboard.
-
40. The system of claim 35, wherein a first input device of said remote computer is a keyboard and a second input device of said remote computer is a pointing device.
-
41. The system of claim 35, wherein said Internet software of a remote computer is Internet browser software.
-
42. The system of claim 35, wherein said first server and the remote computer of said first user communicate, in whole or in part, over a secure connection.
-
43. The system of claim 35, wherein the size of said user key in bits is evenly divisible by the value 8.
-
44. The system of claim 35, wherein the size of said encryption key in bits is evenly divisible by the value 8.
-
45. The system of claim 35, wherein E>
- U.
-
46. The system of claim 35, wherein E=U.
-
47. The system of claim 35, wherein E<
- U.
-
48. The system of claim 35, wherein said cookie furlher comprises an expires field, said expires field containing an expiration date assigned by said first server.
-
49. The system of claim 35, wherein said cookie further comprises a domain field, said domain field containing a domain value assigned by said first server.
-
50. The system of claim 35, wherein said cookie further comprises a secure flag field, said secure flag field containing the value TRUE assigned by said first server, and the sending and receiving of said cookie between said first server and the remote computer of said first user are over a secure connection.
-
51. The system of claim 35, wherein said cookie further comprises a domain field having a cookie domain value, said system further comprising:
-
a second server, said second server having a second server domain value within said cookie domain value, wherein said cookie and said user key are sent by said user over the Internet to said second server, said encryption key recreated by said second server by at least inserting one or more bits into said user key at said position K of said user key, said decrypted private data decrypted by said second server by input of said encrypted private data and said encryption key into said cryptography software; and
a secure state between said second server and said first users said secure state established by said second server based on said decrypted private data.
-
-
52. The system of claim 51, said system further comprising:
a seed, said seed inserted into said initial private data before encryption by said first server according to a particular format, wherein said secure state between said second server and said first user is established by said second server only if said seed is contained in said decrypted private data according to said particular format.
-
53. The system of claim 51, said system further comprising:
-
a seed, said seed inserted into said initial private data by said first server according to a particular format; and
an error message, wherein said secure state between said second server and said first user is established by said second server only if said seed is contained in said decrypted private data according to said particular format, and said error message is sent by said second server to the remote computer of said first user if said seed is not contained in said decrypted private data according to said particular format.
-
-
54. A system for creating secure Internet user states between one or more servers and one or more users, said system comprising:
-
a first server comprising an operable Internet connection, a server memory, server software, cryptography software, and a CPU for executing said server software and said cryptography software, wherein said server CPU, each of said server memories and said server Internet connection are operatively connected to each other by at least one bus;
a first user;
associated with said first user, a remote computer comprising an operable Internet connection, Internet software, one or more computer memories, one or more input devices and a CPU for executing said Internet software, wherein said computer Internet connection, each of said one or more computer memories, each of said one or more input devices and said computer CPU are operatively connected to each other by at least one bus;
associated with said first user, a user key having a size of U bits where U>
0, said user key sent by said first user over the Internet to said first server by one or more inputs by said first user via one or more of said input devices;
an encryption key having a size of E bits, said encryption key created by said first server by at least deleting I bits from said user key at a position K of said user key, where (1≧
I<
U),(1≧
K≧
[U−
I+1]) and (E>
0);
initial private data relating to said first user, said initial private data sent by said first user over the Internet to said first server by one or more inputs by said first user via one or more of said input devices;
encrypted private data encrypted by said first server by input of said initial private data and said encryption key into said cryptography software;
a cookie transmitted between said first server and the remote computer of said first user and stored in a computer memory of said remote computer, said cookie comprising a value field and a name field, wherein said first server assigns said encrypted private data to said value field and a name to said name field;
decrypted private data decrypted by said first server by input of said encrypted private data and said encryption key into said cryptography software; and
a secure state between said first server and said first user, said state established by said first server based on said decrypted private data. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
a seed, said seed inserted into said initial private data by said first server according to a particular format, wherein said secure state is established by said first server only if said seed is contained in said decrypted private data according to said particular format.
-
-
56. The system of claim 54, said system further comprising:
-
a seed, said seed inserted into said initial private data by said first server according to a particular format; and
an error message, wherein said secure state is established by said first server only if said seed is contained in said decrypted private data according to said particular format, and said error message is sent by said first server to the remote computer of said first user if said seed is not contained in said decrypted private data according to said particular format.
-
-
57. The system of claim 54, wherein an input device of a remote computer is a pointing device.
-
58. The system of claim 54, wherein an input device of a remote computer is a keyboard.
-
59. The system of claim 54, wherein a first input device of said remote computer is a keyboard and a second input device of said remote computer is a pointing device.
-
60. The system of claim 54, wherein said Internet software of a remote computer is Internet browser software.
-
61. The system of claim 54, wherein said first server and the remote computer of said first user communicate, in whole or in part, over a secure connection.
-
62. The system of claim 54, wherein the size of said user key in bits is evenly divisible by the value 8.
-
63. The system of claim 54, wherein the size of said encryption key in bits is evenly divisible by the value 8.
-
64. The system of claim 54, wherein E>
- U.
-
65. The system of claim 54, wherein E=U.
-
66. The system of claim 54, wherein E<
- U.
-
67. The system of claim 54, wherein said cookie further comprises an expires field, said expires field containing an expiration date assigned by said first server.
-
68. The system of claim 54, wherein said cookie further comprises a domain field, said domain field containing a domain value assigned by said first server.
-
69. The system of claim 54, wherein said cookie flrther comprises a secure flag field, said secure flag field containing the value TRUE assigned by said first server, and the sending and receiving of said cookie between said first server and the remote computer of said first user are over a secure connection.
-
70. The system of claim 54, wherein said cookie further comprises a domain field having a cookie domain value, said system further comprising:
-
a second server, said second server having a second server domain value within said cookie domain value, wherein said cookie and said user key are sent by said user over the Internet to said second server, said encryption key recreated by said second server, said decrypted private data decrypted by said second server by input of said encrypted private data and said encryption key into said cryptography software; and
a secure state between said second server and said first user is established by said second server based on said decrypted private data.
-
-
71. The system of claim 70, said system further comprising:
a seed, said seed inserted into said initial private data before encryption by said first server according to a particular format, wherein said secure state between said second server and said first user is established by said second server only if said seed is contained in said decrypted private data according to said particular format.
-
72. The system of claim 70, said system further comprising:
-
a seed, said seed inserted into said initial private data by said first server according to a particular format; and
an error message, wherein said secure state between said second server and said first user is established by said second server only if said seed is contained in said decrypted private data according to said particular format, and said error message is sent by said second server to the remote computer of said first user if said seed is not contained in said decrypted private data according to said particular format.
-
Specification