Method and system for managing secure client-server transactions

US 6,681,327 B1
Filed: 06/30/1999
Issued: 01/20/2004
Est. Priority Date: 04/02/1998
Status: Expired due to Term

First Claim

Patent Images

1. A server computer configured to manage transactions over a communication network, the server computer comprising:

a data interface operably connected to and configured to receive a data packet from a computer over a secure link of the communication network;

a data processor operably connected to the data interface and programmed to access the received data packet, decrypt contents of the data packet, make a selection regarding one of a plurality of other computers in which to send the data packet, and re-direct the data packet to the selected one of the plurality of other computers; and

a data storage operably connected to the processor and the data interface, the data storage configured to store the data packet until the selected other computer becomes ready to receive the client packet, wherein the data processor selects the one of the plurality of other computers based on a response time of each of the plurality of other computers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server broker configured for use in a secure communication network, such as the Internet. The broker is configured to broker client transactions received over a secure network link, such as a secure socket layer (SSL) link, for distribution among one or more of a plurality of fulfillment servers. In one embodiment, the broker establishes a non-secure link with the one or more fulfillment servers. In another embodiment, the broker establishes a secure SSL link with the one or more fulfillment servers. The fulfillment server executes client transactions and sends response packets for delivery to the client.

Citations

43 Claims

1. A server computer configured to manage transactions over a communication network, the server computer comprising:
- a data interface operably connected to and configured to receive a data packet from a computer over a secure link of the communication network;
  
  a data processor operably connected to the data interface and programmed to access the received data packet, decrypt contents of the data packet, make a selection regarding one of a plurality of other computers in which to send the data packet, and re-direct the data packet to the selected one of the plurality of other computers; and
  
  a data storage operably connected to the processor and the data interface, the data storage configured to store the data packet until the selected other computer becomes ready to receive the client packet, wherein the data processor selects the one of the plurality of other computers based on a response time of each of the plurality of other computers.
- View Dependent Claims (2, 3, 4, 40, 41)
- - 2. The server of claim 1, wherein the data interface is configured to receive the data packet having encrypted information over a secure socket layer (SSL) link.
  - 3. The server of claim 1, wherein the processor is programmed to re-direct the data packet having unencrypted information over a non-secure link to the selected other computer.
  - 4. The server of claim 1, wherein the processor is programmed to re-direct the data packet having encrypted information over another secure link to the selected other computer.
  - 40. The server computer of claim 1, wherein the data processor is further configured to re-direct data packets to another one of the plurality of computers in the event of an error in the selected one computer.
  - 41. The server computer of claim 40, wherein the re-direction of the data packets is transparent to a client computer that sends the data packet over the secure link at the communications network.

5. A server computer configured to manage transactions over a communication network, the server computer comprising:
- a data interface operably connected to and configured to receive a data packet from a computer over a secure link of the communication network;
  
  a data processor operably connected to the data interface and programmed to access the received data packet, decrypt contents of the data packet, make a selection regarding one of a plurality of other computers in which to send the data packet, and re-direct the data packet to the selected one of the plurality of other computers; and
  
  a data storage operably connected to the processor and the data interface, the data storage configured to store the data packet until the selected other computer becomes ready to receive the client packet, wherein the processor is programmed to monitor and compare a response time of the selected other computer to a threshold time.
- View Dependent Claims (6)
- - 6. The server of claim 5, wherein the processor is further programmed to reduce the flow of non-secure traffic to the selected other computer in the event that the response time exceeds the threshold time.

7. A server computer configured to manage transactions over a communication network, the server computer comprising:
- a data interface operably connected to and configured to receive a data packet from a computer over a secure link of the communication network;
  
  a data processor operably connected to the data interface and programmed to access the received data packet, decrypt contents of the data packet, make a selection regarding one of a plurality of other computers in which to send the data packet, and re-direct the data packet to the selected one of the plurality of other computers; and
  
  a data storage operably connected to the processor and the data interface, the data storage configured to store the data packet until the selected other computer becomes ready to receive the client packet, wherein the data storage is configured to adjust the size of available space in response to a change in the number of received data packets.

8. A system configured to respond to electronic requests over a computer network, the system comprising:
- a first server configured to interface with and receive a data packet over a secure link of the computer network, the first server further configured to decrypt contents of the data packet, make a selection regarding one of a plurality of other servers in which to send the data packet and re-direct the data packet to the selected other server, the first server selects the one of the plurality of other servers based on a response time of each of the plurality of other servers; and
  
  a second server, serving as the selected other server, in data communication with the first server and configured to accept the data packet from the first server and execute the data packet pursuant to instructions contained therein.
- View Dependent Claims (9, 10, 11, 12, 13, 16, 42, 43)
- - 9. The system of claim 8, wherein the first server is configured to interface with a secure socket layer (SSL) link of the computer network.
  - 10. The system of claim 8, wherein the first server is configured to re-encrypt contents of the data packet.
  - 11. The system of claim 8, wherein the first server is configured to establish a secure link with the second server for transmission of data packets therebetween.
  - 12. The system of claim 11, wherein the second server is configured to decrypt data packets received from the first server.
  - 13. The system of claim 8, wherein the second server is configured to send at least one data packet in response to the received data packet within a response time.
  - 16. The system of claim 8, wherein the first server is configured to monitor a response of the second server and, in the event of an error in the second server, re-direct the client packet to another server for fulfillment.
  - 42. The system of claim 8, wherein the first server re-directs data packets to another one of the plurality of servers in the event of an error in the selected one server.
  - 43. The system of claim 42, wherein the first server re-directs the data packets is transparent to a client computer that sends the data packet over the secure link of the communications network.

14. A system configured to respond to electronic requests over a computer network, the system comprising:
- a first server configured to interface with and receive a data packet over a secure link of the computer network, the first server further configured to decrypt contents of the data packet, make a selection regarding one of a plurality of other servers in which to send the data packet and re-direct the data packet to the selected other server; and
  
  a second server, serving as the selected other server, in data communication with the first server and configured to accept the data packet from the first server and execute the data packet pursuant to instructions contained therein, wherein the first server is configured to monitor the response time of the second server and compare the response time to a threshold time.
- View Dependent Claims (15)
- - 15. The system of claim 14, wherein the first server is configured to reduce the volume of non-secure traffic flow in the event that the response time exceeds the threshold time.

17. A method of managing electronic requests in a computer network, the method comprising:
- receiving a data packet having encrypted information from a client computer over a secure link of the computer network;
  
  decrypting the information of the received data packet;
  
  selecting one of a plurality of servers in which to send the data packet;
  
  establishing a link with the selected server that is available to execute the data packet;
  
  sending the data packet to the selected server; and
  
  monitoring a time of response to the client computer and, if the response time exceeds a threshold time, reducing the volume of non-secure traffic to the selected server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The method of claim 17, wherein the receiving includes receiving a data packet over a secure socket layer (SSL) link of the Internet.
  - 19. The method of claim 17, further comprising re-encrypting the information of the data packet prior to sending the data packet to the selected other server.
  - 20. The method of claim 17, further comprising sending a data packet to the client computer in response to the data packet of the client computer.
  - 21. The method of claim 17, further comprising setting a threshold time for each of the plurality of other servers, the threshold time being based on the priority of response to the plurality of other servers.
  - 22. The method of claim 17, wherein establishing a link includes setting up another secure link with the selected other server.
  - 23. The method of claim 17, further comprising receiving the data packet by the selected other server and preparing at least one data packet in the course of an e-commerce transaction.
  - 24. The method of claim 17, further comprising decrypting the information of the data packet by the selected other server.
  - 25. The method of claim 17, further comprising monitoring a response of the selected other server and, in the event of an error in the selected other server, re-directing the data packet to another server of the plurality of servers.

26. A method of communicating between a client and a server in a clientserver network, the method comprising:
- establishing a communication link between the client and a first server;
  
  receiving by the first server at least one packet from the client, the packet representing a data request;
  
  selecting one of a plurality of other servers in which to send the data packet;
  
  modifying header information of the packet at the first server;
  
  sending the modified packet from the first server to the selected other server, the selected other server comprising a second server;
  
  responding to the data request of the client via the first server; and
  
  monitoring a time of response to the client and, if the response time exceeds a threshold time, reducing the volume of non-secure traffic to the selected other server.
- View Dependent Claims (27, 28, 29, 30, 31, 32)
- - 27. The method as defined in claim 26, wherein establishing a communication link includes, performing at least one handshake between the client and the first server.
  - 28. The method as defined in claim 27, wherein the performing at least one handshake comprises beginning a transport control protocol/internet protocol (TCP/IP) session.
  - 29. The method as defined in claim 26, wherein modifying header information includes modifying a destination address of the packet to route the packet to the second server.
  - 30. The method as defined in claim 26, wherein sending the modified packet to the second server includes sending the packet over a non-secure link.
  - 31. The method as defined in claim 26, wherein responding to the client includes sending by the second server at least one response packet to the first server.
  - 32. The method as defined in claim 31, wherein responding to the client further includes sending by the first server response packet with a destination address of the client.

33. A system for communicating between a client and a client-server network, the system comprising:
- a first server that is configured to receive at least one packet from the client, the packet representing a data request, the first server further configured to make a selection regarding one of a plurality of other servers in which to send the data packet, modify header information of and send the modified packet via the network, the server being programmed to monitor and compare a response time of the selected other server to a threshold time; and
  
  a second server, serving as the selected other server, that is configured to receive modified packet and respond to the data request of the client via the first sever.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The system as defined in claim 33, wherein the first server is configured to perform at least one handshake with the client.
  - 35. The system as defined in claim 34, wherein the handshake represents a start of a transport control protocol/internet protocol (TCP/IP) session.
  - 36. The system as defined in claim 33 wherein the first server is configured to modify a destination address of the packet so as to route the packet to the second server.
  - 37. The system as defined in claim 33, wherein the first server is configured to send the packet to the second server over a non-secure link.
  - 38. The system as defined in claim 33, wherein the second server is configured to send at least one response packet to the first server.
  - 39. The system as defined in claim 38, wherein the first server is configured to send the response packet with a destination address of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Jardin, Cary A.
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Lanier, Benjamin E.

Application Number

US09/345,575
Time in Patent Office

1,665 Days
Field of Search

713/153
US Class Current

713/153
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0471   applying encryption by an i...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 67/01   Protocols

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/1012   based on compliance of requ...

H04L 9/40   Network security protocols

Method and system for managing secure client-server transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for managing secure client-server transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links