Secure network user states
First Claim
1. In a system comprising a server and a computer communicatively connected together via an HTTP-based network, a method of establishing by the server a secure state between the server and a user operating the computer, said method comprising:
- receiving, from the computer, a user key comprising U bits, where U>
0;
creating, from said user key, a cryptographic key;
encrypting, using said cryptographic key, user data;
storing the encrypted user data in a cookie;
naming the cookie by assigning name data to the cookie;
sending the cookie to the computer for storage thereby;
receiving the cookie from the computer;
receiving said user key from the computer;
recreating, from said user key, said cryptographic key;
extracting the encrypted user data from the cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data.
2 Assignments
0 Petitions
Accused Products
Abstract
A server and a computer are connected to a network. User data may be used to establish a state between a server and a user operating the computer. Secure network user states includes creating a first key from a received user key; encrypting user data with the cryptographic key; storing the encrypted user data in a cookie; and sending the cookie to the computer; such that subsequently, a secure state between the server and the user is established by receiving the cookie and the user key from the computer; creating a second key that matches the first key; decrypting, using the second key, encrypted user data extracted from the cookie; and establishing the secure state based on the decrypted user data. A key is created in any repeatable manner, which mathematically must include at least one insertion or deletion. Optionally, user data may be seeded to heighten security of the state.
-
Citations
22 Claims
-
1. In a system comprising a server and a computer communicatively connected together via an HTTP-based network, a method of establishing by the server a secure state between the server and a user operating the computer, said method comprising:
-
receiving, from the computer, a user key comprising U bits, where U>
0;
creating, from said user key, a cryptographic key;
encrypting, using said cryptographic key, user data;
storing the encrypted user data in a cookie;
naming the cookie by assigning name data to the cookie;
sending the cookie to the computer for storage thereby;
receiving the cookie from the computer;
receiving said user key from the computer;
recreating, from said user key, said cryptographic key;
extracting the encrypted user data from the cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a system comprising a server and a computer communicatively connected together via an HTTP-based network, a method of establishing by the server a secure state between the server and a user operating the computer, said method comprising:
-
receiving, from the computer, a cookie comprising encrypted user data that may be seeded according to a format;
receiving a user key from the computer;
creating, from said user key, a cryptographic key;
extracting the encrypted user data from said cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (8, 9, 10, 11)
-
-
12. For use by a server communicatively connected to a computer via an HTTP-based network, a computer readable medium comprising instructions for establishing a secure state between the server and a user operating the computer, by causing the server to perform actions, comprising:
-
receiving, from the computer, a user key comprising U bits, where U>
0;
creating, from said user key, a cryptographic key;
encrypting, using said cryptographic key, user data;
storing the encrypted user data in a cookie;
naming the cookie by assigning name data to the cookie;
sending the cookie to the computer for storage thereby;
receiving the cookie from the computer;
receiving said user key from the computer;
recreating, from said user key, said cryptographic key;
extracting the encrypted user data from the cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. For use by a server communicatively connected to a computer via an HTTP-based network, a computer readable medium comprising instructions for establishing a secure state between the server and a user operating the computer, by causing the server to perform actions, comprising:
-
receiving, from the computer, a cookie comprising encrypted user data that may be seeded according to a format;
receiving a user key from the computer;
creating, from said user key, a cryptographic key;
extracting the encrypted user data from said cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (19, 20, 21, 22)
-
Specification