Vault controller supervisor and method of operation for managing multiple independent vault processes and browser sessions for users in an electronic business system
First Claim
Patent Images
1. In an electronic business system, a vault controller supervisor managing the interaction in a secure manner using PKI between end users and applications running in the system, comprising:
- a web server; and
a shared object library coupled to the server and including a supervisor performing vsSupervisor Initialize and vsSupervisor Service functions for handling user independent, multi-threaded, persistent and stateful vault processes running in a secure environment linked to the user, wherein state data tables in the supervisor provide a stateful environment for user requests in an otherwise stateless electronic business system.
1 Assignment
0 Petitions
Accused Products
Abstract
A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system. The controller includes a web server and a supervisor in a shared object library, which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process with state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates. The vault daemon generates a password for a user request based on the user ID. The vault daemon launches a vault process (VP) running in a vault mapped to the user ID. After launching, the VP returns a message to the supervisor including a token identifying the thread. The supervisor sends the user request through a socket to the secure VP mapped to the user ID. The VP receives the request and launches a VP thread to handle the request. The VP thread writes the process data back through the socket to the supervisor thread for return to the user.
-
Citations
24 Claims
-
1. In an electronic business system, a vault controller supervisor managing the interaction in a secure manner using PKI between end users and applications running in the system, comprising:
-
a web server; and
a shared object library coupled to the server and including a supervisor performing vsSupervisor Initialize and vsSupervisor Service functions for handling user independent, multi-threaded, persistent and stateful vault processes running in a secure environment linked to the user, wherein state data tables in the supervisor provide a stateful environment for user requests in an otherwise stateless electronic business system. - View Dependent Claims (2, 3, 4, 6, 7)
-
-
5. In an electronic business system, a vault controller supervisor managing the interaction in a secure manner using PKI between end users and applications running in the system, comprising:
-
a web server;
a shared object library coupled to the server and including a supervisor performing vsSupervisor Initialize and vsSupervisor Service functions for handling user independent, multi-threaded, persistent and stateful vault processes running in a secure environment linked to the user; and
a vault daemon for launching a vault process thread linked to a user ID in response to a service supervisor thread.
-
-
8. In a vault controller supervisor including a web server and a shared object library providing support for multiple service supervisor threads;
- a communication thread;
a request supervisor thread;
stateful state data tables; and
a vault daemon to support launching a vault process in a personal vault linked to a user, a method for managing browser requests to user independent, multi-threaded persistent and stateful vault processes linked to the user in the personal vault, comprising the steps of;a) initializing the communication supervisor thread, the request supervisor thread, and the state data tables;
b) in response to a user request, starting a service supervisor thread which determines whether the user has presented a digital certificate for executing a vault process mapped to the user;
c) mapping the certificate to a user Id, if presented;
otherwise, mapping the request to a validator vault;
d) determining if the user ID exists in the state data table;
e) creating a row in the state tables if the ID does not exist and blocking the request until a vault process has been launched;
otherwise transmitting the request to the vault process linked to the user for execution;
f) sending a message to the vault daemon to generate a password for the user based on the userID after a row is established in the state tables;
g) using the Id and password to launch a process running in a vault mapped to the user ID;
h) sending a message to the communication supervisor including a token identifying the service supervisor process thread responding to the user request;
i) verifying the token and populating table entry with the token;
j) unblocking the service supervisor thread which then sends the user request to the vault process mapped to the user ID which launches a vault process thread linked to the service supervisor thread to process the request; and
k) after processing the request, sending data to the communication supervisor for return to the browser and user. - View Dependent Claims (9, 10, 11)
- a communication thread;
-
12. In a vault controller supervisor including a web server and a shared object library providing support for multiple service supervisor threads;
- a communication thread;
a request supervisor thread;
stateful state data tables; and
a vault daemon to support launching a vault process, a personal vault linked to a user for storing and processing encrypted/decrypted information, comprising;a) means for executing a vault process for processing information in response to the vault daemon and based on the state data tables;
b) certified encryption/decryption keys for cryptographically processing the information for the vault process;
c) a disk process means for storing information processed in the vault; and
d) means for accessing a database. - View Dependent Claims (13, 14, 15, 16, 17, 18)
- a communication thread;
-
19. In a vault controller, a method for managing multi-threaded persistent and stateful vault processes in a personal vault, comprising:
-
a) responsive to a user request, starting a first thread which determines whether the user has presented a digital certificate for executing a vault process in the personal vault mapped to the user;
b) determining in a state data table if an ID exists for the user;
c) creating a row in the state table if the ID does not exist and blocking the request until a vault process has been launched;
d) sending a message to a vault daemon to generate a password for the user based on the user ID after a row is established in the state tables; and
e) using the ID and password to launch a process running in the personal vault mapped to the user ID. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsBurns, Robert, Carroll, Robert B., Fisk, Mark, Bacha, Hamid
-
Primary Examiner(s)Barrón, Gilberto
-
Assistant Examiner(s)ZAND, KAMBIZ
-
Application NumberUS09/223,765Time in Patent Office2,420 DaysField of Search713/151, 713/152, 713/156, 713/193, 713/155, 705/76, 705 78- 79US Class Current713/151CPC Class CodesG06F 2221/2117 User registrationG06Q 20/02 involving a neutral party, ...G06Q 20/3821 Electronic credentialsG06Q 20/38215 Use of certificates or encr...G06Q 20/3829 involving key managementH04L 2463/102 applying security measure f...H04L 63/0442 wherein the sending and rec...H04L 63/0823 using certificates cryptogr...H04L 63/083 using passwords cryptograph...H04L 63/12 Applying verification of th...
