Method and apparatus for encoding and storing session data

US 7,010,605 B1
Filed: 08/29/2000
Issued: 03/07/2006
Est. Priority Date: 08/29/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for storing session data on a client computer, comprising:

encoding said session data in a tag-length-value format to create encoded configuration data, said encoded configuration data including a time stamp;

encrypting said encoded configuration data using a modified encryption key to create encrypted encoded configuration data;

concatenating a secret, a value that represents the length of the secret, and a value that represents the length of the length of the secret with said encrypted encoded configuration data to form a session cookie;

transmitting said session cookie to said client computer;

requesting said session cookie from said client computer;

receiving said session cookie from said client computer;

extracting said secret from said session cookie;

creating said modified encryption key by inserting said secret extracted from said session cookie into a standard encryption key at a predefined location; and

decrypting said session data from said cookie using said modified encryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Session data is encoded in a tag-length-value format and encrypted using a modified encryption key. A session cookie is then formed by concatenating the length of the length of the secret, the length of the secret, the secret itself, and the encoded and encrypted configuration data. The session cookie is transmitted from a server computer to a client computer, where it is stored.

118 Citations

13 Claims

1. A method for storing session data on a client computer, comprising:
- encoding said session data in a tag-length-value format to create encoded configuration data, said encoded configuration data including a time stamp;
  
  encrypting said encoded configuration data using a modified encryption key to create encrypted encoded configuration data;
  
  concatenating a secret, a value that represents the length of the secret, and a value that represents the length of the length of the secret with said encrypted encoded configuration data to form a session cookie;
  
  transmitting said session cookie to said client computer;
  
  requesting said session cookie from said client computer;
  
  receiving said session cookie from said client computer;
  
  extracting said secret from said session cookie;
  
  creating said modified encryption key by inserting said secret extracted from said session cookie into a standard encryption key at a predefined location; and
  
  decrypting said session data from said cookie using said modified encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein said modified encryption key comprises a standard encryption key with said secret inserted at a predefined location.
  - 3. The method of claim 2, further comprising:
    - decoding a tag from said session data;
      
      determining whether said tag comprises a valid tag; and
      
      in response to determining that said tag comprises a valid tag, configuring said server using data contained in said tag.
  - 4. The method of claim 3, further comprising:
    - in response to determining that said tag does not comprise a valid tag, determining whether additional tags remain to be decoded from said encoded configuration data; and
      
      in response to determining that additional tags remain to be decoded, decoding a next tag and determining whether said next tag comprises a valid tag.
  - 5. The method of claim 4, further comprising:
    - in response to determining that said next tag comprises a valid tag, configuring said server using data contained in said next tag.
  - 6. The method of claim 5, further comprising:
    - in response to determining that additional tags do not remain to be decoded, periodically authenticating said session cookie.
  - 7. The method of claim 6, wherein periodically authenticating said session cookie comprises:
    - starting a session timer;
      
      determining whether said session timer has elapsed; and
      
      in response to determining that said session timer has elapsed,(i) requesting said session cookie from said client computer,(ii) decrypting and decoding a tag contained in said session cookie, and(iii) determining whether said tag comprises a valid tag.
  - 8. The method of claim 7, further comprising:
    - in response to determining that said tag comprises a valid tag,(i) generating a new session cookie,(ii) transmitting said new session cookie to said client computer, and(iii) resetting said session timer.
  - 9. The method of claim 7, further comprising:
    - in response to determining that said tag does not comprises a valid tag, ending a communications session between said server computer and said client computer.
  - 10. A computer-readable medium containing computer-readable instructions which, when executed by a computer, perform the method of claim 1.
  - 11. A computer-readable medium containing computer-readable instructions which, when executed by a computer, perform the method of claim 2.
  - 12. A computer-controlled apparatus for performing the method of claim 1.
  - 13. A computer-controlled apparatus for performing the method of claim 2.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dharmarajan, Baskaran
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
HOFFMAN, BRANDON S

Application Number

US09/650,104
Time in Patent Office

2,016 Days
Field of Search

713/162, 345/745, 709/227
US Class Current

709/227
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 9/0822 using key encryption key

Method and apparatus for encoding and storing session data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for encoding and storing session data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links