Mechanism for locking client requests to a particular server

US 7,139,792 B1
Filed: 09/29/2000
Issued: 11/21/2006
Est. Priority Date: 09/29/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a first request from a user corresponding to a first transaction at a dispatcher;

determining if the first transaction is a secure transaction;

creating at the dispatcher a secure tunnel context between the dispatcher and the user, if the transaction is a secure transaction, wherein the secure tunnel context comprises a session identifier (ID);

assigning a server to the first request at the dispatcher by adding an entry to a mapping table maintained by the dispatcher;

associating the session ID with the assigned server;

receiving a subsequent request from the user corresponding to a second transaction at the dispatcher, the subsequent request comprising the session ID;

determining if the session ID exists in the mapping table; and

sending the subsequent request to the assigned server if the session ID exists in the mapping table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect of the invention is a method for locking in all client requests having the same session I.D. to the same server to facilitate secure e-commerce transactions. A client'"'"'s session I.D. is mapped to an SSL context between a dispatcher and a server such that all subsequent client requests having the same session I.D. are forwarded to the same server.

Citations

26 Claims

1. A method comprising:
- receiving a first request from a user corresponding to a first transaction at a dispatcher;
  
  determining if the first transaction is a secure transaction;
  
  creating at the dispatcher a secure tunnel context between the dispatcher and the user, if the transaction is a secure transaction, wherein the secure tunnel context comprises a session identifier (ID);
  
  assigning a server to the first request at the dispatcher by adding an entry to a mapping table maintained by the dispatcher;
  
  associating the session ID with the assigned server;
  
  receiving a subsequent request from the user corresponding to a second transaction at the dispatcher, the subsequent request comprising the session ID;
  
  determining if the session ID exists in the mapping table; and
  
  sending the subsequent request to the assigned server if the session ID exists in the mapping table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising using a load balancing algorithm to assign the server to the first and subsequent requests.
  - 3. The method of claim 1, further comprising mapping the session ID to a separate secure tunnel context between the assigned server and the dispatcher.
  - 4. The method of claim 1, further comprising adding the session ID and the assigned server as an entry to the mapping table if the transaction is a secure transaction and the session ID does not exist in the mapping table.
  - 5. The method of claim 1, wherein assigning a server further comprises selecting from among a plurality of established secure tunnels with a plurality of established servers.
  - 6. The method of claim 5, wherein creating the secure tunnel context further comprises creating a secure sockets layer (SSL) context having a source address, a destination address and an encryption algorithm.
  - 7. The method of claim 1, wherein determining if the first transaction is a secure transaction comprises determining if an SSL packet is associated with the first retest.
  - 8. The method of claim 1, wherein a secure transaction comprises transactions in which information about the user is saved at the assigned server.
  - 9. The method of claim 1, wherein a secure transaction comprises transactions in which personal data and credit card information about the user is saved at the assigned server.
  - 10. The method of claim 1, further comprising:
    - applying a quality of service algorithm to prioritize the first request and the subsequent request.

11. An article of manufacture including a machine readable medium having stored thereon data representing sequences of instructions, which, when executed by a machine, cause the machine to perform operations including:
- receiving a first request from a user corresponding to a first transaction at a dispatcher;
  
  determining if the first transaction is a secure transaction;
  
  creating at the dispatcher a secure tunnel context between the dispatcher and the user, if the transaction is a secure transaction, wherein the secure tunnel context comprises a session identifier (ID);
  
  assigning a server to the first request at the dispatcher by adding an entry to a mapping table maintained by the dispatcher;
  
  associating the session ID with the assigned server;
  
  receiving a subsequent request from the user corresponding to a second transaction at the dispatcher, the subsequent request comprising the session ID;
  
  determining if the session ID exists in the mapping table; and
  
  sending the subsequent request to the assigned server if the session ID exists in the mapping table.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The article of claim 11, wherein the operations further include mapping the session ID to a separate secure tunnel context between the assigned server and the dispatcher.
  - 13. The article of claim 11, wherein creating the secure tunnel context further comprises creating a secure sockets layer (SSL) context having a source address, a destination address and an encryption algorithm.
  - 14. The article of claim 11, wherein the operations further include using a load balancing algorithm to assign the server to the first request if the first transaction is a secure transaction and the session ID does not exist in the mapping table.
  - 15. The article of claim 11, wherein creating a secure tunnel context further comprises selecting from among a plurality of established secure tunnels with a plurality of servers, assigning a secure tunnel to the assigned server, and adding an entry to the mapping table if the first transaction is a secure transaction and the session ID does not exist in the mapping table.
  - 16. The article of claim 11, wherein the operations further include:
    - applying a quality of service algorithm to prioritize the first request and the subsequent request.

17. A system comprising:
- a mapping table at dispatcher, maintained by the dispatcher and containing session identifiers (IDs) linked to server and secure tunnel context assignments; and
  
  the dispatcher to receive a first request from a user corresponding to a first transaction to determine if the first transaction is a secure transaction, to create a secure tunnel context between the dispatcher and the user if the transaction is a secure transaction, wherein the secure tunnel context comprises a session identifier (ID), to assign a server to the first request by adding an entry to the mapping table, to associate the session ID with the assigned server, to receive a subsequent request from the user corresponding to a second transaction, the subsequent request comprising the session ID, to determine if the session ID exists in the mapping table, and send the subsequent request to the assigned server if the session ID exists in the mapping table.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, further comprising a load balancing table and wherein the dispatcher assigns the server to the first request using the load balancing table if the first transaction is a secure transaction and the session ID does not exist in the mapping table.
  - 19. The system of claim 18, wherein the dispatcher determines if the first and subsequent transactions are secure transactions by determining if a secure sockets layer (SSL) packet is associated with the first and subsequent requests.
  - 20. The system of claim 19, wherein a secure transaction comprises transactions in which information about the user is saved at the assigned server.
  - 21. The system of claim 18, further comprising a quality of service (QoS) manager in communication with the dispatcher to decide which one of multiple user requests is processed if multiple user requests are sent to the same server.
  - 22. The system of claim 17, wherein the dispatcher further maps the session ID to a separate secure tunnel context between the assigned server and the dispatcher.

23. A system comprising:
- a load balancing table at a dispatcher and maintained by the dispatcher;
  
  a mapping table at the dispatcher and maintained by the dispatcher, the mapping table containing session identifiers (IDs) linked to server and secure tunnel context assignments; and
  
  the dispatcher to receive a first request from a user corresponding to a first transaction to determine if the first transaction is a secure transaction, to create a secure tunnel context between the dispatcher and the user, if the transaction is a secure transaction, wherein the secure tunnel context comprises a session identifier (ID), to assign a server to the first request by adding an entry to the mapping table, to associate the session ID with the assigned server, to receive a subsequent request from the user corresponding to a second transaction, the subsequent request comprising the session ID, to determine if the session ID exists in the mapping table, and send the subsequent request to the assigned server if the session ID exists in the mapping table.
- View Dependent Claims (24, 25, 26)
- - 24. The system of claim 23, wherein the dispatcher further assigns the server to the first request using the load balancing table if the first transaction is not a secure transaction.
  - 25. The system of claim 23, wherein the dispatcher assigns a server by selecting from among a plurality of established secure tunnels with a plurality of established servers, if the first transaction is a secure transaction and the session ID does not exist in the mapping table.
  - 26. The system of claim 23, wherein the dispatcher further adds the session ID and the assigned server as an entry to the mapping table if the first transaction is a secure transaction and the session ID does not exist in the mapping table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Mishra, Manav, Yadav, Satyendra
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
LAZARO, DAVID R

Application Number

US09/675,694
Time in Patent Office

2,244 Days
Field of Search

709/225, 709/217, 709/105, 709/203, 709/228, 713/153, 713/166, 726/14
US Class Current

709/203
CPC Class Codes

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/101   based on network conditions

H04L 67/1027   Persistence of sessions dur...

H04L 67/14   Session management for real...

H04L 67/142   Managing session states for...

Mechanism for locking client requests to a particular server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for locking client requests to a particular server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links