Secure data exchange between date processing systems

US 7,146,505 B1
Filed: 06/01/1999
Issued: 12/05/2006
Est. Priority Date: 06/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. A data transfer method performed by a proxy server, the method comprising:

intercepting an HTTP request from a client computer that is directed to an HTTP server, wherein the HTTP request comprises a plurality of fields;

determining an identity of a user of the client computer in response to receiving the HTTP request;

accessing a storage associated with the proxy server, the storage storing identifiers for use by HTTP servers in retrieving user profile information stored in storages associated with the HTTP servers;

retrieving an identifier from the accessed storage based on the identity of the user;

inserting an additional field into the HTTP request to create a modified HTTP request, the additional field containing the retrieved identifier;

sending the modified HTTP request to the HTTP server such that the HTTP server parses the modified HTTP request to extract the retrieved identifier, uses the retrieved identifier to retrieve the user profile information from a storage associated with the HTTP server, generate an HTTP response to the HTTP request based on the retrieved user profile information, and sends the HTTP response to the proxy server;

receiving the HTTP response from the HTTP server; and

forwarding the HTTP response to the client computer.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

254 Citations

49 Claims

1. A data transfer method performed by a proxy server, the method comprising:
- intercepting an HTTP request from a client computer that is directed to an HTTP server, wherein the HTTP request comprises a plurality of fields;
  
  determining an identity of a user of the client computer in response to receiving the HTTP request;
  
  accessing a storage associated with the proxy server, the storage storing identifiers for use by HTTP servers in retrieving user profile information stored in storages associated with the HTTP servers;
  
  retrieving an identifier from the accessed storage based on the identity of the user;
  
  inserting an additional field into the HTTP request to create a modified HTTP request, the additional field containing the retrieved identifier;
  
  sending the modified HTTP request to the HTTP server such that the HTTP server parses the modified HTTP request to extract the retrieved identifier, uses the retrieved identifier to retrieve the user profile information from a storage associated with the HTTP server, generate an HTTP response to the HTTP request based on the retrieved user profile information, and sends the HTTP response to the proxy server;
  
  receiving the HTTP response from the HTTP server; and
  
  forwarding the HTTP response to the client computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 further comprising:
    - receiving an initial HTTP request from the client computer that is directed to the HTTP server, wherein the initial HTTP request comprises a plurality of fields;
      
      determining an identity of a user of the client computer in response to receiving the initial HTTP request;
      
      retrieving user profile information based on the identity of the user;
      
      encrypting the user profile information;
      
      inserting an additional field into the initial HTTP request to create a modified initial HTTP request, wherein the additional field inserted into the initial HTTP request contains the encrypted user profile information;
      
      sending the modified initial HTTP request to the HTTP server such that the HTTP server parses the modified initial HTTP request to extract and decrypt the encrypted user profile information, stores the decrypted user profile information in the storage associated with the HTTP server, generates an initial HTTP response to the initial HTTP request based on the decrypted user profile information, generates the identifier, and sends the initial HTTP response and the identifier to the proxy server;
      
      receiving the identifier from the HTTP server;
      
      storing the identifier in the storage associated with the proxy server;
      
      receiving the initial HTTP response from the initial HTTP server; and
      
      forwarding the initial HTTP response to the client computer.
  - 3. The method of claim 2 wherein encrypting the user profile information comprises determining a session key and using the session key to encrypt the user profile information.
  - 4. The method of claim 3 further comprising:
    - encrypting the session key; and
      
      inserting a second additional field into the initial HTTP request to create the modified initial HTTP request, wherein the second additional field inserted into the initial HTTP request contains the encrypted session key.
  - 5. The method of claim 4 wherein:
    - using the session key to encrypt the profile information comprises using the session key and a symmetric encryption algorithm to encrypt the user profile information, andencrypting the session key comprises encrypting the session key using a public key encryption algorithm and a public key associated with the HTTP server.
  - 6. The method of claim 5 further comprising obtaining the public key from the HTTP server.
  - 7. The method of claim 6 wherein obtaining the public key from the HTTP server comprises sending a request to the HTTP server to retrieve the public key.
  - 8. The method of claim 3 wherein determining the session key comprises combining a master session key with a key mask.
  - 9. The method of claim 1 wherein determining the identity of the user comprises:
    - determining an IP address of the client computer; and
      
      querying a database to determine an identity associated with the IP address in the database.
  - 10. The method of claim 2 further comprising determining that the HTTP server should receive the user profile information.
  - 11. The method of claim 10 wherein determining that the HTTP server should receive the user profile information includes querying a database associated with the proxy server to determine if the HTTP server should receive the user profile information.
  - 12. The method of claim 1 wherein determining the identity of the user comprises using the Internet Engineering Task Force IDENT protocol to determine the identity of the user.
  - 13. The method of claim 1 wherein the user profile information comprises one or more of demographic information, a history of data requests by a user, age of a user, gender of a user, or interests of a user.
  - 14. The method of claim 1 further comprising sending a flush directive to the HTTP server such that the HTTP server discards the user profile information stored in the storage associated with the HTTP server.

15. A data processing method performed by an HTTP server, the method comprising:
- receiving a modified HTTP request from a proxy server, wherein the proxy server created the modified HTTP request by inserting a field into an HTTP request intercepted by the proxy server, the inserted field containing an identifier;
  
  parsing the modified HTTP request to extract the identifier;
  
  using the extracted identifier to retrieve user profile information from a storage associated with the HTTP server;
  
  generating an HTTP response to the HTTP request based on the retrieved user profile information; and
  
  sending the HTTP response to the proxy server for delivery to a client computer.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method of claim 15 further comprising:
    - receiving an initial modified HTTP request from a proxy server, wherein the initial modified HTTP request includes a field inserted into an initial HTTP request by the proxy server, wherein the field inserted into the initial HTTP request contains encrypted user profile information;
      
      parsing the initial modified HTTP request to extract the encrypted user profile information;
      
      decrypting the encrypted user profile information extracted from the initial modified HTTP request;
      
      generating an initial HTTP response to the initial HTTP request based on the decrypted user profile information;
      
      sending the initial HTTP response to the proxy server for delivery to a client computer;
      
      storing the decrypted user profile information in the storage associated with the HTTP server;
      
      generating the identifier; and
      
      sending the identifier to the proxy server.
  - 17. The method of claim 16 wherein generating an initial HTTP response to the initial HTTP request based on the decrypted user profile information comprises providing the decrypted user profile information to a web application.
  - 18. The method of claim 17 wherein the web application comprises a common gateway interface script and providing the decrypted user profile information to the web application comprises setting HTTP environment variables accessible to the common gateway interface script.
  - 19. The method of claim 16 whereinthe initial modified HTTP request includes a second field inserted into the initial HTTP request by the proxy server, wherein the second field inserted into the initial HTTP request contains a session key, anddecrypting the encrypted user profile information comprises decrypting the encrypted user profile information extracted from the initial modified HTTP request using the session key.
  - 20. The method of claim 19 further comprising decrypting the session key.
  - 21. The method of claim 20 wherein:
    - decrypting the session key comprises decrypting the session key using a public key algorithm and a private key of the HTTP server, anddecrypting the encrypted user profile information using the session key comprises decrypting the encrypted user profile information using a symmetric decryption algorithm and the session key.
  - 22. The method of claim 15 wherein the user profile information comprises one or more of demographic information, a history of data requests by a user, age of a user, gender of a user, or interests of a user.
  - 23. The method of claim 15 further comprising:
    - receiving a flush directive from the proxy server; and
      
      in response to receiving the flush directive, discarding the user profile information stored in the local storage.

24. A computer-usable medium having a computer program embodied thereon, the computer program comprising instructions for causing a proxy server to:
- intercept an HTTP request from a client computer that is directed to an HTTP server, wherein the HTTP request comprises a plurality of fields;
  
  determine an identity of a user of the client computer in response to receiving the HTTP request;
  
  access a storage associated with the proxy server, the storage storing identifiers for use by HTTP servers in retrieving user profile information stored in a storages associated with the HTTP servers;
  
  retrieve an identifier from the accessed storage based on the identity of the user;
  
  insert an additional field into the HTTP request to create a modified HTTP request, the additional field containing the retrieved identifier;
  
  send the modified HTTP request to the HTTP server such that the HTTP server parses the modified HTTP request to extract the retrieved identifier, uses the retrieved identifier to retrieve user profile information from a storage associated with the HTTP server, generate an HTTP response to the HTTP request based on the retrieved user profile information, and sends the HTTP response to the proxy server;
  
  receive the HTTP response from the HTTP server; and
  
  forward the HTTP response to the client computer.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The medium of claim 24 wherein the computer program further comprises instructions for causing the proxy server to:
    - receive an initial HTTP request from the client computer that is directed to the HTTP server, wherein the initial HTTP request comprises a plurality of fields;
      
      determine an identity of a user of the client computer in response to receiving the initial HTTP request;
      
      retrieve user profile information based on the identity of the user;
      
      encrypt the user profile information;
      
      insert an additional field into the initial HTTP request to create a modified initial HTTP request, wherein the additional field inserted into the initial HTTP request contains the encrypted user profile information;
      
      send the modified initial HTTP request to the HTTP server such that the HTTP server parses the modified initial HTTP request to extract and decrypt the encrypted user profile information, stores the decrypted user profile information in the storage associated with the HTTP server, generates an initial HTTP response to the initial HTTP request based on the decrypted user profile information, generates the identifier, and sends the initial HTTP response and the identifier to the proxy server;
      
      receive the identifier from the HTTP server;
      
      store the identifier in the storage associated with the proxy server;
      
      receive the initial HTTP response from the initial HTTP server; and
      
      forward the initial HTTP response to the client computer.
  - 26. The medium of claim 25 wherein, to encrypt the user profile information, the computer program further comprises instructions for causing the proxy server to determine a session key and using the session key to encrypt the user profile information.
  - 27. The medium of claim 26 wherein the computer program further comprises instructions for causing the proxy server to:
    - encrypt the session key; and
      
      insert a second additional field into the initial HTTP request to create the modified initial HTTP request, wherein the second additional field inserted into the initial HTTP request contains the encrypted session key.
  - 28. The medium of claim 27 wherein:
    - to use the session key to encrypt the profile information, the computer program further comprises instructions for causing the proxy server to use the session key and a symmetric encryption algorithm to encrypt the user profile information, andto encrypt the session key, the computer program further comprises instructions for causing the proxy server to encrypt the session key using a public key encryption algorithm and a public key associated with the HTTP server.
  - 29. The medium of claim 26 wherein, to determine the session key, the computer program further comprises instructions for causing the proxy server to combine a master session key with a key mask.
  - 30. The medium of claim 24 wherein the user profile information comprises one or more of demographic information, a history of data requests by a user, age of a user, gender of a user, or interests of a user.
  - 31. The medium of claim 24 wherein the computer program further comprises instructions for causing the proxy server to send a flush directive to the HTTP server such that the HTTP server discards the user profile information stored in the storage associated with the HTTP server.

32. A computer-usable medium having a computer program embodied thereon, the computer program comprising instructions for causing an HTTP server to:
- receive a modified HTTP request from a proxy server, wherein the proxy server created the modified HTTP request by inserting a field into an HTTP request intercepted by the proxy server, the inserted field containing an identifier;
  
  parse the modified HTTP request to extract the identifier;
  
  use the extracted identifier to retrieve user profile information from a storage associated with the HTTP server;
  
  generate an HTTP response to the HTTP request based on the retrieved user profile information; and
  
  send the HTTP response to the proxy server for delivery to a client computer.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The medium of claim 32 wherein the computer program further comprises instructions for causing the HTTP server to:
    - receive an initial modified HTTP request from a proxy server, wherein the initial modified HTTP request includes a field inserted into an initial HTTP request by the proxy server, wherein the field inserted into the initial HTTP request contains encrypted user profile information;
      
      parse the initial modified HTTP request to extract the encrypted user profile information;
      
      decrypt the encrypted user profile information extracted from the initial modified HTTP request;
      
      generate an initial HTTP response to the initial HTTP request based on the decrypted user profile information;
      
      send the initial HTTP response to the proxy server for delivery to a client computer;
      
      store the decrypted user profile information in the storage associated with the HTTP server;
      
      generate the identifier; and
      
      send the identifier to the proxy server.
  - 34. The medium of claim 33 whereinthe initial modified HTTP request includes a second field inserted into the initial HTTP request by the proxy server, wherein the second field inserted into the initial HTTP request contains a session key, andto decrypt the encrypted user profile information, the computer program further comprises instructions for causing the HTTP server to decrypt the encrypted user profile information extracted from the initial modified HTTP request using the session key.
  - 35. The medium of claim 34 wherein the computer program further comprises instructions for causing the HTTP server to decrypt the session key.
  - 36. The medium of claim 35 wherein:
    - to decrypt the session key, the computer program further comprises instructions for causing the HTTP server to decrypt the session key using a public key algorithm and a private key of the HTTP server, andto decrypt the encrypted user profile information using the session key, the computer program further comprises instructions for causing the HTTP server to decrypt the encrypted user profile information using a symmetric decryption algorithm and the session key.
  - 37. The medium of claim 32 wherein the user profile information comprises one or more of demographic information, a history of data requests by a user, age of a user, gender of a user, or interests of a user.
  - 38. The medium of claim 32 wherein the computer program further comprises instructions for causing the proxy server to:
    - receive a flush directive from the proxy server; and
      
      discard the user profile information stored in the local storage.

39. A proxy server comprising:
- a storage to store identifiers for use by HTTP servers in retrieving user profile information stored in storages associated with the HTTP servers;
  
  a network interface operatively coupled to a network to exchange data with a client computer and with the HTTP server; and
  
  a processor operatively coupled to the network interface, the storage, and a memory comprising executable instructions for causing the processor to;
  
  intercept an HTTP request from a client computer that is directed to an HTTP server, wherein the HTTP request comprises a plurality of fields;
  
  determine an identity of a user of the client computer in response to receiving the HTTP request;
  
  retrieve an identifier from the storage based on the identity of the user;
  
  insert an additional field into the HTTP request to create a modified HTTP request, the additional field containing the retrieved identifier;
  
  send the modified HTTP request to the HTTP server such that the HTTP server parses the modified HTTP request to extract the retrieved identifier, uses the retrieved identifier to retrieve user profile information from a storage associated with the HTTP server, generate an HTTP response to the HTTP request based on the retrieved user profile information, and sends the HTTP response to the proxy server;
  
  receive the HTTP response from the HTTP server; and
  
  forward the HTTP response to the client computer.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. The proxy server of claim 39 wherein the memory further comprises executable instructions for causing the processor to:
    - receive an initial HTTP request from the client computer that is directed to the HTTP server, wherein the initial HTTP request comprises a plurality of fields;
      
      determine an identity of a user of the client computer in response to receiving the initial HTTP request;
      
      retrieve user profile information based on the identity of the user;
      
      encrypt the user profile information;
      
      insert an additional field into the initial HTTP request to create a modified initial HTTP request, wherein the additional field inserted into the initial HTTP request contains the encrypted user profile information;
      
      send the modified initial HTTP request to the HTTP server such that the HTTP server parses the modified initial HTTP request to extract and decrypt the encrypted user profile information, stores the decrypted user profile information in the storage associated with the HTTP server, generates an initial HTTP response to the initial HTTP request based on the decrypted user profile information, generates the identifier, and sends the initial HTTP response and the identifier to the proxy server;
      
      receive the identifier from the HTTP server;
      
      store the identifier in the storage associated with the proxy server;
      
      receive the initial HTTP response from the HTTP server; and
      
      forward the initial HTTP response to the client computer.
  - 41. The proxy server of claim 40 wherein, to encrypt the user profile information, the memory further comprises executable instructions for causing the processor to determine a session key and using the session key to encrypt the user profile information.
  - 42. The proxy server of claim 41 wherein the memory further comprises executable instructions for causing the processor to:
    - encrypt the session key; and
      
      insert a second additional field into the initial HTTP request to create the modified initial HTTP request, wherein the second additional field inserted into the initial HTTP request contains the encrypted session key.
  - 43. The proxy server of claim 42 wherein:
    - to use the session key to encrypt the profile information, the memory further comprises executable instructions for causing the processor to use the session key and a symmetric encryption algorithm to encrypt the user profile information, andto encrypt the session key, the memory further comprises executable instructions for causing the processor to encrypt the session key using a public key encryption algorithm and a public key associated with the HTTP server.
  - 44. The proxy server of claim 41 wherein, to determine the session key, the memory further comprises executable instructions for causing the processor to combine a master session key with a key mask.

45. An HTTP server comprising:
- a storage to store user profile information;
  
  a network interface operatively coupled to a network to exchange data with a proxy server; and
  
  a processor operatively coupled to the network interface and a memory comprising executable instructions for causing the processor to;
  
  receive a modified HTTP request from a proxy server, wherein the proxy server created the modified HTTP request by inserting a field into an HTTP request intercepted by the proxy server, the inserted field containing an identifier;
  
  parse the modified HTTP request to extract the identifier;
  
  use the extracted identifier to retrieve user profile information from the storage;
  
  generate an HTTP response to the HTTP request based on the retrieved user profile information; and
  
  send the HTTP response to the proxy server for delivery to a client computer.
- View Dependent Claims (46, 47, 48, 49)
- - 46. The HTTP server of claim 45 wherein the memory further comprises executable instructions for causing the processor to:
    - receive an initial modified HTTP request from a proxy server, wherein the initial modified HTTP request includes a field inserted into an initial HTTP request by the proxy server, wherein the field inserted into the initial HTTP request contains encrypted user profile information;
      
      parse the initial modified HTTP request to extract the encrypted user profile information;
      
      decrypt the encrypted user profile information extracted from the initial modified HTTP request;
      
      generate an initial HTTP response to the initial HTTP request based on the decrypted user profile information;
      
      send the initial HTTP response to the proxy server for delivery to a client computer;
      
      store the decrypted user profile information in the storage;
      
      generate the identifier; and
      
      send the identifier to the proxy server.
  - 47. The HTTP sever of claim 46 whereinthe initial modified HTTP request includes a second field inserted into the initial HTTP request by the proxy server, wherein the second field inserted into the initial HTTP request contains a session key, andto decrypt the encrypted user profile information, the memory further comprises executable instructions for causing the processor to decrypt the encrypted user profile information extracted from the initial modified HTTP request using the session key.
  - 48. The HTTP server of claim 47 wherein the memory further comprises executable instructions for causing the processor to decrypt the session key.
  - 49. The HTTP server of claim 48 wherein:
    - to decrypt the session key, the memory further comprises executable instructions for causing the processor to decrypt the session key using a public key algorithm and a private key of the HTTP server, andto decrypt the encrypted user profile information using the session key, the memory further comprises executable instructions for causing the processor to decrypt the encrypted user profile information using a symmetric decryption algorithm and the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
America Online Inc. (Warner Bros. Discovery, Inc.)
Inventors
Hendren, C. Hudson III, Harada, Larry T., Purdum, Christopher S., Dolecki, Mark A.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
NOBAHAR, ABDULHAKIM

Application Number

US09/323,415
Time in Patent Office

2,744 Days
Field of Search

713/155, 713/185, 713/153, 713/74, 713/200, 713/201, 702/219, 709/229, 705/14, 705/18, 705/26, 705/76
US Class Current

713/185
CPC Class Codes

G06Q 20/3821   Electronic credentials

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

H04L 67/561   Adding application-function...

H04L 67/568   Storing data temporarily at...

Secure data exchange between date processing systems

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

254 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data exchange between date processing systems

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

254 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links