Resource server proxy method and system

US 8,046,826 B2
Filed: 03/17/2008
Issued: 10/25/2011
Est. Priority Date: 03/17/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A resource request method comprising:

initializing, by a computing system comprising a resource server software application, said resource server software application, wherein said resource server software application comprises an internal session cache, and wherein said internal session cache comprises an internal data structure within said resource server software application;

receiving, by said resource server software application, first configuration data, wherein said configuration data comprises session key life data comprising a session key life variable;

receiving, by said resource server software application from a first requestor, a first authentication request, first credentials data associated with said first requestor, and a first address associated with said first requestor, wherein said first credentials data comprises a first session ID;

transmitting, by said resource server software application to a user directory, said first credentials data and a first request for groups associated with said first requestor;

receiving, by said resource server software application from said user directory, first group IDs identifying a first group associated with said first requestor;

generating, by said resource server software application, a first session key associated with said first requestor, wherein said first session key comprises a randomly generated sequence of characters;

calculating, by a computer processor executing said resource server software application, a first specified lifetime associated with said first session key, wherein said calculating said first specified lifetime comprises adding said session key life data to a first current time;

storing within said internal session cache, by said resource server software application, said first session key, said first session ID, said first address, said first group IDs, and said first specified lifetime;

periodically determining, by said resource server software application, if said first session key and said session key life data should be updated, wherein said periodically determining is associated with a master cleanup period comprising a specified period of time that said resource server software application will wait between scans of said internal session cache for expired sessions;

establishing, by said resource server software application, a secure communication channel between said first requestor, said resource server software application, and a backend resource server;

transmitting, by said resource server software application to said first requestor based on said results of said periodically determining, said first session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A resource request method and system. The method includes receiving by resource server software application, session key life data. The resource server software application receives from a requester, an authentication request, a session ID, and an address associated with the requestor. The resource server software application transmits the session ID and a request for groups associated with the request. The resource server software application receives group IDs. The resource server software application generates a session key associated with the requester. The resource server software application calculates a specified lifetime associated with the session key. The resource server software application stores the session key, the session ID, the address, the group IDs, and the specified lifetime. The resource server software application transmits to the requester, the session key.

26 Citations

View as Search Results

22 Claims

1. A resource request method comprising:
- initializing, by a computing system comprising a resource server software application, said resource server software application, wherein said resource server software application comprises an internal session cache, and wherein said internal session cache comprises an internal data structure within said resource server software application;
  
  receiving, by said resource server software application, first configuration data, wherein said configuration data comprises session key life data comprising a session key life variable;
  
  receiving, by said resource server software application from a first requestor, a first authentication request, first credentials data associated with said first requestor, and a first address associated with said first requestor, wherein said first credentials data comprises a first session ID;
  
  transmitting, by said resource server software application to a user directory, said first credentials data and a first request for groups associated with said first requestor;
  
  receiving, by said resource server software application from said user directory, first group IDs identifying a first group associated with said first requestor;
  
  generating, by said resource server software application, a first session key associated with said first requestor, wherein said first session key comprises a randomly generated sequence of characters;
  
  calculating, by a computer processor executing said resource server software application, a first specified lifetime associated with said first session key, wherein said calculating said first specified lifetime comprises adding said session key life data to a first current time;
  
  storing within said internal session cache, by said resource server software application, said first session key, said first session ID, said first address, said first group IDs, and said first specified lifetime;
  
  periodically determining, by said resource server software application, if said first session key and said session key life data should be updated, wherein said periodically determining is associated with a master cleanup period comprising a specified period of time that said resource server software application will wait between scans of said internal session cache for expired sessions;
  
  establishing, by said resource server software application, a secure communication channel between said first requestor, said resource server software application, and a backend resource server;
  
  transmitting, by said resource server software application to said first requestor based on said results of said periodically determining, said first session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - receiving after said transmitting said first session key, by said resource server software application from said first requestor, a first resource request and said first session key;
      
      comparing, by said resource server software application, said first address in said session cache with a first source address associated with said first requestor to determine a first match;
      
      transmitting, by said resource server software application to a backend resource server, said first resource request and said first group IDs;
      
      receiving, by said resource server software application from said backend resource server, a first resource associated with said first resource request;
      
      generating, by said resource server software application, a second session key associated with said first requestor;
      
      calculating, by said resource server software application, a second specified lifetime associated with said second session key, wherein said calculating said second specified lifetime comprises adding said session key life data to a second current time;
      
      removing said first session key and said first specified lifetime from said resource server software application;
      
      storing within said internal session cache, by said resource server software application, said second session key and said second specified lifetime; and
      
      transmitting, by said resource server software application to said first requestor, said second session key and said first resource.
  - 3. The method of claim 2, further comprising:
    - receiving, by said resource server software application from a second requestor, a second authentication request, second credentials data associated with said second requestor, and a second address associated with said second requestor, wherein said second credentials data comprises a second session ID;
      
      transmitting, by said resource server software application to a user directory, said second credentials data and a second request for groups associated with said second requestor;
      
      receiving, by said resource server software application from said user directory, second group IDs identifying a second group associated with said second requestor;
      
      generating, by said resource server software application, a third session key associated with said second requestor;
      
      calculating, by said resource server software application, a third specified lifetime associated with said third session key, wherein said calculating said third specified lifetime comprises adding said session key life data to a third current time; and
      
      storing within said internal session cache, by said resource server software application, said third session key, said second session ID, said second address, said second group IDs, and said third specified lifetime.
  - 4. The method of claim 3, further comprising:
    - transmitting, by said resource server software application to said second requestor, said third session key;
      
      receiving after said transmitting said third session key, by said resource server software application from said second requestor, a second resource request and said third session key;
      
      comparing, by said resource server software application, said second address in said session cache with a second source address associated with said second requestor to determine a second match;
      
      transmitting, by said resource server software application to said backend resource server, said second resource request and said second group IDs;
      
      receiving, by said resource server software application from said backend resource server, a second resource associated with said second resource request;
      
      generating, by said resource server software application, a fourth session key associated with said second requestor;
      
      calculating, by said resource server software application, a fourth specified lifetime associated with said second session key, wherein said calculating said fourth specified lifetime comprises adding said session key life data to a second current time;
      
      removing said third session key and said third specified lifetime from said resource server software application;
      
      storing within said internal session cache, by said resource server software application, said second session key and said fourth specified lifetime; and
      
      transmitting, by said resource server software application to said second requestor, said fourth session key and said second resource.
  - 5. The method of claim 1, further comprising:
    - periodically scanning, by said resource server software application, said internal session cache to determine if said first specified lifetime has expired.
  - 6. The method of claim 5, wherein said periodically scanning determines that said first specified lifetime has expired, and wherein said method further comprises:
    - removing, by said resource server software application from said internal session cache, said first session key, said first session ID, said first address, said first group IDs, and said first specified lifetime.
  - 7. The method of claim 6, further comprising:
    - receiving, by said resource server software application from said first requestor, a first resource request and said first session key; and
      
      transmitting, by said resource server software application to said first requestor, an error message indicating that said first specified lifetime has expired.
  - 8. The method of claim 7, further comprising:
    - receiving, by said resource server software application from said first requestor, a second authentication request, second credentials data associated with said first requestor, and a second address associated with said first requestor, wherein said second credentials data comprises a second session ID;
      
      transmitting, by said resource server software application to a user directory, said second credentials data and a second request for groups associated with said first requestor;
      
      receiving, by said resource server software application from said user directory, said first group IDs identifying said first group associated with said first requestor;
      
      generating, by said resource server software application, a second session key associated with said first requestor;
      
      calculating, by said resource server software application, a second specified lifetime associated with said second session key, wherein said calculating said second specified lifetime comprises adding said session key life data to a second current time; and
      
      storing within said internal session cache, by said resource server software application, said second session key, said second session ID, said second address, said first group IDs, and said second specified lifetime.
  - 9. The method of claim 8, further comprising:
    - transmitting, by said resource server software application to said first requestor, said second session key;
      
      receiving after said transmitting said second session key, by said resource server software application from said first requestor, a second resource request and said second session key;
      
      comparing, by said resource server software application, said second address in said session cache with a first source address associated with said first requestor to determine a first match;
      
      transmitting, by said resource server software application to a backend resource server, said second resource request and said first group IDs;
      
      receiving, by said resource server software application from said backend resource server, a first resource associated with said second resource request;
      
      generating, by said resource server software application, a third session key associated with said first requestor;
      
      calculating, by said resource server software application, a third specified lifetime associated with said third session key, wherein said calculating said third specified lifetime comprises adding said session key life data to a third current time;
      
      removing said second session key and said second specified lifetime from said resource server software application;
      
      storing within said internal session cache, by said resource server software application, said third session key and said third specified lifetime; and
      
      transmitting, by said resource server software application to said first requestor, said third session key and said first resource.
  - 10. The method of claim 1, wherein said first credentials data comprises a user ID and password for said first requestor.
  - 11. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in said computing system, wherein the code in combination with said computing system is capable of performing the method of claim 1.

12. A computing system comprising a computer processor coupled to a computer-readable memory unit, said memory unit comprising a resource server software application and instructions that when executed by the computer processor implements a resource request method, said method comprising:
- initializing, by said computing system, said resource server software application, wherein said resource server software application comprises an internal session cache, and wherein said internal session cache comprises an internal data structure within said resource server software application;
  
  receiving, by said resource server software application, first configuration data, wherein said configuration data comprises session key life data comprising a session key life variable;
  
  receiving, by said resource server software application from a first requestor, a first authentication request, first credentials data associated with said first requestor, and a first address associated with said first requestor, wherein said first credentials data comprises a first session ID;
  
  transmitting, by said resource server software application to a user directory, said first credentials data and a first request for groups associated with said first requestor;
  
  receiving, by said resource server software application from said user directory, first group IDs identifying a first group associated with said first requestor;
  
  generating, by said resource server software application, a first session key associated with said first requestor, wherein said first session key comprises a randomly generated sequence of characters;
  
  calculating, by said computer processor executing said resource server software application, a first specified lifetime associated with said first session key, wherein said calculating said first specified lifetime comprises adding said session key life data to a first current time;
  
  storing within said internal session cache, by said resource server software application, said first session key, said first session ID, said first address, said first group IDs, and said first specified lifetime;
  
  periodically determining, by said resource server software application, if said first session key and said session key life data should be updated, wherein said periodically determining is associated with a master cleanup period comprising a specified period of time that said resource server software application will wait between scans of said internal session cache for expired sessions;
  
  establishing, by said resource server software application, a secure communication channel between said first requestor, said resource server software application, and a backend resource server;
  
  transmitting, by said resource server software application to said first requestor based on said results of said periodically determining, said first session key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The computing system of claim 12, wherein said method further comprises:
    - receiving after said transmitting said first session key, by said resource server software application from said first requestor, a first resource request and said first session key;
      
      comparing, by said resource server software application, said first address in said session cache with a first source address associated with said first requestor to determine a first match;
      
      transmitting, by said resource server software application to a backend resource server, said first resource request and said first group IDs;
      
      receiving, by said resource server software application from said backend resource server, a first resource associated with said first resource request;
      
      generating, by said resource server software application, a second session key associated with said first requestor;
      
      calculating, by said resource server software application, a second specified lifetime associated with said second session key, wherein said calculating said second specified lifetime comprises adding said session key life data to a second current time;
      
      removing said first session key and said first specified lifetime from said resource server software application;
      
      storing within said internal session cache, by said resource server software application, said second session key and said second specified lifetime; and
      
      transmitting, by said resource server software application to said first requestor, said second session key and said first resource.
  - 14. The computing system of claim 13, wherein said method further comprises:
    - receiving, by said resource server software application from a second requestor, a second authentication request, second credentials data associated with said second requestor, and a second address associated with said second requestor, wherein said second credentials data comprises a second session ID;
      
      transmitting, by said resource server software application to a user directory, said second credentials data and a second request for groups associated with said second requestor;
      
      receiving, by said resource server software application from said user directory, second group IDs identifying a second group associated with said second requestor;
      
      generating, by said resource server software application, a third session key associated with said second requestor;
      
      calculating, by said resource server software application, a third specified lifetime associated with said third session key, wherein said calculating said third specified lifetime comprises adding said session key life data to a third current time; and
      
      storing within said internal session cache, by said resource server software application, said third session key, said second session ID, said second address, said second group IDs, and said third specified lifetime.
  - 15. The computing system of claim 14, wherein said method further comprises:
    - transmitting, by said resource server software application to said second requestor, said third session key;
      
      receiving after said transmitting said third session key, by said resource server software application from said second requestor, a second resource request and said third session key;
      
      comparing, by said resource server software application, said second address in said session cache with a second source address associated with said second requestor to determine a second match;
      
      transmitting, by said resource server software application to said backend resource server, said second resource request and said second group IDs;
      
      receiving, by said resource server software application from said backend resource server, a second resource associated with said second resource request;
      
      generating, by said resource server software application, a fourth session key associated with said second requestor;
      
      calculating, by said resource server software application, a fourth specified lifetime associated with said second session key, wherein said calculating said fourth specified lifetime comprises adding said session key life data to a second current time;
      
      removing said third session key and said third specified lifetime from said resource server software application;
      
      storing within said internal session cache, by said resource server software application, said second session key and said fourth specified lifetime; and
      
      transmitting, by said resource server software application to said second requestor, said fourth session key and said second resource.
  - 16. The computing system of claim 12, wherein said method further comprises:
    - periodically scanning, by said resource server software application, said internal session cache to determine if said first specified lifetime has expired.
  - 17. The computing system of claim 16, wherein said periodically scanning determines that said first specified lifetime has expired, and wherein said method further comprises:
    - removing, by said resource server software application from said internal session cache, said first session key, said first session ID, said first address, said first group IDs, and said first specified lifetime.
  - 18. The computing system of claim 17, wherein said method further comprises:
    - receiving, by said resource server software application from said first requestor, a first resource request and said first session key; and
      
      transmitting, by said resource server software application to said first requestor, an error message indicating that said first specified lifetime has expired.
  - 19. The computing system of claim 18, wherein said method further comprises:
    - receiving, by said resource server software application from said first requestor, a second authentication request, second credentials data associated with said first requestor, and a second address associated with said first requestor, wherein said second credentials data comprises a second session ID;
      
      transmitting, by said resource server software application to a user directory, said second credentials data and a second request for groups associated with said first requestor;
      
      receiving, by said resource server software application from said user directory, said first group IDs identifying said first group associated with said first requestor;
      
      generating, by said resource server software application, a second session key associated with said first requestor;
      
      calculating, by said resource server software application, a second specified lifetime associated with said second session key, wherein said calculating said second specified lifetime comprises adding said session key life data to a second current time; and
      
      storing within said internal session cache, by said resource server software application, said second session key, said second session ID, said second address, said first group IDs, and said second specified lifetime.
  - 20. The computing system of claim 19, wherein said method further comprises:
    - transmitting, by said resource server software application to said first requestor, said second session key;
      
      receiving after said transmitting said second session key, by said resource server software application from said first requestor, a second resource request and said second session key;
      
      comparing, by said resource server software application, said second address in said session cache with a first source address associated with said first requestor to determine a first match;
      
      transmitting, by said resource server software application to a backend resource server, said second resource request and said first group IDs;
      
      receiving, by said resource server software application from said backend resource server, a first resource associated with said second resource request;
      
      generating, by said resource server software application, a third session key associated with said first requestor;
      
      calculating, by said resource server software application, a third specified lifetime associated with said third session key, wherein said calculating said third specified lifetime comprises adding said session key life data to a third current time;
      
      removing said second session key and said second specified lifetime from said resource server software application;
      
      storing within said internal session cache, by said resource server software application, said third session key and said third specified lifetime; and
      
      transmitting, by said resource server software application to said first requestor, said third session key and said first resource.
  - 21. The computing system of claim 12, wherein said first credentials data comprises a user ID and password for said first requestor.

22. A computer program product, comprising a computer readable storage device having a computer readable program code embodied therein, said computer readable program code including a resource server software application comprising an algorithm that when executed by a computer processor of a computing system implements a method comprising:
- initializing, by said computing system, said resource server software application, wherein said resource server software application comprises an internal session cache, and wherein said internal session cache comprises an internal data structure within said resource server software application;
  
  receiving, by said resource server software application, first configuration data, wherein said configuration data comprises session key life data comprising a session key life variable;
  
  receiving, by said resource server software application from a first requestor, a first authentication request, first credentials data associated with said first requestor, and a first address associated with said first requestor, wherein said first credentials data comprises a first session ID;
  
  transmitting, by said resource server software application to a user directory, said first credentials data and a first request for groups associated with said first requestor;
  
  receiving, by said resource server software application from said user directory, first group IDs identifying a first group associated with said first requestor;
  
  generating, by said resource server software application, a first session key associated with said first requestor, wherein said first session key comprises a randomly generated sequence of characters;
  
  calculating, by said computer processor executing said resource server software application, a first specified lifetime associated with said first session key, wherein said calculating said first specified lifetime comprises adding said session key life data to a first current time;
  
  storing within said internal session cache, by said resource server software application, said first session key, said first session ID, said first address, said first group IDs, and said first specified lifetime;
  
  periodically determining, by said resource server software application, if said first session key and said session key life data should be updated, wherein said periodically determining is associated with a master cleanup period comprising a specified period of time that said resource server software application will wait between scans of said internal session cache for expired sessions;
  
  establishing, by said resource server software application, a secure communication channel between said first requestor, said resource server software application, and a backend resource server;
  
  transmitting, by said resource server software application to said first requestor based on said results of said periodically determining, said first session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sheehan, Alexander Brantley
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US12/049,483
Publication Number

US 20090235343A1
Time in Patent Office

1,317 Days
Field of Search

None
US Class Current

726/6
CPC Class Codes

G06F 21/629 to features or functions of...

G06F 9/54 Interprogram communication

Resource server proxy method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Resource server proxy method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links