Secure data exchange for processing requests

US 8,713,694 B2
Filed: 09/14/2012
Issued: 04/29/2014
Est. Priority Date: 06/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

receiving, at a first server device, a first request and encrypted user information from a second server device, the first request being generated at a client application on a client device and forwarded from the second server device;

decrypting, by the first server device, the encrypted user information included with the first request;

storing the user information by the first server device;

generating, by the first server device, a response to the first request using the decrypted user information; and

sending, by the first server device, the response to the first request to the second server device;

sending, by the first server device, a shortcut token associated with the stored user information to the second server device for use with subsequent requests.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

165 Citations

22 Claims

1. A method comprising:
- receiving, at a first server device, a first request and encrypted user information from a second server device, the first request being generated at a client application on a client device and forwarded from the second server device;
  
  decrypting, by the first server device, the encrypted user information included with the first request;
  
  storing the user information by the first server device;
  
  generating, by the first server device, a response to the first request using the decrypted user information; and
  
  sending, by the first server device, the response to the first request to the second server device;
  
  sending, by the first server device, a shortcut token associated with the stored user information to the second server device for use with subsequent requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein the first request comprises an HTTP request.
  - 3. The method as recited in claim 2, wherein the HTTP request includes encrypted user information.
  - 4. The method as recited in claim 3, wherein the user information is encrypted using a symmetric encryption algorithm.
  - 5. The method as recited in claim 3, wherein the encrypted user information is included in a header of the HTTP request.
  - 6. The method as recited in claim 1, further comprising:
    - extracting an encrypted key from the first request;
      
      decrypting the encrypted key; and
      
      using the decrypted key to decrypt the user information.
  - 7. The method as recited in claim 6, wherein:
    - decrypting the encrypted key comprises decrypting the encrypted key using a public key algorithm and a private key of the first server device, anddecrypting the encrypted user information using the key comprises decrypting the user information using a symmetric decryption algorithm and the key.
  - 8. The method as recited in claim 7, wherein the key comprises a session key.

9. A method comprising:
- receiving, at a first server device, an initial request sent from a client application, the initial request including encrypted user information;
  
  sending, by the first server device, an identifier in response to the initial request;
  
  receiving, at the first server device, a second request including the identifier, the second request being generated by the client application and modified by a second server device to include the identifier;
  
  extracting the identifier from the second request;
  
  retrieving the encrypted user information from a non-transitory storage medium using the extracted identifier;
  
  decrypting, by the first server device, the encrypted user information;
  
  processing, by the first server device, at least a portion of the second request using the decrypted user information in order to generate a response to the second request; and
  
  sending, by the first server device, the response to the second request to the client application via the second server device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method as recited in claim 9, further comprising storing the user information in the non-transitory storage medium prior to receiving the second request.
  - 11. The method as recited in claim 10, further comprising:
    - extracting the user information from the initial request; and
      
      linking the identifier to the stored user information.
  - 12. The method as recited in claim 11, wherein the initial request comprises an HTTP request.
  - 13. The method as recited in claim 12, wherein the user information is encrypted using a symmetric encryption algorithm.
  - 14. The method as recited in claim 13, wherein the encrypted user information is included in a header of the HTTP request.
  - 15. The method as recited in claim 14, further comprising:
    - extracting an encrypted key from the initial request;
      
      decrypting the encrypted key; and
      
      using the decrypted key to decrypt the encrypted user information.
  - 16. The method as recited in claim 15, wherein:
    - decrypting the encrypted key comprises decrypting the encrypted key using a public key algorithm and a private key of the first server device, anddecrypting the encrypted user profile information using the key comprises decrypting the user information using a symmetric decryption algorithm and the key.

17. A system comprising:
- a first server device;
  
  at least one non-transitory computer readable storage medium storing a decryption key and instructions thereon that, when executed cause the system the first server device to;
  
  receive a first request and encrypted user information from a second server device, the first request being generated at a client application on a client device and forwarded from the second server device;
  
  decrypt encrypted user information retrieved from the first request using the decryption key;
  
  store the user information;
  
  generate a response to the first request using the decrypted user information;
  
  send the response generated using the decrypted user information to the second server device for forwarding to the client device;
  
  send a shortcut token associated with the stored user information to the server device for use with subsequent requests.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system as recited in claim 17, wherein the first request comprises an HTTP request.
  - 19. The system as recited in claim 18, wherein one or more headers in the HTTP request includes the encrypted user information.
  - 20. The system as recited in claim 19, wherein the user information is encrypted using a symmetric encryption algorithm.
  - 21. The system as recited in claim 19, wherein the instructions when executed, further cause the first server device to:
    - extract an encrypted key from the first request;
      
      decrypt the encrypted key; and
      
      store the decrypted key in the non-transitory storage medium.
  - 22. The system as recited in claim 21, wherein the instructions when executed, further cause the first server device to decrypt the encrypted key using a public key algorithm and a private key of the first server device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Harada, Larry T., Dolecki, Mark A., Purdum, Christopher S, Hendren, C. Hudson III
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US13/616,516
Publication Number

US 20130073861A1
Time in Patent Office

592 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06Q 20/3821   Electronic credentials

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

H04L 67/561   Adding application-function...

H04L 67/568   Storing data temporarily at...

Secure data exchange for processing requests

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

165 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data exchange for processing requests

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links