Data replication across enterprise boundaries

US 9,286,369 B2
Filed: 12/30/2009
Issued: 03/15/2016
Est. Priority Date: 12/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a user token identifier and a one-time password from a client device at a first server;

validating the one-time password at the first server based on first verification information stored in a first database, the first verification information being associated with the user token identifier, wherein the first database is within a first network;

updating the first verification information in the first database to indicate that the one-time password has been used;

initiating an update to a second database by pushing the first verification information and a site ID of the first database from the first database to the second database via a first SSL tunnel, wherein the second database is within a second network that is outside an enterprise boundary of the first network;

initiating an update to the first database by pulling second verification information from the second database to the first database via a second SSL tunnel; and

updating the first verification information in the first database based on the second verification information pulled from the second database,wherein at least one of the second database or the first database resolves which of the first verification information or second verification information to apply based on at least one of;

unique data within the first verification information or the second verification information, timestamp data within the first verification information or the second verification information, or an authority assigned to the at least one of the second database or the first database with the first verification information or the second verification information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for synchronizing verification data in a distributed database including client and server databases. The server database may exchange verification data regarding one-time passwords to multiple client databases. An update to the server database may be initiated based on information stored in the client database by pushing updated verification information from the client database to the server database via an SSL tunnel. An update to the client database may be initiated based on information stored in the server database by pulling updated verification data from the server database to the client database via an SSL tunnel. The client database and the server database may include a two-dimensional data field including the verification data and an associated key identifier, and a site ID. The site ID may include a unique identifier to identify the respective database in which it is included. The data field may include a sequence number assigned to each row of data that increases every time the row of information is updated. The client database and the server database may also include a replication tracking table including a record of the last known update to a remote database. Data fields that require updating may be determined based on the site ID and a comparison of the sequence numbers from the replication tracking table and the server'"'"'s database.

Citations

24 Claims

1. A method, comprising:
- receiving a user token identifier and a one-time password from a client device at a first server;
  
  validating the one-time password at the first server based on first verification information stored in a first database, the first verification information being associated with the user token identifier, wherein the first database is within a first network;
  
  updating the first verification information in the first database to indicate that the one-time password has been used;
  
  initiating an update to a second database by pushing the first verification information and a site ID of the first database from the first database to the second database via a first SSL tunnel, wherein the second database is within a second network that is outside an enterprise boundary of the first network;
  
  initiating an update to the first database by pulling second verification information from the second database to the first database via a second SSL tunnel; and
  
  updating the first verification information in the first database based on the second verification information pulled from the second database,wherein at least one of the second database or the first database resolves which of the first verification information or second verification information to apply based on at least one of;
  
  unique data within the first verification information or the second verification information, timestamp data within the first verification information or the second verification information, or an authority assigned to the at least one of the second database or the first database with the first verification information or the second verification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21, 24)
- - 2. The method of claim 1, wherein the second database exchanges verification information regarding one-time passwords to multiple databases, the method further comprising:
    - providing a validation response from the first server based on the validating of the one-time password; and
      
      wherein updating first verification information in the first database based on the second verification information pulled from the second database comprises updating the user token identifier in the first database.
  - 3. The method of claim 1, wherein:
    - the first database and the second database each comprise;
      
      a two-dimensional data field including verification data and an associated key identifier;
      
      a site ID comprising a unique identifier to identify the respective database;
      
      a sequence number assigned to each row of data in a data table, the sequence number increasing every time the row is updated; and
      
      a replication tracking table comprising a record of a last known update to at least one of the second database or a third database, the record including the site ID and a sequence number; and
      
      data fields that require updating during the pulling are determined based on the site ID and a comparison of the sequence number in the second database and at least one of the first or third databases, a data field is determined to have been changed when it has a larger sequence number than that of data in another database with the same site ID.
  - 4. The method of claim 1, wherein:
    - the second database and first database are independently updated during an inter-update period between the second database and first database.
  - 5. The method of claim 4, wherein at least one of the second database or first database resolves which of the first verification information or the second verification information to apply based on the unique data within the first verification information or second verification information.
  - 6. The method of claim 4, wherein at least one of the second database or first database resolves which of the first verification information or the second verification information to apply based on the timestamp data within the first verification information or second verification information.
  - 7. The method of claim 4, wherein at least one of the second database or first database resolves which first verification information or second verification information to apply based on the authority assigned to the database with the first verification information or second verification information.
  - 8. The method of claim 4, wherein:
    - the first server comprises a plurality of servers, each server maintaining a respective database; and
      
      different verification information conflict resolution rules are set by different servers.
  - 9. The method of claim 4, wherein validating for a single user token identifier by various first servers proceeds asynchronously with respect to the updating.
  - 21. The method of claim 1, further comprising:
    - comparing a sequence number associated with first verification information from the first database to another sequence number associated with stored information in at least one of a third database or the second database; and
      
      if the sequence numbers match, reporting a replay attack associated with a key identifier for the first verification information.
  - 24. The method of claim 1 further comprising updating a plurality of databases, wherein the plurality of databases are distributed among a plurality of sites, wherein at least one of the plurality of databases is across an enterprise boundary from the first database.

10. A method comprising:
- receiving a request to update a server database from a first client database, the request comprising verification information of a user and a site ID of the first client database, wherein the verification information of the user relates to one-time passwords that are verified using at least one of the first client database, a second client database, or the server database, wherein the request is pushed from the first client database to the server database, wherein the first client database is within a first network;
  
  updating verification information stored in the server database based on the verification information from the first client database, wherein the server database is within a second network that is outside an enterprise boundary of the first network;
  
  receiving a request to update at least one of the first client database or the second client database by pulling the verification information from the server database to the at least one of the first client database or the second client database via an SSL tunnel; and
  
  sending the verification information to the at least one of the first client database or the second client database requesting the verification information from the server database,wherein at least one of the second database or the first database resolves which of a first verification information or a second verification information of the verification information to apply based on at least one of;
  
  unique data within the first verification information or the second verification information, timestamp data within the first verification information or the second verification information, or an authority assigned to the at least one of the second database or the first database with the first verification information or the second verification information.
- View Dependent Claims (11, 12, 13, 14, 15, 22)
- - 11. The method of claim 10, wherein:
    - the first client database, the second client database, and the server database each comprise;
      
      a two-dimensional data field including the verification information and an associated key identifier;
      
      a site ID comprising a unique identifier to identify the respective database; and
      
      a sequence number assigned to each row of data in a data table, the sequence number increasing every time the row is updated; and
      
      a replication tracking table comprising a record of a last known update to at least one of the server database or the second client database, the record including the site ID and a sequence number; and
      
      data fields that require updating are determined based on the site ID and a comparison of the sequence number in the server database and at least one of the first client database or the second client database, a data field is determined to have been changed when it has a larger sequence number than that of data in another database with the same site ID.
  - 12. The method of claim 10, wherein:
    - verification information in the server database and the first client database are independently updated during an inter-update period between the server database and the first client database;
      
      at least one of the server database or the first client database resolves which verification information to apply based on at least one of unique data within verification information, timestamp information within the verification information; and
      
      an authority assigned to the database with the verification information.
  - 13. The method of claim 12, wherein at least one of the server database or the first client database resolves which verification information to apply based on the unique data within the verification information.
  - 14. The method of claim 13, wherein at least one of the server database and first client database resolve which verification information to apply based on the timestamp information within the verification information.
  - 15. The method of claim 13, wherein at least one of the server database and first client database resolve which verification information to apply based on the authority assigned to the database with the verification information.
  - 22. The method of claim 10, further comprising:
    - comparing a sequence number associated with verification information from the first client database to another sequence number associated with stored information in at least one of the second client database or the server database; and
      
      if the sequence numbers match, reporting a replay attack associated with a key identifier for the verification information.

16. A method comprising:
- receiving an identifier and a one-time password at a client;
  
  validating the one-time password at the client based on verification information stored in a client database, the verification information being associated with the identifier;
  
  performing an update operation to first verification information in the client database to indicate that the one-time password has been used, wherein the client database is within a first network;
  
  initiating an update to a server database from the client database by pushing first verification information and a site ID of the client database from the client database to the server database, the site ID comprising a geographic identifier to identify the client database, wherein the server database is within a second network that is outside an enterprise boundary of the first network;
  
  initiating an update to second verification information in the client database from the server database by pulling first verification information from the server database to the client database; and
  
  updating the second verification information in the client database based on first verification information pulled from the server database,wherein at least one of the server database or the client database resolves which of the first verification information or second verification information to apply based on at least one of;
  
  unique data within the first verification information or the second verification information, timestamp data within the first verification information or the second verification information, or an authority assigned to the at least one of the server database or the client database with the first verification information or the second verification information.
- View Dependent Claims (17, 18, 19, 20, 23)
- - 17. The method of claim 16, wherein the server database exchanges verification information regarding one-time passwords to multiple client databases, the method further comprising:
    - providing a validation response from the client based on the validating of the one-time password, wherein the first verification information is updated in the client database based on the validation response.
  - 18. The method of claim 16, wherein the updating are conducted over an SSL tunnel between the server database and the client database.
  - 19. The method of claim 16, wherein the updating are initiated only by requests from a client and conducted over an SSL tunnel between the server and the client database formed in response to the requests.
  - 20. The method of claim 16, wherein:
    - the client database and the server database each comprise;
      
      a two-dimensional data field including verification data and an associated key identifier;
      
      a site ID comprising a unique identifier to identify the respective database;
      
      a sequence number assigned to each row of data in a data table, the sequence number increasing every time the row is updated; and
      
      a replication tracking table comprising a record of a last known update to at least one of the server database and a second client database, the record including the site ID and a sequence number; and
      
      data fields that require updating are determined based on the site ID and a comparison of the sequence number in the server database and at least one of the client database or the second client database, a data field is determined to have been changed when it has a larger sequence number than that of data in another database with the same site ID.
  - 23. The method of claim 18, further comprising:
    - comparing a sequence number associated with verification information from the client database to another sequence number associated with stored information in at least one of a second client database or the server database; and
      
      if the sequence numbers match, reporting a replay attack associated with a key identifier for the verification information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Pei, Mingliang, Hoang, Oanh, Sun, Ruiping, Huang, John
Primary Examiner(s)
Chacko, Joe

Application Number

US12/649,829
Publication Number

US 20110161289A1
Time in Patent Office

2,267 Days
Field of Search

707/610
US Class Current

1/1
CPC Class Codes

G06F 16/275 Synchronous replication

Data replication across enterprise boundaries

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Data replication across enterprise boundaries

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links