Internet server access control and monitoring systems
First Claim
Patent Images
1. A secure electronic shopping method, comprising:
- receiving an initial link message from a client computer at a merchant server using a transfer format suitable for communication over the Internet;
transmitting a session link message in response to the initial link message back to the client computer via the Internet, the session link message comprising a session identifier used to maintain session state data with respect to an electronic shopping session between the client computer and the merchant server, wherein the session identifier is distinct from identification of the client computer or a user of the client computer, and wherein the initial link message does not include the session identifier;
causing the client computer to store the session state data at the client computer; and
completing the electronic shopping session between the client computer and the merchant server using the session identifier to identify a series of related requests corresponding to the electronic shopping session made by the client computer to the merchant server, and communicating with a payment server to authorize a purchase associated with the shopping session.
4 Assignments
0 Petitions
Accused Products
Abstract
This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.
-
Citations
114 Claims
-
1. A secure electronic shopping method, comprising:
-
receiving an initial link message from a client computer at a merchant server using a transfer format suitable for communication over the Internet; transmitting a session link message in response to the initial link message back to the client computer via the Internet, the session link message comprising a session identifier used to maintain session state data with respect to an electronic shopping session between the client computer and the merchant server, wherein the session identifier is distinct from identification of the client computer or a user of the client computer, and wherein the initial link message does not include the session identifier; causing the client computer to store the session state data at the client computer; and completing the electronic shopping session between the client computer and the merchant server using the session identifier to identify a series of related requests corresponding to the electronic shopping session made by the client computer to the merchant server, and communicating with a payment server to authorize a purchase associated with the shopping session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A secure electronic shopping method in a network having a plurality of merchant servers and a payment server, the payment server including a plurality of user accounts for use in authorizing purchase transactions between users and the plurality of merchant servers, comprising:
-
conducting an electronic shopping session between a user computer system and one of the plurality of merchant servers, the merchant server and the user computer system exchanging one or more session link messages comprising a session identifier used to maintain session state data with respect to the electronic shopping session, wherein the session identifier is first transmitted to the user computer system in response to an initial request received from the user computer system, wherein the session identifier is distinct from identification of the user computer system or a user of the user computer system, and wherein the initial link message does not include the session identifier; causing the user computer system to store the session state data; completing the electronic shopping session between the user computer system and the merchant server using the session identifier to identify a series of related requests corresponding to the electronic shopping session made by the user computer system to the merchant server, and communicating with a payment server accessing one of the plurality of user accounts in order to authorize a purchase associated with the shopping session; and receiving purchase authorization data at the merchant server and enabling the user computer system to download the purchased product. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. An electronic payment authorization method for processing purchase transactions between user computers and a plurality of merchant servers using a transfer format suitable for communication over the Internet, wherein the user computers and merchant servers are programmed to exchange session state data associated with an electronic shopping session, comprising:
-
receiving session state data comprising a session identifier and associated with an electronic shopping session between a user computer and a merchant server at a payment server, wherein the session identifier is first transmitted to the user computer in response to an initial request received from the user computer, wherein the session identifier is distinct from identification of the user computer or a user of the user computer, and wherein the initial link message does not include the session identifier; accessing a user account at the payment server associated with a user computer; and
processing the session state data and the user account in order to authorize a purchase associated with the electronic shopping session using the session identifier to identify a series of related requests corresponding to the electronic shopping session made by the user computer to the merchant server. - View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
-
-
75. A payment server for receiving and authorizing purchase authorization requests across multiple merchant domains using a transfer format suitable for communication over the Internet,
the purchase authorization requests including session state data comprising a session identifier associated with electronic shopping sessions carried out between user computer systems and merchant servers via the Internet, wherein the session identifier is first transmitted to the user computer systems in response to an initial request received from the user computer systems, wherein the session identifier is distinct from identification of the user computer systems or users of the user computer systems, and wherein the initial link message does not include the session identifier, comprising: -
a network interface for enabling the payment server to communicate with merchant servers and user computer systems via the Internet; a user account database for storing user identification for a plurality of users associated with the user computer systems; and a data processor for receiving purchase authorization requests, wherein the data processor authorizes product purchases between the user computer systems and the merchant servers based upon the session state data and the user identification information stored in the user account database using the session identifier to identify a series of related requests corresponding to the electronic shopping session made by the user computer systems to the merchant servers. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
-
90. A method of purchasing access-controlled data files stored within a content server domain, comprising:
-
exchanging session data, comprising a session identifier, between a user computer system and a content server associated with the content server domain using a transfer format suitable for communication over the Internet and storing the session data at the user computer system, wherein the session identifier is first transmitted to the user computer system in response to an initial request received from the user computer system, wherein the session identifier is distinct from identification of the user computer system or a user of the user computer system, and wherein the initial link message does not include the session identifier, the session data relating to a purchase of an access-controlled data file stored within the content server domain using the session identifier to identify a series of related requests corresponding to the electronic shopping session made by the user computer system to the content server; and transmitting at least a portion of the stored session data to a payment sever, the payment server accessing a user account associated with the user computer system in order to authorize the purchase of the access-controlled data file. - View Dependent Claims (91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
-
Specification