Secure network user states
First Claim
1. In a system comprising a server and a computer communicatively connected together via an HTTP-based network, a method of establishing by the server a secure state between the server and a user operating the computer, said method comprising:
- receiving, from the computer, a user key comprising U bits, where U>
0;
creating, from said user key, a cryptographic key;
encrypting, using said cryptographic key, user data;
storing the encrypted user data in a cookie;
naming the cookie by assigning name data to the cookie;
sending the cookie to the computer for storage thereby;
receiving the cookie from the computer;
receiving said user key from the computer;
recreating, from said user key, said cryptographic key;
extracting the encrypted user data from the cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data.
2 Assignments
0 Petitions
Accused Products
Abstract
A server and a computer are connected to a network. User data may be used to establish a state between a server and a user operating the computer. Secure network user states includes creating a first key from a received user key; encrypting user data with the cryptographic key; storing the encrypted user data in a cookie; and sending the cookie to the computer; such that subsequently, a secure state between the server and the user is established by receiving the cookie and the user key from the computer; creating a second key that matches the first key; decrypting, using the second key, encrypted user data extracted from the cookie; and establishing the secure state based on the decrypted user data. A key is created in any repeatable manner, which mathematically must include at least one insertion or deletion. Optionally, user data may be seeded to heighten security of the state.
43 Citations
22 Claims
-
1. In a system comprising a server and a computer communicatively connected together via an HTTP-based network, a method of establishing by the server a secure state between the server and a user operating the computer, said method comprising:
-
receiving, from the computer, a user key comprising U bits, where U>
0;
creating, from said user key, a cryptographic key;
encrypting, using said cryptographic key, user data;
storing the encrypted user data in a cookie;
naming the cookie by assigning name data to the cookie;
sending the cookie to the computer for storage thereby;
receiving the cookie from the computer;
receiving said user key from the computer;
recreating, from said user key, said cryptographic key;
extracting the encrypted user data from the cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a system comprising a server and a computer communicatively connected together via an HTTP-based network, a method of establishing by the server a secure state between the server and a user operating the computer, said method comprising:
-
receiving, from the computer, a cookie comprising encrypted user data that may be seeded according to a format;
receiving a user key from the computer;
creating, from said user key, a cryptographic key;
extracting the encrypted user data from said cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (8, 9, 10, 11)
-
-
12. For use by a server communicatively connected to a computer via an HTTP-based network, a computer readable medium comprising instructions for establishing a secure state between the server and a user operating the computer, by causing the server to perform actions, comprising:
-
receiving, from the computer, a user key comprising U bits, where U>
0;
creating, from said user key, a cryptographic key;
encrypting, using said cryptographic key, user data;
storing the encrypted user data in a cookie;
naming the cookie by assigning name data to the cookie;
sending the cookie to the computer for storage thereby;
receiving the cookie from the computer;
receiving said user key from the computer;
recreating, from said user key, said cryptographic key;
extracting the encrypted user data from the cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. For use by a server communicatively connected to a computer via an HTTP-based network, a computer readable medium comprising instructions for establishing a secure state between the server and a user operating the computer, by causing the server to perform actions, comprising:
-
receiving, from the computer, a cookie comprising encrypted user data that may be seeded according to a format;
receiving a user key from the computer;
creating, from said user key, a cryptographic key;
extracting the encrypted user data from said cookie;
decrypting, using said cryptographic key, the encrypted user data; and
establishing the secure state between the server and the user based on the decrypted user data. - View Dependent Claims (19, 20, 21, 22)
-
Specification