Secure data exchange between data processing systems

US 8,713,690 B2
Filed: 02/18/2011
Issued: 04/29/2014
Est. Priority Date: 06/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

receiving, at a first hardware server, user profile information associated with a user of a client application;

storing the user profile information at the first hardware server in a non-transitory storage device;

generating, at the first hardware server, an identifier associated with the user profile information;

receiving, at the first hardware server, a request including the identifier, the request being sent from a second hardware server;

extracting the identifier from the request;

accessing the non-transitory storage device at the first hardware server in which the user profile information for the user was stored prior to the first hardware server receiving the request;

retrieving the user profile information from the non-transitory storage device based on the extracted identifier;

generating a response, by the first hardware server, to the request using the retrieved user profile information; and

sending the response to the second hardware server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

164 Citations

19 Claims

1. A method comprising:
- receiving, at a first hardware server, user profile information associated with a user of a client application;
  
  storing the user profile information at the first hardware server in a non-transitory storage device;
  
  generating, at the first hardware server, an identifier associated with the user profile information;
  
  receiving, at the first hardware server, a request including the identifier, the request being sent from a second hardware server;
  
  extracting the identifier from the request;
  
  accessing the non-transitory storage device at the first hardware server in which the user profile information for the user was stored prior to the first hardware server receiving the request;
  
  retrieving the user profile information from the non-transitory storage device based on the extracted identifier;
  
  generating a response, by the first hardware server, to the request using the retrieved user profile information; and
  
  sending the response to the second hardware server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the request is a second request that is subsequent to a first request, and wherein the method further comprises:
    - receiving the user profile information with the first request, the user profile information being encrypted;
      
      parsing the first request to extract the encrypted user profile information; and
      
      decrypting the encrypted user profile information extracted from the first request;
      
      wherein storing the user profile information in the non-transitory storage device comprises storing the decrypted user profile information; and
      
      wherein the identifier comprises a token.
  - 3. The method of claim 2, wherein encrypting the user profile information comprises determining a session key and using the session key to encrypt the user profile information.
  - 4. The method of claim 3, further comprising:
    - encrypting the session key; and
      
      appending the encrypted session key to the first request.
  - 5. The method of claim 4, wherein:
    - using the session key to encrypt the user profile information comprises using the session key and a symmetric encryption algorithm to encrypt the user profile information, andencrypting the session key comprises encrypting the session key using a public key encryption algorithm and a public key associated with the first hardware server.
  - 6. The method of claim 2, further comprising:
    - determining an IP address associated with a client computer of the user; and
      
      querying a database to determine an identity associated with the IP address.

7. A method comprising:
- receiving, at a first hardware server, user profile information associated with a user of a client device;
  
  storing the user profile information at the first hardware server in a non-transitory storage device;
  
  generating, by the first hardware server, an identifier associated with the user profile information;
  
  receiving at the first hardware server, a request from the client device, the request having been modified by a device other than the client device to include the identifier associated with the user of the client device;
  
  extracting the identifier from the request;
  
  accessing the non-transitory storage device at the first hardware server, wherein the user profile information for the user was stored prior to the first hardware server receiving the request from the client device;
  
  retrieving the user profile information from the non-transitory storage device based on the extracted identifier;
  
  customizing, by the first hardware server, data based on the retrieved user profile information;
  
  generating a response to the request that includes the customized data; and
  
  sending, from the first hardware server, the response to the client device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the request is a second request that is subsequent to a first request, and wherein the method further comprises:
    - receiving, from the client device, the first request including the user profile information, the user profile information being encrypted;
      
      extracting the encrypted user profile information from the first request; and
      
      decrypting the encrypted user profile information;
      
      wherein storing the user profile information in the non-transitory storage device comprises storing the decrypted user profile information.
  - 9. The method of claim 8, wherein the first request includes a session key, and decrypting the encrypted user profile information comprises decrypting the encrypted user profile information using the session key.
  - 10. The method of claim 9, further comprising decrypting the session key.
  - 11. The method of claim 10, wherein:
    - decrypting the session key comprises decrypting the session key using a public key algorithm and a private key of the first hardware server, anddecrypting the encrypted user profile information using the session key comprises decrypting the encrypted user profile information using a symmetric decryption algorithm and the session key.
  - 12. The method of claim 7, further comprising:
    - receiving a flush directive; and
      
      in response to receiving the flush directive, discarding the user profile information stored in the storage device.

13. A non-transitory computer-readable storage medium storing a computer program, the computer program comprising instructions, which when executed by at least one processor, cause a computer system to perform a method comprising:
- receiving, at a first hardware server, user profile information associated with a user of a client application;
  
  storing the user profile information at the first hardware server in a non-transitory storage device;
  
  generating, at the first hardware server, an identifier associated with the user profile information;
  
  receiving, at the first hardware server, a request including the identifier associated with the user profile information, the request being sent from a second hardware server;
  
  extracting the identifier from the request;
  
  accessing the non-transitory storage device at the first hardware server in which the user profile information for the user was stored prior to the first hardware server receiving the request;
  
  retrieving the user profile information from the non-transitory storage device based on the extracted identifier;
  
  generating a response, by the first hardware server, to the request using the retrieved user profile information; and
  
  sending the response to the second hardware server.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, further comprising instructions, that when executed by the at least one processor, cause the computer system to perform the method comprising:
    - receiving the user profile information with a first request, wherein the request is a second request that is subsequent to the first request and wherein the user profile information is encrypted;
      
      parsing the first request to extract the encrypted user profile information; and
      
      decrypting the encrypted user profile information extracted from the first request;
      
      wherein storing the user profile information in the non-transitory storage device comprises storing; and
      
      wherein the identifier comprises a tokenthe decrypted user profile information.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein:
    - to encrypt the user profile information, the instructions further comprise instructions for causing the at least one processor to determine a session key and use the session key to encrypt the user profile information.
  - 16. The non-transitory computer-readable storage medium of claim 15, further comprising instructions for causing the at least one processor to:
    - encrypt the session key; and
      
      append the encrypted session key to the initial request to create the modified initial request.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein:
    - to use the session key to encrypt the profile information, the instructions further comprise instructions for causing the at least one processor to use the session key and a symmetric encryption algorithm to encrypt the user profile information, and to encrypt the session key, the instructions further comprises instructions for causing the at least one processor to encrypt the session key using a public key encryption algorithm and a public key associated with the first hardware server.
  - 18. The non-transitory computer-readable storage medium of claim 13, further comprising instructions for causing the at least one processor to send a flush directive to the first hardware server such that the first hardware server discards the user profile information stored in the storage device associated with the first hardware server.

19. A method comprising:
- receiving, at a first hardware server from a client device, a first request including encrypted user profile information;
  
  extracting the encrypted user profile information from the first request;
  
  decrypting the encrypted user profile information;
  
  storing the decrypted user profile information in a storage device at the first hardware server;
  
  generating, at the first hardware server, an identifier associated with the user profile information;
  
  sending, to the client device, the identifier with a first response to the first request;
  
  receiving, at the first hardware server from a second hardware server, a second request including the identifier;
  
  extracting the identifier from the second request;
  
  accessing the storage device at the first hardware server, wherein the profile information for the user was stored in the storage device prior to the first hardware server receiving the second request from the client device;
  
  retrieving the user profile information from the storage device based on the extracted identifier;
  
  generating, by the first hardware server, a second response to the second request using the retrieved user profile information; and
  
  sending, from the first hardware server, the second response to the second hardware server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Harada, Larry T., Dolecki, Mark A., Purdum, Christopher S., Hendren, C. Hudson III
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US13/030,986
Publication Number

US 20110145590A1
Time in Patent Office

1,166 Days
Field of Search

713/150, 713/155, 713/182, 713/185, 726/2, 726/5, 726/14, 726 26- 30, 709/223, 709/225, 705/18, 705/26, 705/50, 705/52, 705/64, 705/76
US Class Current

726/26
CPC Class Codes

G06Q 20/3821   Electronic credentials

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

H04L 67/561   Adding application-function...

H04L 67/568   Storing data temporarily at...

Secure data exchange between data processing systems

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

164 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data exchange between data processing systems

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

164 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links