Secregating anonymous access to dynamic content on a web server, with cached logons

US 9,047,387 B2
Filed: 07/27/2011
Issued: 06/02/2015
Est. Priority Date: 10/17/2008
Status: Active Grant

First Claim

Patent Images

1. Apparatus for serving content from multiple websites, the apparatus comprising:

one or more computer servers executing a plurality of web server instances to serve content of a plurality of websites, wherein the one or more computer servers comprise a plurality of user accounts;

a single database, external to the one or more computer servers and shared among the plurality of web server instances, for mapping between a request for a dynamic content item of a website from an anonymous web user and a user account associated with a customer that owns the requested dynamic content item, to be used to process the request;

wherein the user account is configured with permission to access content of the website associated with the dynamic content item, but not content of another website that corresponds to another user account; and

wherein the database maps at least two different requests from anonymous users for dynamic content items of two different websites to two different user accounts.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for segregating access to dynamic content on multiple websites hosted by a web server. When a request is received for dynamic content from a website, a UserRetriever module identifies a path to the content and retrieves a username and password corresponding to the website, from a database that is separate from the web server and used for other purposes (e.g., billing). A UserImpersonator module requests a logon handle for that username from a logon cache manager. The logon handle is used to associate the request with the impersonated user account instead of the default anonymous user account with which the request was initially associated. The dynamic content is retrieved and served under the context of the restricted impersonated user account session, after which the applied logon handle is stripped off and the request is re-associated with the default anonymous user account.

56 Citations

View as Search Results

20 Claims

1. Apparatus for serving content from multiple websites, the apparatus comprising:
- one or more computer servers executing a plurality of web server instances to serve content of a plurality of websites, wherein the one or more computer servers comprise a plurality of user accounts;
  
  a single database, external to the one or more computer servers and shared among the plurality of web server instances, for mapping between a request for a dynamic content item of a website from an anonymous web user and a user account associated with a customer that owns the requested dynamic content item, to be used to process the request;
  
  wherein the user account is configured with permission to access content of the website associated with the dynamic content item, but not content of another website that corresponds to another user account; and
  
  wherein the database maps at least two different requests from anonymous users for dynamic content items of two different websites to two different user accounts.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, further comprising at least one content repository configured to store content served by the websites.
  - 3. The apparatus of claim 1, wherein each web server instance is configured to refer to the single database for said mapping, and not a metabase associated with the web service instance.
  - 4. The apparatus of claim 1, wherein the single database is a database other than a metabase implemented with Internet Information Services software.
  - 5. The apparatus of claim 1, wherein the single database comprises information for managing operation of the one or more computer servers, in addition to said mapping.
  - 6. The apparatus of claim 5, wherein the information comprises a path to the requested content item.
  - 7. The apparatus of claim 5, wherein the information comprises one or more of:
    - addresses of content repositories storing content served by the multiple websites; and
      
      paths to content stored on the content repositories.
  - 8. The apparatus of claim 5, wherein the information comprises one or more of:
    - billing data;
      
      service provisioning information;
      
      domain names of the websites; and
      
      usage statistics of the websites.
  - 9. The apparatus of claim 1, wherein the single database is a database whose contents are altered every time the web servicing environment changes.
  - 10. The apparatus of claim 1, wherein the multiple websites include more than 10,000 websites.
  - 11. The apparatus of claim 1, wherein the multiple websites include more than 100,000 websites.

12. A method for serving content from multiple websites, the method comprising:
- executing, on one or more computer servers, a plurality of web server instances to serve content of a plurality of websites, wherein the one or more computer servers comprise a plurality of user accounts; and
  
  mapping between a request for a dynamic content item of a website from an anonymous web user and a user account associated with a customer that owns the requested dynamic content item, to be used to process the request, wherein said mapping is performed using a single database, wherein the single database is external to the one or more computer servers, wherein the single database is shared among the plurality of web server instances, and wherein the user account is configured with permission to access content of the website associated with the dynamic content item, but not content of another website that corresponds to another user account, and wherein said mapping comprises mapping at least two different requests from anonymous users for dynamic content items of two different websites to two different user accounts.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising at least one content repository configured to store content served by the websites.
  - 14. The method of claim 12, wherein each web server instance is configured to refer to the single database for said mapping, and not a metabase associated with the web service instance.
  - 15. The method of claim 12, wherein the single database is a database other than a metabase implemented with Internet Information Services software.
  - 16. The method of claim 12, wherein the single database comprises information for managing operation of the one or more computer servers, in addition to said mapping.
  - 17. The method of claim 16, wherein the information comprises a path to the requested content item.
  - 18. The method of claim 16, wherein the information comprises one or more of:
    - addresses of content repositories storing content served by the multiple websites; and
      
      paths to content stored on the content repositories.
  - 19. The method of claim 12, wherein the single database is a database whose contents are altered every time the web servicing environment changes.

20. A non-transitory computer-readable storage medium storing instructions that, when executed by a computer, cause the computer to perform a method for serving content from multiple websites, the method comprising:
- executing, on one or more computer servers, a plurality of web server instances to serve content of a plurality of websites, wherein the one or more computer servers comprise a plurality of user accounts; and
  
  mapping between a request for a dynamic content item of a website from an anonymous web user and a user account associated with a customer that owns the requested dynamic content item, to be used to process the request, wherein said mapping is performed using a single database, wherein the single database is external to the one or more computer servers, wherein the single database is shared among the plurality of web server instances, and wherein the user account is configured with permission to access content of the website associated with the dynamic content item, but not content of another website that corresponds to another user account, and wherein said mapping comprises mapping at least two different requests from anonymous users for dynamic content items of two different websites to two different user accounts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Hicks, Brian C.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US13/191,663
Publication Number

US 20110282909A1
Time in Patent Office

1,406 Days
Field of Search

726/5, 726/2, 726/4, 726/6, 726/27, 380/255, 707/999.009
US Class Current

1/1
CPC Class Codes

G06F 16/972   Access to data in other rep...

G06F 21/31   User authentication

G06Q 40/12   Accounting

H04L 63/0407   wherein the identity of one...

H04L 63/104   Grouping of entities

Y10S 707/99939   Privileged access

Secregating anonymous access to dynamic content on a web server, with cached logons

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secregating anonymous access to dynamic content on a web server, with cached logons

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links