A Microfiche Appendix is included in this application and comprises 2 sheets, having a total of 175 frames. The Microfiche Appendix contains material which is subject to copyright protection under the laws of the United States and other nations. The copyright owner has no objection to the facsimile reproduction by any person of the Microfiche Appendix, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
The present invention generally relates to a computer client-server environment. In particular, the invention relates to a method and system for providing secure transactions and for tracking the state of communications in a public network.
In an ever-increasing fashion, networks are used to transfer data among computers throughout the world. These networks utilize a protocol in which data groups, called packets, are requested by one computer and sent by another computer. With the prevalent use of the global public network known as the Internet, computers located remotely from each other can share information by requesting and delivering these packets. In a client-server environment, the client and a server are software or hardware applications which are used to communicate in a request/response manner. The separate client and server applications can be resident on a single computer or separated by thousands of miles in separate computers connected via a network.
The world-wide web, or xe2x80x9cWeb,xe2x80x9d is one such information system implemented on the Internet. The Web is based on hypertext technology, which allows certain elements of a document or xe2x80x9cpagexe2x80x9d to be expanded or linked to other elements elsewhere on the xe2x80x9cWebxe2x80x9d of interconnected computers. The Web may be viewed by users via xe2x80x9cbrowsers,xe2x80x9d which essentially are local computer programs that read hypertext documents and display graphics. The Web is gated or navigable via these hypertext documents and is structured using links between these documents. The address of individual documents are known as xe2x80x9cuniversal resource locators,xe2x80x9d or xe2x80x9cURLs.xe2x80x9d
In the Web""s data exchange implementation, the local computer requesting information may be considered a xe2x80x9cclientxe2x80x9d and the computer responding to the requests may be considered a xe2x80x9cserver.xe2x80x9d Data exchange between the client and server is performed via discontinuous, unrelated and standalone request/response pairs for information. In order to more efficiently handle requests from many clients, the server initiates a new connection for every request. This connection is subsequently broken after each response is transmitted. The server is thereafter available to service a new connection requested from another client.
For every request from the same client, a new connection must be established, although this typically is done fairly quickly. Consequently, a user (or client) who has made previous requests is treated no differently from one who has not. The server responds to each request for information in the order received. Thus, if the client is accessing the server in a series of interdependent cumulative steps, the client not only must request a new connection, but must resend the results of the previous requests to the server. The existence of a new connection and a new set of requests that is sent from the client to the server is often concealed from the user. Thus, the client transparently remembers the xe2x80x9cstatexe2x80x9d of the exchanges between the client and the server, and returns this information to the server so that the exchange can continue appropriately. Often, this xe2x80x9cstatexe2x80x9d information is sent with the URL in each new request.
With this configuration, the state information is stored primarily at the client. If the client does not reestablish a connection with a particular server immediately, some of the state information may become irrelevant or stale as the server updates its own database information. Thus, the state information stored at the client may become irrelevant or useless after a period of time, and the client will need to reestablish the current state with a particular server again.
As the number of cumulative requests to an xe2x80x9cinterestingxe2x80x9d server increases, however, the required amount of information that the client must send to the server also increases. An xe2x80x9cinterestingxe2x80x9d Web application running on a server must acquire and retain state information from the client. With the bandwidth limitations of conventional phone lines or network cable, the retransmitted information increases the amount of time it takes for a client to send a request to the server and to receive a response. More importantly, valuable or confidential information, such as credit card account numbers, is repeatedly sent and is subject to increased risk of interception by undesired parties. Furthermore, should the integrity of the communications link between the client and the server be interrupted at any time, much of the state information retained at the client or the server may be lost, thereby requiring the client to proceed through a previous series of requests to establish the state where communications broke off.
The following practical example illustrates these shortcomings in the prior art. In this example, a server runs a xe2x80x9csite,xe2x80x9d or xe2x80x9cWeb applicationxe2x80x9d program, which processes mail order requests for clothing. A consumer uses his computer, the client, to purchase a pair of pants over the Internet by executing a series of requests to a server:
The relationship between the client and the server is xe2x80x9cstateless,xe2x80x9d in that their communication consists of transmissions bounded by disconnects and reconnects for each new request or response pair. The amount of data sent from the client to the server typically increases with every request by the client in order to ensure that each request from the client is recognized by the server in relation to previous requests. As those skilled in the art will appreciate, the state information sent in the final request necessarily repeats all of the state information accumulated from all previous communications within the same context. It is thus conceivable that a lengthy transaction could require the transmission of hundreds of pieces of state information between the client and server.
It is an objective of the present invention to provide a method for minimizing the amount of information to be transmitted between the client and the server during these network transactions.
It is also an objective of the present invention to increase the security and reliability of the client-server communications.
It is a further objective of the present invention to centralize and secure client-specific data and retain it at the server.
To meet the above objectives, the present invention replaces the information that tracks the results of the previous requests over established and reestablished communications links using an identifier string called a xe2x80x9ckey.xe2x80x9d Instead of an ever-increasing set of information transmitted from the client to the server and back, the embodiment described herein localizes the state between the client and server at the server and associates the state with the key string. The substantive information from the previous commands, requests or responses need not be retransmitted upon the establishment of each new connection with a server. Rather, the server keeps track of this information and the server and client both reference this information with only the key.
One aspect of the present invention therefore provides a method for tracking communications in a stateless client-server environment comprising the steps of sending a first request from the client to the server over a first communication link or connection, sending a first identifier from the server to the client over the first link, sending the first identifier from the client and a second request to the server over a second link, and sending a response to the second request and a second identifier distinct from the first identifier from the server to the client over the second link. The first and second identifiers are thus distinct and can identify the state of the particular client to the server by representing the present state of communications, or simply identify the client based on the last secure identifier string exchange made between the server and the client. This identification information and state information may preferably be stored at the server, thereby providing the most secure and efficient repository for state or identification-tracking data.
In another aspect of the present invention, the server performs the steps of exchanging identifiers upon receipt of a new request from a distinct client. In particular, a method is provided comprising the steps of receiving a first request from a client over a first link, sending a first identifier to the client over the first link, receiving the first identifier from the client and a second request over a second link, and sending a response to the second request and a second identifier distinct from the first identifier to the client over the second link.
In yet another aspect of the present invention, a method for tracking communications in a client-server environment is provided including the steps of establishing a first connection between a client and a server, authenticating the client at the server, generating a first key in the server corresponding to the communication session and sending the first key to the client. After disconnecting the first connection, a second connection is established between the client and server, with the client generating a request and sending the request and the first key to the server. The server verifies the first key and generates a response (optionally using any local state information previously stored at the server and associated with the first key) to the request and a second key at the server. The response and the second key are then sent back to the client. In this fashion, the server is able to keep track of the state or status of a series of communications with a particular client by internally referencing the state of such communications with keys. A new key is sent to the client along with each response to a client""s request. Any subsequent communication by the client is then transmitted back to the server along with a particular key that is recognized by the server.
In another aspect of the present invention, the keys used by the server to track the state of communications sessions are interchanged or changed often, preferably by the server, before any response is sent back to the client.
In still another aspect of the present invention, a system for tracking communications in a client-server environment is provided that includes a client computer operative to establish a connection with a server computer, and a server computer in communication with the client. The server includes a key generator means generating a plurality of keys for transmission to the client, a verification means in communication with the key generator means, the verification means receiving the keys from the client to recognize the client, and a discarding means linked to the key generator means for disposing of previously transmitted keys.
In yet another aspect of the present invention, a method for tracking communications in a client-server environment is provided including the steps of establishing a first connection between a client and a server, generating a first key in the server corresponding to a session between the client and the server, sending the first key to the client, disconnecting the first connection between the client and the server, establishing a second connection between the client and the server, generating a request at the client and sending the request and the first key to the server through the second connection, recognizing the first key at the server, generating a second key at the server, the second key being unrelated to the first key, processing the request of the client at the server to generate a response, sending the response and the second key back to the client over the second connection, and disconnecting the second connection between the client and the server.
In another aspect of the present invention, the keys used to track the communications are sequential and have no information or relationship to the data being transmitted between the client and the user.
In yet another aspect of the present invention, the keys used to track the communications are randomly generated or have no sequential relationship to one another.
In still another aspect of the present invention, the keys are invalidated by the server once they are used in a request or request/response pair so that they will never be used again or at least until the occurrence of a certain event (e.g., revised after 1 year, revised after 1000 sessions, etc.).
In another aspect of the present invention, the keys are invalidated after a specified period of time has elapsed.
In yet another aspect of the present invention, a method for tracking communications in a client-server environment is provided including the steps of establishing a connection between a client and a server, receiving a first key from the server, generating a request at the client, sending the request and the first key to the server through the connection, and receiving a response to the request and a new key from the server over the connection.
The present invention thus allows for the emulation of a stateful network environment. The recognition between the client and server requires only the transmission of the new request and a key string. Thus, from the user""s or client""s perspective, the communication with the server appears to be stateful and permanent, since there is no retransmission of old data.
The present invention alleviates problems found in the prior art by eliminating the need for any summary retransmission of state data. While the prior art requires this information to adequately describe the new instruction to the server, the present embodiment records this information at the server, which associates the current state information of the client with an unrelated or related key value. This results in a streamlined, secure environment for network conversations.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.
The invention, together with further objects and attendant advantages, will best be understood by reference to the following detailed description, taken in conjunction with the accompanying drawings.