The present invention relates to computer system communications, and more particularly to a server for supporting connection-oriented type applications (also called xe2x80x9cstatexe2x80x9d applications) over a connectionless-oriented (xe2x80x9cstatelessxe2x80x9d) type protocol.
Internet workstations are connectionless-oriented socket clients or applications that connect to a server only long enough to retrieve an installment of data.
Once the data is retrieved, connectionless oriented socket applications generally disconnect until the next data transaction is initiated by the client. Connection oriented applications assume that the client maintains the connection to the server for the duration of the session. The client only disconnects when the session is being ended.
With connection-oriented applications, the identity and synchronization of both the client and server are known to both sides of the connection. Thus, it is taken for granted that the client is trusted and the data exchange is synchronized (in particular, the xe2x80x9ccurrentxe2x80x9d or xe2x80x9cactivexe2x80x9d application panel is known).
However, in connectionless-oriented applications, in which the Hypertext Transfer Protocol (HTTP) class of service belongs, this connection is not maintained, and thus the identity and synchronization of either the client or server, or both, may change unknown to the other side. This has the potential to result in xe2x80x9cout-of-syncxe2x80x9d data exchanges, and it is not known if the reconnecting client was the original session initiator. This could xe2x80x9cbreakxe2x80x9d an application or expose sensitive data to another, unauthorized client. Consequently, there is a need in the art to assure that once an application is started with a given web browser, another browser cannot come along and connect or xe2x80x9cspoofxe2x80x9d (that is, steal, or take over) that browsers connection and application.
The IBM 5250 datastream is a device specific datastream for an IBM AS/400 computer system. Such a device specific datastream may be a serial stream of data bytes in hexadecimal form. A Workstation Gateway (WSG), acting as a protocol converter, receives IBM 5250 datastreams from connection-oriented type applications that depend on a connected state of direct communication with the attached device. The WSG converts the native 5250 datastreams into an equivalent Hypertext Mark-up Language (HTML) document and delivers the document to the destination client host browser over a connectionless-oriented protocol, called Hypertext Transfer Protocol (HTTP).
The problem of job management is complicated by the fact that all browser-to-application sessions can only be initiated through the one WSG server that owns the socket with the xe2x80x9cwell-knownxe2x80x9d port defined for this service. Each session that is initiated must somehow be assigned to another WSG server by the one WSG server owning the xe2x80x9cwell-knownxe2x80x9d port.
It is an object therefore of the invention to provide an internet connection for a workstation gateway that supports connection-oriented type applications (can also be called xe2x80x9cstatexe2x80x9d applications) over a connectionless-oriented (or xe2x80x9cstatelessxe2x80x9d) type protocol.
It is a further object of the invention to provide a workstation gateway server that supports and connects/reconnects multiple applications and clients through a single server, which maintains the illusion of a connectionless-oriented environment to the browser and a connection-oriented appearance to the interactive application.
It is a further object of the invention to manage multiplexing of web browsers and applications through one or more workstation gateway servers, where each such server may handle one or more browser to application connections.
It is a further object of the invention to provide a connectionless-oriented environment in which screen spoofing does not occur.
In accordance with this invention, in an internet system having a plurality of applications, and a plurality of servers for attachment from a plurality of web browsers, the system supports connection-oriented applications over a connectionless protocol. At least one of the servers is a master server Work Station Gateway owning a well-known port, and the other servers are slave servers supporting established web browser to application state sessions.
In accordance with a further aspect of the invention, dynamic session authentication checking is done by the server to prevent the occurrence of screen spoofing. This is accomplished by providing authentication keys which are unique to each session and each panel, such that spoofing can only occur via real-time interception of the keys.