Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-17
2002-03-26
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S153000, C713S155000, C380S262000
Reexamination Certificate
active
06363478
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a session processing module for a server in a data communications network.
BACKGROUND OF THE INFORMATION
The characteristics of communication between a client and a server communicating across a network can be divided into several categories including: level of authentication of parties, if any, level of data compression, if any, and level of data encryption, if any. The nature of these characteristics can be termed a quality of service between client and server.
Secure Sockets Layer (SSL) is a security protocol designed and specified by Netscape™ for providing data security layered between application protocols (such as HTTP, Telnet, NNTP, or FTP) and TCP/IP. Secure Sockets Layer (SSL), which is based on public key cryptography provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.
Standard Java enabled Web Servers provide for Secure Sockets Layer (SSL) to encrypt data flows between a Web server and a compatible Web browser. However, there are a number of problems with SSL, stemming from the fact that there can only be one level of encryption for all types of data:
data is decrypted, in the clear, within the server and browser;
data transmitted between the browser and web server is either encrypted according to SSL or clear there is no intermediate protocol; and
data is not compressed.
It can be seen therefore that SSL does not provide for closely specifying a quality of service and as such creates great difficulty for web application developers. Take, for example, a bank who wish to make financial services available through the Internet. The bank may have a back-end server on which client account information is stored. This server would normally be trusted and its information secure. The bank on the other hand may not necessarily trust its web server, and as such, SSL, which decrypts client information as it arrives at the web server, will not be satisfactory. Even if the security provided by SSL were satisfactory, then the bank may wish to define different ways of handling different information. The bank may wish to compress certain information sent from the server to a client applet, to improve bandwidth use where a lot of data is to be sent to an applet, whereas certain types of information may not be worth compressing, because downloading the software to decompress the data at the client would be too great an overhead. Again, SSL does not allow a developer to determine closely the quality of service required for such communication.
BACKGROUND OF THE INVENTION
The present invention seeks to mitigate the problems of SSL and other prior art by providing a session processing module for a server adapted to communicate across a packet switched network with a plurality of clients, said processing module comprising: means for allocating a session identifier in response to a first input stream of a session between a client and said server; means for negotiating communication characteristics for said session; and means for instantiating, according to said communication characteristics for said session, routines for processing subsequent session input streams containing request data and routines for generating session output streams containing response data.
The invention further provides a computer program product and a method for processing communication sessions between a server and a plurality of clients.
REFERENCES:
patent: 5557749 (1996-09-01), Norris
patent: 5657390 (1997-08-01), Elgamal et al.
patent: 5852666 (1998-12-01), Miller et al.
patent: 5960086 (1999-09-01), Atalla
patent: 0 810 524 (1997-03-01), None
Ian Johnson, “Tandem Targets High-End Market for New Web Server,” Computing Canada, vol. 21, No. 11, May 24, 1995, p. 34.*
Derwent WPI Accession No. 98-259163/199823 & RD 408149 (IBM) Apr. 10, 1998, Abstract.
Dr Dobbs Journal vol. 22, No. 10, Oct. 1997, C Berg “How do I write java servlet?”, pp. 121-123.
Netscape World, May 5, 1997, J Lowe “How Java servlets can replace CGI scripts—for ease, performance & more”, from http://www.netscapeworld.com
etscapeworld
w-05-1997
w-05-bytecode.html website.
Netscape World, Jul. 4, 1996, T Gorman “Server-side applets in Java generate developer anticipation”, from http://www.netscapeworld.com
etscapeworld
w-07-1996
w-07-jeeves.html website.
Lambert Howard Shelton
Wright Steven
Clay A. Bruce
Darrow Justin T.
International Business Machines Corp.
Swann Tod
LandOfFree
Security mechanisms in a web server does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security mechanisms in a web server, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security mechanisms in a web server will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2881337