Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO1999015988) SECURE SERVER ARCHITECTURE FOR WEB BASED DATA MANAGEMENT
Latest bibliographic data on file with the International Bureau   

Pub. No.: WO/1999/015988 International Application No.: PCT/US1998/020149
Publication Date: 01.04.1999 International Filing Date: 25.09.1998
Chapter 2 Demand Filed: 13.04.1999
IPC:
G06F 15/16 (2006.01) ,G06F 1/00 (2006.01) ,G06F 11/00 (2006.01) ,G06F 11/32 (2006.01) ,G06F 11/34 (2006.01) ,G06F 13/00 (2006.01) ,G06F 15/00 (2006.01) ,G06F 17/30 (2006.01) ,G06F 21/00 (2013.01) ,G06F 3/14 (2006.01) ,G06F 9/54 (2006.01) ,G06Q 10/10 (2012.01) ,G06Q 20/10 (2012.01) ,G06Q 20/38 (2012.01) ,G06Q 30/02 (2012.01) ,G06Q 30/06 (2012.01) ,G06Q 99/00 (2006.01) ,H04L 12/14 (2006.01) ,H04L 12/24 (2006.01) ,H04L 12/26 (2006.01) ,H04L 12/46 (2006.01) ,H04L 12/58 (2006.01) ,H04L 29/06 (2006.01) ,H04L 29/08 (2006.01) ,H04L 9/00 (2006.01) ,H04M 15/00 (2006.01) ,G06F 11/07 (2006.01) ,G06F 11/20 (2006.01)
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
15
Digital computers in general; Data processing equipment in general
16
Combinations of two or more digital computers each having at least an arithmetic unit, a programme unit and a register, e.g. for a simultaneous processing of several programmes
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
1
Details not covered by groups G06F3/-G06F13/82
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
11
Error detection; Error correction; Monitoring
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
11
Error detection; Error correction; Monitoring
30
Monitoring
32
with visual indication of the functioning of the machine
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
11
Error detection; Error correction; Monitoring
30
Monitoring
34
Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
13
Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
15
Digital computers in general; Data processing equipment in general
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
17
Digital computing or data processing equipment or methods, specially adapted for specific functions
30
Information retrieval; Database structures therefor
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
3
Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
14
Digital output to display device
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
9
Arrangements for programme control, e.g. control unit
06
using stored programme, i.e. using internal store of processing equipment to receive and retain programme
46
Multiprogramming arrangements
54
Interprogramme communication
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
Q
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
10
Administration; Management
10
Office automation, e.g. computer aided management of electronic mail or groupware; Time management, e.g. calendars, reminders, meetings or time accounting
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
Q
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
20
Payment architectures, schemes or protocols
08
Payment architectures
10
specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
Q
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
20
Payment architectures, schemes or protocols
38
Payment protocols; Details thereof
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
Q
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
30
Commerce, e.g. shopping or e-commerce
02
Marketing, e.g. market research and analysis, surveying, promotions, advertising, buyer profiling, customer management or rewards; Price estimation or determination
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
Q
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
30
Commerce, e.g. shopping or e-commerce
06
Buying, selling or leasing transactions
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
Q
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
99
Subject matter not provided for in other groups of this subclass
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
02
Details
14
Charging arrangements
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
02
Details
24
Arrangements for maintenance or administration
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
02
Details
26
Monitoring arrangements; Testing arrangements
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
28
characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
46
Interconnection of networks
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
54
Store-and-forward switching systems
58
Message switching systems
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29
Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02
Communication control; Communication processing
06
characterised by a protocol
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29
Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02
Communication control; Communication processing
06
characterised by a protocol
08
Transmission control procedure, e.g. data link level control procedure
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9
Arrangements for secret or secure communication
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
M
TELEPHONIC COMMUNICATION
15
Arrangements for metering, time-control or time-indication
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
11
Error detection; Error correction; Monitoring
07
Responding to the occurrence of a fault, e.g. fault tolerance
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
11
Error detection; Error correction; Monitoring
07
Responding to the occurrence of a fault, e.g. fault tolerance
16
Error detection or correction of the data by redundancy in hardware
20
using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
Applicants:
DEVINE, Carol, Y. [US/US]; US
SHIFRIN, Gerald, A. [US/US]; US
SHOULBERG, Richard, W. [US/US]; US
Inventors:
DEVINE, Carol, Y.; US
SHIFRIN, Gerald, A.; US
SHOULBERG, Richard, W.; US
Agent:
GROLZ, Edward, W. ; Scully, Scott, Murphy & Presser 400 Garden City Plaza Garden City, NY 11530, US
Priority Data:
60/060,65526.09.1997US
Title (EN) SECURE SERVER ARCHITECTURE FOR WEB BASED DATA MANAGEMENT
(FR) ARCHITECTURE DE SERVEUR SECURISEE POUR LA GESTION DE DONNEES BASEE SUR LE WEB
Abstract:
(EN) A double firewalled system is disclosed for protecting remote enterprise servers (24) that provide communication services to telecommunication network customers (10) from unauthorized third parties. A first router (29a) directs all connection requests to one or more secure web servers (24), which may utilize a load balancer (45) to efficiently distribute the session connection load among a high number of authorized client users (10). On the network side of the web servers (24), a second router (29b) directs all connection requests to a dispatcher server (26), which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user (10) to ensure the user (10) is who he/she claims to be and a determination of entitlements that the user (10) may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user's copper wire connection to a legacy system and a user's remote connection to the enterprise system over a 'stateless' public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems.
(FR) L'invention concerne un système de double pare-feu permettant de protéger les serveurs distants d'une entreprise fournissant des services de transmission à des clients de réseaux de télécommunications contre des tiers non autorisés. Un premier routeur oriente toutes les demandes de connexion vers un ou vers plusieurs serveurs sécurisés du web, lesquels peuvent utiliser un équilibreur de charge permettant de répartir efficacement la charge de connexion des sessions parmi un grand nombre d'utilisateurs clients autorisés. Du côté réseau des serveurs web, un second routeur oriente toutes les demandes de connexion vers un serveur distributeur, lequel achemine les appels du serveur d'applications à un serveur mandataire pour l'application demandée. Une pluralité de protocoles de sécurité de données sont également employés. Les protocoles fournissent une identification de l'utilisateur ainsi qu'une authentification de celui-ci afin d'assurer que l'utilisateur est qui il/elle prétend être, ainsi qu'une détermination des habilitations que l'utilisateur peut se procurer à l'intérieur du système de l'entreprise. La sécurité des sessions est décrite, notamment concernant les différences entre une connexion d'un utilisateur distant par fil de cuivre à un système légué, et une connexion à distance d'un utilisateur au système de l'entreprise par un Internet public 'sans état', où chaque session est une transmission individuelle plutôt qu'un intervalle de temps entre une entrée dans le système et une sortie de système, tel que cela se produit habituellement dans des systèmes légués.
Designated States: AU, BR, CA, JP, MX, SG
European Patent Office (EPO) (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE)
Publication Language: English (EN)
Filing Language: English (EN)