United States Patent [19]
`Blackwell, Jr. et al.
`
`USOO5857191A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,857,191
`Jan. 5, 1999
`
`[54] WEB APPLICATION SERVER WITH
`SECURE COMMON GATEWAY INTERFACE
`
`[75] Inventors: William C. Blackwell, Jr., Harvard,
`Mass.; Robin Alston, Penarth, United
`Kingdom; Kevin M. Farrington,
`Southborough, Mass.
`
`[73] Assignee: Gradient Technologies, Inc., Marlboro,
`Mass.
`
`[21] Appl. No.: 676,783
`[22]
`Filed:
`Jul. 8, 1996
`
`[51] Int. Cl.6 .................................................... .. G06F 17/30
`[52] US. Cl. ............................... .. 707/10; 707/1; 707/104;
`707/103; 395/200.33; 395/200.45; 395/831;
`380/23; 705/35
`[58] Field of Search ........................... .. 707/3, 10, 1, 103,
`707/104; 395/200.59, 200.33, 188.01, 684,
`200.45, 831; 380/25, 23, 49; 370/401; 705/35
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5,452,459
`5,497,463
`
`9/1995 Drury et a1. .............................. .. 707/3
`3/1996 Stein et a1.
`395/200.33
`232g: Zi'ai'"
`M88 01
`576897638 11/1997 sagovsky '
`" _________ __
`/1
`577017451 12/1997 Rogers et
`370/401
`5,706,286
`1/1998 Reiman et a1. ..
`380/25
`5,706,349
`1/1998 Aditham et a1.
`5,708,780
`1/1998 Levergood et a1. ............. .. 395/200.59
`
`5,715,453
`
`2/1998 Stewart ......................................... ..1/1
`
`OTHER PUBLICATIONS
`YeW—Huey Liu, Paul DantZig, C.Eric Wu, Lionel M.Ni, A
`Distributed connection manager interface for Web services
`on IBM SP systems, IEEE 1996, 2—9, Jun. 1996.
`Masud Khandker, Peter Honeyman, Toby J. Teorey, Perfor
`mance of DCE RPC, IEEE 1995, 2—10, Apr. 1995.
`YeW—Huey Liu, Paul DantZig, C.Eric Wu, Jim Challenger,
`Lionel M.Ni, A Distributed Web server and its performance
`analysis on multiple platforms, IEEE, 665—672, May. 1996.
`A. Masud Khandker, Toby J Teorey, Case Study: HoW
`analytic modeling can reveal performance problems in dis
`tributed systems, IEEE, 61—67, Jul. 1996.
`Netscape Communications Corporation, “The Netscape
`Server API,” 1995.
`Netscape Communications Corporation, “The NSAPI Ver
`sus the CGI Interface,” 1995.
`Primary Examiner—Wayne Amsbury
`Assistant Examiner—Srirama Channavajj ala
`Attorney, Agent, or Firm—Hale and Dorr LLP
`[57]
`ABSTRACT
`
`A Web broWser communicates through a secure local proxy
`to a Web server that has an interface for secure communi
`cations. The application server has an application program
`conforming to the CGI programming model that can run
`continuously as a process and can maintain state
`information, such as pointers to next records, thus requiring
`less computational and memory overhead for a succession of
`requests
`
`13 Claims, 2 Drawing Sheets
`
`50
`/
`CELL DIRECTORY
`SERvICE (CD8)
`
`42
`
`10v BROWSER
`
`APPLICATION ~48
`PROGRAM
`
`DATABASE
`
`3444
`
`SLP
`
`IF
`
`DCE/RFC
`
`API
`
`806!
`
`~46
`~36
`C44
`
`/38
`WEB
`SERVER
`
`NTTP
`
`40
`/
`DOCUMENTS
`
`Petitioners Great West Casualty Co., BITCO Gen. Ins. Corp., and BITCO Nat'l Ins. Co.
`Ex. 1028, p. 1
`
`

`
`U.S. Patent
`
`Jan. 5, 1999
`
`Sheet 1 of2
`
`5,857,191
`
`i10
`
`/12
`
`/16
`
`\
`
`COMMON
`GATEWAY /
`INTERFACE
`(CGI)
`
`18
`
`FIG. 1
`(PRIOR ART)
`
`1O
`
`32
`
`‘
`
`BROWSER
`
`SECURE LOCAL
`PRQXY (SLP)
`
`/36 /30
`
`SERVER
`
`CGI
`
`FIG. 2
`(PRIOR ART)
`
`Petitioners Great West Casualty Co., BITCO Gen. Ins. Corp., and BITCO Nat'l Ins. Co.
`Ex. 1028, p. 2
`
`

`
`U.S. Patent
`
`Jan. 5, 1999
`
`Sheet 2 0f 2
`
`5,857,191
`
`CELL DIRECTORY
`SERVICE (CD8)
`
`42
`~48 4-»
`DATABASE
`
`10“ BROWSER
`
`APPLICATION
`PROGRAM
`
`SLP f
`n
`
`DCE/RPC
`
`API
`SCGI
`
`NTTP
`
`/38
`WEB
`SERVER
`
`DOCUMENTS
`
`FIG. 3
`
`60
`
`CLIENT
`
`/62
`SERVER 1
`
`64 /
`V SERVER 2
`
`DATABASE 1
`
`-
`DATABASE 2
`
`FIG. 4
`
`Petitioners Great West Casualty Co., BITCO Gen. Ins. Corp., and BITCO Nat'l Ins. Co.
`Ex. 1028, p. 3
`
`

`
`5,857,191
`
`1
`WEB APPLICATION SERVER WITH
`SECURE COMMON GATEWAY INTERFACE
`
`FIELD OF THE INVENTION
`
`This invention relates to a secure interface for an appli
`cation server.
`
`BACKGROUND OF THE INVENTION
`
`With a commercially available Web browser, a user can
`obtain information, such as a document or records from a
`database, from a Web server over the Internet. The Web
`server can access documents directly, or it can access a
`database through a common gateway interface (CGI) pro
`gram. When the Web server requests data from the database
`in response to the user’s request, a CGI program is executed
`to create a query to the database, to format results from the
`database in HyperTeXt Markup Language (HTML), and to
`provide the results to the Web server for transmission to the
`user.
`To access the database during a succession of requests, the
`Web server creates and eXecutes a separate local CGI pro
`gram for each request. Each process opens the database,
`retrieves data speci?c to the request, and closes the database.
`BetWeen requests, the Web server does not preserve any state
`information. Consequently, any subsequent request for
`information from the database requires that a subsequent
`CGI process perform the same steps, i.e., open database,
`retrieve data, and close database. Such execution of succes
`sive programs for successive requests to access the database
`is computationally inef?cient.
`Communications betWeen the Web broWser and the Web
`server are typically made according to the HyperTeXt Trans
`fer Protocol (HTTP). A concern With such transfers of
`information is that HTTP is generally not secure. With a
`commercially available “packet sniffer,” an intruder can
`intercept packets transmitted over the Internet. To provide
`additional security, public-key authentication and encryp
`tion can be added to HTTP. Authentication refers to a
`mechanism by Which the transacting parties prove they are
`Who they claim to be; and encryption refers to the altering
`of data so that it cannot be easily read or modi?ed if
`intercepted. Such systems, hoWever, do not provide
`authoriZation, i.e., the restriction of access to data based on
`a user’s identity.
`To provide more security functions, the Web broWser and
`Web server can use the Distributed Computing Environment
`(DCE) from the Open SoftWare Foundation (OSF) of
`Cambridge, Mass. With a DCE-based system, requests from
`the Web broWser are provided to a secure local proXy (SLP),
`Which tunnels the requests to a DCE-aWare Web server via
`DCE Remote Procedure Call (RPC). Security based on RPC
`communications enables authoriZation in addition to other
`security features.
`
`OBJECTS AND SUMMARY OF THE
`INVENTION
`
`It is an object of the present invention to provide access
`to objects With less computational overhead than is typical
`of a CGI program model.
`It is another object of the present invention to reduce
`overhead While providing security that includes
`authentication, privacy, and authoriZation.
`In a system according to the present invention, a secure
`application server has a secure interface that receives
`requests from a Web broWser. The server also has an appli
`
`2
`cation program for accessing an object, such as a database,
`and an application programming interface (API) betWeen the
`secure interface and the application program.
`The secure application server can run continuously as a
`process and can maintain state information about the object.
`In the case Where the object is a database, the database can
`remain open betWeen calls to the same database, and the
`secure server can maintain pointers to neXt records to be
`read. This system thus requires less computational and
`memory overhead. The secure servers are scalable in that
`additional secure servers can be added and their tasks can be
`divided so that different servers are used for different pur
`poses. The API betWeen the secure interface and the appli
`cation program alloWs a programmer to use the CGI pro
`gramming model in the application program, Without
`requiring that the programmer program according to the
`secure interface, such as the Distributed Computing Envi
`ronment (DCE). Other features and advantages become
`apparent from the folloWing detailed description, draWings,
`and claims.
`
`15
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`25
`
`FIGS. 1 and 2 are block diagrams of knoWn systems for
`providing communications betWeen a Web broWser and a
`Web server.
`FIGS. 3 and 4 are block diagrams of systems according to
`embodiments of the present invention.
`
`DETAILED DESCRIPTION
`
`Referring to FIG. 1, in a knoWn system, a commercially
`available Web broWser 10 (a client) communicates With a
`Web server 12 using HTTP or a version of HTTP With
`public-key-based authentication and encryption. Web server
`12 can access documents 16 directly, or it can cause a
`process to access data in a database 18 through a common
`gateWay interface (CGI) 20. CGI 20 has a program that
`resides on server 12 and is customiZed to server 12 and
`database 18. CGI 20 is thus part of server 12. For each
`request from a user for data in database 18, Web server 12
`eXecutes the CGI program. Each execution of the CGI
`program causes the server to open database 18, create a
`query to access the data in the database, provide and format
`results for server 12 in HTML, and then close database 18.
`Referring to FIG. 2, to provide enhanced security, the user
`can use Web broWser 10 With a secure local proXy (SLP) 32
`to communicate With a Web server 30 through an interface
`36 that alloWs secure communications With DCE/RPC.
`Server 30 also uses a CGI program to access a database as
`described above. While this system provides security that
`has certain bene?ts over HTTP or HTTP enhanced With
`public-key encryption, such as the addition of authoriZation
`features, it still has some draWbacks of the system of FIG.
`1 in that a stateless CGI program is involved in the same
`inef?cient manner and the CGI program must reside on the
`same system as server 30 and thus be part of server 30.
`Referring to FIG. 3, according to the present invention, a
`Web broWser 10 can communicate With many Web servers,
`including an application server 36 through an SLP 34 over
`secure DCE/RPC, and With Web server 38 With HTTP.
`Server 38 can retrieve documents 40 and provide them to the
`user over non-secure HTTP.
`Server 36 has a secure interface 44 that supports com
`munications With secure DCE/RPC, an application program
`ming interface (API) 46, and an application program 48 that
`can access an object such as a database 42. Program 48 in
`
`35
`
`45
`
`55
`
`65
`
`Petitioners Great West Casualty Co., BITCO Gen. Ins. Corp., and BITCO Nat'l Ins. Co.
`Ex. 1028, p. 4
`
`

`
`3
`server 36 can be kept constantly running With the database
`open. With this ability, program 48 can maintain state
`information about database 42, and can store database
`speci?c handles to service a series of database queries
`Without closing the database betWeen each query. These
`handles can contain pointers that alloW a neXt record to be
`retrieved Without restarting a search. Server 36 can thus omit
`computational overhead that is typically required for a series
`of accesses as in a system such as that shoWn in FIG. 1. To
`implement this feature, the server has a main procedure
`Which calls a database open routine, thus causing the data
`base to remain open.
`Server 36 is also multi-threaded so that it can handle
`requests from multiple broWsers concurrently, thus provid
`ing additional computational ef?ciency over the typical
`CGI-based system. The shared process memory also
`requires less memory.
`As part of a typical DCE system, the system shoWn in
`FIG. 3 has a cell directory service (CDS) 50 that runs as a
`daemon on some host in the DCE cell. CBS 50 brings
`together DCE-based clients, such as SLP 34 and secure
`application servers 36. If a user With a Web broWser invokes
`a Uniform Resource Locator (URL) With a particular DCE
`syntax (e.g., “/.:/” in the URL), SLP 34 queries CBS 50 to
`determine the netWork location of a DCE-aWare Web server
`corresponding to the URL. Because the URL locates a
`virtual object Within the netWork and not a speci?c netWork
`host or a hard physical netWork address, a secure application
`server can change its host name or netWork address and
`re-register With the CBS 50 daemon Without requiring a
`change in the URL invoked by the client user.
`Referring to FIG. 4, the system of the present invention is
`easily scalable in that a client 60 can access multiple secure
`application servers 62, 64 such that each secure application
`server corresponds to a different URL and a different appli
`cation or group of applications. For eXample, different
`secure application servers can each access different
`databases, each feeding information back to the Web
`broWser; or one application server can be a backup in the
`event that one host fails.
`Referring again to FIG. 3, application program 48 can be
`Written by a programmer to conform to the model and
`protocol used With current CGI-based servers, but program
`48 is adapted for use With secure interface 44 With a toolkit
`in API 46 that implements the secure interface functions.
`This toolkit includes a library With a number of routines for
`handling details associated With the secure interface protocol
`and provides a convenient interface to the user/programmer,
`Without requiring the programmer to program With a secure
`interface protocol such as DCE.
`The toolkit has a “start” routine that initialiZes functions
`of the application server, such as providing a server name to
`CBS 50 so that the server can be found, and registering an
`end point. After the server is started, a “listen” routine causes
`the application server to listen for incoming requests. This
`listen routine accepts, as input parameters, pointers to han
`dler routines for HTTP methods that might be requested by
`a client user, such as “GET,” “HEAD,” “POST,” and “PUT”
`methods. These handler routines Would be Written by an
`application developer With an application-speci?c procedure
`for handling requests. These handlers typically take input
`parameters, check authoriZation against an access control
`list (ACL), perform processing, create HTML output, and
`return to the listen routine. If the toolkit is Written in
`C-language, it also includes input/output routines that emu
`late knoWn C-language runtime routines, such as printf,
`puts, getc, and getenv.
`
`1O
`
`15
`
`25
`
`35
`
`45
`
`55
`
`60
`
`m 5
`
`5,857,191
`
`4
`With this toolkit stored as API 46 on application server 36
`in one of a number of knoWn types of storage media, such
`as a disk, application programmers familiar With CGI pro
`gramming can build an application server of the type shoWn
`in FIG. 3, While the toolkit conveniently adapts the CGI
`program to the secure interface.
`An embodiment of a secure interface and an application
`program interface is available from Gradient Technologies,
`Inc., of Marlboro, Mass., under the name WebCrusader
`Secure AppEngine. This product provides DCE-based com
`munications for users With a WebCrusader Connect Client
`local proxy and also provides a C-language API for com
`municating With an application program. With such a
`system, the application server is not tied to another particular
`Web server. Because the application server is not tied to a
`particular Web server, it can be managed separately, thus
`making administration more manageable. Moreover, the
`application program for accessing the object can be Written
`in the knoWn CGI form, and therefore the programmer need
`not use a proprietary protocol.
`Having described an embodiment of the present
`invention, it should be apparent that other modi?cations can
`be made Without departing from the scope of the invention
`as de?ned by the appended claims. While the present
`invention has been described in terms of DCE, other secure
`systems, such as a public key system, could be employed.
`What is claimed is:
`1. An application server for receiving from a Web broWser
`requests to access an object, the server comprising:
`a secure interface for receiving the requests from the Web
`broWser over a communications line;
`an application program conforming to the common gate
`Way interface (CGI) protocol and stored in a storage
`medium for accessing the object and for providing data
`as a result of the access; and
`an application program interface With a library of routines
`stored in a storage medium for communicating betWeen
`the application program conforming to the CGI proto
`col and the secure interface to provide secure commu
`nications to the object.
`2. The server of claim 1, Wherein the secure interface
`receives communications With Distributed Computing Envi
`ronment Remote Procedure Call (DCE RPC).
`3. The server of claim 1, Wherein the application program
`has an open database call to keep the object open betWeen
`successive requests from the Web broWser.
`4. A method comprising server-implemented steps of:
`receiving over the Internet from a Web broWser a ?rst
`request for access to a database;
`accessing the database in response to the ?rst request
`according to the CGI protocol;
`providing data from the database to the Web broWser
`according to the CGI protocol Without closing the
`database;
`receiving over the Internet from a Web broWser a second
`request for access to a database;
`accessing the non-closed database according to the CGI
`protocol in response to the second request from the Web
`broWser; and
`providing data from the database to the Web broWser
`according to the CGI protocol in response to the second
`request.
`5. The method of claim 4, Wherein the receiving steps
`include receiving requests over DCE RPC.
`6. A system responsive to requests from a user With a Web
`broWser, the system comprising:
`
`Petitioners Great West Casualty Co., BITCO Gen. Ins. Corp., and BITCO Nat'l Ins. Co.
`Ex. 1028, p. 5
`
`

`
`5,857,191
`
`5
`a Web server having an interface for allowing secure
`communications betWeen the server and the Web
`broWser, the Web server for providing documents to the
`Web broWser;
`a ?rst object accessible over the Internet; and
`a ?rst application server With a secure interface that
`alloWs secure communications of the type provided by
`the Web server, the ?rst application server being
`responsive to the Web broWser for accessing the ?rst
`object to retrieve data therefrom and for providing the
`retrieved data to the Web broWser independent of the
`Web server.
`7. The system of claim 6, further comprising a second
`object accessible over the Internet, and a second application
`server having a secure interface and being responsive to the
`Web broWser for accessing and retrieving data from the
`second object independent of the Web server.
`8. The system of claim 6, Wherein the ?rst Web server is
`a DCE-aWare server and the secure interface supports DCE.
`
`15
`
`6
`9. The system of claim 6, further comprising a cell
`directory service, responsive to a request from the client, for
`determining a netWork location of a requested server.
`10. The system of claim 6, Wherein the application server
`is multi-threaded.
`11. The system of claim 6, Wherein the accessible object
`is a database, and the application server is programmed to
`access the database during multiple requests Without closing
`the database betWeen requests.
`12. The system of claim 6, Wherein the ?rst accessible
`object is a database, and Wherein the application server has
`an application program for accessing the database, and an
`application programming interface for communicating
`betWeen the application program and the secure interface.
`13. The system of claim 12, Wherein the application
`program conforms to the CGI protocol, and the secure
`interface supports DCE.
`
`*
`
`*
`
`*
`
`*
`
`*
`
`Petitioners Great West Casualty Co., BITCO Gen. Ins. Corp., and BITCO Nat'l Ins. Co.
`Ex. 1028, p. 6