(12) United States Patent
`Devine et al.
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 6,606,708 B1
`Aug. 12,2003
`
`US006606708B1
`
`(54)
`
`(75)
`
`(73)
`(*)
`
`(21)
`(22)
`
`(60)
`
`(51)
`
`(52)
`
`(58)
`
`(56)
`
`SECURE SERVER ARCHITECTURE FOR
`WEB BASED DATA MANAGEMENT
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`0 809 387 A2
`5/1997
`
`Inventors: Carol Y. Devine, Colorado Springs, CO (US); Gerald A. Shifrin, Monument,
`
`CO (US); Richard W. Shoulberg,
`Manitou Springs, CO (US)
`
`Assignee; WorldCOm, Inc” Clinton, MS (Us)
`
`Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`USO 154(k)) by 0 days'
`
`Appl' NO‘: 09/159’406
`
`W0
`
`WO 99/01826
`
`1/1999
`
`OTHER PUBLICATIONS
`
`Biggs, M., “Help for the Web enhances customer support,
`reduces help disk load” Inforworld, Jun. 16, 1997, v. 19, No.
`24, pp- 82+
`
`_
`_
`(List continued on neXt page.)
`
`Primary Examiner—Gail Hayes
`Assistant Examiner—Taghi T. Arani
`
`Related U-S- Application Data
`Provisional application N°~ 60/060,655, ?led 9n SeP~ 26,
`1997'
`InL C]_7 _______________________ __ G061? 15/16; G061? 13/14;
`G061? 13/36
`U_S_ CL _____________________ __ 713/201; 713/201; 709/200;
`709/201; 709/203; 709/217; 709/218; 709/219;
`707/740; 707/103; 705/26; 705/27
`Field of Search ............................... .. 709/200—203,
`709/217_219, 227; 705/26, 27; 707 /1_10,
`103, 517, 522, 523; 713/201
`
`References Cited
`
`Us PATENT DOCUMENTS
`4 160 129 A
`7/1979 PeySer et a1‘
`4:345:315 A
`8/1982 Cadotte et a1_
`4,817,050 A
`3/1989 Komatsu et a1
`4,893,248 A
`1/1990 Pins er a1,
`4,972,504 A 11/1990 Daniel, Jr. et al.
`5,041,972 A
`8/ 1991 Frost
`5,075,771 A 12/1991 Hashimoto
`5,131,020 A
`7/1992 Liebesny et 211.
`
`(List continued on neXt page.)
`
`A double ?reWalled system is disclosed for protecting
`remote enterprise servers that provide communication ser
`vices to telecommunication network customers from unau
`thoriZed third parties. A ?rst router directs all connection
`requests to one or more secure Web servers, Which may
`utilize a load balancer to ef?ciently distribute the session
`connection load among a high number of authorized Client
`users. On the network side of the Web servers, a second
`router directs an Connection requests to a dispatcher Server’
`Which routes application server calls to a proXy server for the
`application requested. Aplurality of data security protocols
`are also employed. The protocols provide for an identi?ca
`tion of the user, and an authentication of the user to ensure
`the user is Who he/she claims to be and a determination of
`entitlements that the user may avail themselves of Within the
`enterprise system. Session security is described, particularly
`as to the differences betWeen a remote user’s copper Wire
`connection to a legacy system and a user’s remote connec
`tion to the enterprise system over a “stateless”public
`Internet, Where each session is a single transmission, rather
`than an interval of time betWeen logon and logoff, as is
`Customary in legacy Systems
`
`26 Claims, 17 Drawing Sheets
`
`COBackPlane
`
`ssrgiswajsam)
`
`Web Browser
`
`/
`
`COAPP
`Launching from
`Backpiane
`
`54(a)
`
`COApp
`(e.g. Service inquiry)
`
`has
`
`COAppFrame Application Using
`Common Object
`Services
`
`Graphical User
`inie rface
`Object
`
`55(8)
`
`COAppFrame
`has a Number
`of COViews
`
`IBM / Softlayer v. ZitoVault
`Ex. 1005 / Page 1 of 36
`
`

`
`US 6,606,708 B1
`Page 2
`
`US. PATENT DOCUMENTS
`
`5,136,707
`5,223,699
`5,228,076
`5,245,533
`5,262,760
`5,285,494
`5,287,270
`5,313,598
`5,315,093
`5,325,290
`5,327,486
`5,361,259
`5,369,571
`5,452,446
`5,475,836
`5,481,542
`5,483,596
`5,490,060
`5,491,779
`5,506,893
`5,526,257
`5,530,744
`5,533,108
`5,537,611
`5,539,734
`5,548,726
`5,551,025
`5,555,290
`5,563,805
`5,566,351
`5,586,260
`5,602,918
`5,610,915
`5,621,727
`5,623,601
`5,630,066
`5,649,182
`5,650,994
`5,659,601
`5,666,481
`5,671,354
`5,689,645
`5,692,030
`5,692,181
`5,694,546
`5,696,906
`5,699,403
`5,699,528
`5,706,502
`5,708,780
`5,710,882
`5,721,908
`5,721,913
`5,727,129
`5,734,709
`5,734,831
`5,742,762
`5,742,763
`5,742,768
`5,742,905
`5,745,754
`5,754,830
`5,757,900
`5,764,756
`5,768,501
`5,774,660
`5,778,178
`5,778,377
`5,781,550
`5,781,632
`
`8/1992
`6/1993
`7/1993
`9/1993
`11/1993
`2/1994
`2/1994
`5/1994
`5/1994
`6/1994
`7/1994
`11/1994
`11/1994
`9/1995
`12/1995
`1/1996
`1/1996
`2/1996
`2/1996
`4/1996
`6/1996
`6/1996
`7/1996
`7/1996
`7/1996
`8/1996
`8/1996
`9/1996
`10/1996
`10/1996
`12/1996
`2/1997
`3/1997
`4/1997
`4/1997
`5/1997
`7/1997
`7/1997
`8/1997
`9/1997
`9/1997
`11/1997
`11/1997
`11/1997
`12/1997
`12/1997
`12/1997
`12/1997
`1/1998
`1/1998
`1/1998
`2/1998
`2/1998
`3/1998
`3/1998
`3/1998
`4/1998
`4/1998
`4/1998
`4/1998
`4/1998
`5/1998
`5/1998
`6/1998
`6/1998
`6/1998
`7/1998
`7/1998
`7/1998
`7/1998
`
`Block et al.
`Flynn et al.
`Hopner et al.
`Marshall
`Iwamura et al.
`Sprecher et al.
`Hardy et al.
`Yamakawa
`Stewart
`Cauffman et al.
`Wolff et al.
`Hunt et al.
`Metts
`Johnson
`Harris et al.
`Logston et al.
`Rosenow et al.
`Malec et al.
`BeZjian
`Buscher et al.
`Lerner
`Charalambous et al.
`Harris et al.
`Rajagopal et al.
`Burwell et al.
`Pettus
`O’Reilly
`McLeod et al.
`O’Reilly et al.
`Crittenden et al.
`Hu
`Chen et al.
`Elliott et al.
`Vaudreuil
`Vu
`Gosling
`ReitZ
`Daley
`Cheslog
`Lewis
`Ito et al.
`Schettler et al.
`Teglovic et al.
`Anand et al.
`Reisman
`Peters et al.
`Ronnen
`Hogan
`Foley et al.
`Levergood et al.
`Svennevik et al.
`Lagarde et al.
`Ackroff et al.
`Barrett et al.
`DeWitt et al.
`Sanders
`Scholl et al.
`Jones
`Gennaro et al.
`Pepe et al.
`Lagarde et al.
`Butts et al.
`Nagel et al.
`Onweller
`Lewis
`Brendel et al.
`Arunachalam
`Marlin et al.
`Templin et al.
`Odom
`
`5,787,160
`5,787,412
`5,790,780
`5,790,789
`5,790,797
`5,790,809
`5,793,694
`5,793,762
`5,793,964
`5,796,393
`5,799,154
`5,802,320
`5,805,803
`5,812,533
`5,812,654
`5,812,750
`5,815,080
`5,815,665
`5,819,225
`5,819,271
`5,825,769
`5,825,890
`5,826,029
`5,826,269
`5,832,519
`5,835,084
`5,844,896
`5,845,067
`5,845,267
`5,848,233
`5,848,396
`5,848,399
`5,850,517
`5,852,810
`5,852,812
`5,862,325
`5,867,495
`5,870,558
`5,875,236
`5,877,759
`5,881,237
`5,883,948
`5,884,032
`5,884,312
`5,892,900
`5,907,681
`5,909,679
`5,909,682
`5,915,001
`5,920,542
`5,923,016
`5,930,764
`5,930,804
`5,933,142
`5,937,165
`5,938,729
`5,949,976
`5,953,389
`5,956,714
`5,958,016
`5,960,411
`5,961,602
`5,963,925
`5,966,695
`5,970,467
`5,974,396
`5,974,441
`5,982,864
`5,982,891
`5,983,350
`5,991,733
`
`7/1998
`7/1998
`8/1998
`8/1998
`8/1998
`8/1998
`8/1998
`8/1998
`8/1998
`8/1998
`8/1998
`9/1998
`9/1998
`9/1998
`9/1998
`9/1998
`9/1998
`9/1998
`10/1998
`10/1998
`10/1998
`10/1998
`10/1998
`10/1998
`11/1998
`11/1998
`12/1998
`12/1998
`12/1998
`12/1998
`12/1998
`12/1998
`12/1998
`12/1998
`12/1998
`1/1999
`2/1999
`2/1999
`2/1999
`3/1999
`3/1999
`3/1999
`3/1999
`3/1999
`4/1999
`5/1999
`6/1999
`6/1999
`6/1999
`7/1999
`7/1999
`7/1999
`7/1999
`8/1999
`8/1999
`8/1999
`9/1999
`9/1999
`9/1999
`9/1999
`9/1999
`10/1999
`10/1999
`10/1999
`10/1999
`10/1999
`10/1999
`11/1999
`11/1999
`11/1999
`11/1999
`
`Chaney et al.
`Bosch et al.
`Brichta et al.
`Suarez
`Shimada et al.
`Holmes
`Akiba et al.
`Penners et al.
`Rogers et al.
`MacNaughton et al.
`Kuriyan
`Baehr et al.
`Birrell et al.
`Cox et al.
`Anderson et al.
`Dev et al.
`Taguchi
`Teper et al.
`Eastwood et al.
`Mahoney et al.
`O’Reilly et al.
`Elgamal et al.
`Gore, Jr. et al.
`Hussey
`Bowen et al.
`Bailey et al.
`Marks et al.
`Porter et al.
`Ronen
`Radia et al.
`Gerace
`Burke
`Verkler et al.
`Sotiroff et al.
`Reeder
`Reed et al.
`Elliott et al.
`Branton, Jr. et al.
`JankowitZ et al.
`Bauer
`Schwaller et al.
`Dunn
`Bateman et al.
`Dustan et al.
`Ginter et al.
`Bates et al.
`Hall
`Cowan et al.
`Uppaluru
`Henderson
`Fredregill et al.
`Melchione et al.
`Yu et al.
`LaStrange et al.
`Schwaller et al.
`Cote et al.
`Chappelle
`Pruett et al.
`Condon
`Chang et al.
`Hartman et al.
`Thompson et al.
`Kolling et al.
`Melchione et al.
`Alavi
`Anderson et al.
`Rogers et al.
`Jagadish et al.
`Ginter et al.
`Minear et al.
`Aleia et al.
`
`Ex. 1005 / Page 2 of 36
`
`

`
`US 6,606,708 B1
`Page 3
`
`5,991,746
`5,991,806
`5,999,525
`5,999,965
`5,999,972
`5,999,973
`6,003,079
`6,006,265
`6,011,844
`6,012,090
`6,014,647
`6,014,702
`6,018,768
`6,021,409
`6,023,762
`6,029,182
`6,031,904
`6,032,132
`6,032,184
`6,041,325
`6,041,357
`6,044,144
`6,044,362
`6,049,602
`6,049,789
`6,052,450
`6,058,170
`6,058,381
`6,064,667
`6,065,002
`6,065,059
`6,072,493
`6,073,105
`6,073,122
`6,073,241
`6,078,891
`6,078,924
`6,084,953
`6,085,171
`6,085,190
`6,088,451
`6,088,796
`6,091,808
`6,094,655
`6,104,704
`6,105,131
`6,108,700
`6,108,782
`6,112,238
`6,112,242
`6,115,040
`6,115,458
`6,115,693
`6,115,737
`6,119,109
`6,122,258
`6,128,624
`
`1 1/1999
`1 1/ 1999
`12/ 1999
`12/ 1999
`12/ 1999
`12/1999
`12/ 1999
`12/ 1999
`1/ 2000
`1/ 2000
`1/ 2000
`1/ 2000
`1/ 2000
`2/2000
`2/ 2000
`2/ 2000
`2/ 2000
`2/ 2000
`2/ 2000
`3/ 2000
`3/ 2000
`3/ 2000
`3/2000
`4/2000
`4/ 2000
`4/ 2000
`5/ 2000
`5/ 2000
`5/ 2000
`5/2000
`5/ 2000
`6/ 2000
`6/ 2000
`6/ 2000
`6/ 2000
`6/ 2000
`6/ 2000
`7/2000
`7/ 2000
`7/ 2000
`7/ 2000
`7/ 2000
`7/ 2000
`7/ 2000
`8/ 2000
`8/ 2000
`8/ 2000
`8/2000
`8/ 2000
`8/ 2000
`9/2000
`9/ 2000
`9/ 2000
`9/ 2000
`9/ 2000
`9/ 2000
`10/2000
`
`Wang
`McHann, Jr.
`Krishnaswamy et al.
`Kelly
`Gish
`Glitho et al.
`Friedrich et al.
`Rangan et al.
`Uppaluru et al.
`Chung et al.
`NiZZari et al.
`King et al.
`Ullman et al.
`Burrows
`Dean et al.
`Nehab et al.
`An et al.
`Nelson
`Cogger et al.
`Shah et al.
`KunZelman et al.
`Becker et al.
`Neely
`Foladare et al.
`Frison et al.
`Allison et al.
`Jagadish et al.
`Nelson
`Gisby et al.
`Knotts et al.
`Shieh et al.
`Driskell et al.
`Sutcliffe et al.
`Wool
`Rosenberg et al.
`Riordan et al.
`Ainsbury et al.
`Bardenheuer et al.
`Leonard
`Sakata
`He et al.
`Cianfrocca et al.
`Wood et al.
`Rogers et al.
`Buhler et al.
`Carroll
`Maccobee et al.
`Fletcher et al.
`Boyd et al.
`Jois et al.
`Bladow et al.
`Taskett
`McDonough et al.
`Ely et al.
`Muratani et al.
`Brown
`Papierniak et al.
`
`6,130,933 A 10/2000 Miloslavsky
`6,131,095 A 10/2000 Low et al.
`6,131,116 A 10/2000 Riggins et al.
`6,134,584 A 10/2000 Chang et al.
`6,137,869 A 10/2000 Voit et al.
`6,145,001 A 11/2000 Scholl et al.
`6,154,744 A 11/2000 Kenner et al.
`6,161,102 A 12/2000 Yanagihara et al.
`6,161,126 A 12/2000 Wies et al. ............... .. 709/203
`6,161,128 A 12/2000 Smyk
`6,173,311 B1
`1/2001 Hassett et al.
`6,182,113 B1
`1/2001 Narayanaswami
`6,205,456 B1
`3/2001 Nakao
`6,212,506 B1
`4/2001 Shah et al.
`6,212,558 B1
`4/2001 Antur et al.
`6,240,450 B1
`5/2001 Sharples et al.
`6,253,239 B1
`6/2001 Shklar et al.
`6,286,050 B1
`9/2001 Pullen et al.
`6,292,481 B1
`9/2001 Voit et al.
`6,295,551 B1
`9/2001 Roberts et al.
`6,377,993 B1
`4/2002 Brandt et al.
`2001/0003828 A1
`1/2001 Narayanaswami
`2001/0001014 A1
`5/2001 Akins, III et al.
`
`OTHER PUBLICATIONS
`
`Burch, B., “AT&T, MCI to release neW management tools”,
`Network World, Jan. 17, 1994, p. 19.
`LoW, C., “Integrating Communication Services” , IEEE
`Communication Magazine, Jun. 1997, pp. 164—169.
`“McAfee’s NeW ‘Self—Service’ Help Desk Web Suite Makes
`PCs Help Desk—Ready” , NeWsWire Association, Inc., Oct.
`13, 1997.
`Niemeyer, R., “Using Web Technologies in TWo MLS
`Environments: A Security Analysis.” IEEE, pp. 205—214,
`1997.
`Porter, T., “MCI offers tracking system: Direct Dispatch lets
`users eye problems remotely” , Service News, Apr. 1994, p.
`17.
`Shklar, L., et al., “MetaMagic: Generating Virtual Web Sites
`Through Data Modeling,” http://WWW.scope.gmd.de/info/
`WWW6/posters/714/poster714.html.
`ViZard, M. et al., “MCI to Pilot Convergence Billing Ser
`vice” , InforWorla', v. 18, Issue 37, Sep. 9, 1996.
`Yager, T., “Mixed Messages” , UNIXReview, v. 16, N. 2, p.
`29, Feb. 1998.
`“Carriers Improve Net Management Services” , Communi
`cations Week, May 2, 1994, p. 74.
`“NetWork management; neW software platform enhances
`netWork management capabilities; MCI ServiceVieW offers
`greater cost savings, increased ?exibility.” , Product
`Announcement, Edge, Oct. 2, 1995, on & about AT&T, v.
`10, n. 375, p. 11(1).
`* cited by examiner
`
`Ex. 1005 / Page 3 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 1 of 17
`
`US 6,606,708 B1
`
`Emgomm
`
`mmmc_m:m_
`
`o_mo._
`
`v:o>>mEm._u_
`_mEmu<
`
`§Qmu<
`>ommm4
`
`aw
`
`
`
`.b:wb:_.05.
`
`Back-End
`Services
`
`
`
`v:o>>mEm.u__m=:o$Eo._<.oEoE__o_>_c
`
`
`
`
`
`v:w-E9u_
`
`
`
`u_mo._wmm_.__w:m_
`
`wcm_n_.xom.m
`
`mmo_>._mm
`
`:o.=mEmw2n_
`
`mmo_Zom
`
`Ex. 1005/ Page 4 of 36
`
`Ex. 1005 / Page 4 of 36
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 2 0f 17
`
`US 6,606,708 B1
`
`1 Java Applet I‘
`""'\
`
`I
`
`[12
`
`COBackPlane
`
`,swgiszuélsam)
`
`/ 14
`
`/
`
`Web Browser
`
`\
`
`COApp
`Launching from
`Backplane
`
`COApp
`(e.g. Service Inquiry)
`
`54(8)
`
`54(b)
`
`COApp
`(Alarm Monitor)
`
`Application Using
`Common Object
`Services
`
`Graphical User
`Interface
`ObjBCt
`
`56(8)
`
`COAppFrame
`has a Number
`of COViews
`
`FIG. 2
`
`Ex. 1005 / Page 5 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 3 0f 17
`
`US 6,606,708 B1
`
`D networkMCl Internet Home
`Eile Edit \_liew Q0 Favorites ?elp
`
`!@E
`
`Back Forward Stop Refresh Home Search Favorites
`[I Address ID https://mci.com/homehtml
`
`l
`
`[networkMCl Interact
`
`MC
`network
`I
`
`t
`R rt R
`‘El’ epo
`eques or
`Iii/Traffic Monitor
`73
`70 ’ A {LU/Aim Momtor
`,-/ E Network Manager
`75
`Erllntelligent Routing
`
`“mars
`New
`
`256 "
`
`Features
`Bene?ts
`
`/—257
`
`networkMCl Interact
`Support
`'3 Help
`Copyright 1997, 1998, MCI Telecommunications Corporation, All Rights Reserved.
`The names, logos, taglines and icons identifying MCI's products and services are proprietary
`marks of MCI Communications Corporations.
`
`254 Application Toolbar
`
`'glgjgl
`
`IMCHRR ||TM HAMHNMH IR Hue“ 7'
`
`FIG. 3
`
`Ex. 1005 / Page 6 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 4 of 17
`
`US 6,606,708 B1
`
`$8
`
`38.
`
`E8.
`
`qmoumz
`
`mv
`
`32%_>_ZuF
`
`2.
`
`52mmucmnomem
`
`m>_.omam.ma
`
`mo:
`
`._®>._OWWOOLSm
`
`Q
`
`mmo
`
`
`
`_m>.mw>>m_>oEE._.
`
`xv
`
`._w>._0WMO;Em
`
`_O_>_
`
`mEm..E_m_>_
`
`mEm..m>m
`
`_os_
`
`mmcm.-v_s_
`
`w._m>_ow
`
`E8
`
`_Qs_wo
`
`m
`
`Ii6an
`
`wo_>._wm
`
`;lia:32.
`
`
`mv-_'Rzwmhawmommmm.I
`
`._mEmmxon:_.E.
`
`
`
`«w:m£:__O_>_
`
`E20520
`
`:2.
`
`
`Lmzmm._mmm:m_>_Em.
`
`av-miooonm>>m€>_._.mm..so.m
`
`
`
`$ocm_mmumo._
`
`
`
`umfimcm._mm>>o._m
`
`”m:ozm.o__aa<
`
`mamamEoI-
`
`xonc_-
`
`
`
`
`
`.o._:o_>_wE_._._mmw_-
`
`
`
`
`
`
`
`.mmm:m_>_vtozaozwm._n___oH-
`
`
`
`>.__:U:_mo_Emm-
`
`ocmnumofi-
`
`
`
`>._Ew._wU._O-
`
`Ex. 1005/ Page 7 of 36
`
`Ex. 1005 / Page 7 of 36
`
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 5 of 17
`
`US 6,606,708 B1
`
`QMucmnumofi
`
`
`
`_momcm_>___m0
`
`mm
`
`m.m.=_
`
`ESN
`
`ms_oo
`
`s_mo
`
`mmoo
`
`E8.
`
`ws_z_
`
`3.8
`
`
`
`fie:m>=owam._mn_
`
`GEN
`
`&<O._.mZ
`
`Eon
`
`mmo
`
`
`
`>>m_>Eo__0
`
`mm8
`
`6:80
`
`Stew
`
`.oc2mam_D
`
`Ezmw
`
`8
`
`I-I-I-H-x-J
`J17:
`Router
`
`1-1-1
`
`saw
`
`nw>>m.6>I
`
`~49:HN.»2
`
`:_
`
`mom
`
`l')
`
`('l‘l'I'.['l‘} [VI-J
`
`
`
`«mo:>owmo._
`
`mm:m._n__2
`
`
`
`§_§.___os_
`
`N_>_n_
`
`NH
`
`mmzopmno
`
`Ex. 1005/ Page 8 of 36
`
`Ex. 1005 / Page 8 of 36
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 6 6f 17
`
`US 6,606,708 B1
`
`D networkMCl Interact Login
`Eile Edit \_/iew (_30 Favorites Help
`(0 Q G
`<‘-=
`=>
`69
`U
`Back Forward Stop Refresh Home Search Favorites
`ll Address ID https://cosweb02.mcit.com/
`
`, 1
`
`[networkMCl Interact
`
`QQ
`
`A
`networkMcl
`
`232
`Username [:I" Products &
`Services
`
`2
`O)
`——
`
`IE“ @ Programs&
`Promotions
`
`Q ~
`
`\ 5Q
`
`Questions &
`Answers
`
`Copyright 1997, 1998, MCI Telecommunications Corporation, All Rights Reserved.
`The names, logos, taglines and icons identifying MCl‘s products and services are proprietary
`marks of MCI Communications Corporations.
`
`[QI Internet Zone j
`
`FIG. 6
`
`Ex. 1005 / Page 9 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 7 of 17
`
`US 6,606,708 B1
`
`E£o:<386:6:2.8
`
`co=mEmEm_aE_
`
`momt2:_b_._:owm_om>>9mOo
`bcaummoamoflmzE86%:2:8
`
`
`mwmmflo
`
`:o=mEmEm_qE_=:£on_385:6:
`
`w__mo
`
`3»
`
`momtmE_92.8
`
`N9.»
`
`btsommoo
`
`9.».
`
`8»
`
`_aE_a_58mt.8o
`
`_qE_a_58m=:£mooo
`
`BE_b__:ommo--vmamomEzOo
`
`N.0_n_
`
`Ex. 1005 / Page 10 of 36
`
`Ex. 1005 / Page 10 of 36
`
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 8 of 17
`
`US 6,606,708 B1
`
`00»
`
`>>>>>>X38_Em:
`
`Ezmm
`
`8.69338.95:E
`
`>xo.n_>>>>>>
`
`
`
`5.26%.52mm
`
`:o_E>._ocm_
`
`.m__mF
`
`
`
`
`
`oc_owqm->xo._n.$co.mam_onm>>.m.m
`
`
`
`
`
`EmaSumo:BnmmrEnmmr
`
`couqbocm
`
`Beam:
`
`mi92.
`
`mm.atN:
`
`0:.
`
`w...U_u_
`
`
`m:0Q>.r
`CO__.ONmCm._.F®_xOOO
`
`«E.
`
`Ex. 1005 / Page 11 of 36
`
`Ex. 1005 / Page 11 of 36
`
`
`

`
`U.S. Patent
`
`Aug. 12,2003
`
`Sheet 9 0f 17
`
`US 6,606,708 B1
`
`Web Server/Dispatcher Communication Overview
`
`——>
`HydraWeb
`Monitors Load
`and Capacity
`of Each of the
`Servers in the
`Web Server
`Cluster.
`Automatically
`
`Perm'ms
`
`Load Balancing
`Between Servers
`
`HydraWeb
`\45
`
`Makes Request/
`Response to
`System
`29a \
`
`Receives
`Response
`From System
`
`— - - - —FlREWALL ---- - —
`
`I
`Web Servers
`
`Mana es ient _ . >
`
`Receivea D/efgypt,
`a i ate
`an
`Requests from
`Customer Brmclvlser.
`g‘lessions.
`Passes Request
`Via Encrypted
`Socket Through
`Firewall to
`Dispatcher
`
`22
`
`/
`W :8 er
`Cluster
`
`8 8w
`
`\24
`
`23
`
`— — — —F|REWALL — — — — — —
`
`—'>
`Dispatcher
`i??ltiltanv 2212228
`Dispatcher <-—"‘ and Dispatches to
`Appropriate Back
`End (Ful?lling)
`Servers
`
`27
`
`29b 7
`26 \
`
`‘.
`Proxies
`Handle
`Communications
`Between Fulfilling
`Sewers, StarWRS,
`lNBOX and
`Dispatcher
`
`Proxies
`
`Ful?lling
`Servers
`
`Proxy
`
`Reporting
`System
`
`<—“
`.
`Ful?lling Servers
`i.e. Unpriced
`Reporting
`Tollfree Network
`Manager
`
`4-9
`
`FIG. 9
`
`l——>
`Reporting System
`Includes:
`Report Manager
`<— Report Requester
`Report Scheduler
`Message Center
`(lNBOX)
`
`‘
`
`Ex. 1005 / Page 12 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 10 of 17
`
`US 6,606,708 B1
`
`3302con:
`
`60.Em>m
`
`:o_..oo_mmEm:
`
`m.mn_oo._.
`
`wm>922cm.95ILEmmam
`mo_m_n_mam._m_3_EQsmmmn_262
`
`ma
`
`momemu
`
`_§_em_ozwtflmEm:
`
`.om>>o._m
`
`4mm_
`
`
`
`um_.Ew>mEoIumo_:>>on_Em_3com.Stow_3262.6:
`
`
`umumo__Esoovow:oEEooucm_.2xommwz
`
`
`
`>nmm:_<w&<_umo_EsoDmmmmoo»umo_Eson__omm_N8__45::
`
`
`>Umm:_<_8o__§oon%mo_Esoo_|I.II..=>_._.Imoan.
`
`
`
`wcmaxommmam_min_.umo_EsoQQ_mcomoo_Emmxo@.7.
`IIA..muc%wv_.wv_m..wu#mv__n.V_mm%_
`gmflomfio_n_o%68xm
`
`Em.N8.
`
`wm>
`
`m_OE0:
`
`
`mom.Eo>>mmmn_\mEmZ
`mEmEw=_Em%.Wmm.%4=<
`
`
`w>w_:mmumvmwoxmmm>
`
`m.mEm_Em:I_
`
`
`
` Sam:N»m.&<fiabwcoowmm0wwm
`
`
`
` Eu2.0_n_902:30
`
`
`mo2.$__o
`
`Eoammmcomo._me.
`
`8.2m2mmm_>_E8OOVcofimmmm:omo._8%“.
`
`5..xommm_>_
`
`Ex. 1005 / Page 13 of 36
`
`Ex. 1005 / Page 13 of 36
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 11 0f 17
`
`US 6,606,708 B1
`
`
`
`ovm.w_m:<.mE_m_om_o
`
`
`mwm.$:8m._.o636553:66:.$=_$m
`comeomam.Em_Cm3m_O._Ew._5w.0EBaum.#mu:umm_EmEo_.._Em
`
`
`
`
`:omo._.._8mam_ocoam:E_:omo._nm>>
`
`mmcoamomEm_c._mm4vvm.
`
`9%EoEm=_Em:omo._
`
`masmwofim.25EoEm==:m
`
`
`
`mvmumwntmwzEomzxmnmo
`
`_z_.u$>w%_ocowwwmmooowcomumom:omo._vwuowoxm
`
`
`
`
`
`
`I.58E300
`
`
`
`mi.uw.._nm.xu...m_._mmama._mE_m_om_n_
`
`Eomzxwnmou__m>
`
`
`
`_Eo>>mmmn_>>mz
`
`mo_m_n_
`
`
`moE_.r>:ms_oo._.
`
`
`
`
`
`:ouwmmo._n__.wm3u__m>:_
`
`
`_o_>_v:o>>_mz_os:.oEozatom:
`
`
`
`~om.oa..4c_9.05>3.\mm:o_>_Em:_owD_om._oE_Eo>>wwmm_o_>:.oEwzSum
`Em382:.
`
`
`
`may..Em:
`
`
`
`
`
`_m;o_mam_n_u._Qswmmn_ucmn__._wm::omo._
`
`
`
`:o=om.E._oUn._wm_._E9:ww:33vEm_u__m>cozooccoonm>>
`__£mo__EmQ
`
`
`
`_z_.§m_xoooI§!
`
`
`_.F.o_"_.—
`
`
`
`om».magnum_.5mo._.m._m_v_ooo
`
`
`
`tomo._.m._m_xooo
`
`!I
`
`gmmatmmz+o__._o_mmmm
`
`
`
`fimntmormama...miooo
`
`
`
`
`
`mafiwfimntmwrw:E._.miooo
`
`
`
`
`
`
`
`
`
`cozomccoo_m._w_xooo
`
`__9mo
`
`_m.§xooo\.
`
`EwEw=_Em%_8o
`
`§§n__.wm3+EoEo=_Em+o_ow:EmEm$4wmmauwm«mm_z_.nm>>_EoEm=_Em_nm>>
`
`Ex. 1005 / Page 14 of 36
`
`Ex. 1005 / Page 14 of 36
`
`
`
`
`€
`

`
`U.S. Patent
`
`Aug. 12,2003
`
`Sheet 12 of 17
`
`US 6,606,708 B1
`
`_z_.8>>I
`
`
`
`
`
`cozommcm....3202.mm:
`
`_OS_v_.o.<5mZ
`
`
`
`
`
`co=omE.o0925Em.o:m.uwmscwmmama.mEoIwmmscmmxo__0.om.oE_
`
`
`
`
`__96o:o=omm:m.._.Ema.33
`
`
`ucww83New
`
`
`
`_.o=omm:m.._.cmm
`
`
`
`
`
`“
`
`8.%__m>
`
`
`
`:o_.....mmm.owD
`
`.m_o_xoo0
`
`_.o__.oo:mo0cvm__m.on_..oEmmn_.m;2mam_n_
`
`
`
`.6_§m%_oN34:o_..8Eoo2coemmo
`_m0mco_fio_:3EEoO
`.8.%__m>8.5—newwzmommcoamwmEm:_z_.nm>>
`
`
`umacmmm2m..u__m>82,3».m..%_ooo
`,_%__o%,,w6,
`
`toawm
`
`
`
`
`
`:o:.om:..o0co_mmmm_8.%__m>_.o=mo_c:EEo0xomco
`
`
`
`.xon:_Em:2%__m>>xo..n_fiwscmm.250
`
`
`
`__m6ocoammm.83mmcoammmmmmmmoé
`
`
`
`.o:2mqw_n_.m:Bmaw_Q._o_mm:cmmmmmmww_>_
`
`
`..Ea.:%_o1.58amwmwwc463.365.cmmommmwz
`
`
`
`.xonc_Qm_Dtoammch»m»m.m._._.m_>.mo:.wm
`.o.mm:umm_1._om..._9m:mm.m.m_wm_mm_.¢co..mdm_n__.o_mmmw
`
`
`
`
`
`82.8560m..>_womm.2mm:mm
`
`
`
`__£wn_Evvmm
`
`Ecuoomnawficozomccoo..mm..m:m.m.mw.wm0.00922:0:C._._..
`
`
`
`
`
`
`
`END.Eucom.mE2mam_omwconmmmmmmmmm_2fioscmm
`
`
`.,s_§_.,_8.215“.—s_.s_.._863ww2=.wM_%.6zS9.
`
`
`
`
`
`umm>maw_Qu<m>w>xo.n_.950mmmmmm_>_.9mo:umm
`__m.wn_.58-.
`
`toamm
`
`.250Bmo_c:EEo0
`
`Ex. 1005 / Page 15 of 36
`
`.250
`
`
`
`
`
`Emwzm.omcoamomumo_E>on_
`
`Ex. 1005 / Page 15 of 36
`
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 13 of 17
`
`US 6,606,708 B1
`
`
`
`
`
`EmaSomEF.
`
`mumxom
`
`
`
`
`
`o_.=omam->x9n_uflmzomozx__..mxm_>_
`
` 91.
`
`$nE:z_m_.m
`-_o:o:.~am_n_
`umcm_mm<
`
`mm:
`
`
`
`oomtm.:_>xo.n_:mc2maw_n_
`
`om»>xo_n_9.oc2mam_n_onF
`
`9.:
`
`92
`
`moq>.r>3.mm:M35:
`
`
`mmmmwmz:o_mmwmm:_n=o;om_mmamas.
`
`_oo29n_
`
`co_w.m>
`
`:oEEoo
`
`_oo3o.n_
`
`Eummr
`
`mtN:
`
`o:>m<B:>m
`
`
`
`
`
`o_.=ooaw->x9n_Em:.om
`
`ummsamm
`
`
`
`o_u:m_._;oc>m<
`
`
`
`n9m.m:o0.>xo.n___on_mm—:o:>m<
`
`om_omam
`xoi
`
`mmmmmwmfi
`
`E2.2".
`
`v__=m
`
`.m..m:E._.
`
`Ex. 1005 / Page 16 of 36
`
`Ex. 1005 / Page 16 of 36
`
`
`
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 14 0f 17
`
`US 6,606,708 B1
`
`mmcoammm 2 63m
`
`05
`
`Ex. 1005 / Page 17 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 15 0f 17
`
`US 6,606,708 B1
`
`DMZ Architecture (File Server)
`
`HydraWEB Provides Virtual lP
`Address Always Available
`
`HydraWEB
`-
`
`4 Connection to Network,
`t
`§°———<H rtb
`DMZ Presents Virtual lP
`- Ec-
`eal ea
`Address For Web Servers
`—_l—
`Hot Standby Con?guration
`Eli
`100m
`FEET-g“
`
`sw'tch
`
`Network
`
`HA F'le
`Server Cluster
`
`"'
`
`HA F'le
`Server Cluster
`24
`/
`_' é“
`
`Horizontal Scalin By Adding
`More Machines. ach Machine
`is Con?gured to use F?e Server
`for Content Storage. Applications
`Must Include Logic to Reconnect
`in the Event of Failure.
`
`HA File Server Cluster Using
`Striped and Mirror Disks Provides
`Highly Available Content Storage
`
`FIG. 14
`
`Ex. 1005 / Page 18 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 16 0f 17
`
`US 6,606,708 B1
`
`DMZ Architecture (Local Disk)
`
`HydraWEB
`
`HydraWEB Provides Virtual lP
`Address Always Available
`
`Connection to Network,
`DMZ Presents Virtual IP
`Address For Web Servers
`
`Heartbeat
`
`Switch
`
`24
`
`.
`gtach'ne U388 Rt’rm
`gatglggfan Monhe.
`C's r'Rut'otn'l agd'rg t
`fag 0- a e n; -
`(51
`0 erv'ce as es're '
`
`Horizontal Scaling By Adding
`ore Machines. Each Machine
`is Con?gured to Use Local Disk
`for Content Storage. A Shared
`State Repository for Client State
`Must Be Maintained. Applications
`Must Include Logic to Reconnect
`in the Event of Failure.
`Content Must Be Moved to Each
`Machine Separately.
`
`FIG. 15
`
`Ex. 1005 / Page 19 of 36
`
`

`
`U.S. Patent
`
`Aug. 12, 2003
`
`Sheet 17 of 17
`
`US 6,606,708 B1
`
`
`
`>>o_u_mmmooibtzomm:o_..mo__nE<
`
`
`
`
`
`
`
`Em:9mn__m>:o=mo__aa<
`
`fim_mmEomo._
`
`pom
`
`
`
`ammo$3bzaoow_>_u_Z.F
`
`u_o<ma_oowbtsomwEm:E0
`.m_._
`
`__m0
`
`co_..mo__na<
`
`:oEEoo
`
`oEo._n_Em:
`
`oo>>mxoseflm
`
`3
`
`m__..6.n_Em:E0
`
`
`
`.#m_._Boo.$_.e2.mc
`
`
`
`cctzoom:o_..o::..._
`
`3.0_n_
`
`Ex. 1005 / Page 20 of 36
`
`Ex. 1005 / Page 20 of 36
`
`

`
`US 6,606,708 B1
`
`1
`SECURE SERVER ARCHITECTURE FOR
`WEB BASED DATA MANAGEMENT
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`The following patent application claims the benefit of
`U.S. Provisional Patent Application U.S. Ser. No. 60/060,
`655, filed Sep. 26, 1997, entitled INTEGRATED CUS-
`TOMER INTERFACE SYSTEM FOR COMMUNICA-
`TIONS MANAGEMENT.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`The present invention relates in general to securing access
`to a computer and computer data, and more particularly to
`a security methodology for securing access to an enterprise
`network or extranet having access from the public Internet.
`2. Background Art
`In conventional remote connect computer systems, a
`connection is made with a large legacy system via a dial-up
`connection from a customer owned terminal, personal com-
`puter or workstation. This connection frequently, although
`not always, is a fixed copper connection through one or more
`telco central offices and emulates a terminal addressable by
`the legacy systems and employs a security methodology
`dictated by the legacy system. The dial-up access requires
`custom hardware for a terminal or custom software for a
`
`workstation to provide a remote connection. This includes
`dial-up services, communication services, emulation and/or
`translation services and generally some resident custom
`form of the legacy application to interface with the midrange
`or mainframe computer running the legacy system.
`There are several problems associated with this approach.
`First,
`the aforementioned software is very hardware
`dependent, requiring multiple versions of software compat-
`ible with each of a wide range of workstations customers
`generally have. In addition, an extensive inventory of both
`software and user manuals for distribution to the outside
`
`customers is required if an enterprise desires to make its
`resources available to its customers. Moreover, installing the
`software generally requires an intensive effort on the cus-
`tomer and the software support team before any reliable and
`secure sessions are possible.
`Secondly, dial-up, modem, and communications software
`interact with each other in many ways which are not always
`predictable to a custom application, requiring extensive
`trouble shooting and problem solving for an enterprise
`desiring to make the legacy system available to the
`customer, particularly where various telephone exchanges,
`dialing standards or signal standards are involved.
`Thirdly, although businesses are beginning to turn to the
`Internet to improve customer service and lower costs by
`providing Web-based support systems, when an enterprise
`desires to make more than one system available to the
`customer, the custom application for one legacy system is
`not able to connect to a different legacy system, and the
`customer must generally logoff, logon and re-authenticate to
`switch from one to the other. The security and entitlement
`features of the various legacy systems may be completely
`different, and vary from system to system and platform to
`platform. The security methodology used by the two legacy
`systems may be different,
`requiring different
`logon
`interfaces, user or enterprise IDs and passwords. Different
`machine level languages may be used by the two systems as
`for example, operating systems utilizing the 256 (=28)
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`character combination EBCDIC used by IBM, and 128
`(=27) character combination ASCII used by contemporary
`personal computers.
`It is therefore desired to provide remote customers with
`secure connectivity to enterprise legacy systems over the
`public Internet. The public Internet provides access connec-
`tivity world wide via the TCP/IP protocol, without need to
`navigate various disparate security protocols,
`telephone
`exchanges, dialing standards or signal standards, thereby
`providing a measure of platform independence for the
`customer.
`
`As contemplated with the present invention the customer
`can run their own Internet Web browser and utilize their own
`
`platform connection to the Internet to enable services. This
`resolves many of the platform hardware and connectivity
`issues in the customers favor, and leaves the choice of
`platform and operating system to the customer. Web-based
`programs can minimize the need for training and support
`since they utilize existing client software which the user has
`already installed and already knows how to use. Further, if
`the customer later changes that platform, then, as soon as the
`new platform is Internet enabled, service is restored to the
`customer. The connectivity and communications software
`burden is thus resolved in favor of standard and readily
`available hardware and the browser and software used by the
`public Internet connection.
`Secure World Wide Web (Web)-based online systems are
`now starting to emerge, generally using security protocols
`supplied by the browser or database vendors. These Web-
`based online systems usually employ HTTPS and a Web
`browser having Secure Sockets Layer (SSL) encryption, and
`they display Hypertext Markup Language (HTML) pages as
`a graphical user interface (GUI), and often include Java
`applets and Common Gateway Interface (CGI) programs for
`customer interaction.
`
`For the enterprise, the use of off-the-shelf Web browsers
`by the customer significantly simplifies the enterprise bur-
`den. Software development and support resources are avail-
`able for the delivery of the enterprise legacy services and are
`not consumed by a need for customer support at the work-
`station level.
`
`However, the use of the public Internet also introduces
`new security considerations not present in existing copper
`wire connections, as an open system increases the exposure
`to IP hijackers, sniffers and various types of spoofers that
`attempt to collect user IDs and passwords, and exposes the
`availability of the service to the users when the system is
`assaulted by syn-flooding, war dialers or ping attacks. These
`measures also need to be combined with traditional security
`measures used to prevent traditional hacker attacks, whether
`by copper wire or the Internet, that might compromise the
`enterprise system and its data.
`SUMMARY OF THE INVENTION
`
`The present invention is directed to a series of security
`protocols and an integrated system for the same that enables
`a remote user to interact with one or more application
`services provided by servers over the public Internet, or an
`enterprise Extranet. The present invention utilizes the Web
`paradigm and an integrated graphical user interface to allow
`easy and convenient access from the user’s perspective,
`wherein the security provisions are transparent to the user,
`other than the entry of a customary user id and a strong
`password.
`In order to provide cross-platform software operability
`that is not dependent on a specific operating system or
`
`Ex. 1005 / Page 21 of 36
`
`Ex. 1005 / Page 21 of 36
`
`

`
`US 6,606,708 B1
`
`3
`hardware, the present invention is implemented using pro-
`gramming languages, such as JavaTM which only requires a
`Java” enabled Web browser. The system of the present
`invention includes an application backplane unit for con-
`trolling and managing the overall user interface system to a
`number of Web enabled application services, and a common
`security object for managing security and Java” applets for
`a number of disparate services available from the servers.
`Each service includes its own user interface unit, referred
`heretofore as a client application,
`independently imple-
`mented of one another and the backplane. Although the
`client applications are independently developed as separate
`modules,
`the system of the present invention provides a
`capability of integrating the client applications and secured
`access thereto into one unified system, allowing users to
`access the individual client applications via the backplane
`unit and the security object.
`The present invention includes centralized user authenti-
`cation to insure that the remote user has valid access to the
`
`system. The authentication procedure generally includes a
`logon object which prompts for and accepts the user’s name
`and password. The logon object then communicates the
`logon transaction to a server responsible for screening those
`remote users attempting to access services. Once a remote
`user has been authenticated by the system of the present
`invention, the user need not re-enter their name and pass-
`word each time the user accesses another server via the
`
`respective server’s user interface program. In addition, each
`application may supplement
`the provided authentication
`procedure, with its own method of authentication by com-
`municating with its respective servers independently.
`Once a validated remote user is logged onto the system,
`the user is presented with a set of services which the remote
`user may obtain. The set of services available for each
`remote user is unique and depends on each user’s subscrip-
`tions to the services. The set of service subscription, then
`forms the user’s entitlements for the services. Thus, for
`example, if a user subscribes to a toll free network manage-
`ment service,
`the user is entitled to access information
`regarding the service. On the other hand, if the user does not
`subscribe to the toll free network manager service,
`that
`option is not available for the user to select.
`The present invention includes a user object to represent
`a current user logged onto the system. This user object, inter
`alia, is responsible for obtaining from a server the current
`user’s information including the user’s entitlements to vari-
`ous services. The backplane uses the entitlement informa-
`tion to provide only those services available to the user. As
`explained previously,
`the backplane will not enable the
`services to which the user does not have the ent