US20020007409A1 - Methods and apparatus for sharing computational resources - Google Patents

Methods and apparatus for sharing computational resources Download PDF

Info

Publication number
US20020007409A1
US20020007409A1 US09/756,157 US75615701A US2002007409A1 US 20020007409 A1 US20020007409 A1 US 20020007409A1 US 75615701 A US75615701 A US 75615701A US 2002007409 A1 US2002007409 A1 US 2002007409A1
Authority
US
United States
Prior art keywords
client
server
state information
request
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US09/756,157
Other versions
US6970904B1 (en
Inventor
Christian Rode
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US09/756,157 priority Critical patent/US6970904B1/en
Publication of US20020007409A1 publication Critical patent/US20020007409A1/en
Application granted granted Critical
Publication of US6970904B1 publication Critical patent/US6970904B1/en
Adjusted expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Definitions

  • This present invention relates to the field of client-server communications and more specifically to regulating use of a server by a client or clients.
  • Servers attached to a public data network such as the internet are capable of providing to Clients dynamically computed or selected data in addition to static graphics and textual material. Servers are a limited resource and their owners and managers often desire to limit or apportion their use among Clients.
  • a common mechanism is to require that each User of a Client be associated with a User ID which is mapped to a Client-User Account which has associated limits on resource utilization. Association with the Account may be established by Client-User submission of an identifier and password, or by other means such as completing a registration form, or clicking on a personalized link in an email, or simply using the Client-User's unique internet email address.
  • the account information is usually kept in a database or file associated with the Server and not under control of the Client. This scheme has the following limitations.
  • the User Account Database may become a performance bottleneck, particularly when multiple Servers are added to support a number of Clients, or when the Servers are geographically distributed or otherwise remote from the User Account Database.
  • User Account information can be stored in the Client (Client Storage). However, even if this account information is encrypted or obfuscated to inhibit manual editing, a User may be able to prevent it from being updated and so prevent the account information from accurately reflecting resource use.
  • Server resources are publicly usable (as is the case with a web server available on the public internet) or semi-publicly usable (as is the case with a web server attached to a corporate WAN or intranet with large numbers of users). Without some kind of unforgeable identifier, resource management is easily evaded.
  • HTML 3.2 and 4.0 HTML 3.2 and 4.0, W3C (World-Wide Web Consortium)
  • a Computer includes any number and organization (cluster, array, etc.) of CPUs, memory/storage/communication devices, etc. and whose function includes the processing of information.
  • a Client is a Computer that is capable of accepting input from and providing output to a User.
  • a Client may also be a Server.
  • a Server is a Computer that provides computational, data storage, communication or other services for at least one (and usually more than one) Client.
  • a Server may also be a Client.
  • a User is an individual or process in control of an application or process executing on a Client (Client-User).
  • Client-User One Client can have multiple Users.
  • a Network includes all proxy servers, gateways, routers, communication channels, cabling, etc. that comprise a communication medium between two Computers, such as a private, local network or a public network such as the internet.
  • a Unique Identifier is a token (a collection of letters, digits and other symbols) that with high probability (>99%) is uniquely associated with a single User. For example, a uniformly-chosen 64-bit random number is considered a Unique Identifier for the purposes of this definition, because the probability is very small ( ⁇ 1%) that two users could be assigned the same number.
  • a Unique Identifier does not necessarily contain or point to personal information about the user, i.e., an anonymous user can be assigned a Unique Identifier.
  • a Browser is a Client program that at least a) accepts data in the form of a display list (e.g. HTML, XML, etc.) and b) wherein at least one of the interpretable display list elements is a “hyperlink” having the capability to “link” to display list data on Servers other than (and in addition to) that which provide the list containing the link. c) uses an intrinsically stateless, file-oriented protocol (e.g. HTTP, FTP, etc.) to retrieve objects named in the display list (e.g. GIF, JPG). Typical Browsers have many other capabilities in addition to these.
  • the words “link” and “hyperlink” are standard terms of art within the field of HTML, HTTP and the WWW.
  • Form Structure Data are those elements of a fetched Browser display list (e.g. ⁇ FORM> tag and associated elements) that create corresponding form elements in which data can be entered and submitted to a Server (such submitted data is Form Data)
  • Systems, methods and computer media instructions are disclosed that enable the storage or caching of server account information on a client by clients that have a mechanism for the storage and modification of named or enumerated server data.
  • An example of such an application and mechanism would be a web browser with the ability to store “cookies”.
  • Another example might be a web browser with the ability to install public-key encryption certificates (or both cookies and certificates).
  • a less common example might be a graphical browser coupled with a second application that can save data at server instigation, such as an FTP server.
  • the account information is used to limit user access to server resources. Storing account information on the client implies it need not be stored on the server (or, in some cases, that a smaller “auditing” database be used), thereby conserving server resources and scaling more easily to a multi-server system.
  • the account information may be stored on the client in an encrypted or obfuscated form to discourage user modification.
  • the server first reads and validates the existing account information from the client, then updates it with an (worst-case) estimate of the resources to be used. It again reads and validates the updated account information to verify the account information was successfully updated. If this second verification is successful AND the verified updated account information indicates completion of the operation will not exceed usage limits the operation is performed.
  • the account information may be checked against limits before the cookie is updated. Optionally, failed or cancelled operations can credit the user account.
  • a timestamp may be updated along with account information and server operations not performed unless the timestamp indicates the account information has been freshly updated. The mechanism may be thought of as “pay in advance”.
  • FIG. 0A Preferred Embodiment: Minimal Configuration (Single Server)
  • a single client is in communication with a single (web) server that performs both web transactions and any computations.
  • a single client is in communication with a single (web) server.
  • This primary server has one or more subsidiary servers that can be used to offload the primary server of computationally intensive tasks.
  • Communication between the primary server and it's subsidiaries need necessarily use the same protocols and formats of the communication between client and primary server.
  • the primary server may reformat the results from the subsidiary servers for presentation to the client.
  • FIG. 0C Internet Server combined with one or more Client-visible Computation Servers, Method Set C
  • a single client is at first in communication with a primary server that forwards the request to a computation server.
  • This computation server is responsible for validating the requested operation against Client-User account information and for formatting completed and error results for use in the Client-User application.
  • FIG. 0D Internet Server combined with one or more Client-visible Computation Servers, Method Set D
  • a single client is at first in communication with a primary server that validates the requested operation against Client-User account information and forwards successful requests to a computation server.
  • This computation server is responsible for formatting results for use in the Client-User application, but not for checking the account information.
  • FIG. 1 UI Disclaimer/Delay page
  • FIG. 2A UI Terms Declined page
  • FIG. 2B UI Sample user interface (account information has been successfully initialized)
  • FIG. 3 UI Sample user interface (data saved is being saved, to be followed by request for operation)
  • FIG. 4A UI Usage limits exceeded, operation not performed
  • FIG. 4B UI Account information successfully updated and within allowed limits, operation in progress. . .
  • FIG. 5 UI Operation complete
  • the present invention principally achieves its objective of semi-securely storing account information on the client by a mechanism that may be summarized as “pay-in-advance”:
  • an account “cookie” is maintained in the browser which is modified in advance of performing an action subject to account limit(s), rather than afterwards.
  • a timestamp is encoded in the cookie data that will expire within a few seconds of when the cookie is first sent to the browser (the few second limit is to allow for network congestion and possible user interaction in accepting the cookie).
  • the (simplified) normal sequence is 1) request operation, 2) update account cookie as if operation had been completed, 3) redirect browser to new URL (which causes retransmission of cookie) 4) compare newly updated cookie against account and staleness limits, 5) if OK, process operation. It is possible that the operation could fail through no fault of the user, and in such case the account information could be credited to reflect such failure. Though this feature is not implemented in the attached listings, what is required is to simply decrement “usage” and send the adjusted cookie along with the failure notification page.
  • FIG. 0A An example client user interface demonstrating the disclosed methods in the simplest case (Single Server, FIG. 0A) and using an HTTP and Java-compatible web browser is attached in the drawings (FIG. 1- 5 ) and described below.
  • the user interface happens to be that of a PCB impedance extractor, but the particulars of the computation to be performed and the user interface are irrelevant.
  • the user interface appears essentially the same for all four illustrated embodiments (FIG. 0 a - 0 d ), although the underlying methods vary.
  • step 0 See FIG. 1 and FIG. 0A, step 0
  • account information is initialized (in this example, such information is stored in a “cookie”) on the client machine. See FIG. 0A, steps 1 & 2. If storage of the account information is not successful, the interface returns to 1).
  • the full user interface is shown. See FIG. 2B and FIG. 0A, step 3.
  • the example interface uses a Java applet for user input with HTML output but which could be just as easily implemented using a purely Java, HTML or XML interface.
  • This interface is composed of normal browser/applet elements (pull-down menus, buttons, text fields, etc.) and capabilities.
  • server computation is initiated. See FIG. 0A, step 4. In this example, “Execute” is clicked.
  • Data is saved on the server.
  • An optional message, or messages is/are displayed while the data is saved.
  • “Saving data . . .” is displayed in a dialog box and in the browser status line until the data has been successfully saved. See FIG. 3.
  • a new page is displayed (in the preferred embodiment, this page is displayed/opened in a separate window) indicating that “Processing . . . ” is taking place, accompanied by updated account information (in a “cookie”) and an implicit (“refresh”) request to direct the Client-User application to fetch a new page. See FIG. 4B and FIG. 0A, step 5.
  • the results window is refreshable by the user without reinitiating computation, because the results have been saved in a file. See FIG. 5.
  • the Client-User directly retrieves the disclaimer/registration page, or attempts to retrieve a page containing an interface to a Computational Resource under control by disclosed Server methods, and is redirected to the disclaimer/registration page because of the lack of a valid account cookie.
  • a disclaimer page serves only the legal function of informing a potential user of contractual obligations required to obtain access to the software used.
  • such pages serve a second purpose as a “delay” page—a mechanism that requires the user to do something inconvenient in order to create a new account in those situations where Server access is not controlled by passwords or unique identification. If unique identification or passwords are used such delay may be unnecessary.
  • the attached listings demonstrate a mechanism of delaying 15 seconds, however, the delay is actually measured from when the disclaimer page was generated, rather than simply being fixed.
  • a timestamp (“token”) is generated and transmitted with the disclaimer page with said timestamp being returned when the form is submitted. This allows the disclaimer page to hide the download time of the applet—so the delay effectively runs concurrently with any download time (such as a large jar file).
  • a new account cookie is created and transmitted in an HTTP header along with a Location: redirect to the user interface page (ci.pl, CrossSection.jar) for the controlled resource (in the attached diagrams, a 2D PCB Impedance Calculator).
  • a Client-User cannot directly access this page without a valid account cookie because said page is generated from a script that checks for the presence of a valid account cookie.
  • a single web Server handles all transactions with the Client (although secondary graphics or advertising may be stored on Servers located elsewhere in the Internet).
  • the Server contains methods to execute the following steps.
  • Client-User may use it as any ordinary interactive interface (HTML, Java, JavaScript, etc.) up to the point where an operation is requested that uses a Server resource subject to limits controlled by the methods of the present invention.
  • the data needed to complete the operation may be separately submitted via a CGI/RMI HTTP (etc.) form and saved in a temporary file (save.pl), identified by the unique ID stored in the account cookie.
  • a calculation using this saved data is then requested (calculate.pl).
  • An “Operation in progress” message may optionally be part of this preliminary result page, and is, in fact, a reason this step is separate from the step that follows (getresults.pl).
  • Steps 4 and 5 may be combined into a single step.
  • Java does not have a cookie mechanism, but some browsers have a connection between Java and JavaScript that allows Java applets to set cookies, and this is a possible alternative implementation.
  • the Client-User application acts upon the redirection request and fetches the named page (getresults.pl).
  • the request is normally accompanied by updated account information from the previous step. If a results file already exists that corresponds to the updated account information, that results file is processed into a form suitable for display to the Client-User.
  • results file is not present, but the account information is present, valid, fresh (good timestamp) and indicates that the operation is within account limits, the operation is performed and a results file is created. Then the results file is processed as returned to the Client-User (as in the previous paragraph).
  • Embodiment 0A differs from Embodiment 0A in that the actual restricted computation is performed on a different server from the server communicating with the Client, that is, the primary Server accepts data and then chooses one-of-N (at least one) Private Computation Servers to execute the actual core computation.
  • the primary Server script forwards (and may modify) all Client-submitted information to the one-of-N Private Computation Servers and forwards (and may modify) any results from Computation Server to Client. This difference between 0A and 0B occurs at step 7.
  • the algorithm by which the one-of-N servers is chosen is a known art, and may be a simple round-robin selection, or a round-robin whereby busy servers are skipped over in favor of the next available server.
  • the original implementation consisted of two different Servers.
  • the primary server was running just a web server, the other was running a web server plus a field extraction CAD package.
  • Account management was performed by the Primary Server with the computationally intensive field extraction performed on the second server.
  • the information was packaged by the Primary Server into a form and submitted via an HTTP POST mechanism to a CGI script running on the second (computation) Server. That second server script converted the form data into a batch job for the CAD package and returned (formatted) results to the Primary (web) Server.
  • the Primary Server contained methods that used semaphores to sequentially process a multiplicity of simultaneous, independent Client-User requests.
  • Embodiment 0A differs from Embodiment 0A in that the actual limited computation is performed on a different server from the primary Server, but also differs from Embodiment 0B in that both the Primary Server and each Computation Server are visible to, and communicate with the Client.
  • Embodiment 0C differs from 0A and 0B at step 7.
  • Client-User data is forwarded to one-of-N computation servers chosen by possibly similar means and possibly similar mechanisms as in 0B, but then the Client-User application is forwarded to retrieve results directly from the selection computation server.
  • An additional method not present in 0A or 0B must exist—the Client is authenticated to the Computation Server by a match between the Client-User account information and the data that was separately forwarded from the Primary Server and stored on the selected Computation Server.
  • Embodiment 0D differs from 0A, 0B and 0C at step 4-7. More than just computation is offloaded to each Computation Server in embodiment 0D.
  • the Primary Server forwards that request to one of the N Computation Servers, chosen by means (e.g. round-robin) similar to 0B and 0C. All further processing is performed by the Computation Server (as per 0A, steps 5-7), including methods for

Abstract

Systems, methods and computer media instructions are disclosed that enable the storage or caching of server account information by a client application, such as a web browser with the ability to store “cookies”. The account information is used to control access to server resources. Server methods update, then verify client-stored account information before beginning an operation and optionally credit the account for cancelled or failed operations. The account is preferably stored encrypted or obfuscated to prevent user modification. Additional methods are disclosed for the use of a “sampling” database and/or log comparison to deter abuse of these systems, methods and instructions.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • Not Applicable [0001]
  • (Provisional Applications Filing: Ser. No. 60/173,604 Filing date: Dec. 29, 1999 and Ser. No. 60/174,697 Filing date: Jan. 6, 2000) [0002]
    • STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
  • Not Applicable [0003]
    • REFERENCE TO A MICROFICHE APPENDIX
  • A computer listing, 17 pages in length is attached in paper form. A microfiche version will be submitted within 10 days. [0004]
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention [0005]
  • This present invention relates to the field of client-server communications and more specifically to regulating use of a server by a client or clients. [0006]
  • 2. Description of Prior Art [0007]
  • Servers attached to a public data network such as the internet are capable of providing to Clients dynamically computed or selected data in addition to static graphics and textual material. Servers are a limited resource and their owners and managers often desire to limit or apportion their use among Clients. [0008]
  • A common mechanism is to require that each User of a Client be associated with a User ID which is mapped to a Client-User Account which has associated limits on resource utilization. Association with the Account may be established by Client-User submission of an identifier and password, or by other means such as completing a registration form, or clicking on a personalized link in an email, or simply using the Client-User's unique internet email address. The account information is usually kept in a database or file associated with the Server and not under control of the Client. This scheme has the following limitations. [0009]
  • 1. Additional disk and CPU resources are required to maintain a User Account Database. [0010]
  • 2. The User Account Database may become a performance bottleneck, particularly when multiple Servers are added to support a number of Clients, or when the Servers are geographically distributed or otherwise remote from the User Account Database. [0011]
  • As an alternative, User Account information can be stored in the Client (Client Storage). However, even if this account information is encrypted or obfuscated to inhibit manual editing, a User may be able to prevent it from being updated and so prevent the account information from accurately reflecting resource use. [0012]
  • Additional problems are created when Server resources are publicly usable (as is the case with a web server available on the public internet) or semi-publicly usable (as is the case with a web server attached to a corporate WAN or intranet with large numbers of users). Without some kind of unforgeable identifier, resource management is easily evaded. [0013]
  • The following books/documents provide relevant background and are incorporated by reference: [0014]
  • “CGI Programming on the World Wide Web”, Shishir Gundavaram, © 1996 O'Reilly & Associates, Inc. [0015]
  • “The Essential Client/Server Survival Guide, Second Edition”, Orfali, Harkey and Edwards, © 1996 John Wiley and Sons [0016]
  • “Programming Perl”, Larry Wall & Randal L Schwartz, © 1991 O'Reilly & Associates, Inc. and 2[0017] nd edition, Larry Wall, Tom Christiansen & Randal L. Schwartz, © 1996 O'Reilly & Associates, Inc.
  • “Java in a Nutshell, A Desktop Quick Reference for Java Programmers”, David Flanagan, © 1996 O'Reilly & Associates, Inc. and 2[0018] nd edition © 1997 O'Reilly & Associates, Inc.
  • “HTML: The Definitive Guide”, Musciano & Kennedy, © 1996 O'Reilly & Associates, Inc. [0019]
  • “JavaScript: The Definitive Guide, 2[0020] nd edition”, David Flanagan, © 1996-7 O'Reilly & Associates, Inc.
  • “Dynamic HTML: The Definitive Reference”, Danny Goodman, © 1998 O'Reilly & Associates, Inc. [0021]
  • RFC 1945 (HTTP 1.0)/2048 (HTTP 1.1)/etc., IETF (Internet Engineering Task Force) [0022]
  • RFC 1866 (HTML 2.0), IETF [0023]
  • HTML 3.2 and 4.0, W3C (World-Wide Web Consortium) [0024]
  • Pert MD5 library [0025]
  • As used in this document, the following words with capitalized first letters have special meanings: [0026]
  • A Computer includes any number and organization (cluster, array, etc.) of CPUs, memory/storage/communication devices, etc. and whose function includes the processing of information. [0027]
  • A Client is a Computer that is capable of accepting input from and providing output to a User. A Client may also be a Server. [0028]
  • A Server is a Computer that provides computational, data storage, communication or other services for at least one (and usually more than one) Client. A Server may also be a Client. [0029]
  • A User is an individual or process in control of an application or process executing on a Client (Client-User). One Client can have multiple Users. [0030]
  • A Network includes all proxy servers, gateways, routers, communication channels, cabling, etc. that comprise a communication medium between two Computers, such as a private, local network or a public network such as the internet. [0031]
  • A Unique Identifier is a token (a collection of letters, digits and other symbols) that with high probability (>99%) is uniquely associated with a single User. For example, a uniformly-chosen 64-bit random number is considered a Unique Identifier for the purposes of this definition, because the probability is very small (<1%) that two users could be assigned the same number. A Unique Identifier does not necessarily contain or point to personal information about the user, i.e., an anonymous user can be assigned a Unique Identifier. [0032]
  • A Browser is a Client program that at least a) accepts data in the form of a display list (e.g. HTML, XML, etc.) and b) wherein at least one of the interpretable display list elements is a “hyperlink” having the capability to “link” to display list data on Servers other than (and in addition to) that which provide the list containing the link. c) uses an intrinsically stateless, file-oriented protocol (e.g. HTTP, FTP, etc.) to retrieve objects named in the display list (e.g. GIF, JPG). Typical Browsers have many other capabilities in addition to these. The words “link” and “hyperlink” are standard terms of art within the field of HTML, HTTP and the WWW. [0033]
  • Form Structure Data are those elements of a fetched Browser display list (e.g. <FORM> tag and associated elements) that create corresponding form elements in which data can be entered and submitted to a Server (such submitted data is Form Data) [0034]
  • Related inventions: Montulli, U.S. Pat. No. 5,774,670 and White U.S. Pat. No. 6,049,877. [0035]
    • BRIEF SUMMARY OF THE INVENTION
  • Systems, methods and computer media instructions are disclosed that enable the storage or caching of server account information on a client by clients that have a mechanism for the storage and modification of named or enumerated server data. An example of such an application and mechanism would be a web browser with the ability to store “cookies”. Another example might be a web browser with the ability to install public-key encryption certificates (or both cookies and certificates). A less common example might be a graphical browser coupled with a second application that can save data at server instigation, such as an FTP server. The account information is used to limit user access to server resources. Storing account information on the client implies it need not be stored on the server (or, in some cases, that a smaller “auditing” database be used), thereby conserving server resources and scaling more easily to a multi-server system. [0036]
  • The account information may be stored on the client in an encrypted or obfuscated form to discourage user modification. To process a server operation subject to account limitations, the server first reads and validates the existing account information from the client, then updates it with an (worst-case) estimate of the resources to be used. It again reads and validates the updated account information to verify the account information was successfully updated. If this second verification is successful AND the verified updated account information indicates completion of the operation will not exceed usage limits the operation is performed. The account information may be checked against limits before the cookie is updated. Optionally, failed or cancelled operations can credit the user account. To prevent reuse of the account information, a timestamp may be updated along with account information and server operations not performed unless the timestamp indicates the account information has been freshly updated. The mechanism may be thought of as “pay in advance”. [0037]
  • Though the methods of the previous paragraph are highly inconvenient for a user to circumvent, they can be circumvented. Consequently, additional methods are disclosed for the optional use of a “sampling” database and/or for periodic multi-server usage log comparison to deter abuse of these systems, methods and instructions. [0038]
  • Further methods are disclosed for initializing the account information in such a way that is time-consuming and/or inconvenient so that a user cannot just delete the stored account information and start over. A simple delay is demonstrated, in conjunction with the (optional) presentation of a disclaimer. A registration form requiring significant data entry or even a quiz would be obvious alternatives to the preferred embodiment and within the scope of the attached claims. [0039]
  • It is therefore an object of the present invention to store information about Client-User use of Server resources on the Client (in Client Storage) so to be accessible to a single or multiplicity of Servers without requiring a central database. [0040]
  • It is a further object of the present invention to provide methods that use Client Storage in a manner that helps ensure the said Client-User usage information is up-to-date. [0041]
  • It is a still further object of the present invention to encode said Client-User usage information in such a manner that it cannot be forged or easily reused by the client. [0042]
  • It is a still further object of the present invention to disclose optional methods of auditing (sampling) Client-User usage information to help thwart sophisticated attacks on the integrity of the foregoing methods. [0043]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 0A Preferred Embodiment: Minimal Configuration (Single Server) [0044]
  • A single client is in communication with a single (web) server that performs both web transactions and any computations. [0045]
  • FIG. 0B Internet Server combined with one or more Private Computation Servers [0046]
  • A single client is in communication with a single (web) server. This primary server has one or more subsidiary servers that can be used to offload the primary server of computationally intensive tasks. Communication between the primary server and it's subsidiaries need necessarily use the same protocols and formats of the communication between client and primary server. In particular, the primary server may reformat the results from the subsidiary servers for presentation to the client. [0047]
  • FIG. 0C Internet Server combined with one or more Client-visible Computation Servers, Method Set C [0048]
  • A single client is at first in communication with a primary server that forwards the request to a computation server. This computation server is responsible for validating the requested operation against Client-User account information and for formatting completed and error results for use in the Client-User application. [0049]
  • FIG. 0D Internet Server combined with one or more Client-visible Computation Servers, Method Set D [0050]
  • A single client is at first in communication with a primary server that validates the requested operation against Client-User account information and forwards successful requests to a computation server. This computation server is responsible for formatting results for use in the Client-User application, but not for checking the account information. [0051]
  • The following are examples of a User Interface purely for the purposes of concrete illustration of how the described methods and systems might be presented to a User. [0052]
  • FIG. 1 UI: Disclaimer/Delay page [0053]
  • FIG. 2A UI: Terms Declined page [0054]
  • FIG. 2B UI: Sample user interface (account information has been successfully initialized) [0055]
  • FIG. 3 UI: Sample user interface (data saved is being saved, to be followed by request for operation) [0056]
  • FIG. 4A UI: Usage limits exceeded, operation not performed [0057]
  • FIG. 4B UI: Account information successfully updated and within allowed limits, operation in progress. . . [0058]
  • FIG. 5 UI: Operation complete [0059]
    • DETAILED DESCRIPTION OF THE INVENTION
  • Program listings for the methods here described are attached in the attached Listings, pages 1-17. These listings and the following description of the preferred embodiment may be phrased in terms of HTML, Java, Perl and HTTP, but straightforward conversion to other markup languages (including, but not limited to XHTML, XML, MathML, VRML, etc.) and programming languages is anticipated. [0060]
  • The present invention principally achieves its objective of semi-securely storing account information on the client by a mechanism that may be summarized as “pay-in-advance”: In the preferred embodiment, an account “cookie” is maintained in the browser which is modified in advance of performing an action subject to account limit(s), rather than afterwards. To prevent the same cookie from being resubmitted, a timestamp is encoded in the cookie data that will expire within a few seconds of when the cookie is first sent to the browser (the few second limit is to allow for network congestion and possible user interaction in accepting the cookie). The (simplified) normal sequence is 1) request operation, 2) update account cookie as if operation had been completed, 3) redirect browser to new URL (which causes retransmission of cookie) 4) compare newly updated cookie against account and staleness limits, 5) if OK, process operation. It is possible that the operation could fail through no fault of the user, and in such case the account information could be credited to reflect such failure. Though this feature is not implemented in the attached listings, what is required is to simply decrement “usage” and send the adjusted cookie along with the failure notification page. [0061]
  • An example client user interface demonstrating the disclosed methods in the simplest case (Single Server, FIG. 0A) and using an HTTP and Java-compatible web browser is attached in the drawings (FIG. 1-[0062] 5) and described below. The user interface happens to be that of a PCB impedance extractor, but the particulars of the computation to be performed and the user interface are irrelevant. The user interface appears essentially the same for all four illustrated embodiments (FIG. 0a-0 d), although the underlying methods vary.
  • 1) If the user has never visited before (i.e., has no valid account information), they are presented with a disclaimers/term of use page. [0063]
  • See FIG. 1 and FIG. 0A, [0064]   step 0
  • 2) If the user clicks “DECLINE” a regrets page is shown. See FIG. 2A (declined.html). [0065]
  • If the user clicks “ACCEPT”, account information is initialized (in this example, such information is stored in a “cookie”) on the client machine. See FIG. 0A, steps 1 & 2. If storage of the account information is not successful, the interface returns to 1). [0066]  
  • If the account information is successfully initialized, the full user interface is shown. See FIG. 2B and FIG. 0A, [0067]   step 3. The example interface uses a Java applet for user input with HTML output but which could be just as easily implemented using a purely Java, HTML or XML interface. This interface is composed of normal browser/applet elements (pull-down menus, buttons, text fields, etc.) and capabilities.
  • 3) After the user has selected appropriate input settings, server computation is initiated. See FIG. 0A, [0068] step 4. In this example, “Execute” is clicked.
  • Data is saved on the server. An optional message, or messages is/are displayed while the data is saved. In this example, “Saving data . . .” is displayed in a dialog box and in the browser status line until the data has been successfully saved. See FIG. 3. [0069]  
  • 4) After the data is saved, a new page is displayed (in the preferred embodiment, this page is displayed/opened in a separate window) indicating that “Processing . . . ” is taking place, accompanied by updated account information (in a “cookie”) and an implicit (“refresh”) request to direct the Client-User application to fetch a new page. See FIG. 4B and FIG. 0A, [0070] step 5.
  • 5) The browser automatically fetches the new page implicitly communicated in the previous step while echoing the updated account information (“cookie”) it received in the previous step. See FIG. 0A, [0071] step 6.
  • If the user's account information is invalid (missing, corrupt, inauthentic or obsolete), or the user has exceeded his quota for use of this resource, an error message (../../html/Stackup/overuse.html) is displayed and computation does not proceed. See FIG. 4A and FIG. 0A, step 7. [0072]  
  • If the user's account information is present, complete, authentic and timely and the requested operation is within the limits allowed in the user's account information, the operation is actually performed. During this time, a message such as FIG. 4A may be displayed. [0073]  
  • 6) The results of the computation are saved in a local file and formatted for return and display to the Client-User. [0074]
  • The results window is refreshable by the user without reinitiating computation, because the results have been saved in a file. See FIG. 5. [0075]  
  • Though the fundamental mechanisms and user interface appear similar across the four embodiments diagrammed in FIGS. [0076] 0A-0D, there are underlying differences. All embodiments show a Primary (web) Server (although in reality, there could easily be a plurality of such servers) that performs the following steps of account initialization and transmission of the user interface data:
  • 0) The Client-User directly retrieves the disclaimer/registration page, or attempts to retrieve a page containing an interface to a Computational Resource under control by disclosed Server methods, and is redirected to the disclaimer/registration page because of the lack of a valid account cookie. [0077]
  • Ordinarily, a disclaimer page serves only the legal function of informing a potential user of contractual obligations required to obtain access to the software used. In the preferred embodiment, however, such pages serve a second purpose as a “delay” page—a mechanism that requires the user to do something inconvenient in order to create a new account in those situations where Server access is not controlled by passwords or unique identification. If unique identification or passwords are used such delay may be unnecessary. The attached listings (acceptdecline.pl) demonstrate a mechanism of delaying 15 seconds, however, the delay is actually measured from when the disclaimer page was generated, rather than simply being fixed. To achieve this a timestamp (“token”) is generated and transmitted with the disclaimer page with said timestamp being returned when the form is submitted. This allows the disclaimer page to hide the download time of the applet—so the delay effectively runs concurrently with any download time (such as a large jar file). [0078]  
  • 1-3) If the Client-User submits the form via the Accept button, a new account cookie is created and transmitted in an HTTP header along with a Location: redirect to the user interface page (ci.pl, CrossSection.jar) for the controlled resource (in the attached diagrams, a 2D PCB Impedance Calculator). As mentioned above, a Client-User cannot directly access this page without a valid account cookie because said page is generated from a script that checks for the presence of a valid account cookie. [0079]
  • If the Client-User clicks Decline, they are forwarded to a regrets page and no account cookie is sent. [0080]  
  • Once, an account cookie has been created and the user interface presented to the Client-User, subsequent steps differ between the 4 embodiments. [0081]
    • Embodiment 0A
  • In the preferred embodiment, a single web Server handles all transactions with the Client (although secondary graphics or advertising may be stored on Servers located elsewhere in the Internet). The Server contains methods to execute the following steps. [0082]
  • 4) Once the Client-User has access to the computational resource interface, they may use it as any ordinary interactive interface (HTML, Java, JavaScript, etc.) up to the point where an operation is requested that uses a Server resource subject to limits controlled by the methods of the present invention. In that case, the data needed to complete the operation may be separately submitted via a CGI/RMI HTTP (etc.) form and saved in a temporary file (save.pl), identified by the unique ID stored in the account cookie. [0083]
  • 5) A calculation using this saved data is then requested (calculate.pl). The Server returns a preliminary result page for this form submission that includes an updated account cookie and a redirection request (e.g. META REFRESH=) to the page that actually performs the calculation (getresults.pl). An “Operation in progress” message may optionally be part of this preliminary result page, and is, in fact, a reason this step is separate from the step that follows (getresults.pl). [0084]
  • Steps [0085]   4 and 5 (save.pl and calculate.pl) may be combined into a single step. In a pure HTML interface, this would be likely, however, the example interface uses a mixture of Java and HTML and so it is useful to separate file saving, for which access to cookies is not necessary, from computation, which requires that cookies be set. Java does not have a cookie mechanism, but some browsers have a connection between Java and JavaScript that allows Java applets to set cookies, and this is a possible alternative implementation.
  • 6-7) The Client-User application acts upon the redirection request and fetches the named page (getresults.pl). The request is normally accompanied by updated account information from the previous step. If a results file already exists that corresponds to the updated account information, that results file is processed into a form suitable for display to the Client-User. [0086]
  • If a results file is not present, but the account information is present, valid, fresh (good timestamp) and indicates that the operation is within account limits, the operation is performed and a results file is created. Then the results file is processed as returned to the Client-User (as in the previous paragraph). [0087]  
  • If a results file is not present, and the account information is missing, invalid or stale (bad timestamp) the operation is not performed and an optional error message is returned. If the account information is otherwise valid but indicates the user has exceeded their account limits, an overuse page is returned. [0088]  
    • Embodiment 0B
  • This embodiment differs from Embodiment 0A in that the actual restricted computation is performed on a different server from the server communicating with the Client, that is, the primary Server accepts data and then chooses one-of-N (at least one) Private Computation Servers to execute the actual core computation. The primary Server script forwards (and may modify) all Client-submitted information to the one-of-N Private Computation Servers and forwards (and may modify) any results from Computation Server to Client. This difference between 0A and 0B occurs at step 7. [0089]
  • The algorithm by which the one-of-N servers is chosen is a known art, and may be a simple round-robin selection, or a round-robin whereby busy servers are skipped over in favor of the next available server. [0090]
  • In the illustrated example, the original implementation consisted of two different Servers. The primary server was running just a web server, the other was running a web server plus a field extraction CAD package. Account management was performed by the Primary Server with the computationally intensive field extraction performed on the second server. The information was packaged by the Primary Server into a form and submitted via an HTTP POST mechanism to a CGI script running on the second (computation) Server. That second server script converted the form data into a batch job for the CAD package and returned (formatted) results to the Primary (web) Server. Additionally, because the second Server could only perform one extraction at a time, the Primary Server contained methods that used semaphores to sequentially process a multiplicity of simultaneous, independent Client-User requests. [0091]
    • Embodiment 0C
  • This embodiment also differs from Embodiment 0A in that the actual limited computation is performed on a different server from the primary Server, but also differs from Embodiment 0B in that both the Primary Server and each Computation Server are visible to, and communicate with the Client. Embodiment 0C differs from 0A and 0B at step 7. [0092]
  • In embodiment 0C, Client-User data is forwarded to one-of-N computation servers chosen by possibly similar means and possibly similar mechanisms as in 0B, but then the Client-User application is forwarded to retrieve results directly from the selection computation server. This requires that each computation server have methods for communicating with the Client (e.g. must be a web server), and must have methods to reformat computation results for display on Client . An additional method not present in 0A or 0B must exist—the Client is authenticated to the Computation Server by a match between the Client-User account information and the data that was separately forwarded from the Primary Server and stored on the selected Computation Server. [0093]
    • Embodiment 0D
  • The topology for this embodiment is identical to 0C and as with 0C the actual limited computations are performed on separate Computation Server(s) that are visible to, and communicate with, the Client. Embodiment 0D differs from 0A, 0B and 0C at step 4-7. More than just computation is offloaded to each Computation Server in embodiment 0D. [0094]
  • In embodiment 0D, when the client submits calculation data (step 4), the Primary Server forwards that request to one of the N Computation Servers, chosen by means (e.g. round-robin) similar to 0B and 0C. All further processing is performed by the Computation Server (as per 0A, steps 5-7), including methods for [0095]
  • 1) accepting and storing the Client data directly from Client [0096]
  • 2) authenticating and updating the Client-User account information. [0097]
  • 3) checking updated Client-User account information to make sure requested operation is within limits. [0098]
  • 4) (optionally) formatting Client data for processing and post-processing data for display by Client-User application. [0099]
  • A hybrid between 0C and 0D is possible in which steps 4 and 5 are identical to 0C, but then the Primary Server forwards the saved Client data to the chosen one-of-N Computation Servers, which authenticates the updated account information and performs the requested operation. [0100]
    Figure US20020007409A1-20020117-P00001
    Figure US20020007409A1-20020117-P00002
    Figure US20020007409A1-20020117-P00003
    Figure US20020007409A1-20020117-P00004
    Figure US20020007409A1-20020117-P00005
    Figure US20020007409A1-20020117-P00006
    Figure US20020007409A1-20020117-P00007
    Figure US20020007409A1-20020117-P00008
    Figure US20020007409A1-20020117-P00009
    Figure US20020007409A1-20020117-P00010
    Figure US20020007409A1-20020117-P00011
    Figure US20020007409A1-20020117-P00012
    Figure US20020007409A1-20020117-P00013
    Figure US20020007409A1-20020117-P00014
    Figure US20020007409A1-20020117-P00015
    Figure US20020007409A1-20020117-P00016
    Figure US20020007409A1-20020117-P00017

Claims (10)

What is claimed is:
1. A method of limiting server use by a client, said method comprising the steps of:
a) Said client transmitting a request for a file or action (script) from said server, said request accompanied by valid client state information,
b) Said server examining said client state information and redirecting client to a new file or action (script) accompanied by new client state information,
c) Said client transmitting a new request for said new file or action (script), accompanied by one of i) the said new client state information, ii) the original client state information or iii) no client state information,
d) Said server verifying that said client state information accompanying said new request is the said new client state information and verifying that said client state information accompanying said new request is within acceptable limits to proceed with said new request,
e) If said verification completely successful, said server fulfilling either i) said client request or ii) said client new request.
2. A method of limiting server use by a client, said method comprising the steps of:
a) Said client transmitting a request for a file or action (script) from said server, said request not accompanied by valid client state information,
b) Said server determining that said request is not accompanied by said valid client state information and redirecting client to a new file or action (script) accompanied by valid client state information after a human-significant (>1 second) delay,
c) Said client transmitting a new request for said new file or action (script), accompanied by one of i) the said new client state information, ii) the original client state information or iii) no client state information,
d) Said server verifying that said client state information accompanying said new request is the said new client state information and verifying that said client state information accompanying said new request is within acceptable limits to proceed with said new request,
e) If said verification completely successful, said server fulfilling either i) said client request or ii) said client new request.
3. A method of limiting server use by a client, said method comprising the steps of:
a) Said client transmitting a request for a file or action (script) from said server, said request not accompanied by valid client state information,
b) Said server determining that said request is not accompanied by said valid client state information and redirecting client to a form accompanied by valid client state information, said form containing information about said client's said request,
c) A user of said client completing said form and submitting to said server, accompanied by one of i) the said new client state information, ii) the original client state information or iii) no client state information,
d) Said server verifying that said client state information accompanying said submitted form is the said new client state information and verifying that said client state information accompanying said new submitted form is within acceptable limits to proceed with said request,
e) lf said verification completely successful, said server fulfilling either i) said client request or ii) said client new request.
4. The method of claim 1,2 or 3, comprising the additional step of:
a) If said verification not completely successful, said server optionally returning at least one of i) an error file or ii) a redirection to an error message file or action (script).
5. The method of claim 4 comprising the additional step of:
a) Said server returning said error file or said redirection accompanied by further modified client state information, said further modified client state information reflecting a “credit” for that portion of the requested operation not completed.
6. The methods of claim 1,2, 3, 4 or 5 where additionally all client state information is i) encoded before transmission to said client by means obscure to said client or ii) encrypted using a key not known to nor discoverable by said client, or iii) both i) and ii).
7. A method of limiting server use by a client, said method comprising the steps of:
a) Said client transmitting a request for a file or script from said server,
b) Said server requesting state information from said client,
c) Said client transmitting said state information,
d) Said server modifying said state information and transmitting said modified state information to said client,
e) Said client optionally replacing original state information with said modified state information,
f) Said server requesting state information from said client,
g) Said client transmitting either said modified state information or some other state information,
h) Said server verifying that said client state information is the modified client state information and verifying that said modified client state information is within acceptable limits to proceed with said request, If not, skip to step j)
i) Said server fulfills said client request (method completion 1)
j) Said server returns an error message or redirects said client to request an error message file (method completion 2).
8. A network of computer systems comprising:
a) a client system having a client processor and a client computer readable medium coupled to said client processor, said client computer readable medium containing program instructions for receiving a state object which specifies state information and for storing said state object on said client computer readable medium;
b) a server system having a server processor and a server computer readable medium coupled to said server processor, said server system coupled to said client system through a network medium, said server computer readable medium containing program instructions i) for transmitting a file from said server system to said client system and/or executing a process at client request, ii) for transmitting said state object to said client system, iii) for updating server usage information in said state object and verifying the update has been accepted by client before client's request to transmit certain files or execute certain processes is fulfilled.
9. The methods of claims 1, 2, 3, 4, 5, 6 or 7, where said new client state information additionally contains a timestamp, said timestamp being used by said server to determine if said new client information has been recently updated and said server rejecting as invalid any said new client information that is deemed too old and declining to fulfill said client request or said new client request.
10. A computer readable medium, containing executable program instructions for performing a method comprising the methods of 1, 2, 3, 4, 5, 6, 7 or 9.
US09/756,157 1999-12-29 2001-01-06 Methods and apparatus for sharing computational resources Expired - Fee Related US6970904B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/756,157 US6970904B1 (en) 1999-12-29 2001-01-06 Methods and apparatus for sharing computational resources

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US17360499P 1999-12-29 1999-12-29
US17469700P 2000-01-06 2000-01-06
US09/756,157 US6970904B1 (en) 1999-12-29 2001-01-06 Methods and apparatus for sharing computational resources

Publications (2)

Publication Number Publication Date
US20020007409A1 true US20020007409A1 (en) 2002-01-17
US6970904B1 US6970904B1 (en) 2005-11-29

Family

ID=27390293

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/756,157 Expired - Fee Related US6970904B1 (en) 1999-12-29 2001-01-06 Methods and apparatus for sharing computational resources

Country Status (1)

Country Link
US (1) US6970904B1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020083171A1 (en) * 2000-12-22 2002-06-27 Hoogenboom Peter J. System and method of application input validation
US20050240864A1 (en) * 2004-04-23 2005-10-27 Kalev Leetaru Method and system for retrieving information using an authentication web page
US20050240869A1 (en) * 2004-04-23 2005-10-27 Kalev Leetaru Method and system for editable web browsing
US7076763B1 (en) * 2000-04-24 2006-07-11 Degroote David Glenn Live component system
US7117255B1 (en) * 2000-02-07 2006-10-03 Fujitsu Limited Server with mechanism for preventing double registration of information provided by client browser
US20080294781A1 (en) * 2007-05-23 2008-11-27 Heather Maria Hinton Method and system for global logoff from a web-based point of contact server
US8621091B1 (en) * 2011-12-15 2013-12-31 Google Inc. System and method for synchronizing settings and state information for a browser component
CN104641386A (en) * 2012-06-21 2015-05-20 汤姆逊许可公司 Method and apparatus for obfuscating user demographics
US11599369B1 (en) * 2018-03-08 2023-03-07 Palantir Technologies Inc. Graphical user interface configuration system

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084302A1 (en) * 2001-10-29 2003-05-01 Sun Microsystems, Inc., A Delaware Corporation Portability and privacy with data communications network browsing
US7275260B2 (en) 2001-10-29 2007-09-25 Sun Microsystems, Inc. Enhanced privacy protection in identification in a data communications network
US20030084172A1 (en) * 2001-10-29 2003-05-01 Sun Microsystem, Inc., A Delaware Corporation Identification and privacy in the World Wide Web
US7380280B2 (en) * 2002-09-13 2008-05-27 Sun Microsystems, Inc. Rights locker for digital content access control
US7240365B2 (en) * 2002-09-13 2007-07-03 Sun Microsystems, Inc. Repositing for digital content access control
US7398557B2 (en) * 2002-09-13 2008-07-08 Sun Microsystems, Inc. Accessing in a rights locker system for digital content access control
US7913312B2 (en) 2002-09-13 2011-03-22 Oracle America, Inc. Embedded content requests in a rights locker system for digital content access control
US20040059913A1 (en) * 2002-09-13 2004-03-25 Sun Microsystems, Inc., A Delaware Corporation Accessing for controlled delivery of digital content in a system for digital content access control
US20040059939A1 (en) * 2002-09-13 2004-03-25 Sun Microsystems, Inc., A Delaware Corporation Controlled delivery of digital content in a system for digital content access control
US7363651B2 (en) 2002-09-13 2008-04-22 Sun Microsystems, Inc. System for digital content access control
US7512972B2 (en) 2002-09-13 2009-03-31 Sun Microsystems, Inc. Synchronizing for digital content access control
US7305470B2 (en) * 2003-02-12 2007-12-04 Aol Llc Method for displaying web user's authentication status in a distributed single login network
US20070288466A1 (en) * 2006-05-02 2007-12-13 Mypoints.Com Inc. System and method for evenly distributing data across a distributed member architecture utilizing a home silo
US7991957B2 (en) * 2008-05-27 2011-08-02 Microsoft Corporation Abuse detection using distributed cache
US20110208840A1 (en) * 2010-02-22 2011-08-25 Lee Blackman Cookie alert

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5961601A (en) * 1996-06-07 1999-10-05 International Business Machines Corporation Preserving state information in a continuing conversation between a client and server networked via a stateless protocol
US5991802A (en) * 1996-11-27 1999-11-23 Microsoft Corporation Method and system for invoking methods of objects over the internet
US6049877A (en) * 1997-07-16 2000-04-11 International Business Machines Corporation Systems, methods and computer program products for authorizing common gateway interface application requests
US6225995B1 (en) * 1997-10-31 2001-05-01 Oracle Corporaton Method and apparatus for incorporating state information into a URL
US6324568B1 (en) * 1999-11-30 2001-11-27 Siebel Systems, Inc. Method and system for distributing objects over a network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system
US5774670A (en) * 1995-10-06 1998-06-30 Netscape Communications Corporation Persistent client state in a hypertext transfer protocol based client-server system
US5745681A (en) * 1996-01-11 1998-04-28 Sun Microsystems, Inc. Stateless shopping cart for the web
US6205479B1 (en) * 1998-04-14 2001-03-20 Juno Online Services, Inc. Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5961601A (en) * 1996-06-07 1999-10-05 International Business Machines Corporation Preserving state information in a continuing conversation between a client and server networked via a stateless protocol
US5991802A (en) * 1996-11-27 1999-11-23 Microsoft Corporation Method and system for invoking methods of objects over the internet
US6049877A (en) * 1997-07-16 2000-04-11 International Business Machines Corporation Systems, methods and computer program products for authorizing common gateway interface application requests
US6225995B1 (en) * 1997-10-31 2001-05-01 Oracle Corporaton Method and apparatus for incorporating state information into a URL
US6324568B1 (en) * 1999-11-30 2001-11-27 Siebel Systems, Inc. Method and system for distributing objects over a network

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117255B1 (en) * 2000-02-07 2006-10-03 Fujitsu Limited Server with mechanism for preventing double registration of information provided by client browser
US8504988B2 (en) 2000-04-24 2013-08-06 Duiloe Mgmt. Limited Liability Company Live component authoring system
US7076763B1 (en) * 2000-04-24 2006-07-11 Degroote David Glenn Live component system
US20060184915A1 (en) * 2000-04-24 2006-08-17 Degroote David G Live component authoring system
US6874025B2 (en) * 2000-12-22 2005-03-29 Intel Corporation System and method of application input validation
US20020083171A1 (en) * 2000-12-22 2002-06-27 Hoogenboom Peter J. System and method of application input validation
US20050240864A1 (en) * 2004-04-23 2005-10-27 Kalev Leetaru Method and system for retrieving information using an authentication web page
US20050240869A1 (en) * 2004-04-23 2005-10-27 Kalev Leetaru Method and system for editable web browsing
US7716352B2 (en) * 2004-04-23 2010-05-11 The Board Of Trustees Of The University Of Illinois Method and system for retrieving information using an authentication web page
US20080294781A1 (en) * 2007-05-23 2008-11-27 Heather Maria Hinton Method and system for global logoff from a web-based point of contact server
US9800614B2 (en) 2007-05-23 2017-10-24 International Business Machines Corporation Method and system for global logoff from a web-based point of contact server
US8621091B1 (en) * 2011-12-15 2013-12-31 Google Inc. System and method for synchronizing settings and state information for a browser component
CN104641386A (en) * 2012-06-21 2015-05-20 汤姆逊许可公司 Method and apparatus for obfuscating user demographics
US11599369B1 (en) * 2018-03-08 2023-03-07 Palantir Technologies Inc. Graphical user interface configuration system

Also Published As

Publication number Publication date
US6970904B1 (en) 2005-11-29

Similar Documents

Publication Publication Date Title
US6970904B1 (en) Methods and apparatus for sharing computational resources
US6343323B1 (en) Resource retrieval over a source network determined by checking a header of the requested resource for access restrictions
US9282088B2 (en) Request authentication token
US5991878A (en) Controlling access to information
US9641594B2 (en) Generic download and upload functionality in a client/server web application architecture
US8959336B1 (en) Securing locally stored web-based database data
US6338096B1 (en) System uses kernals of micro web server for supporting HTML web browser in providing HTML data format and HTTP protocol from variety of data sources
US7143143B1 (en) System and method for distributed caching using multicast replication
US6049877A (en) Systems, methods and computer program products for authorizing common gateway interface application requests
US5875296A (en) Distributed file system web server user authentication with cookies
US6275937B1 (en) Collaborative server processing of content and meta-information with application to virus checking in a server network
US6633915B1 (en) Personal information management apparatus and customizing apparatus
US9158845B1 (en) Reducing latencies in web page rendering
US7467233B2 (en) Edge side components and application programming environment for building and delivering highly distributed heterogenous component-based web applications
US7523219B2 (en) Method and apparatus for affinity of users to application servers
US7926093B2 (en) System and method for secure configuration of sensitive web services
US8214510B2 (en) Maintaining state information on a client
US20050188048A1 (en) Systems and methods for processing dynamic content
US20030236862A1 (en) Method and system for determining receipt of a delayed cookie in a client-server architecture
WO2006088922A9 (en) Proxy server caching
US20070220000A1 (en) Universal Cache
US7328222B2 (en) Method and apparatus for preserving data coherency in a database by generating a command object that includes instructions for writing a data record to a local cache
US8103759B2 (en) Message redirection within a messaging infrastructure
US7558842B2 (en) Large file transfer in a design collaboration environment
US7275078B2 (en) Distributed web CGI architecture

Legal Events

Date Code Title Description
FPAY Fee payment

Year of fee payment: 4

REMI Maintenance fee reminder mailed
FPAY Fee payment

Year of fee payment: 8

SULP Surcharge for late payment

Year of fee payment: 7

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.)

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20171129