A method and apparatus for transferring state information between a server computer system and a client computer system. In one embodiment of the method, an http client requests a file, such as an html document, on an http server, and the http server transmits the file to the http client. In addition, the http server transmits a state object, which describes certain state information, to the http client. The http client stores the state object, and will typically send the state object back to the http server when making later requests for files on the http server. In a typical embodiment, the state object includes a domain attribute which specifies a domain or network address, and the state object is transmitted from the http client to a server only when the http client makes an http request to the server and the server is within the domain. In one embodiment, the apparatus includes a processor and memory and a computer readable medium which stores program instructions. In the case of the client system, the instructions specify operations such as receiving and storing the state information; in the case of the server system, the instructions specify operations such as sending the state information to a client system.
|
0. 26. A computer-implemented method performed by a hardware client system, the method comprising:
sending a first hypertext transfer protocol (http) request to a server system during a first browsing session, the first browsing session corresponding to a period of time during which a browser application is running on the client system;
receiving an http response from the server system, wherein the http response includes an http header, the http header specifying a “Set-Cookie:” text string and including:
a name-value pair;
a domain attribute that specifies a domain for which the name-value pair is valid,
a path attribute that specifies a range of uniform resource locators (URLs) for which the name-value pair is valid in the domain, and
an expiration attribute that specifies a valid life time for the name-value pair;
storing the name-value pair on the client system such that the name-value pair is related to at least the domain attribute and the path attribute;
subsequently, determining whether the name-value pair is valid for a URL of a second http request by the client system made during a second browsing session, the second browsing session corresponding to a period of time during which a browser application is running on the client system and differing from the first browsing session, wherein determining whether the name-value pair is valid comprises comparing the URL to the domain attribute and the path attribute, and determining whether the second http request is made at a time within the valid life time; and
when the name-value pair is determined to be valid, transmitting the name-value pair within an http header in the second http request according to a “Cookie: NAME=VALUE” format.
0. 31. A client system, comprising:
a processing system comprising one or more processors;
a memory comprising one or more computer-readable media, the memory containing computer instructions that, when executed by the processing system, cause the client system to perform the operations of:
sending a first hypertext transfer protocol (http) request to a server system during a first browsing session, the first browsing session corresponding to a period of time during which a browser application is running on the client system;
receiving, in response to the first http request, an http response from the server system, wherein the http response includes an http header that specifies a “Set-Cookie:” text string and includes:
a name-value pair;
a domain attribute that specifies a domain for which the name-value pair is valid,
a path attribute that specifies a range of uniform resource locators for which the name-value pair is valid in the domain, and
an expiration attribute that specifies a valid life time for the name-value pair;
storing, in memory, the name-value pair;
sending a second http request to the server system, during a second browsing session, the second browsing session corresponding to a period of time during which a browser application is running on the client system and differing from the first browsing session, wherein the second http request specifies a domain and a resource; and
including the name-value pair in an http header in the second http request according to a “Cookie: NAME=VALUE” format only if:
the domain specified by the second http request is within the domain specified by the domain attribute,
the resource specified by the second http request is within the path specified by the path attribute, and
ullispecified by the expiration attribute.
0. 7. A computer-implemented method performed by a hardware server system, comprising:
receiving, at the server system, a hypertext transfer protocol (http) request from a client;
responding to the http request by transmitting an http response to the client wherein the http response includes an http header, the http header including at least one set-cookie instruction specified by a “Set-Cookie:” text string, wherein the set-cookie instruction includes:
a name-value pair, the name-value pair specifying an assignment of a particular value to a particular name and being specified in the set-cookie instruction by a text string in a “NAME=VALUE” format; and
attribute information, wherein the attribute information specifies criteria to enable the client to determine whether to return the name-value pair to the server system with a subsequent http request and wherein the attribute information includes:
a domain attribute that specifies a domain for which the name-value pair is valid, the domain being specified in the set-cookie instruction as a text string in a “domain=DOMAIN” format;
a path attribute specifying a range of Uniform Resource Locators (URLs), in a domain of the server system, for which the name-value pair is valid, the path attribute being specified in the set-cookie instruction as a text string in a “path=PATH” format; and
an expiration attribute that specifies a valid life time for the name-value pair, the valid life time specifying the persistent storage of the name-value pair across one or more browser sessions, each browser session corresponding to a period during which a browser application is running on the client, and terminating on a specified date, the expiration attribute being specified in the set-cookie instruction as a text string in a “expires=DATE” format.
0. 34. A computer-implemented method performed by a hardware server system, comprising:
receiving, at the server system, a hypertext transfer protocol (http) request from a client for an html document;
responding to the http request by transmitting an http response to the client, wherein the http response includes the requested html document and an http header, the http header including at least one set-cookie instruction specified by a “Set-Cookie:” text string, wherein the set-cookie instruction includes:
a name-value pair, the name-value pair specifying an assignment of a particular value to a particular name and being specified in the set-cookie instruction by a text string in a “NAME=VALUE” format, wherein the name-value pair includes information descriptive of the requested html document; and
attribute information, wherein the attribute information specifies criteria to enable the client to determine whether to return the name-value pair to the server system with a subsequent http request and wherein the attribute information includes:
a domain attribute that specifies a domain for which the name-value pair is valid, the domain being specified in the set-cookie instruction as a text string in a “domain=DOMAIN” format;
a path attribute specifying a range of Uniform Resource Locators (URLs), in a domain of the server system, for which the name-value pair is valid, the path attribute being specified in the set-cookie instruction as a text string in a “path=PATH” format; and
an expiration attribute that specifies a valid life time for the name-value pair, the valid life time specifying the persistent storage of the name-value pair across one or more browser sessions, each browser session corresponding to a period during which a browser application is running on the client, and terminating on a specified date, the expiration attribute being specified in the set-cookie instruction as a text string in a “expires=DATE” format.
0. 17. A computer-implemented server system, for use in a communications network, comprising:
a processing system comprising one or more processors; and
a memory comprising one or more computer readable media, wherein the memory stores computer instructions that, when executed by the processing system, cause the server system to perform the operations of:
receiving, from a client, a hypertext transfer protocol (http) request;
sending, in response to the http request, an http response, wherein the http response includes an http header that includes at least one set-cookie instruction specified by a “Set-Cookie:” text string, wherein the set-cookie instruction includes:
a name-value pair, the name-value pair specifying an assignment of a particular value to a particular name and being specified in the set-cookie instruction by a text string in a “NAME=VALUE” format; and
attribute information, wherein the attribute information specifies criteria to enable the client to determine whether to return the name-value pair to the server system with a subsequent http request and wherein the attribute information includes:
a domain attribute that specifies a domain for which the name-value pair is valid, the domain being specified in the set-cookie instruction as a text string in a “domain=DOMAIN” format;
a path attribute that specifies a range of uniform resource locators for which the name-value pair is valid in a domain of the server system, the path being specified in the set-cookie instruction as a text string in a “path=PATH” format; and
an expiration attribute that specifies a valid life time for the first name-value pair, the valid life time specifying the persistent storage of the name-value pair across one or more browser sessions, each browser session corresponding to a period during which a browser application is running on the client, and terminating on a specified date, the expiration attribute being specified in the set-cookie instruction as a text string in a “expires=DATE” format.
0. 1. A method for subscribing to an on-line information service, said method comprising the steps of:
requesting a first information service from an http server; and
transmitting a state object from a client computer system to said http server, said state object being stored on said client system and specifying user information to said http server.
0. 2. A method as in
0. 3. A method as in
requesting a second information service from said http server or an alternative http server;
transmitting said object to said http server or said alternative http server.
0. 4. A method as in
0. 5. A method of
0. 6. A method as in
0. 8. The method of claim 7, further comprising: receiving a subsequent http request from the client, wherein the subsequent http request includes the name-value pair, and using the received name-value pair to identify a user.
0. 9. The method of claim 8, wherein the http request is received by a first server in the server system within a domain; and wherein the subsequent http request is received by a second server in the server system within the domain, the second server being a different server from the first server.
0. 10. The method of claim 7, wherein the http header additionally includes a “secure” label indicating that the client should only send the name-value pair over a secure communication channel.
0. 11. The method of claim 7, wherein the name-value pair includes a user identifier.
0. 12. The method of claim 7, wherein the name-value pair includes information used by the server system to determine user preference information.
0. 13. A computer storage device storing a computer program that embodies the method of claim 7.
0. 14. The method of claim 7, wherein the name-value pair includes subscription information used by the server system to determine whether a user is authorized to access restricted content.
0. 15. The method of claim 7, wherein the name-value pair includes information used by the server system to associate a user with one or more items selected for purchase.
0. 16. The method of claim 7, wherein the http response includes html content.
0. 18. The server system of claim 17, wherein the memory further stores computer instructions for performing the operations of:
receiving a subsequent http request from the client, wherein the subsequent http request includes the name-value pair; and
using the received name-value pair to identify a user.
0. 19. The server system of claim 18, wherein the http request is received by a first server in the server system within a domain; and wherein the subsequent http request is received by a second server in the server system within the domain, the second server being a different server from the first server.
0. 20. The server system of claim 17, wherein the http header in the http response further includes a secure attribute that specifies that the name-value pair should be returned by the client in a subsequent http request only if the subsequent http request is made using a secure channel.
0. 21. The server system of claim 17, wherein the name-value pair includes a user identifier.
0. 22. The server system of claim 17, wherein the name-value pair includes subscription information used by the server system to determine whether a user is authorized to access restricted content.
0. 23. The server system of claim 17, wherein the name-value pair includes information used by the server system to associate a user with one or more items selected for purchase.
0. 24. The server system of claim 17, wherein the name-value pair includes information used by the server system to determine a user's preferences.
0. 25. The server system of claim 17, wherein the http response includes html content.
0. 27. The method of claim 26, wherein the http header in the http response additionally includes a “secure” label that specifies to the client system that the name-value pair should only be transmitted over a secure communication channel.
0. 28. The method of claim 26, further comprising, on the client system:
subsequent to storing the name-value pair on the client system, receiving a second http header from the server system, the second http header specifying a second name-value pair, a second domain attribute, and a second path attribute;
determining whether three conditions are met: (1) a name portion of the second name-value pair matches a name portion of the stored named-value pair, (2) the second domain attribute matches the domain attribute of the stored name-value pair, and (3) the second path attribute matches the path attribute of the stored name-value pair; and
when the three conditions are met, overwriting the stored name-value pair on the client system with the second name-value pair.
0. 29. A non-transitory computer-readable medium that stores a browser program which embodies the method of claim 26.
0. 30. The method of claim 26, further comprising:
determining whether the date specified by the expiration attribute is before a current date and deleting the name-value pair from memory when the date specified by the expiration attribute is before a current date.
0. 32. The client system of claim 31, wherein the memory further includes instructions for performing the operation of:
determining whether the date specified by the expiration attribute is before a current date and deleting the name-value pair from memory when the date specified by the expiration attribute is before a current date.
0. 33. The client system of claim 31, wherein:
the http header in the http response further includes a secure attribute that specifies that the name-value pair should be returned by the client system in a subsequent http request only if the subsequent http request is made using a secure channel; and
wherein sending the second http request to the server system further comprises:
including the name-value pair in the http header in the second http request only if the second http request is made using a secure channel.
|
This application is a divisional of U.S. patent application Ser. No. 08/540,342, filed Oct. 6, 1995, which is now U.S. Pat. No. 5,774,670, which issued on Jun. 30,1998.
This application is a reissue application of U.S. Pat. No. 6,134,592 granted Oct. 17, 2000 (application Ser. No. 08/918,977 filed Aug. 27, 1997), which is a divisional of U.S. Pat. No. 5,774,670 granted Jun. 30, 1998 (application Ser. No. 08/540,342, filed Oct. 6, 1995). Notice: More than one reissue application has been filed for the reissue of U.S. Pat. No. 6,134,592. The reissue applications of U.S. Pat. No. 6,134,592 are U.S. patent application Ser. No. 10/272,896 (the present application), as well as its divisional reissue applications including U.S. patent application Ser. Nos. 11/737,043, 11/737,042 and 11/737,055 all of which were filed on Apr. 18, 2007.
This invention relates to communication in a client-server computer systems. Specifically, the invention relates to client-server computer systems in which a server can send state information to a client and the client stores the state information for later retransmissions back to the server.
An important use of computers is the transfer of information over a network. Currently, the largest computer network in existence is the InterNet. The InterNet is a worldwide interconnection of computer networks that communicate using a common protocol. Millions of computers, from low end personal computers to high-end super computers are coupled to the InterNet.
The InterNet grew out of work funded in the 1960s by the U.S. Defense Department's Advanced Research Projects Agency. For a long time, InterNet was used by researchers in universities and national laboratories to share information. As the existence of the InterNet became more widely known, many users outside of the academic/research community (e.g., employees of large corporations) started to use InterNet to carry electronic mail.
In 1989, a new type of information system known as the World-Wide-Web (“the Web”) was introduced to the InterNet. Early development of the Web took place at CERN, the European Particle Physics Laboratory. The Web is a wide-area hypermedia information retrieval system aimed to give wide access to a large universe of documents. At that time, the Web was known to and used by the academic/research community only. There was no easily available tool which allows a technically untrained person to access the Web.
In 1993, researchers at the National Center for Supercomputing Applications (NCSA) released a Web browser called “Mosiac” that implemented a graphical user interface (GUI). Mosiac's graphical user interface was simple to learn yet powerful. The Mosiac browser allows a user to retrieve documents from the World-Wide-Web using simple point-and-click commands. Because the user does not have to be technically trained and the browser is pleasant to use, it has the potential of opening up the InterNet to the masses.
The architecture of the Web follows a conventional client-server model. The terms “client” and “server” are used to refer to a computer's general role as a requester of data (the client) or provider of data (the server). Under the Web environment, Web browsers reside in clients and Web documents reside in servers. Web clients and Web servers communicate using a protocol called “HyperText Transfer Protocol” (HTTP). A browser opens a connection to a server and initiates a request for a document. The server delivers the requested document, typically in the form of a text document coded in a standard Hypertext Markup Language (HTML) format, and when the connection is closed in the above interaction, the server serves a passive role, i.e., it accepts commands from the client and cannot request the client to perform any action.
The communication model under the conventional Web environment provides a very limited level of interaction between clients and servers. In many systems, increasing the level of interaction between components in the systems often makes the systems more robust, but increasing the interaction increases the complexity of the interaction and typically slows the rate of the interaction. Thus, the conventional Web environment provides less complex, faster interactions because of the Web's level of interaction between clients and servers.
In the conventional Web environment, clients do not retain information of a session after the session is closed. In many systems, the ability to retain information after the systems become inactive is crucial to the functioning of the systems. Thus, it is desirable to allow clients to have this ability.
The present invention involves a client-server system on a network in which a server can send state information to a client and the client stores the state information. The stored state information can later be sent back to the server at appropriate times. In this manner, the state of a client can be maintained in the client-server system where no state inherently exists in such a system.
One embodiment of the present invention is a network system for communicating documents containing information such as text and one or more images. The system comprises a first computer (i.e., a server) capable of sending such documents over a network such as the InterNet. The system also has a second computer (i.e., a client) which can request these documents or files from the server. After the requested documents are received, the client can display the documents. In accordance with the present invention, the server can send state information to the client when a document is sent. The client then stores the state information, which is typically in the form of a state object. In a subsequent request for documents to the server, the client can send the stored state information to the server.
In an embodiment of the invention, the server uses a hypertext transfer protocol (“http”) to communicate over the network with clients; such clients also communicate with the server using the hypertext transfer protocol. This server and these clients are referred to as an http server and http clients respectively. The server typically will include a server processor and a memory and a computer readable medium, such as a magnetic (“hard disk”) or optical mass storage device, and the computer readable medium of the server contains computer program instructions for transmitting the file from the server system to the client system and for transmitting the state object to the client system. The client typically will include a client processor and a memory and a computer readable medium, such as a magnetic or optical mass storage device, and the computer readable medium of the client contains computer program instructions for receiving the state object, which specifies the state information, from the server and for storing the state object at the client. The state object, in a typical embodiment, will include a name attribute, such as a domain attribute.
One of the applications of the present invention is an on-line shopping system. A customer can browse information delivered by a merchant server using a browser running on a client. The customer can also select products to be placed in a virtual shopping basket. The server then sends state information related to the selected products to the browser on the client for storage. When the customer wants to purchase the products in the virtual shopping basket, the browser sends the corresponding state information to a specified check-out Web page for processing.
Another application of the present invention is an “on-line” information service, such as a newspaper's Web server which includes articles or other information from the newspaper's subscription services. In one example, a newspaper or publishing company may have several different publications, each requiring a separate subscription fee which may differ among the different publications. A user of the information service may browse the different publications by making http requests, from the client's/user's computer system, to the publisher's Web server which responds with the requested publication and state information specifying the user's identification, and other subscription information (e.g., user registration and billing information) which allows the user to view the contents of the publication; this information is typically provided by the user at least once in a conventional log-on process. Thereafter, this information is included in the state information which is exchanged between the client and the server in the process of the invention. Accordingly, when the user, during the browsing process, desires to view another publication (e.g., from the same or different publisher) this state information will be transmitted back to the Web server to provide the necessary subscription information (thereby entitling the user to view the publication) without requiring the user to re-enter the necessary subscription information. In this manner, a user may browse from publication to publication on the Web server or a different Web server in the domain without having to re-enter, when seeking a new publication, the necessary subscription information.
These and other features of the present invention will be disclosed in the following description of the invention together with the accompanying drawings.
The objects, features, and advantages of the present invention will be apparent from the following detailed description of the preferred embodiment of the invention with references to the following drawings.
Methods and apparatuses for maintaining state information in a client-server based computer network system are disclosed. The following description is presented to enable any person skilled in the art to make and use the invention. For purposes of explanation, specific nomenclature is set forth to provide a thorough understanding of the present invention. However, it will be apparent to one skilled in the art that these specific details are not required to practice the present invention. Descriptions of specific applications are provided only as examples. Various modifications to the preferred embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
Prior to describing the present invention, some introductory material is explained, including explanations concerning client-server computing, InterNet addresses, URL's and browsing of the Web.
A client, such as computer 102, may request a file from server A. Since computer 102 is directly connected to server A through a local area network, this request would not normally result in a transfer of data over what is shown as the “network” of
The World-Wide-Web (“The Web”) uses the client-server model to communicate information between clients and servers. Web Servers are coupled to the InterNet and respond to document requests from Web clients. Web clients (also known as Web “browsers”) are programs that allow a user to simply access Web documents located on Web Servers.
As discussed in the background, the InterNet consists of a worldwide computer network that communicates using well defined protocol known as the InterNet Protocol (IP). Computer systems that are directly connected to the InterNet each have an unique InterNet address. An InterNet address consists of four numbers where each number is less than 256. The four numbers of an InterNet address are commonly written out separated by periods such as 192.101.0.3
To simplify InterNet addressing, the “Domain Name System” was created. The domain name system allows users to access InterNet resources with a simpler alphanumeric naming system. An InterNet Domain name consists of a series of alphanumeric names separated by periods. For example, the name “drizzle.stanford.edu” is the name for a computer in the physics department at Stanford University. Read from left to right, each name defines a subset of the name immediately to the right. In this example, “drizzle” is the name of a workstation in the “stanford” domain. Furthermore, “stanford” is a subset of the “edu” domain. When a domain name is used, the computer accesses a “Domain Name Server” to obtain the explicit four number InterNet address.
To further define the addresses of resources on the InterNet, the Uniform Resource Locator system was created. A Uniform Resource Locator (URL) is a descriptor that specifically defines a type of InterNet resource and its location. URLs have the following format:
An example of a URL for a Web document is:
To access an initial Web document, the user enters the URL for a Web document into a Web browser program. The Web browser then sends an http request to the server that has the Web document using the URL. The Web server responds to the http request by sending the requested HTTP object to the client. In most cases, the HTTP object is an plain text (ASCII) document containing text (in ASCII) that is written in HyperText Markup Language (HTML). The HTML document usually contains hyperlinks to other Web documents. The Web browser displays the HTML document on the screen for the user and the hyperlinks to other Web documents are emphasized in some fashion such that the user can selected the hyperlink.
The second line of the HTML document of
After the title and header, the HTML document of
To continue with the second paragraph of the HTML document, the text reads “This document . . . this image: <IMG align=middle src=“http://www.su.se/SUlogo.gif”> was obtained . . . ”. The text in angle brackets defines an image to be placed in the text. Specifically, the “IMG” tag indicates that an image is being defined. The “align=middle” tag indicates that the image should be aligned in the middle of the current line of text. Finally, “src=” tag indicates that the source image file can be located using the URL “http://www.su.se/SUlogo.gif”.
The line continues with the phrase “from the <A href=“http://www.su.se/index.html”> University of Stockholm</A> This phrase defines “University of Stockholm” as a link to another Web document. Specifically, the “A” tag defines the beginning of a link. The “href=” tag defines that the link is to a Web page that can be located using the URL “http://www.su.se/index.html” Next, the text “University of Stockholm” is the text that will be the link. Finally, the “/A” tag defines the end of the link definition. As illustrated in
It can be seen from the above example that the HTML document contains all information a browser needs for displaying a Web page. Thus, the only responsibility of a Web server is to provide the requested document, and there is no need for the server to request a client to do anything else. However, this role of a server also limits the utility of the Web environment.
The present invention provides an extension to the prior art HTTP protocol. Using the teachings of the present invention, when a server responds to an http request by returning an HTTP object to a client, the server may also send a piece of state information that the client system will store. In an embodiment of the present invention, the state information is referred to as a “cookie”. Included in the state information (the cookie) is a description of a range of URLs for which that state information should be repeated back to. Thus, when the client system sends future HTTP requests to servers that fall within the range of defined URLs, the requests will include a transmittal of the current value of the state object. By adding the ability to transfer state information back and forth, Web servers can then play an active role in transactions between clients and servers. The term state object is also used herein to refer to the state information.
This extension to the http protocol provides a powerful new tool which enables a large number of new types of applications to be written for a Web-based environment. Examples of new applications include on-line shopping that stores information about items currently selected by consumers, for-fee on-line services that can send back registration information and thus free users from retyping a user-id on next connection, and Web sites that can store per-user preferences on the client system and have the client supply those preferences every time the site is later accessed.
Server Behavior
A particular embodiment of the state information is described below in order to provide an example according to the present invention. It will be appreciated that alternative formats may be used in accordance with the principles of the present invention. As stated above, the extension to the HTTP protocol adds a new piece of state information to the HTTP header as part of an HTTP response from a Web server. Typically, the state information is generated by a common gateway interface (“CGI”) script. The state information is stored by the receiving client system in the form of a “cookie list” for later use. The syntax of the new data, in one embodiment, is:
The “expires” attribute specifies a data string that defines the valid life time of the corresponding cookie. Once the expiration date has been reached, the cookie will no longer be stored in the client system. Thus, the client system will no longer respond to Web servers with the cookie. Many coding schemes for designating time can be used. In a preferred embodiment, the “expires” attribute is formatted as: Wdy, DD-Mon-YY HH:MM:SS GMT In the this format, “Wdy” designates the day of a week, “DD-Mon-YY” designates the day, month and year, and “HH:MM:SS GMT” designates the hour, minute and second, in GMT time zone. Note that the “expires” attribute lets a client know when it is safe to purge a cookie, however, the client is not required to delete the cookie. If an expires attribute is not provided by the server, then the cookies expires when the user's session ends. This can be implemented by storing the cookie only in volatile memory.
The “domain=DOMAIN_NAME” attribute defines a domain for which the cookie is valid. The domain attribute is usually set using the domain name of the sending Web server. Client systems examine the domain attribute when making later http requests. If the server that the client system is accessing falls within the defined DOMAIN_NAME, then the cookie may be sent to the server when making the http request. (The “path” must also be examined as will be explained later.) When a server system falls within the defined DOMAIN_NAME, this is referred to as a “tail match.” Note that a domain name that defines a subset of a domain is deemed to match a larger enclosing domain. For example, the host names “anvil.acme.com” and “shipping.crate.acme.com” fall within the “acme.com” domain.
Only hosts within the specified domain can set a cookie for a domain. The value of the “domain” attribute must have at least two periods in them to prevent accepting values of the form “.com” and “.edu”. If no domain name is specified, then the default value of the “domain” attribute is the domain name of the server that generated the cookie header.
The “path” attribute is used to specify a subset of file system directories in a domain for which the cookie is valid. If a cookie has already passed “domain” matching, then the path name of the URL for a requested document is compared with the “path” attribute. If there is a match, the cookie is considered valid and is sent along with the http request. All the characters of the defined path must match, however there may be additional characters on the path name. Thus, further defined subdirectories will match a path to the parent director. For example, the path “/foo” would match “/foo/bar”, “/foo/bar.html”, and evert “/foobar”, but “/foo” will not match the path “/”. Note that the path “/” is the most general path since it will match any path. If no path is specified when a cookie is created, then the default path will be the same path as the document that was sent with the header which contains the cookie.
The last element of the cookie definition is the optional label of “secure.” If a cookie is marked “secure,” then the cookie will only be retransmitted if there is a secure communication channel to the server system. In a preferred embodiment of the present invention, this means that the cookie will only be sent to HTTPS servers. (HTTP over SSL) If the “secure” attribute is not specified, a cookie is considered safe to be sent over unsecured channels.
The defined extension to the HTTP protocol allows multiple setcookie headers to be issued in a single HTTP response. Each set-cookie header should follow the conventions of the above described format.
Client Behavior
As previously described, when a client receives a set-cookie command in a header, the client system stores the cookie in some type of storage. In order not to place too much burden on client systems, each client system is expected to be able to store only a limited number of cookies. In one embodiment, the storage requirements for the client systems are:
If a cookie is received that matches the “NAME”, “domain” and “path” attributes of a previously received cookie, then the previously received cookie will be overwritten. Using this technique, it is possible for a server to delete a cookie previously sent to a client. Specifically, a server that wishes to delete a previous cookie sends a cookie having “expires” time which is in the past that matches the “NAME”, “domain” and “path” attributes of cookie to be deleted. Since the new overwritten cookie contains a expires time that has passed, the cookie will be deleted by the client system. Note “NAME”, “domain” and “path” attributes of the expired cookie must match exactly those of the valid cookie. Since a system must be within the domain that is specified in the domain attribute, it is difficult for any server other than the originator of a cookie to delete or change a cookie.
When a client system that implements the present invention wishes to send an http request to a particular Web server, the client system first examines its cookie list to see if the cookie list contains any matching cookies that need to be sent to the particular Web server. Specifically, before the client sends an http request to a Web server, the client compares the URL of the requested Web document against all of the stored cookies. If any of the cookies in the cookie list matches the requested URL then information containing the name/value pairs of the matching cookies will be sent along with the HTTP request. The format of the line is:
When a client sends cookies to a server, all cookies with a more specific path mapping should be sent before cookies with less specific path mappings. For example, a cookie “name1=foo” with a path mapping of “/bar” should be sent before a cookie “name2=foo2” with a path mapping of “/” if they are both to be sent since the path “/bar” is more specific than the global matching path “/”.
Paths having a higher-level value do not override more specific path mappings. If there are multiple matches for a given cookie name, but with separate paths, all the matching cookies will be sent. Thus, both the cookie “name=foo” with a path mapping of “/bar” and the cookie “name=foo” with a path mapping of “/” should be sent since they have different path names.
Some clients access Web servers on the Internet through firewall systems that are designed to prevent unwanted Internet traffic from affecting a local area network coupled to the Internet. Firewall systems often implement “proxy servers” that filter traffic to and from the Internet. It is important that proxy servers not cache Set-cookie commands when caching HTTP information. Thus, if a proxy server receives a response that contains a Set-cookie header, the proxy server should immediately propagate the Set-cookie header to the client. Similarly, if a client system request contains a “Cookie:” header, the cookie header should be forwarded through a proxy even if a conditional “If-modified-since” request is being made.
To further describe the present invention, the following examples describe a set of Web transactions operating in accordance with the present invention:
A client system requests a Web document from the Web server “telemarking.acme.com” and receives in response:
The client system stores this cookie in a local (client-side) storage unit (e.g. mass storage 127 or memory 125). Since no domain name was specifically identified, the domain will be set to “telemarking.acme.com” since that is the domain name of the server that generated the cookie. When the client later makes an http request for a document in any path (since the path is “/”) of a server system in the telemarking.acme.com domain, the client sends:
Assuming the client system makes another request to the telemarking.acme.com domain, the client might receive another cookie from the server such as:
The client will locally store this additional cookie. Again, no domain name was identified, such that the default domain, “telemarking.acme.com” will be stored. Now, if the client makes yet another request to the “telemarking.acme.com” domain, the client will send all the cookies it has for that domain. Specifically, the client sends:
Assuming, the client continues transactions with the “telemarking.acme.com” server, it may receive the following cookie from the server:
Then, if the client requests a document in path “/” on the “telemarking.acme.com” server, the client will send two cookies as state information:
Note that the cookie SHIPPING=FEDEX was not sent because the path “/” does not match the path “/foo”. On the other hand, when the client requests a document on the “telemarking.acme.com” server in path “/foo” on this server, then the client will send three cookies as state information;
Assume that all of the transactions of Example 1 have been cleared. A client system then requests a Web document from the Web server “telemarking.acme.com” and receives in response:
The client stores this cookie in a local (client-side) storage unit. Since no domain name was specifically identified, the domain will be set to “telemarking.acme.com”. When the client later makes a request to a document in any path of a system in the telemarking.acme.com domain, the client sends back the following data as information:
Assuming the client continues to access the “telemarking.acme.com” server, the client may later receive from the server:
The new cookie has the same name (PART_NUMBER) as an old cookie stored on the client system. Note that the old cookie is not overwritten since the new cookie has a different path attribute: Now, if the client makes a request for a document in the path “/ammo” on the telemarking.acme.com” server, the client should send the following two cookies as state information:
Both cookies are sent since the path of the requested document (“/ammo”) matches both the “/” path of the first cookie and the “/ammo” path of the second cookie. Note that the cookie PART_NUMBER=RIDING_ROCKET—23 is sent first since it has a more specific path (“/ammo”) than the global path (“/”) associated with the cookie PART_NUMBER=ROCKET_LAUNCHER—1.
To illustrate one possible use of the state information system of the present invention, an implementation of an on-line shopping system will be described. The on-line shopping system allows customers to shop in one or more stores that are implemented as Web servers on the Internet. A customer can browse information on the Web servers that describe products available from the stores. When a desired product is found, the user can place the product into a “virtual shopping basket.” The virtual shopping basket is implemented as a set of cookies that are sent to the client computer system and stored on the client computer system. At check-out time, the customer pays for the selected products using some type of payment system such as a credit card. After payment is received, the on-line shopping system notifies the stores to ship the selected products to the customer.
The customer uses Web browser software to access an on-line “merchant” server that is operated by a merchant having products to sell. This merchant server is a server computer system such as server system 122 shown in
After browsing through the Web pages provided by the server, the customer may select a product (step 216) by, for example, “clicking” (in the conventional manner) on an image of a product that causes the browser to request a Web page that fully describes the product. If the customer wishes to buy shoes from the merchant, the customer could click on a “buy it” button. The merchant server then sends an HTML form document that requests the customer to send necessary details for the purchase (step 218). For example, the customer may select a quantity, a desired style, and size of the product as requested by the form document. The browser then sends a POST command under HTTP, which transmits the data entered into the form to the merchant server (step 222). The data on the submitted form (e.g., quantity, size, style, etc.) is analyzed by the server and the transaction is processed. The server then generates a synthetic page and sends it to the browser running on the client system. This synthetic page preferably contains a thank you note along with confirmation information. Cookies containing information describing the selected product are also sent at this time (step 224).
The browser software running on the client system stores the cookies describing the selected products within the client computer system (step 226). The stored cookies include an identification of the contents of a virtual shopping basket that contains the products selected by the consumer. In an embodiment of the present invention, the cookies are stored in a file located in a storage medium (such as a hard disk) of client computer system 140.
The time interval for storing the cookies that describe the selected products can be set to any desired length. In one embodiment of the present invention, the cookies are deleted when the customer exits from the browser. This can be accomplished by not setting the “expires” attribute of the product description cookies. In another embodiment of the present invention, the cookies are kept valid (prior to their expiration) even after the customer exits from the browser and turns off computer 140. This can be accomplished by setting the “expires” attribute of the product description cookies to a later date.
After selecting a product, the customer may do additional shopping (e.g., buy a hat) from the same store or other stores (step 228). In this case, steps 212, 214, 215, 216, 218, 222, 224 and 226 need to be performed for the additional products. Each selection of a product in step 222 will result in the transmission of a cookie from the server to the client, which cookie identifies the selected product. The customer may also exit from the merchant system at any time.
When the customer desires to buy the products, the customer accesses a link that identifies a “check-out” Web page. The check-out Web page causes the browser to send all the product description cookies (230). Thus, the check-out Web page empties out the virtual shopping basket. The merchant server generates a total bill for all the products in the virtual shopping basket. The server may then request billing information (e.g., credit card number) and shipping (e.g., address) information from the customer using a form. In a preferred embodiment the transaction of credit card information is transmitted using a secure medium. The transaction server then performs a real-time credit card authorization. Once the transaction is authorized, transaction server sends messages to individual merchants to fulfill the order (step 240).
Other functions could be added to the above described merchant system. For example, several persons could use the same browser for shopping. In this case, the browser identifies the person doing the shopping, and assigns product description cookies to the appropriate person. Thus, each person would have their own virtual shopping basket.
The invention has been described with reference to specific exemplary embodiments thereof and various modifications and changes may be made thereto without departing from the broad spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense; the invention is limited only by the following claims.
Patent | Priority | Assignee | Title |
10341359, | Jun 25 2012 | Amazon Technologies, Inc. | Multi-user secret decay |
10430490, | Jun 07 2012 | GOOGLE LLC | Methods and systems for providing custom crawl-time metadata |
10652232, | Aug 23 2012 | Amazon Technologies, Inc. | Adaptive timeouts for security credentials |
11102325, | Oct 23 2009 | EDGIO, INC | Configurable and dynamic transformation of web content |
11677857, | Oct 23 2009 | EDGIO, INC | Configurable and dynamic transformation of web content |
8543676, | Jun 16 2009 | International Business Machines Corporation | Delegated resource use in a content based routing environment |
8984616, | Dec 08 2010 | International Business Machines Corporation | Efficient routing for reverse proxies and content-based routers |
9038148, | Aug 23 2012 | Amazon Technologies, Inc | Secret variation for network sessions |
9106405, | Jun 25 2012 | Amazon Technologies, Inc | Multi-user secret decay |
9232021, | Oct 23 2009 | MOJO MERGER SUB, LLC | Dynamically rehosting web content |
9582588, | Jun 07 2012 | GOOGLE LLC | Methods and systems for providing custom crawl-time metadata |
Patent | Priority | Assignee | Title |
4305059, | Jan 03 1980 | CURRENCY SCIENTIFIC, INC | Modular funds transfer system |
4484304, | Feb 02 1979 | INTERBOLD A NY GENERAL PARTNERSHIP | Transaction execution system having keyboard and message customization, improved key function versatility and message segmentation |
4528643, | Jan 10 1983 | MEDIABAY COM, INC | System for reproducing information in material objects at a point of sale location |
4529870, | Mar 10 1980 | INFOSPACE, INC | Cryptographic identification, financial transaction, and credential device |
4566078, | Mar 30 1983 | International Business Machines Corp. | Concurrent multi-lingual use in data processing systems |
4578530, | Jun 24 1981 | VISA U S A , INC A DE CORP | End-to-end encryption system and method of operation |
4734858, | Dec 05 1983 | CREST MANAGEMENT INC | Data terminal and system for placing orders |
4755940, | Sep 17 1983 | International Business Machines Corporation | Transaction security system |
4759063, | Aug 22 1983 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Blind signature systems |
4759064, | Oct 07 1985 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Blind unanticipated signature systems |
4775935, | Sep 22 1986 | Westinghouse Electric Corp. | Video merchandising system with variable and adoptive product sequence presentation order |
4795890, | Feb 02 1987 | PERCEPTION PARTNERS, INC | Device authentication system for on and off line use |
4799156, | Oct 01 1986 | Strategic Processing Corporation | Interactive market management system |
4812628, | May 02 1985 | Visa International Service Association | Transaction system with off-line risk assessment |
4827508, | Oct 14 1985 | ELECTRONIC PUBLISHING RESOURCES, INC | Database usage metering and protection system and method |
4891503, | Mar 29 1988 | GASCARD CLUB, INC , A CORP OF DE | Distributed authorization system |
4922521, | Sep 05 1986 | U S PHILIPS CORPORATION | System for providing secure telecommunication access to a computer |
4926480, | Aug 22 1983 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Card-computer moderated systems |
4935870, | Oct 25 1983 | Keycom Electronic Publishing | Apparatus for downloading macro programs and executing a downloaded macro program responding to activation of a single key |
4941089, | Dec 12 1986 | DATAPOINT CORPORATION, A CORP OF DE | Input/output network for computer system |
4947028, | Jul 19 1988 | Visa International Service Association | Automated order and payment system |
4947430, | Nov 23 1987 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Undeniable signature systems |
4949380, | Oct 20 1988 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Returned-value blind signature systems |
4972318, | Sep 09 1988 | Iron City Sash & Door Company | Order entry and inventory control method |
4977595, | Mar 28 1990 | Nippon Telegraph and Telephone Corporation | Method and apparatus for implementing electronic cash |
4982346, | Dec 16 1988 | INTER*ACT SYSTEMS, INC | Mall promotion network apparatus and method |
4987593, | Mar 16 1988 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | One-show blind signature systems |
4991210, | May 04 1989 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Unpredictable blind signature systems |
4992940, | Mar 13 1989 | H-Renee, Incorporated | System and method for automated selection of equipment for purchase through input of user desired specifications |
4996711, | Jun 21 1989 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Selected-exponent signature systems |
5025373, | Jun 30 1988 | JAMES MADISON COMMUNICATIONS, L L C | Portable personal-banking system |
5035515, | Feb 15 1990 | Packaging having detachable coupon compartment | |
5056712, | Dec 30 1988 | Water heater controller | |
5060153, | Apr 05 1989 | Sharp Kabushiki Kaisha | Teller machine with mode for continuously sending off-line collected transaction data to a host while ignoring incomplete data response signals |
5077607, | Dec 23 1988 | TECH 5 SAS | Cable television transaction terminal |
5105184, | Nov 09 1989 | Methods for displaying and integrating commercial advertisements with computer software | |
5204947, | Oct 31 1990 | International Business Machines Corporation | Application independent (open) hypermedia enablement services |
5220501, | Dec 08 1989 | OFFICIAL PAYMENTS CORPORATION | Method and system for remote delivery of retail banking services |
5226079, | Nov 09 1990 | International Business Machines Corporation | Non-repudiation in computer networks |
5247575, | Aug 16 1988 | WAVE SYSTEMS, CORP GRANTEE | Information distribution system |
5276736, | Jan 29 1990 | VAN DETSAN NETWORKS LIMITED LIABILITY COMPANY | Optionally moderated transaction systems |
5297249, | Oct 31 1990 | International Business Machines Corporation | Hypermedia link marker abstract and search services |
5305195, | Mar 25 1992 | GERALD AND LEONA R SINGER FAMILY TRUST | Interactive advertising system for on-line terminals |
5309437, | Jun 29 1990 | ENTERASYS NETWORKS, INC | Bridge-like internet protocol router |
5311594, | Mar 26 1993 | AT&T Bell Laboratories | Fraud protection for card transactions |
5319542, | Sep 27 1990 | International Business Machines Corporation | System for ordering items using an electronic catalogue |
5321751, | Feb 18 1993 | Eastman Kodak Company | Method and apparatus for credit card verification |
5325362, | Sep 29 1993 | Sun Microsystems, Inc. | Scalable and efficient intra-domain tunneling mobile-IP scheme |
5336870, | May 26 1992 | DOWLEN, JOHN E | System for remote purchase payment transactions and remote bill payments |
5341429, | Dec 04 1992 | BUYLINE, INC | Transformation of ephemeral material |
5347632, | Jul 15 1988 | International Business Machines Corporation | Reception system for an interactive computer network and method of operation |
5351186, | Jan 16 1991 | BULLOCK COMMUNICATIONS, INC A PA CORPORATION | System and method for obtaining information concerning a product or a service |
5351293, | Feb 01 1993 | Wave Systems Corp. | System method and apparatus for authenticating an encrypted signal |
5353283, | May 28 1993 | TTI Inventions A LLC | General internet method for routing packets in a communications network |
5355453, | Sep 08 1989 | Auspex Systems, Inc. | Parallel I/O network file server architecture |
5367635, | Aug 29 1991 | Hewlett-Packard Company | Network management agent with user created objects providing additional functionality |
5367645, | Jun 12 1992 | Fairchild Semiconductor Corporation | Modified interface for parallel access EPROM |
5383113, | Jul 25 1991 | CheckFree Corporation | System and method for electronically providing customer services including payment of bills, financial analysis and loans |
5388257, | Jul 24 1991 | AT&T Corp. | Method and apparatus for operating a computer based file system |
5414833, | Oct 27 1993 | International Business Machines Corporation; IBM Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
5457738, | Mar 23 1993 | Qwest Communications International Inc | Method and system for searching an on-line directory at a telephone station |
5475585, | Oct 01 1990 | TUGALOO LAVONIA GMBH, LLC | Transactional processing system |
5483652, | Jan 24 1994 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Mechanism for locating without search discrete application resources known by common name only in a distributed network computing environment |
5491820, | Nov 10 1994 | AT&T Corporation | Distributed, intermittently connected, object-oriented database and management system |
5521631, | May 25 1994 | SONIFI SOLUTIONS, INC | Interactive digital video services system with store and forward capabilities |
5530849, | Aug 16 1993 | Cornell Research Foundation, Inc. | Method of reading dynamic, hierarchical file system directories |
5530852, | Dec 20 1994 | Sun Microsystems, Inc | Method for extracting profiles and topics from a first file written in a first markup language and generating files in different markup languages containing the profiles and topics for use in accessing data described by the profiles and topics |
5535229, | May 10 1993 | Global Interconnect, Corp. | Digital data transfer system for use especially with advertisement insertion systems |
5544320, | Jan 08 1993 | Remote information service access system based on a client-server-service model | |
5544322, | May 09 1994 | CISCO TECHNOLOGY, INC , A CORPORATION OF CALIFORNIA | System and method for policy-based inter-realm authentication within a distributed processing system |
5550984, | Dec 07 1994 | Panasonic Corporation of North America | Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information |
5557516, | Feb 04 1994 | MasterCard International; MASTERCARD INTERNATIONAL, INC | System and method for conducting cashless transactions |
5557518, | Apr 28 1994 | Citibank, N.A.; CITIBANK, N A | Trusted agents for open electronic commerce |
5557798, | Jul 27 1989 | Thomson Reuters Global Resources Unlimited Company | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
5560008, | May 15 1989 | International Business Machines Corporation; INTERNATIONAL BUSINESS MACHINES CORPORATION, A CORP OF NY | Remote authentication and authorization in a distributed data processing system |
5566297, | Jun 16 1994 | International Business Machines Corporation | Non-disruptive recovery from file server failure in a highly available file system for clustered computing environments |
5577209, | Jul 11 1991 | Round Rock Research, LLC | Apparatus and method for providing multi-level security for communication among computers and terminals on a network |
5583996, | Mar 16 1993 | TTI Inventions A LLC | Method and system for shortcut routing over public data networks |
5590197, | Apr 04 1995 | SSL SERVICES LLC | Electronic payment system and method |
5592378, | Aug 19 1994 | Accenture Global Services Limited | Computerized order entry system and method |
5594910, | Mar 23 1989 | International Business Machines Corporation | Interactive computer network and method of operation |
5596642, | Sep 30 1994 | TOUCH TECHNOLOGY, INC | Network settlement performed on consolidated information |
5596643, | Sep 30 1994 | TOUCH TECHNOLOGY, INC | Network settlement performed on consolidated information |
5604802, | Oct 29 1993 | International Business Machines Corporation | Transaction processing system |
5619648, | Nov 30 1994 | Alcatel Lucent | Message filtering techniques |
5621797, | Apr 28 1994 | Citibank, N.A. | Electronic ticket presentation and transfer method |
5623547, | Apr 12 1990 | Mondex International Limited | Value transfer system |
5623656, | Dec 15 1994 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Script-based data communication system and method utilizing state memory |
5642419, | Apr 28 1994 | Citibank N.A. | Method for acquiring and revalidating an electronic credential |
5664110, | Dec 08 1994 | CRONOS TECHNOLOGIES, LLC | Remote ordering system |
5664111, | Feb 16 1994 | Elliot Capital LLC | Computerized, multimedia, network, real time, interactive marketing and transactional system |
5675507, | Apr 28 1995 | ADVANCED MESSAGING TECHNOLOGIES, INC | Message storage and delivery system |
5694551, | May 20 1993 | Moore Business Forms, Inc. | Computer integration network for channeling customer orders through a centralized computer to various suppliers |
5708780, | Jun 07 1995 | Soverain IP, LLC | Internet server access control and monitoring systems |
5710884, | Mar 29 1995 | Intel Corporation | System for automatically updating personal profile server with updates to additional user information gathered from monitoring user's electronic consuming habits generated on computer during use |
5710887, | Aug 29 1995 | Broadvision | Computer system and method for electronic commerce |
5714971, | Apr 20 1993 | Apple Inc | Split bar and input/output window control icons for interactive user interface |
5715314, | Oct 24 1994 | Soverain Software LLC | Network sales system |
5721832, | May 12 1995 | FURNANCE BROOK LLC | Method and apparatus for an interactive computerized catalog system |
5724424, | Dec 16 1993 | Soverain IP, LLC | Digital active advertising |
5724521, | Nov 03 1994 | Intel Corporation | Method and apparatus for providing electronic advertisements to end users in a consumer best-fit pricing manner |
5727164, | Dec 13 1991 | Max Software, Inc. | Apparatus for and method of managing the availability of items |
5732219, | Mar 17 1995 | Microsoft Technology Licensing, LLC | Computer system and computer-implemented process for remote editing of computer files |
5734719, | Oct 15 1993 | Toshiba Global Commerce Solutions Holdings Corporation | Digital information accessing, delivery and production system |
5740425, | Sep 26 1995 | ZARBAÑA DIGITAL FUND LLC | Data structure and method for publishing electronic and printed product catalogs |
5745681, | Jan 11 1996 | Oracle America, Inc | Stateless shopping cart for the web |
5754656, | Aug 04 1995 | Hitachi, Ltd. | Electronic shopping method, electronic shopping system and document authenticating method relating thereto |
5757669, | May 31 1995 | Meta Platforms, Inc | Method and apparatus for workgroup information replication |
5757699, | Jun 03 1996 | Renesas Electronics Corporation | Programming which can make threshold voltages of programmed memory cells have a narrow distribution in a nonvolatile semiconductor memory |
5757917, | Nov 01 1995 | PayPal, Inc | Computerized payment system for purchasing goods and services on the internet |
5758327, | Nov 01 1995 | COMDISCO, INC | Electronic requisition and authorization process |
5760771, | Jul 17 1996 | AT&T Corp | System and method for providing structured tours of hypertext files |
5761649, | Apr 10 1992 | Charles E. Hill & Associates, Inc. | Method for updating a remote computer |
5761662, | Dec 20 1994 | Sun Microsystems, Inc. | Personalized information retrieval using user-defined profile |
5768142, | May 31 1995 | PNC BANK, A NATIONAL ASSOCIATION, AS COLLATERAL AGENT | Method and apparatus for storing and selectively retrieving product data based on embedded expert suitability ratings |
5768521, | May 16 1994 | Intel Corporation | General purpose metering mechanism for distribution of electronic information |
5774670, | Oct 06 1995 | Meta Platforms, Inc | Persistent client state in a hypertext transfer protocol based client-server system |
5784565, | May 01 1995 | Server for either anonymous or pre-authorized users to order goods or services on the world-wide web computer network | |
5790793, | Apr 04 1995 | Intellectual Ventures I LLC | Method and system to create, transmit, receive and process information, including an address to further information |
5805803, | May 13 1997 | Uber Technologies, Inc | Secure web tunnel |
5806077, | Jan 15 1993 | International Business Machines Corporation | Hypertext display system |
5812776, | Jun 07 1995 | Soverain IP, LLC | Method of providing internet pages by mapping telephone number provided by client to URL and returning the same in a redirect command by server |
5826241, | Sep 16 1994 | PayPal, Inc | Computerized system for making payments and authenticating transactions over the internet |
5826242, | Oct 06 1995 | Meta Platforms, Inc | Method of on-line shopping utilizing persistent client state in a hypertext transfer protocol based client-server system |
5848399, | Nov 30 1993 | DASSAULT SYSTEMES, S A | Computer system for allowing a consumer to purchase packaged goods at home |
5848412, | Nov 19 1996 | NCR Corporation | User controlled browser identification disclosing mechanism |
5848413, | Jan 13 1995 | RICOH COMPANY, LTD A CORPORATION OF JAPAN; Ricoh Corporation | Method and apparatus for accessing and publishing electronic documents |
5862325, | Feb 29 1996 | Intermind Corporation | Computer-based communication system and method using metadata defining a control structure |
5870552, | Mar 28 1995 | AOL Inc | Method and apparatus for publishing hypermedia documents over wide area networks |
5875296, | Jan 28 1997 | Alibaba Group Holding Limited | Distributed file system web server user authentication with cookies |
5892917, | Sep 27 1995 | Microsoft Technology Licensing, LLC | System for log record and log expansion with inserted log records representing object request for specified object corresponding to cached object copies |
5895454, | Apr 17 1997 | HANGER SOLUTIONS, LLC | Integrated interface for vendor/product oriented internet websites |
5897622, | Oct 16 1996 | Microsoft Technology Licensing, LLC | Electronic shopping and merchandising system |
5908469, | Feb 14 1997 | GOOGLE LLC | Generic user authentication for network computers |
5909492, | Oct 24 1994 | Wilmington Trust, National Association, as Administrative Agent | Network sales system |
5920847, | Nov 03 1995 | Visa International Service Association | Electronic bill pay system |
5982891, | Feb 13 1995 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
6006018, | Oct 03 1995 | SNAPCHAT, INC | Distributed file system translator with extended attribute support |
6006199, | Dec 31 1991 | International Business Machines Corporation | Method and system for automated payment within a computer integrated manufacturing system |
6016520, | Jul 14 1995 | Microsoft Technology Licensing, LLC | Method of viewing at a client viewing station a multiple media title stored at a server and containing a plurality of topics utilizing anticipatory caching |
6023683, | Aug 10 1994 | EPLUS INC | Electronic sourcing system and method |
6041316, | Jul 25 1994 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Method and system for ensuring royalty payments for data delivered over a network |
6049785, | Dec 16 1993 | Soverain IP, LLC | Open network payment system for providing for authentication of payment orders based on a confirmation electronic mail message |
6119151, | Mar 07 1994 | International Business Machines Corp. | System and method for efficient cache management in a distributed file system |
6195649, | Dec 16 1993 | Soverain IP, LLC | Digital active advertising |
6199051, | Dec 16 1993 | Soverain IP, LLC | Digital active advertising |
6205437, | Dec 16 1993 | Soverain IP, LLC | Open network payment system for providing for real-time authorization of payment and purchase transactions |
6249291, | Sep 22 1995 | NEXT SOFTWARE, INC | Method and apparatus for managing internet transactions |
6275867, | Sep 12 1995 | International Business Machines Corporation | Operation-partitioned off-loading of operations in a distributed environment |
6449599, | Oct 24 1994 | Soverain Software LLC | Network sales system |
6708157, | Nov 23 1994 | ContentGuard Holdings Inc. | System for controlling the distribution and use of digital works using digital tickets |
7272639, | Jun 07 1995 | Soverain IP, LLC | Internet server access control and monitoring systems |
20070192709, | |||
EP172670, | |||
EP456920, | |||
EP542298, | |||
EP645688, | |||
EP490980, | |||
EP718784, | |||
GB2102606, | |||
JP11098134, | |||
JP3278230, | |||
JP410191, | |||
JP411098134, | |||
JP5158963, | |||
JP5274275, | |||
JP6162059, | |||
JP6291776, | |||
WO9116691, | |||
WO9310503, | |||
WO9403859, | |||
WO9516971, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jan 10 1996 | MONTULLI, LOU | Netscape Communications Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 028357 | /0236 | |
Oct 17 2002 | Netscape Communications Corporation | (assignment on the face of the patent) | / | |||
Dec 09 2009 | YEDDA, INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | TRUVEO, INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | Tacoda LLC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | SPHERE SOURCE, INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | Quigo Technologies LLC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | Netscape Communications Corporation | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | MAPQUEST, INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | Lightningcast LLC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | AOL Inc | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | AOL ADVERTISING INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | BEBO, INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | ICQ LLC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Dec 09 2009 | GOING, INC | BANK OF AMERICAN, N A AS COLLATERAL AGENT | SECURITY AGREEMENT | 023649 | /0061 | |
Sep 30 2010 | BANK OF AMERICA, N A | YEDDA, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | TRUVEO, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | Tacoda LLC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | SPHERE SOURCE, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | Quigo Technologies LLC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | Netscape Communications Corporation | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | MAPQUEST, INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | Lightningcast LLC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | GOING INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | AOL ADVERTISING INC | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Sep 30 2010 | BANK OF AMERICA, N A | AOL Inc | TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS | 025323 | /0416 | |
Mar 15 2012 | Netscape Communications Corporation | New Aurora Corporation | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 028450 | /0340 | |
Sep 29 2014 | New Aurora Corporation | Facebook, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 033847 | /0441 | |
Oct 28 2021 | Facebook, Inc | Meta Platforms, Inc | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 058961 | /0436 |
Date | Maintenance Fee Events |
Nov 23 2011 | ASPN: Payor Number Assigned. |
Apr 04 2012 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Nov 01 2014 | 4 years fee payment window open |
May 01 2015 | 6 months grace period start (w surcharge) |
Nov 01 2015 | patent expiry (for year 4) |
Nov 01 2017 | 2 years to revive unintentionally abandoned end. (for year 4) |
Nov 01 2018 | 8 years fee payment window open |
May 01 2019 | 6 months grace period start (w surcharge) |
Nov 01 2019 | patent expiry (for year 8) |
Nov 01 2021 | 2 years to revive unintentionally abandoned end. (for year 8) |
Nov 01 2022 | 12 years fee payment window open |
May 01 2023 | 6 months grace period start (w surcharge) |
Nov 01 2023 | patent expiry (for year 12) |
Nov 01 2025 | 2 years to revive unintentionally abandoned end. (for year 12) |