• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A system and method of managing computer sessions are provided. The preferred method opens a session (such as for access to a database) and creates a token that includes a session opening time and a measure of the session duration. If the token is used within a predefined time window before the end of the session, the session is extended by updating the token to reflect a new session duration. The time window and duration of a session extension may be adjusted according to the usage patterns of the system. The session may be extended recursively. The token expires when the last of the session extensions expires.
    公开号:AU2013206547A1
    申请号:U2013206547
    申请日:2013-06-26
    公开日:2013-07-11
    发明作者:Bertrand Alberola;Stephane Mollard;Loïc PIERLOT
    申请人:Amadeus SAS;
    IPC主号:G06F21-30
    专利说明:
    SYSTEM AND METHOD FOR EXTENDING SESSIONS CLAIM OF PRIORITY This application is a divisional of Australian Patent Application No. 2007340964, which claims priority to U.S. Patent Application No. 11/647,271, filed December 29, 2006. 5 All the above documents are incorporated herein by reference in their entirety. BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention is directed to a methodology for minimizing the frequency of access to a computer system resource, such as a database. More specifically, the present 10 invention is directed to setting fixed access periods which are extendable under certain conditions. 2. Discussion of Background Information Security gateway systems operate on a token system in which a token is issued to a user for authentication and access. In such systems, the underlying database needs to be 15 consulted for every user transaction to update the information in the token. This constant interaction with the database places considerable burden on the system that limits performance and responsiveness in real time. SUMMARY OF THE INVENTION Embodiments of the present invention are directed to allowing a user to access a 20 computer system resource relying on a security gateway with substantially less interaction with the database than other methods. Such embodiments are described in the context of a user-management system where a user has a pre-determined duration of a session (e.g., eight hours which could be the default duration of a working day). During the session, the user may access a database or other computer system resource. Under certain 25 circumstances, the user is allowed to continue to access the computer system resource after the scheduled close of the session. In a preferred embodiment, a security gateway authenticates a user and issues a token that defines a default session period during which the user may access a database. The token also defines a time period, referred to here as a "recycling window," which 1 preferably occurs just before the close of the default session. (The term "recycling window" is used merely as a label and not to define the characteristics of the window.) If the user accesses the database during the recycling window, the security gateway extends the session by revising the token. The conditions for allowing an extension may be any of 5 a variety of criteria. For example, if a session's default duration is eight hours, the security gateway may issue a token that defines the end time of the eight-hour session. The token may also define a recycling window as the last thirty minutes of the default session. If the user actively access the database during the time period of the recycling window, the gateway may, without an additional access to the database, revise the token 10 to extend the session by one hour. The reduction in interactions with the database alleviates load on the database system, and improves database responsiveness and throughput. Sessions may be extended recursively. For example, a first session extension may define a new session termination time (or other measure of a session period) and a new 15 recycling window within the extension period. If a user accesses the database during the recycling window of the extension period, the session may be extended a second time. The second extension period may encompass yet another recycling period, and the session may be extended further if the user accesses the computer system resource during the second recycling window. The durations of extension periods and recycling periods may 20 be adjusted according to the needs of system operations. For example, it may be desirable to shorten second and subsequent extension periods to prevent infinite sessions or to limit employee overtime. According to an embodiment of the invention, a method of managing sessions is provided. The method includes opening a session, creating a token that includes a session 25 opening time and a measure of the session duration, receiving the token within a first time before the measure of the session duration, adding, in response to the receiving, a second time to the measure of the session duration to define a new measure of the session duration, updating the token to reflect the new measure of the session duration as changed by the addition, and expiring the token after the new measure of the session duration. 30 The above embodiment may have variations. For example, the receiving, adding, and updating may be recursive, such that if the token is received within the first time before the new measure of the session duration, the new session time is extended. The 2 first time may be the same or different during or between any recursions of the receiving, adding, and updating. The second time may be the same or different during or between any recursions of the receiving, adding, and updating. A transaction associated with a token that is received before the expiring may be 5 processed. A session start time, a session timeout time, and the first time in the token may be stored. The second time in the token may be stored. The second time may be less than or equal to half of a period of authorized use as defined by the session opening time and/or the measure of the session duration. The first time may be less than or equal to half-of the second time. Or the first time may be less than or equal to half of the second 10 time. According to another embodiment, a method of managing sessions may comprise requesting to open a session, first receiving a token that includes a session opening time and a measure of the session duration, sending a transaction request and the token within a first time before the measure of the session duration, and second receiving, in response 15 to the sending, an updated measure of the session duration associated with the token. The above embodiment may have various features. For example, the sending and second receiving may be recursive, such that if the token is sent within the first time before updated measure of the session duration, the updated session time is again updated. The first time may be the same or different during or between any recursions of the 20 sending and second receiving. The second time may be the same or different during or between any recursions of the sending and second receiving. A transaction associated with a token that is sent during a period of authorized use defined by a session opening time and/or a measure of the session duration may be processed. A session start time, a session timeout time, and the first time may be stored in 25 the token. The second time may be stored in the token. The second time may be less than or equal to half of a period of authorized use as defined by a session opening time and/or a measure of the session duration, The first time may be less than or equal to half of the second time. Or the first time may be less than or equal to half of the second time. 30 According to another embodiment, a method of managing sessions may comprise opening a session, creating a token that includes a timestamp of when the session opened and a session timeout time, receiving the token within a window before an expiration of 3 the session timeout time, adding, in response to the above use, an extra time duration to the token, updating the token to reflect the extra time duration, and expiring the token after the new measure of the session duration. The time periods may satisfy the following equations: etd 2 etd sto rcw - 2 4 5 where "sto" is a period of authorized use defined by the timestamp and/or the session timeout time, "etd" is the extended time duration, and "rcw" is the period of the window. The above embodiments may have various additional features. For example, a server may coordinate with a database in association with the opening, updating, and expiring. Such coordination may be limited to the same. D Definitions of the specific embodiments of the invention as claimed herein follow. According to a first embodiment of the invention, there is provided a method of managing sessions comprising: opening a session; issuing a token from a security gateway that defines a session opening time, a recycling 5 window start time and end time, and a measure of the session duration, wherein: (a) said recycling window occurs before the measure of session duration expires; (b) after opening the session, the security gateway that issued the token does D not coordinate with a database for user transactions before said recycling window start time; and (c) the session remains open during the period between said opening time and said measure of session duration; receiving the token within said recycling window start time and end time and before said 5 measure of the session duration; and updating the token upon receiving the token within the recycling window start time and end time by adding a second time to the measure of session duration to define a new measure of session duration for the token, wherein the security gateway does not coordinate with the database for user transactions 0 between said opening and said updating, and the session remains open during the period 4 between said opening and expiration of said new measure of session duration. According to a second embodiment of the invention, there is provided a method of managing sessions comprising: requesting opening of a session; 5 first receiving a token that includes a session opening time, a recycling window start time and end time, and a measure of the session duration; sending a transaction request and the token within said recycling window start time and end time, and before said measure of the session duration; adding a second time to the measure of session duration to define a new measure of 0 session duration for the token; and second receiving, in response to said sending, an updated measure of the session duration associated with the token, wherein: (a) the session remains open during the period between said opening and an 5 expiration of the session upon reaching the updated measure of the session duration; (b) a non-expired or expired status of the token controls whether the session is open or closed, respectively; and (c) a server that issued the token does not coordinate with a database for user-server transactions between said opening and said updating. o According to a third embodiment of the invention, there is provided a method of managing sessions comprising: opening a session; creating a token that includes a timestamp of when the session opened and a session timeout time; .5 receiving the token within a recycling window before an expiration of the session timeout time; adding, in response to said receiving, an extended time duration to the token; and updating the token to reflect the extended time duration, wherein: 0 (a) the session remains open during the period between said opening and an expiration of extended time duration; (b) a non-expired or expired status of the token controls whether the session is open or closed, respectively; and 4a (c) a server that issued the token does not coordinate with a database for user-server transactions between said opening and said updating. Other embodiments of the invention as described herein are defined in the following paragraphs: 5 1. A method of managing sessions, comprising: opening a session; creating a token that includes a session opening time and a measure of the session duration; receiving the token within a first time before said measure of the session duration; 0 adding, in response to said using, a second time to said measure of the session duration to define a new measure of the session duration; updating the token to reflect the new measure of the session duration as changed by said adding; and expiring said token after said new measure of the session duration. 5 2. The method of paragraph 1 wherein the first time period is a recycling window occurring immediately before the measure of the session duration; and the measure of the session duration is either a relative time period measured from the session opening time or an absolute time measured against a same time reference as the session 0 opening time. 3. The method of paragraph 1, wherein said receiving, adding, and updating are recursive, such that if the token is received within the first time before said new measure of the session duration, said new session time is extended. 4. The method of paragraph 3, wherein the first time is the same during any recursions of .5 said receiving, adding, and updating. 5. The method of paragraph 3, wherein the first time may be different between any recursions of said receiving, adding, and updating. 6. The method of paragraph 3, wherein the second time is the same during any recursions of said receiving, adding, and updating. 30 7. The method of paragraph 3, wherein the second time may be different between any recursions of said receiving, adding, and updating. 8. The method of paragraph 1, further comprising processing a transaction associated with a token that is received before said expiring. 4b 9. The method of paragraph 1, further comprising storing in the token at least the session start time, the measure of the session duration, and the first time. 10. The method of paragraph 9, further comprising storing in the token at least the second time. 5 11. The method of paragraph 1, wherein the second time is less than or equal to half of a period of authorized use, as defined by the session opening time and/or the measure of the session duration. 12. The method of paragraph 1, wherein the first time is less than or equal to half of the second time. 0 13. The method of paragraph 11, wherein the first time is less than or equal to half of the second time. 14. A method of managing sessions, comprising: requesting opening of a session; first receiving a token that includes a session opening time and a measure of the session 5 duration; sending a transaction request and the token within a first time before said measure of the session duration; and second receiving, in response to said sending, an updated measure of the session duration associated with the token. 0 15. The method of paragraph 14, wherein said sending and second receiving are recursive, such that if the token is sent within the first time before updated measure of the session duration, said updated session time is again updated. 16. The method of paragraph 15, wherein the first time is the same during any recursions of the sending and second receiving. 25 17. The method of paragraph 15, wherein the first time may be different between any recursions of the sending and second receiving. 18. The method of paragraph 15, wherein the second time is the same during any recursions of the sending and second receiving. 19. The method of paragraph 15, wherein the second time may be different between any 30 recursions of the sending and second receiving. 20. The method of paragraph 14, further comprising processing a transaction associated with a token that is sent during a period of authorized use defined by a session opening time and/or a measure of the session duration. 4c 21. The method of paragraph 14, further comprising storing in the token at least the session start time, the session timeout time, and the first time. 22. The method of paragraph 21, further comprising storing in the token at least the second time. 5 23. The method of paragraph 14, wherein the second time is less than or equal to half of a period of authorized use as defined by a session opening time and/or a measure of the session duration. 24. The method of paragraph 14, wherein the first time is less than or equal to half of the second time. 0 25. The method of paragraph 23, wherein the first time is less than or equal to half of the second time. 26. A method of managing sessions, comprising: opening a session; creating a token that includes a timestamp of when the session opened and a session 5 timeout time; receiving the token within a window before an expiration of the session timeout time; adding, in response to said using, an extra time duration to the token; updating the token to reflect the extra time duration; and expiring said token after said new measure of the session duration. 0 27. The method of paragraph 26, wherein: etd 2 etd sto rcw < 2 4 where: sto is a period of authorized use defined by the timestamp and/or the session timeout time; 25 etd is the extended time duration; and rcw is the period of the window. 28. The method of paragraph 26, wherein: in association with said opening, a server coordinates with a database to store session data; and 4d in association with said updating, the server coordinates with the database to store the updated token data. 29. The method of paragraph 27, wherein said server does not coordinate with the database in response to user-server interactions other than (a) said in association with said opening and 5 (b) said in association with said updating. 30. The method of paragraph 27, wherein a server does not coordinate with a database for user-server transactions between said opening and said updating. 31. The method of paragraph 1, wherein: in association with said opening, a server coordinates with a database to store session 0 data; and in association with said updating, the server coordinates with the database to store updated token data. 32. The method of paragraph 29, wherein said server does not coordinate with the database in response to user-server interactions other than (a) said in association with said opening and 5 (b) said in association with said updating. 33. The method of paragraph 1, wherein a server does not coordinate with a database for user-server transactions between said opening and said updating. Other exemplary embodiments and advantages of the present invention may be ascertained by reviewing the present disclosure and the accompanying drawings. 0 BRIEF DESCRIPTION OF THE DRAWINGS The present invention is further described in the detailed description which follows, in reference to the noted plurality of drawings by way of non-limiting examples of certain embodiments of the present invention, in which like numerals represent like elements throughout the several views of the drawings, and wherein: !5 Fig. 1 is a flowchart illustrating the chronological steps of an embodiment of the invention; Fig. 2 is an embodiment of the above methodology shown at the architectural and signal exchange level; Fig. 3 is a timeline of sessions and token-use for the opening of the session, transactions 0 within the period of authorized use before the recycling window, transactions within the authorized window, and the extension of the session timeout; Fig. 4 shows non-limiting examples of token contents; and 4e Fig. 5 shows an embodiment which provides a methodology for "tuning" the amount of time assessed to the session timeout, the recycle window, and the session extension. 5 DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENT The particulars shown herein are by way of example and for purposes of illustrative discussion of the embodiments of the present invention only and are presented in the cause of providing what is believed to be the most useful and readily understood description of the principles and conceptual aspects of the present invention. In this 10 regard, no attempt is made to show structural details of the present invention in more detail than is necessary for the fundamental understanding of the present invention, the description taken with the drawings making apparent to those skilled in the art how the several forms of the present invention may be embodied in practice. The below embodiments are described in connection with a "Security Gateway" 15 system. Security Gateway is a client/server framework offering security features to TOPs products (and potentially more than TOPs if needed). Security Gateway is based on PC (a physical device) identification. However, the invention is not so limited, and the methodology may apply to any user management, database management, or other computer system. 20 Referring now to Fig. 1, a session is opened at S 110 in response to receipt of a request by an authorized user, and the opening time is recorded in a database. At S 112, a session timeout is defined, which preferably corresponds to the maximum duration of a session. The session timeout may be set as a time to elapse after the session opening (e.g., 8 hours after the session opens) or an absolute time (e.g., 5:00 PM EST). The time 25 between the session opening and the session timeout establishes a period of authorized use. At step S 114, a token is created with an appropriate reference (such as a timestamp) identifying the time of the session opening and session timeout. Any further system transaction will preferably rely upon the token as opposed to the database. Absent 30 some form of extension, the token will expire after the session timeout. At step S 116, the system receives a transaction request with an associated token. At step S 118, the system determines whether the token is valid, e.g., whether the token 5 indicates that the transaction is within the period of authorized use, If not, at step S 120 the system returns a message that the session has timed out, and the corresponding transaction is rejected. If at step SI 18 the token is valid, the system determines whether the transaction is 5 within a predetermined time before the session timeout (otherwise known as a "recycling window"). If not, then the transaction is processed normally at step S126. If the transaction is within the recycle window, then the system coordinates with the database to extend the session timeout time at step S122 to include an extension of time to allow the session to remain open. At step S 124, the new session timeout is stored in the token and 10 the token is sent back to the requestor, Control then passes to step SI 26 for processing the transaction. In the above embodiment, the database was only accessed for two reasons: (1) opening the session and (2) a token was received within the recycling window. There was no need for the system to coordinate with the database for individual transactions. This 15 represents a substantial reduction in database interaction with corresponding improvements in system performance. Referring now to Fig. 2, an embodiment of the above methodology is shown at the architectural and signal exchange level. The system is shown in simplified form as a user PC 210, a server 212, and a database 214. The architecture is not so limited, however, as 20 the system may have any number of centralized or dispersed terminals, servers, databases, or components that perform the disclosed functions. A user requests to open a session by entering appropriate credentials at PC 210. PC 210 communicates this information 216 to server 212. Server 212 logs the new session in database 214, and sends a token 218 back to the user's PC 210. Token 218 25 includes a timestamp for the opening of the session and a session timeout. In the example of Fig. 2, the session is opened at 9:01 AM and the session timeout is 2 hours, such that token 218 will expire at 11:01 AM. During the open session, user PC 210 initiates a transaction with server 212. The transaction includes token 218. Since token 218 is valid within the period of authorized 30 use, server 212 will process the transaction as normal. Preferably, the transaction does not affect the status of token 218, although the token could be modified to reflect data 6 relating to the transaction. The example in Fig. 2 shows this transaction occurring at 9:20 AM. Later during the open session, the user PC 210 initiates a transaction with server 212 within the recycle window. Since token 218 is valid as within the period of 5 authorized use, server 212 will process the transaction as normal. However, server 212 changes token 218 to extend the session timeout (e.g., by adding a specific time period (+1 hour)) or changing the underlying end of session time (e.g., 5:00 PM is changed to 6:00 PM). This token change may include an update of the original token, issuance of a new token, and/or destruction of the original token. The token change should take place at 10 the server. Server 212 coordinates with database 214 as appropriate to update the new timeout for the token 218. The period of authorized use extends by the amount of increase in the session timeout. The example of Fig. 2 shows this transaction occurring at 11:00 AM (one minute before the session timeout) and an extension of the session timeout from 2 hours 15 to 3 hours. The user may continue to conduct additional transactions within the extended session period. In the above embodiment, the database was only accessed for two reasons: (1) opening the new session and (2) token 218 was received within the recycling window. There was no need for server 212 to access and/or coordinate with database 214 for 20 individual transactions. This represents a substantial reduction in database interaction with corresponding improvements in system performance. This session extension methodology may be recursive. If a transaction is requested within the recycle window relative to the new session timeout, the system may provide another extension. Recycling windows, extension periods and circumstances 25 supporting extensions may all be the same, respectively, such that the session may in theory be extended indefinitely. In the alternative, these parameters may change for subsequent transactions to make it more difficult to extend a session. By way of non limiting example, the first recycle window may be 15 minutes, the next ten minutes, and thereinafter 5 minutes. 30 At some point the token will expire. A transaction requested after the session timeout will result in a "timeout" response, and the transaction will be denied. The 7 example of Fig. 2 shows the timeout at 1:00 AM, which is one hour past the session timeout. The token as described above is stateless, in that a newly created token is not stored in a server memory or database file other than the user's system. Rather, an 5 algorithm verifies the token when the token is used in subsequent transactions. It can even be verified by a server which did not create the token itself. In such a stateless transaction, all the transactions are linked together by a token, but the servers do not need to keep a track of the created token. Referring now to Fig. 3, a timeline of sessions and token use is shown for the 10 opening of the session, transactions within the period of authorized use before the recycling window, transactions within the authorized window, and the extension of the session timeout. Fig. 4 shows non-limiting examples of token contents. Tokens are shown for a token 410 before recycling, and for a token 412 after recycling. 15 Referring now to Fig. 5, another embodiment of the invention provides a methodology for "tuning" the amount of time assessed to the session timeout, the recycle window, and the session extension. A long timeout value will reduce the database access which will occur for recycling only after a long first period. A small timeout value avoids long locking issues on the client side in case of unused sessions but statically causes more 20 frequent recycling. It is preferable to define a balance between a long default timeout value and a small one by compromising between the technical and operational side (stability by reducing the number of database accesses) and the client point of view (having as few constraints as possible by using the most flexible system). The value of the recycling window and the length of the extension will also define 25 the volume of database accesses. A long recycling window will statically extend more sessions than a small one and will therefore trigger more database accesses. The extended session timeout brings the same pros and cons as the default timeout value, e.g., a small Extra Time Duration avoids long locked sessions but statistically causes more frequent recursive recycling, 30 By way of non-limiting example, compliance with the following formulas achieves an acceptable compromise of the above considerations: 8 etd < S 2 rcw < etd <sto 2 4 Where: Sto is the period of authorized use; Etd is the amount of time added to the sto at 5 recycling time; and Rcw is the period of the recycling window. If the embodiment is utilizing a recursive methodology, the above formula maybe applied only once and the same values used for each successive session, or the values may be recalculated for each recursion. 10 It is noted that the foregoing examples have been provided merely for the purpose of explanation and are in no way to be construed as limiting of the present invention. While the present invention has been described with reference to certain embodiments, it is understood that the words which have been used herein are words of description and illustration, rather than words of limitation. Changes may be made, within the purview of 15 the appended claims, as presently stated and as amended, without departing from the scope and spirit of the present invention in its aspects. Although the present invention has been described herein with reference to particular means, materials and embodiments, the present invention is not intended to be limited to the particulars disclosed herein; rather, the present invention extends to all functionally equivalent structures, methods and uses, 20 such as are within the scope of the appended claims. The term "comprise" and variants of the term such as "comprises" or "comprising" are used herein to denote the inclusion of a stated integer or stated integers but not to exclude any other integer or any other integers, unless in the context or usage an exclusive interpretation of the term is required. 25 Any reference to publications cited in this specification is not an admission that the disclosures constitute common general knowledge in Australia. 9
    权利要求:
    Claims (26)
    [1] 1. A method of managing sessions comprising: opening a session; issuing a token from a security gateway that defines a session opening time, a recycling 5 window start time and end time, and a measure of the session duration, wherein: (a) said recycling window occurs before the measure of session duration expires; (b) after opening the session, the security gateway that issued the token does 10 not coordinate with a database for user transactions before said recycling window start time; and (c) the session remains open during the period between said opening time and said measure of session duration; receiving the token within said recycling window start time and end time and before said 15 measure of the session duration; and updating the token upon receiving the token within the recycling window start time and end time by adding a second time to the measure of session duration to define a new measure of session duration for the token, wherein the security gateway does not coordinate with the database for user transactions !0 between said opening and said updating, and the session remains open during the period between said opening and expiration of said new measure of session duration.
    [2] 2. The method of claim 1, wherein: the measure of the session duration is either a relative time period measured from the session opening time or an absolute time measured against a same time reference as the session 25 opening time.
    [3] 3. The method of claim 1, wherein said receiving and updating are recursive, such that if the token is received within the recycling window start time and end time before said new measure of session duration, said new measure of session duration is extended.
    [4] 4. The method of claim 3, wherein the recycling window is the same during any recursions 30 of said receiving and updating. 10
    [5] 5. The method of claim 3, wherein the recycling window may be different between any recursions of said receiving and updating.
    [6] 6. The method of claim 3, wherein the second time is the same during any recursions of said receiving and updating. 5
    [7] 7. The method of claim 3, wherein the second time may be different between any recursions of said receiving and updating.
    [8] 8. The method of claim 1, further comprising processing a transaction associated with a token that is received before said new measure of session duration expires.
    [9] 9. A method of managing sessions comprising: LO requesting opening of a session; first receiving a token that includes a session opening time, a recycling window start time and end time, and a measure of the session duration; sending a transaction request and the token within said recycling window start time and end time, and before said measure of the session duration; L5 adding a second time to the measure of session duration to define a new measure of session duration for the token; and second receiving, in response to said sending, an updated measure of the session duration associated with the token, wherein: 0 (a) the session remains open during the period between said opening and an expiration of the session upon reaching the updated measure of the session duration; (b) a non-expired or expired status of the token controls whether the session is open or closed, respectively; and (c) a server that issued the token does not coordinate with a database for user-server 25 transactions between said opening and said updating.
    [10] 10. The method of claim 9, wherein said sending and second receiving are recursive, such that if the token is sent within the recycling window start time and end time, and before the updated measure of the session duration, said updated measure of the session duration is again updated. 11
    [11] 11. The method of claim 10, wherein the recycling window is the same during any recursions of the sending and second receiving.
    [12] 12. The method of claim 10, wherein the recycling window may be different between any recursions of the sending and second receiving. 5
    [13] 13. The method of claim 10, wherein the second time is the same during any recursions of the sending and second receiving.
    [14] 14. The method of claim 10, wherein the second time may be different between any recursions of the sending and second receiving.
    [15] 15. The method of claim 9, further comprising processing a transaction associated with a LO token that is sent during a period of authorized use defined by a session opening time and/or a measure of the session duration.
    [16] 16. The method of claim 1 or claim 9, further comprising storing in the token at least the session opening time, the measure of the session duration and the recycling window start time and end time. L5
    [17] 17. The method of claim 16, further comprising storing in the token at least the second time.
    [18] 18. The method of claim 1 or claim 9, wherein the second time is less than or equal to half of a period of authorized use as defined by the session opening time and/or the measure of the session duration.
    [19] 19. The method of any one of claims 1, 9 and 18, wherein the recycling window is less than 20 or equal to half of the second time.
    [20] 20. A method of managing sessions comprising: opening a session; creating a token that includes a timestamp of when the session opened and a session timeout time; 25 receiving the token within a recycling window before an expiration of the session timeout time; adding, in response to said receiving, an extended time duration to the token; and updating the token to reflect the extended time duration, 12 wherein: (a) the session remains open during the period between said opening and an expiration of extended time duration; (b) a non-expired or expired status of the token controls whether the session is open 5 or closed, respectively; and (c) a server that issued the token does not coordinate with a database for user-server transactions between said opening and said updating.
    [21] 21. The method of claim 20, wherein: sto etd 2 etd sto rcw - 2 4 LO wherein: sto is a period of authorized use defined by the timestamp and/or the session timeout time; etd is the extended time duration; and rcw is the period of the recycling window. L5
    [22] 22. The method of claim 20, wherein: in association with said opening, a server coordinates with a centralized database to store session data; and in association with said updating, the server coordinates with the centralized database to store updated token data. 20
    [23] 23. The method of claim 22, wherein said server does not coordinate with the database in response to user-server interactions other than (a) in association with said opening and (b) in association with said updating.
    [24] 24. The method of claim 22, wherein a server does not coordinate with a database for user server transactions between said opening and said updating.
    [25] 25 25. The method of claim 1, wherein: in association with said opening, a server coordinates with a centralized database to store session data; and 13 in association with said updating, the server coordinates with the centralized database to store updated token data.
    [26] 26. The method of claim 25, wherein said server does not coordinate with the database in response to user-server interactions other than (a) in association with said opening and (b) in 5 association with said updating. Date: 26 June 2013 14
    类似技术:
    公开号 | 公开日 | 专利标题
    US8255539B2|2012-08-28|System and method for extending sessions
    US7222361B2|2007-05-22|Computer security with local and remote authentication
    US10303871B2|2019-05-28|System and method for controlling state tokens
    US9075986B1|2015-07-07|Systems and methods for software application security management
    US7020750B2|2006-03-28|Hybrid system and method for updating remote cache memory with user defined cache update policies
    US7415607B2|2008-08-19|Obtaining and maintaining real time certificate status
    US7539310B2|2009-05-26|Encryption key updating for multiple site automated login
    RU2386218C2|2010-04-10|Software interface of applications for administration of software updates distribution in system of updates distribution
    US7516134B2|2009-04-07|Controlling access to a database using database internal and external authorization information
    US7464143B2|2008-12-09|Digital object delivery and management system with dynamically created temporary FTP access codes
    US7380008B2|2008-05-27|Proxy system
    US20030229812A1|2003-12-11|Authorization mechanism
    US20050021978A1|2005-01-27|Remote interface for policy decisions governing access control
    US20020174238A1|2002-11-21|Employing electronic certificate workflows
    US20020129024A1|2002-09-12|Preparing output XML based on selected programs and XML templates
    US20020184444A1|2002-12-05|Request based caching of data store data
    US20040073668A1|2004-04-15|Policy delegation for access control
    AU5188499A|2000-03-06|Access control using attributes contained within public key certificates
    US7596562B2|2009-09-29|System and method for managing access control list of computer systems
    US20070157292A1|2007-07-05|System, method, and computer-readable medium for just in time access through dynamic group memberships
    US20020104000A1|2002-08-01|Method for managing certificate revocation list by distributing it
    AU2013206547B2|2016-05-12|System and Method for Extending Sessions
    WO2020219562A1|2020-10-29|Database-agnostic secure structured database connector
    Greene1999|Don't overlook remote access Y2K issues
    Cisco2000-04-02|Tuning CiscoSecure ACS Performance and Configuration
    同族专利:
    公开号 | 公开日
    AU2013206547B2|2016-05-12|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US6877095B1|2000-03-09|2005-04-05|Microsoft Corporation|Session-state manager|
    US8402141B2|2004-09-28|2013-03-19|International Business Machines Corporation|Gracefully reestablishing an expired browser session|
    法律状态:
    2016-09-08| FGA| Letters patent sealed or granted (standard patent)|
    优先权:
    申请号 | 申请日 | 专利标题
    US11/647,271||2006-12-29||
    AU2007340964A|AU2007340964A1|2006-12-29|2007-12-27|System and method for extending sessions|
    AU2013206547A|AU2013206547B2|2006-12-29|2013-06-26|System and Method for Extending Sessions|AU2013206547A| AU2013206547B2|2006-12-29|2013-06-26|System and Method for Extending Sessions|
    [返回顶部]