Abstract: Techniques for use in establishing a secure exchange of information between an end user and a server in a distributed network environment are provided in accordance with a context manager. The context manager is manageable within a vault process and maintains state information between successive user browser sessions with multiple application domains containing various applications. The context manager accesses data stored on a global level that spans applications and is available to multiple vault applications in different domains. The context manager also accesses data stored on an application level and common to a given application domain for a given sequence of operations within the vault application. The context manager accesses data stored on an instance level for a given sequence of operations within a given application domain.

Abstract: A context manager supports creation, storage and retrieval of data to implement state maintenance in a vault process using “scoping” of multiple levels of storage. A user request is initiated by invoking an URL with embedded Application Domain and Instance Context. The URL request is processed by a Vault Supervisor to obtain a user ID and password to initiate a vault process running in a secure vault for the user. On vault process start up, access to the vault encryption/decryption keys are made available to the request. A global context file stored on disk is decrypted and read in to memory. If the global context file does not exist, a new global context file is created on disk. For each Application Domain, the application context is decrypted and read in to memory. If an application context file does not exist, a new application context file on disk is created based on the request. All Instance Context files are scanned to determine if they have expired.

Abstract: A secure-end-to-end communication system for electronic business system and method of operation, e.g., the Internet, includes a web server—vault controller having personal storage vaults in the controller for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. A registration authority running as a software application in the controller processes requests to issue, renew and revoke digital certificates issued by a certification authority using two pairs of public-private keys. The registration authority interacts with the vault controller to decide whether an applicant qualifies to receive a digital certificate.

Abstract: A vault controller in an electronic business system includes a dispatcher for servicing browser requests initiated by a user for conducting business with an enterprise or organization using a vault process. The dispatcher further responds to a secure depositor receiving requests from other vault processes running in the controller. The request is in the form a URL containing an application domain/local context and application name. The request is detected and processed by event creator which forms an event object definitive of the request in the URL. An event handler parses the event object and enters a vault system application registry to locate the application in a shared memory. The location of the application is passed to a server pool, which assign a processing thread to handle the request. The thread engages a context manager which decrypts and imports application domain, application function and local context information from external storage to process the request.