Abstract: Techniques for use in establishing a secure exchange of information between an end user and a server in a distributed network environment are provided in accordance with a context manager. The context manager is manageable within a vault process and maintains state information between successive user browser sessions with multiple application domains containing various applications. The context manager accesses data stored on a global level that spans applications and is available to multiple vault applications in different domains. The context manager also accesses data stored on an application level and common to a given application domain for a given sequence of operations within the vault application. The context manager accesses data stored on an instance level for a given sequence of operations within a given application domain.

Abstract: A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system, e.g., the Internet. The controller includes a web server and a supervisor in a shared object library which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process and includes multiple service supervisor (SS) threads; a communication supervisor (CS) thread; a request supervisor (RS) thread; state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates included in user requests to the controller.

Abstract: A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system. The controller includes a web server and a supervisor in a shared object library, which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process with state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates. The vault daemon generates a password for a user request based on the user ID. The vault daemon launches a vault process (VP) running in a vault mapped to the user ID. After launching, the VP returns a message to the supervisor including a token identifying the thread. The supervisor sends the user request through a socket to the secure VP mapped to the user ID. The VP receives the request and launches a VP thread to handle the request.

Abstract: A context manager supports creation, storage and retrieval of data to implement state maintenance in a vault process using “scoping” of multiple levels of storage. A user request is initiated by invoking an URL with embedded Application Domain and Instance Context. The URL request is processed by a Vault Supervisor to obtain a user ID and password to initiate a vault process running in a secure vault for the user. On vault process start up, access to the vault encryption/decryption keys are made available to the request. A global context file stored on disk is decrypted and read in to memory. If the global context file does not exist, a new global context file is created on disk. For each Application Domain, the application context is decrypted and read in to memory. If an application context file does not exist, a new application context file on disk is created based on the request. All Instance Context files are scanned to determine if they have expired.

Abstract: A secure-end-to-end communication system for electronic business system and method of operation, e.g., the Internet, includes a web server—vault controller having personal storage vaults in the controller for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. A registration authority running as a software application in the controller processes requests to issue, renew and revoke digital certificates issued by a certification authority using two pairs of public-private keys. The registration authority interacts with the vault controller to decide whether an applicant qualifies to receive a digital certificate.

Abstract: A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system, e.g., the Internet. The controller includes a web server and a supervisor in a shared object library which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process and includes multiple service supervisor (SS) threads; a communication supervisor (CS) thread; a request supervisor (RS) thread; state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates included in user requests to the controller.