Exchange method and apparatus

Methods and data processing systems for securely communicating between a web server system and a client browser system by associating a secure hypertext transfer protocol (e.g., SSL or https) with a first port number (e.g., port 80) that is normally associated with a non-secure hypertext transfer protocol (e.g., http), thereby allowing secure communications using the secure protocol even through a data communications channel (e.g., one that includes a firewall system) that would block attempts to use the secure hypertext transfer protocol in association with its normal port number (e.g., port 443).

Skip to: Description  ·  Claims  · Patent History  ·  Patent History
Description
CROSS REFERENCE TO RELATED APPLICATIONS

[0001] This application claims priority from pending U.S. Provisional Applications: Appl. Ser. No. 60/056,815 filed on Aug. 22, 1997; Appl. Ser. No. 60/061,433 filed on Oct. 8, 1997; Appl. Ser. No. 60/066,526 filed on Nov. 25, 1997 and the pending U.S. Non-Provisional application Ser. No. 09/381,742 filed on Oct. 13, 1999 and International Application No. PCT/US98/17472 filed on Aug. 21, 1998; all of which are hereby incorporated by reference.

BACKGROUND OF INVENTION

[0002] The invention relates generally to using an offer matching system to collect and to execute binding offers to buy and to sell a traded item. Existing offer matching systems typically operate in a manner that allows a participant to receive fairly complete information about offers submitted by such participant and the status of such offers. Existing participant systems typically operate in a manner that allows a customer who submits an order to a participant system to receive fairly complete information about offers submitted by such customer. However, existing offer matching systems do not typically permit unknown persons to receive detailed information about an offer.

[0003] Existing offer matching facilities typically include a central computer (referred to herein as an offer matching system) that is programmed to accept offers from multiple remotely located participant systems and to execute compatible buy and sell offers in accordance a predetermined set of rules. (By “execute” we mean give rise to a binding obligation to clear and settle a trade.)

[0004] For example, an offer matching system for securities operated by a stock exchange that is organized as a not-for-profit member organization might include a central computer facility operated by the stock exchange organization (referred to herein as the offer matching system) that communicates with multiple computer systems operated by its members (referred to herein in as participant systems). As another example, an alternative trading facility for securities operated by a broker-dealer might include a central computer system operated by the broker-dealer (referred to herein as an offer matching system) that communicates with multiple computer systems (referred to herein as participant systems) operated by clients of the broker dealer.

[0005] The term “offer matching system” is herein limited to systems where offers submitted by participants represent binding offers by participants to buy or to sell one or more traded items, subject to predetermined terms and conditions. Thus the present invention does not concern so called “bulletin board systems” where participants can post non-binding indications of interest in buying or selling one or more traded items.

[0006] Existing offer matching systems operated by stock exchanges often permit a few members, referred to as specialists, to submit quotations which are in effect offers to buy or to sell securities for the quoted prices. For purposes herein, such quotations from specialists are included within the term “offer”. Other existing offer matching systems permit participating market makers to publish bid and ask quotations that the market makers are obligated to honor, subject to various limitations and exceptions. For purposes of this description, such quotations from market makers are included within the term offer. offer matching systems often permit participants to submit offers to buy or to sell a specified quantity (or less) of a traded item at a specified price (or better). Such offers are also included within the term “offer” as used herein.

[0007] Typically, if an existing offer matching system determines that a particular offer is to be executed, then the participant that submitted such offer becomes legally bound to buy or to sell (as the case may be) a particular quantity of the relevant traded item for a particular price, subject to predetermined terms and conditions applicable to the operation of the offer matching system. For example, if a first participant (for example a market maker) submitted to an offer matching system a first offer to buy a large number of shares of Acme common stock for $1.00 per share or better and a second participant (for example, a broker forwarding an offer on behalf of a client) submitted to the offer matching system a second offer to sell 100 shares of Acme common stock for $1.00 per share or better, then the offer matching system might determine that the first offer can be executed against the second offer for 100 shares at a price of $1.00 per share. In such a case, the first participant would become obligated to buy 100 shares of Acme common for $1.00 per share and the second participant would become obligated to sell 100 shares of Acme common for $1.00 per share.

[0008] There are many different methods that might be used to consummate trades once an offer matching system determines that particular offers are to be executed. In the case of the above example of a trade of 100 shares of Acme common for $1.00 per share, the offer matching system could disclose to both the first participant and the second participant the identity of the other, in which case the first participant and the second participant could clear and settle the trade directly with one another. As an alternative, all trades might occur with a single designated intermediary (such as a specialist in the case of a stock exchange or a sponsoring broker dealer in the case of an alternative trading system). If a single designated intermediary were used, then the first participant would become obligated to buy 100 shares of Acme common from the designated intermediary, the designated intermediary would become obligated to sell 100 shares of Acme common to the first participant, the second participant would become obligated to sell 100 shares of Acme common to the designated intermediary and the designated intermediary would become obligated to buy 100 shares of Acme common from the second participant—and there would be no need to reveal to the first participant the identity of the second participant, or vice versa. As used herein, the expression “execute one offer against another offer” includes both the case where the submitting participants become obligated to trade directly with one another and the case where the submitting participants become obligated to trade with one or more intermediaries.

[0009] Existing offer matching systems typically include some facility for distributing information about outstanding offers and about trades arising out of the execution of offers.

[0010] It is typical for such facilities to include:

[0011] Electronically publishing information about prices and/or quantities for offers currently active in the offer matching system. Such information might be limited to the current best priced buy and sell offers, or it might include information about several buy and sell offers. Often such information does not identify the persons responsible for a particular offer unless such persons are specialists or market makers.

[0012] Electronically publishing information about trades executed by the offer matching system. Well known examples of this include stock tickers which publish for each trade the affected security, the quantity traded and the price at which a trade occurred.

[0013] Permitting participant systems that have established a secure communications link to obtain detailed information about offers for which the relevant participant is responsible.

SUMMARY OF INVENTION

[0014] In one embodiment of the invention, a method for interacting with an offer matching system comprises a number of operations. For example, a first participant may communicate to the offer matching system a first description of a first offer. A first identifier is associated with the first offer and is not associated with any offer other than the first offer. (The first identifier may have been provided by the first participant or may have been created by the offer matching system, for example.) If the first participant did not already know of the first identifier, then the offer matching system communicates it to the first participant. A second participant communicates to the offer matching system a description of a second offer that is capable of being executed at least in part against the first offer in accordance with a set of rules that govern the operation of the offer matching system. The first participant then discloses the first identifier to a first disclosee. The first disclosee may then present a query to the order matching system, containing among other things information indicative of the first identifier. In response to the first request, and without the offer matching system's determining that the first request was made by a person entitled to receive confidential information concerning the first offer, the offer matching system communicates to the first disclosee a first data item concerning the first offer.

[0015] Another embodiment of the invention directs itself to the problem that some firewall systems make it difficult or impossible for a server and client to communicate in a secure way if default parameters are employed. In a TCP/IP system, there are well-established port numbers. As a default, TCP port 80 is used for hypertext transfer protocol (http) communications. But in the Internet, one of the design assumptions is that the communications links are insecure. This has prompted development of a secure http protocol (https) in which the client and server establish “secure sockets” according to which they can communicate in relative security. As a default, TCP port 443 is used for this purpose.

[0016] Designers of firewalls, however, often choose to block most TCP port numbers, permitting only a small handful of port numbers to be open. Given the near-ubiquity of the Web's http servers, a firewall designer will almost always find a way to permit port 80 to be open. But in many firewalled systems it turns out that the firewall designer has not permitted port 443 to be open. The result in practical terms is that a web user is unable to reach secure sites that use the https protocol.

[0017] In accordance with the invention, a method is provided for securely communicating with a server program using a secure hypertext transfer protocol, the method comprising: (a) configuring the https server program so that it listens for requests for secure hypertext transfer protocol sessions on port 80 rather than port 443; (b) receiving at the server program on port 80 a first data packet in a manner that is consistent with the secure hypertext transfer protocol, except that the request is received on port 80 rather than port 443; and (c) outputting from the server program a response to the first data packet in a manner that is consistent with the secure hypertext transfer protocol, except that the request was received on port 80 rather than port 443.

[0018] In this way an entire https session can take place, mediated by port 80, and thus is permitted to be established and carried out even if the user (client) is located on a system having a firewall that blocks port 443.

BRIEF DESCRIPTION OF DRAWINGS

[0019] The invention will be described with respect to a diagram, of which:

[0020] FIG. 1, parts a-i, shows parallel flowcharts that illustrate the top level communications protocol used to implement the invention.

[0021] FIG. 2 shows in schematic form several communication links among an offer matching system, a plurality of participant systems, an information publishing system, a disclosee system and a monitor system.

DETAILED DESCRIPTION

[0022] FIG. 2 shows in schematic form an offer matching system 2001 communicatively coupled to a plurality of participant systems 2002, 2003 and 2004, an information publishing system 2005, a disclosee system 2007 and a monitor system 2006. FIG. 2 also shows communication links among several of the other systems. In one embodiment of the invention, each system is geographically remote from the other systems. It will be appreciated that in this context “publish” may mean “broadcast”.

[0023] Those skilled in the art will appreciate that:

[0024] although FIG. 2 depicts an example embodiment with a single offer matching system, the invention contemplates that multiple offer matching systems can be used (for example, different traded items could be allocated to different offer matching systems to improve performance),

[0025] although FIG. 2 depicts an example embodiment with only three participant systems, the invention contemplates that the offer matching system can be communicatively coupled with many participant systems (for example, several broker dealer firms might each have a participant system or several traders at a single broker dealer firm might each have a participant system),

[0026] although FIG. 2 depicts an example embodiment with a single information publishing system, the invention contemplates that the offer matching system can be communicatively coupled with many information publishing systems at the same time (for example, an information publishing system that publishes information using a proprietary network, an information publishing system that publishes information using the Internet or an information publishing system that publishes information using radio frequency transmissions),

[0027] although FIG. 2 depicts an example embodiment with a single disclosee system, the invention contemplates that the offer matching system can be communicatively coupled with many disclosee systems at the same time (for example, each of several individual investors could operate a disclosee system connected to the Internet to obtain information about the status of orders submitted to the offer matching system), and

[0028] although FIG. 2 depicts an example embodiment with a single monitor system, the invention contemplates that the offer matching system can be communicatively coupled with many monitor systems at the same time (for example, monitor systems can be operated by clearing brokers who clear and settle trades for various broker dealer participants, banks that lend money to broker dealer participants, and compliance and risk management personnel who work for broker dealer participants).

[0029] In an exemplary embodiment of the invention, each of the offer matching system 2001 and the information publishing system is an International Business Machines Personal Computer compatible computer system that utilizes the Microsoft Windows NT Server Version 4.0 operating system, Microsoft SQL Server Version 6.5 and the following items from the Microsoft Windows NT 4.0 Option Pack: Certificate Server, FrontPage 98 Server Extensions, Internet Information Server Version 4.0, Microsoft Data Access Components 1.5, Microsoft Index server, Microsoft Management Console, NT Option Pack Common Files, Microsoft Transaction Server Version 2.0, and Windows Scripting Host.

[0030] In an exemplary embodiment of the invention, each of the first participant system 2002, second participant system 2003, third participant system 2004, disclosee system 2006 and monitor system 2007 is an International Business Machines Personal Computer compatible computer system that utilizes the Microsoft Windows NT Workstation Version 4.0 operating system and Microsoft Internet Explorer version 4.0.

[0031] Those skilled in the art will appreciate that two or more of the systems depicted in FIG. 2 could be run on the same computer. In fact, for software development purposes, all of the systems depicted in FIG. 2 can be run on a single general purpose stored program computer which has been programmed appropriately.

[0032] In one embodiment of the invention, each of the systems depicted in FIG. 2 is connected to a single network (such as a local area network or the Internet) that permits each of such systems to communicate with the others. In an exemplary embodiment of the invention:

[0033] each of the participant systems and the information publishing system is communicatively coupled to the offer matching system using a network that is independent of the Internet, such as, but not limited to, a network of leased lines, a private frame relay network, a controlled access network that utilizes the Financial Information Exchange protocol, or using modems over the switched telephone network, and

[0034] each of the disclosee system and the monitor system is communicatively coupled to the other systems via the Internet using the secure sockets layer protocol and a secure transfer protocol.

[0035] Those skilled in the art will appreciate that the communication links among the systems depicted in FIG. 2 may be implemented using any communication technology that is used to communicate between computer systems, including, but not limited to: local area networks (including, but not limited to, local area networks implemented using ethernet, 10BaseT, 100BaseTX, fiber optics, wireless radio frequency links, wireless infrared links, etc.) and wide area networks (including, but not limited to, the switched telephone network, leased telephone lines, electronic mail, microwave links, frame relay networks, satellite data links, X.25 networks, fiber optic networks, etc.).

[0036] FIG. 1, parts a-i, are parallel flowcharts that illustrate an exemplary communications protocol that can be used to implement the invention.

[0037] Those skilled in the art will appreciate that an offer matching system normally will be configured by system operators and/or participants before it is used to match offers. The invention contemplates that configuration of the offer matching system will include configuration by operators of the system and by participants. In particular, the invention contemplates that: (a) employees of the firm that operates the offer matching system will typically enter information concerning (i) traded items for which the offer matching system will accept and match offers and (ii) participants who are permitted to submit binding offers to the offer matching system and (b) employees of participants will typically enter information to configure processing options offered by the trading system. In an exemplary embodiment, a first participant can communicate to the offer matching system a request to store various associations, which the offer matching system will store 1112 in a memory facility of the offer matching system.

[0038] In one embodiment of the invention, a participant or an operator of the offer matching system can configure the offer matching system to disclose otherwise confidential information about an offer to a monitor in certain conditions by directing the offer matching system to store 1112 an association among a first target (e.g., the individual or entity to be monitored), a first monitor (e.g., the individual or entity to which extra information will be disclosed) and a first condition (e.g., the condition that must be satisfied by an offer before extra information about it can be disclosed to the first monitor). The first condition can include, without limitation, requirements such as the following:

[0039] an offer is for the benefit of the first target (for example, and not by way of limitation, (i) if the target were an investor and the monitor were that investor, then that investor could receive confidential information about offers submitted by participants acting as such investor's broker, (ii) if the target were a participant and the monitor were a clearing broker who clears and settles trades for such participant, then such clearing broker could receive confidential information about offers where such participant is acting as a principal), an offer is for the account of the first target,

[0040] the first target made an investment decision to make an offer (e.g., but not by way of limitation, compliance or risk management personnel of a participant could be permitted to receive confidential information about offers that arise out of an investment decision by a particular individual),

[0041] the first target has a financial interest in an offer,

[0042] the first target is financially responsible (as principal, guarantor or otherwise) for an offer (for example, and not by way of limitation, if the first target were a participant and the first monitor were a bank that loans money to such participant, then such bank could receive confidential information about offers for which such participant is financially responsible),

[0043] the first target is financially responsible (as principal, guarantor or otherwise) for a trade arising out of an offer,

[0044] the first target is acting as an agent with respect to an offer, and

[0045] the first target is acting as a principal with respect to an offer.

[0046] In one embodiment of the invention, a participant or an operator of the offer matching system can configure the offer matching system to direct that an offer submitted by a first participant will not be executed unless and until a second person approves such offer. In an exemplary embodiment, the offer matching system can be configured by directing the offer matching system to store 1112 an association among a first participant (e.g., the participant whose offers must be approved) and a first monitor (e.g., the individual or entity that must approve offers received from the first participant).

[0047] Those skilled in the art will appreciate that the invention contemplates that the offer matching system will be configured in several other ways that are typical of offer matching systems.

[0048] An investor who wishes to utilize the offer matching system of the invention can send 1101 a description 1151 of a first offer from a disclosee system 2006 operated by the investor to a first participant system operated by a participant. In an exemplary embodiment, the investor uses a web browser (such as Microsoft Internet Explorer) and secure sockets layer running on the disclosee system to communicate via the Internet with a site on the world wide web that is operated by a registered securities broker that accepts from the investor a binding offer (often referred to as a limit order) to buy or to sell a specified quantity of a specified security for a specified price or better. Those skilled in the art will appreciate that the communication of a description of the first offer from the investor and the broker can be accomplished in many other ways, including, but not limited, the FIX protocol, by fax, orally, etc. Those skilled in the art will appreciate that the format and contents of the first description 1151 of the first offer can vary greatly while still accomplishing the basic task of communicating a description of the first offer. The invention permits investors to submit orders to brokers and dealers by whatever mechanisms they currently use to submit such orders, except that (i) in an exemplary embodiment, each offer submitted by an investor is a limit order and (ii) in an exemplary embodiment, the communication between the investor and the broker dealer is augmented so that an order identifier associated with the order can be communicated between the investor and the broker.

[0049] A first participant system 2002 operated by a participant can utilize the services of the offer matching system in two primary ways: acting as a broker (i.e., acting as an agent for a client) or acting as a dealer (i.e., acting as a principal). When the first participant acts as a broker, the first participant system can receive 1102 a first description 1151 of a first offer from a first disclosee system 2007 operated by an investor. When acting as a dealer (i.e., when acting for the first participant's own account), the first participant system can receive or generate a description of a desired offer by any means that the first participant might desire.

[0050] Once a description of a desired first offer is stored in the first participant system 2002 (regardless of whether the first participant is acting as a broker for an offer received from a client or is acting as a dealer for an offer for the first participant's own account), the first participant can send 1103 a description 1152 of the first offer to the offer matching system 2001. In an exemplary embodiment, the description of the first offer sent from the first participant to the offer matching system will contain the information about the first offer supplied by the disclosee and will also contain additional information supplied by the first participant. In an exemplary embodiment, the description received 1104 by the offer matching system 2001 can include, without limitation:

[0051] a password and other information relevant to confirming who submitted the first offer and that the first offer has not been modified during transmission

[0052] an identifier for the first offer,

[0053] an identifier for an order replaced by the first offer,

[0054] an indication of whether the participant claims to be acting as a principal (i.e., dealer) or as an agent (i.e., broker) with respect to the first offer,

[0055] an indication of whether the first offer may be executed in part without being executed in full,

[0056] a time by which the first offer must be approved to avoid automatic cancellation,

[0057] an indication of whether the first offer is an offer to buy or an offer to sell,

[0058] information that identifies one or more circumstances in which the offer matching system should automatically cancel the first offer,

[0059] information about how any trades arising out of the first offer are to be cleared and settled,

[0060] a time before which the offer ought not be executed,

[0061] a time at which the first offer is scheduled to expire,

[0062] an indication of how often the offer matching system may attempt to execute the first offer,

[0063] information that identifies a circumstance in which the offer matching system may automatically adjust the quantity or price of the first offer,

[0064] a time when the first offer was initiated,

[0065] an indication of who initiated the first offer,

[0066] an indication of whether the first offer was submitted by or on behalf of a participant or member in the offer matching system,

[0067] an indication of whether any odd lot portion of the first offer may be executed in part without being executed in whole,

[0068] an indication of whether any round lot portion of the first offer may be broken into odd lots,

[0069] an indication of whether any odd lot portion of the first offer may be executed at a price that is not the same as a price at which a round lot has executed,

[0070] an indication of whether the first offer was submitted by or on behalf of an issuer of the applicable traded item,

[0071] an indication of whether the first offer is a stabilizing offer,

[0072] a limit price for the first offer below or above which it can not be executed,

[0073] an indication that the first offer may be executed at a market price,

[0074] an indication that the first offer may be executed at a closing price,

[0075] an initial quantity for the first offer,

[0076] a time when the first offer was first received by the first participant,

[0077] a time when a description of the first offer was first received by the offer matching system,

[0078] an indication of who at the participant first received the first offer,

[0079] an indication of how the first offer was generated,

[0080] an indication of the traded item to which the first offer relates,

[0081] if the offer is an offer to sell, an indication of whether the offer is long, short or short exempt, and

[0082] an indication of whether the offer was solicited by the first participant.

[0083] Those skilled in the art will appreciate that there are many different ways to associate 1105 a first offer and a first identifier. For example, and not by way of limitation:

[0084] the disclosee can generate a proposed identifier that is included in a first description 1151 communicated 1101, 1102 to a first participant, the first participant can include the proposed identifier (or a second proposed identifier derived therefrom) in the description 1152 communicated 1103,1104 to the offer matching system, and the offer matching system can store in its memory an association between the first offer and the proposed identifier received from the first participant;

[0085] the disclosee can obtain from the offer matching system a unique identifier that is then communicated from the disclosee to the first participant to the offer matching system;

[0086] the first participant can generate a proposed identifier that the first participant then communicates 1103, 1104 to the offer matching system and communicates 1108, 1109 to the disclosee;

[0087] the first participant can obtain from the offer matching system an identifier that the first participant then communicates 1103, 1104 to the offer matching system and communicates 1108, 1109 to the disclosee; and

[0088] in an exemplary embodiment, after receiving a description of the offer, the offer matching system can generate a first identifier, store an association between the first identifier and the first offer in the memory of the offer matching system, and communicate 1106, 1107 the first identifier 1153 to a first participant which then communicates 1108, 1109 the first identifier 1154 to a first disclosee.

[0089] If a system other than the offer matching system (e.g., a participant system, disclosee system or monitor system) proposes that a particular identifier be associated with the first offer, then the offer matching system must confirm that the proposed identifier is not already associated with another offer. If a proposed identifier is already associated with another offer, then the offer matching system could either reject the offer or accept the offer but associate a different identifier. In an exemplary embodiment, the offer matching system generates the first identifier and communicates 1106, 1107 the first identifier 1153 to the first participant. The present invention is not limited to any particular method for the first offer with a first identifier.

[0090] In an exemplary embodiment of the invention, once the offer matching system has received a first description of a first offer and associated a first identifier with the first offer, then the rules for the offer matching system, and the offer matching system, will permit information, including, but not limited to the following, to be publicly disclosed about the first offer:

[0091] an indication of whether the first offer is an All Or None offer (i.e., an indication of whether the first offer must be executed in full or not at all),

[0092] an indication of whether the offer is an offer to buy or an offer to sell,

[0093] an indication of whether the offer should be automatically canceled in various circumstances,

[0094] a time before which the first offer ought not be executed,

[0095] if the first offer has become capable of execution, an effective time as of which the first offer first became capable of execution,

[0096] an expiration time after which the first offer ought not be executed,

[0097] if defined, a finish time as of which the first offer first became incapable of execution,

[0098] if defined, a finish type that indicates why the first offer first became incapable of execution,

[0099] an indication of whether the first offer is an Immediate Or Cancel offer, for which any unexecuted portion will be canceled immediately after the offer matching system first attempts to execute the first offer,

[0100] information that identifies a circumstance in which the offer matching system may automatically adjust the quantity or price of the first offer,

[0101] an indication of whether the first offer was submitted on behalf of a participant or member in the offer matching system,

[0102] an indication of whether an odd lot portion of the first offer may be executed in part without being executed in whole,

[0103] an indication of whether a round lot portion of the first offer may be broken into odd lots,

[0104] an indication of whether an odd lot portion of the first offer may be executed at a price that is not the same as a price at which a round lot has executed (i.e., that odd lot portions may execute a prices that are different from the prices at which round lots are executed),

[0105] a unique identifier associated with the first offer,

[0106] an identifier for an order replaced by the first offer,

[0107] a time by which the first offer must be approved to avoid automatic cancellation,

[0108] a limit price for the first offer below or above which it can not be executed,

[0109] an initial quantity for the first offer,

[0110] a remaining quantity for the first offer,

[0111] a time when a description of the first offer was first received by the offer matching system,

[0112] an indication of how the first offer was generated (e.g., computer generated program trades),

[0113] an indication of the traded item to which the first offer relates,

[0114] if the offer is an offer to sell, an indication of whether the offer is long, short or short but exempt from the special rules for short sales;

[0115] except that:

[0116] if the first offer is an immediate or cancel offer, the limit price, initial quantity and remaining quantity will not be disclosed publicly (although information about the quantity and price of trades arising out of such an offer will be publicly disclosed) and

[0117] if the first offer must be approved before it can be executed, then the offer matching system generally will not publicly disclose any information about the first offer until it has been approved.

[0118] In an exemplary embodiment, once the offer matching system has received a description of a first offer that is associated with a first identifier, the offer matching system will send 1401 to an information publisher a description 1451 of the first offer that includes the first identifier and the information about the first offer that the offer matching system is permitted to disclose publicly.

[0119] Once the offer matching system has received descriptions of several offers, then based upon a first description 1152 of a first offer received 1104 by the offer matching system, the offer matching system can select 1110 a different offer that is related in some useful way to the first offer. For example, but not by way of limitation, the offer matching system could select an offer because it satisfies a condition that includes one or more of the following requirements:

[0120] that the first offer executed at least in part against such offer,

[0121] that both the first offer and such offer are for the same traded item,

[0122] that both the first offer and such offer are for the same traded item and for the same side (i.e., both are buy offers or both are sell offers),

[0123] that both the first offer and such offer are for the same traded item, but the first offer and such offer are for opposite sides (i.e., one is an offer to buy and the other is an offer to sell),

[0124] that at a time when the first offer was capable of execution, such offer executed in whole or in part against a different offer, and

[0125] that at a first time when the first offer was capable of execution:

[0126] such offer executed in whole or in part against a different offer and

[0127] the first offer could have executed in whole or in part against such different offer in accordance with the set of rules for the offer matching system if the offer matching system had not possessed information concerning any other offers for a same side as the first offer.

[0128] The condition used to select such offer could include other requirements that are not listed above, such as, for example, a requirement that the selected offer be capable of being executed in whole or in part at a specified time.

[0129] A second participant can use a second participant system 2003 to communicate 1201, 1202 a description 1251 of a second offer to the offer matching system.

[0130] The offer matching system can execute 1203 the first offer against the second offer in accordance with a set of rules for the offer matching system. Those skilled in the art will appreciate that there are many different ways that an offer matching system can match and execute offers to buy and to sell. The invention is not limited to a particular method for matching and executing offers in the offer matching system.

[0131] In an exemplary embodiment, once the offer matching system executes a first buy offer against a first sell offer, then the rules for the offer matching system, and the offer matching system, will permit information, including, but not limited to the following, to be publicly disclosed about each trade arising out of such execution:

[0132] a unique identifier associated with the first buy offer,

[0133] the price at which the trade occurred,

[0134] the quantity traded,

[0135] an indication of the applicable traded item,

[0136] a unique identifier associated with the first sell offer,

[0137] a unique identifier associated with such trade, and

[0138] the time at which the trade occurred.

[0139] In an exemplary embodiment, once the offer matching system executes a first buy offer against a first sell offer, then the offer matching system will send 1401 to an information publishing system 2005 a description of the resulting trade that includes the information about the trade that the offer matching system is permitted to disclose publicly.

[0140] Someone, including, but not limited to a disclosee or participant, who originates or communicates a description of a first offer may also know one or more of the following:

[0141] what identifier is associated with the first offer,

[0142] who has a beneficial interest in the first offer,

[0143] for whose account the first offer was submitted,

[0144] who made the decision to make the first offer,

[0145] who has a financial interest in the first offer,

[0146] who is financially responsible (as principal, guarantor or otherwise) for the first offer,

[0147] who is financially responsible (as principal, guarantor or otherwise) for a trade arising out of the first offer,

[0148] who, if anyone, is acting as an agent with respect to the first offer, and

[0149] who, if anyone, is acting as a principal with respect to the first offer.

[0150] If a person, including, but not limited to a disclosee or participant, possesses information that discloses what identifier is associated with the first offer and discloses any one or more of the following:

[0151] who has a beneficial interest in the first offer,

[0152] for whose account the first offer was submitted,

[0153] who made the decision to make the first offer,

[0154] who has a financial interest in the first offer,

[0155] who is financially responsible (as principal, guarantor or otherwise) for the first offer,

[0156] who is financially responsible (as principal, guarantor or otherwise) for a trade arising out of the first offer,

[0157] who, if anyone, is acting as an agent with respect to the first offer, and

[0158] who, if anyone, is acting as a principal with respect to the first offer,

[0159] then such person may confidentially communicate the first identifier to any other person (including, but not limited to, a participant, a disclosee or a monitor) in a way that discloses such information to such other person.

[0160] Thus, it is possible for any particular person to know information which discloses that a particular identifier is associated with an order for which some person is in a specified relationship, even if such information has not been publicly disclosed.

[0161] If the disclosee possesses information which discloses that a first related person is related in a particular way to an offer that is associated with the first identifier, then the disclosee can communicate 1211, 1212 the first identifier 1255 to a monitor in a manner that discloses that the first related person is so related to an offer associated with the first identifier. For example, but not by way of limitation, if the first disclosee were the treasurer of an investment club and the first offer were an offer submitted for the benefit of the investment club, the first disclosee could tell another member of the club (i.e., the monitor) that the offer associated with the first identifier was submitted on behalf of the club.

[0162] Once a person (including, but not limited to a participant, disclosee or monitor) knows that a first identifier is associated with an offer that is of interest to such person, then such person can obtain information about the offer associated with the first identifier in several different ways.

[0163] A participant can communicate 1206, 1207 to the offer matching system a request 1253 for information keyed to the first identifier. After receiving 1207 such a request, the offer matching system can communicate 1209, 1210 the desired information 1254 to the participant. The request 1253 from the participant can specify that a response should only be made after some specified event has occurred. For example, but not by way of limitation, the response might be delayed until:

[0164] some data item associated with the first offer changes,

[0165] the first offer is modified,

[0166] the first offer is cancelled,

[0167] the first offer expires, or

[0168] the first offer is executed by the offer matching system at least in part.

[0169] For example, but not by way of limitation, the information requested might include information (a first data item) about a third offer selected 1110 based upon information about the first offer. The first data item may contain information that was communicated to the offer matching system when a description of the third offer was first communicated to the offer matching system; or the first data item may concern an offer against which the third offer was executed at least in part; or the first data item may identify an offer against which the third offer was executed at least in part; or the first data item may identify a transaction report for a trade in which the third offer was executed at least in part.

[0170] In one embodiment of the invention:

[0171] a first offer is associated with a first identifier,

[0172] a first requester (including, but not limited to a participant, disclosee or monitor) either possesses or obtains (from a participant, disclosee, monitor or other person) information which discloses that the first identifier is associated with the first offer and that a first related person satisfies a first condition selected from the group consisting of:

[0173] the first offer is for the benefit of the first related person,

[0174] the first offer is for the account of the first related person,

[0175] the first related person made an investment decision to make the first offer,

[0176] the first related person has a financial interest in the first offer,

[0177] the first related person is financially responsible (as principal, guarantor or otherwise) for the first offer,

[0178] the first related person is financially responsible (as principal, guarantor or otherwise) for a trade arising out of the first offer,

[0179] the first related person is acting as an agent with respect to the first offer, and

[0180] the first related person is acting as a principal with respect to the first offer.

[0181] The first requester sends 1206, 1301, 1306, 1405, 1501, 1506 a first request 1253, 1351, 1353, 1453, 1551, 1553 that includes the first identifier to an offer matching system or to an information publishing system. If the first request indicates that the first requester wishes to be notified when a first event occurs, then the offer matching system or information publisher, as the case may be, waits 1208, 1303, 1308, 1407, 1503, 1508 for the first event to occur, without determining that the first request was made by a person entitled to receive confidential information concerning the first offer, the offer matching system or information publishing system, as the case may be, sends 1209, 1215, 1304, 1309, 1408, 1504, 1509 and the first requester receives 1210, 1216, 1305, 1310, 1409, 1505, 1510 a response 1254, 1257, 1352, 1354, 1454, 1552, 1554 that includes a first data item which concerns the first offer and is responsive to the first request, whereby, the first requester, which already possesses information which discloses that the first related person satisfies the first condition, gains possession of information which discloses that the first data item concerns the first offer.

[0182] In another embodiment of the invention, a first offer is associated with a first identifier,

[0183] a first requester (including, but not limited to a participant, disclosee or monitor) either possesses or obtains (from a participant, disclosee, monitor or other person) information which discloses that the first identifier is associated with the first offer and that a first related person satisfies a first condition selected from the group consisting of:

[0184] the first offer is for the benefit of the first related person,

[0185] the first offer is for the account of the first related person,

[0186] the first related person made an investment decision to make the first offer,

[0187] the first related person has a financial interest in the first offer,

[0188] the first related person is financially responsible (as principal, guarantor or otherwise) for the first offer,

[0189] the first related person is financially responsible (as principal, guarantor or otherwise) for a trade arising out of the first offer,

[0190] the first related person is acting as an agent with respect to the first offer, and

[0191] the first related person is acting as a principal with respect to the first offer.

[0192] The first requester then sends 1206, 1301, 1306, 1405, 1551, 1553 a first request 1253, 1351, 1353, 1453, 1501, 1506 that includes the first identifier to an offer matching system or to an information publishing system. Based upon information about the first offer possessed by the offer matching system or the information publishing system, as the case may be, the offer matching system or the information publishing system selects a third offer that satisfies a second condition, the second condition comprising a requirement selected from the group consisting of:

[0193] that the first offer executed at least in part against the third offer,

[0194] that both the first offer and the third offer are for a single traded item,

[0195] that both the first offer and the third offer are for a single traded item and a side,

[0196] that both the first offer and the third offer are for a single traded item, the first offer is for a first side and the third offer is not for the first side,

[0197] that at a time when the first offer was capable of execution, the third offer executed in whole or in part against a third offer, wherein the third offer is not the first offer, and

[0198] that at a first time when the first offer was capable of execution:

[0199] the third offer executed in whole or in part against a fourth offer, wherein the fourth offer is not the first offer, or

[0200] the first offer could have executed in whole or in part against the fourth offer in accordance with the set of rules if the offer matching system had not possessed information concerning any other offers for a same side as the first offer.

[0201] If the first request indicates that the first requester wishes to be notified when a first event occurs, then the offer matching system or information publisher, as the case may be, waits 1208, 1303, 1308, 1407, 1503, 1508 for the first event to occur.

[0202] Without determining that the first request was made by a person entitled to receive confidential information concerning the third offer, the offer matching system or information publishing system, as the case may be, sends 1209, 1215, 1304, 1309, 1408, 1504, 1509 and the first requester receives 1210, 1216, 1305, 1310, 1409, 1505, 1510 a response 1254, 1257, 1352, 1354, 1454, 1552, 1554 that includes a first data item which concerns the third offer and is responsive to the first request.

[0203] In this way, the first requester, which already possesses information which discloses that the first related person satisfies the first condition, gains possession of information which discloses that the first data item concerns the third offer which satisfies the second condition.

[0204] It will be appreciated that in accordance with the invention, reports could be sent to the investor, to someone tracking the investor's credit and risk exposure, or to each member of an investment club. Such reports' use would depend upon knowledge of the relationship between an identifier and its respective offer.

[0205] The present invention allows an investor conveniently to monitor how quickly and accurately the investor's broker processes an offer initiated by the investor. For example, the investor (the disclosee) can send a description of the offer to the investor's broker (the participant) who forwards a description of the offer to an offer matching system. The offer matching system associates an offer identifier with the offer and communicates the offer identifier to the investor's broker. The investor's broker then communicates the offer identifier to the investor. Once the investor knows the offer identifier associated with the offer, the investor can visit a web site operated by the offer matching system or by an information publisher that obtains information from the offer matching system and ask for information based upon the offer identifier. For example, if the investor asks the offer matching system or an information publisher for a description of the offer associated with the offer identifier, the investor could find out when the offer was received by the offer matching system and the price and quantity that were specified in the description received by the offer matching system. Thus the investor could monitor how quickly the investor's broker submitted the investor's order to the offer matching system and could confirm that the investor's broker submitted the correct price and quantity. Although anyone could query the offer matching system or the information publisher using the offer identifier, only a few people would know that the investor has any interest in the offer associated with the offer identifier.

[0206] The present invention also allows an investor conveniently to monitor the status of an offer initiated by the investor. Once the investor knows the offer identifier associated with the investor's offer, the investor can visit a web site operated by the offer matching system or an information publisher and ask to receive an e-mail notice each time the offer is executed in whole or in part. Although anyone could ask to receive notices when such offer executes, only a few people would know that trades described in such notices are financially relevant to the investor. The present invention allows the investor to obtain such notices without requiring the investor to use a broker that operates a system for providing such notices.

[0207] The present invention also allows an investor to permit others conveniently to monitor the status of an offer initiated by the investor. For example, the treasurer of an investment club could submit an offer as described above, and then send to each member of the investment club an e-mail that contains the offer identifier. Each member of the investment club could then obtain information about the offer and executions of the offer by directly querying the offer matching system or an information publisher.

[0208] The present invention permits an investor to obtain information about other offers that are related in some interesting way to an offer initiated by the investor. Consider, for example, an investor who observes on a ticker-type display that trades for a stock he wants to buy are occurring at prices below the limit price specified in a buy offer previously submitted to the offer matching system. The investor will want to know why his offer has not yet executed. In such a case, the investor could visit a web site operated by the offer matching system or an information publisher, supply the offer identifier for the investor's buy offer, and ask for information about trades of the relevant stock that have occurred at prices below the limit price specified in his order. The offer matching system or information publisher could then list such trades and explain why the buy offers involved in those trades had priority over the investor's buy order (e.g., the other offers specified a higher limit price, were submitted sooner, were for a larger initial quantity, etc.—whatever factor gave them a higher execution priority). The investor might also want to know about active buy offers that have an execution priority that is higher than the investor's buy offer (i.e., offers that must be filled before the investor's offer can be executed). Once again, given the offer identifier for the investor's buy offer, the offer matching system or information publisher could provide information about prices and quantities specified in higher priority offers for the same security.

[0209] The present invention permits a participant to obtain information about other offers that are related in some interesting way to an offer submitted to the offer matching system by the participant. In essentially the same way that an investor who knows an offer identifier can obtain information about other offers with higher execution priority, a participant can obtain the same information.

[0210] The present invention permits a bank to monitor a borrower's risk exposure arising out of offers submitted to an offer matching system. For example, a bank (the monitor) that wants to track a borrower's (the disclosee's) risk exposure arising from offers submitted to the offer matching system, could refuse to lend to the borrower until the borrower causes the borrower's broker (the participant) to cause the offer matching system to save an association among the bank, the borrower and the condition that the borrower is financially responsible for an offer. The bank and the offer matching system would also agree upon a procedure by which the bank could identify itself to the offer matching system. Subsequently, the borrower sends a description of an offer to the borrower's broker who forwards it to the offer matching system together with information that the offer is for the account of the borrower. The offer matching system detects that the offer satisfies the condition. If the bank logs onto the offer matching system in a way that permits the offer matching system to recognize the bank and the bank submits a request for information about offers for which the borrower is financially responsible, the exchange can then provide the requested information to the bank. Thus the invention permits the bank to obtain information relevant to evaluating risks to which the borrower is exposed.

[0211] In a related embodiment of the invention there would be no need to submit a request. Instead, the offer matching system simply sends to the bank information about offers submitted for the borrower's account.

[0212] The present invention also permits an investor (the disclosee) to obtain through the investor's broker (the participant) information concerning an offer that is digitally signed by an offer matching system. Consider for example a case where the investor communicates an offer to the investor's broker who then communicates it to the offer matching system. Subsequently, the investor can ask the broker for information about when the offer was received by the offer matching system. The investor can ask the offer matching system for the desired information. The offer matching system can provide the desired information (either directly to the investor or to the broker who can forward it to the investor) and provide a digital signature which certifies that the information was provided by the offer matching system. Thus, the invention permits the investor to monitor the performance of the investor's broker with respect to offers forwarded to the offer matching system without requiring the investor to communicate directly with the offer matching system.

[0213] The present invention permits an offer matching system to respond to queries about offers previously received by the offer matching system without requiring the offer matching system to know or to verify the identify of the individual making the query. Because the offer matching system does not provide information that discloses who submitted a particular order, providing information about an offer does not violate the privacy expectations of an investor. An investor need only take reasonable steps to preserve the confidentiality of information disclosing which offer identifiers are associated with offers in which the investor has a financial interest. The investor does not even need to identify itself to the offer matching system to obtain information about the investor's own offers.

[0214] The present invention permits an offer matching system to respond to queries about offers that are somehow relevant to an offer identified by the person requesting information.

[0215] The present invention permits an information publisher to provide and pay for the facilities that permit investors and others to obtain information about offers received and processed by the offer matching system.

[0216] The information publisher could charge investors for providing such a service or could charge for advertisements that are displayed to persons who obtain such information.

[0217] The invention permits an information publisher to provide and pay for the facilities that respond to queries for information about offers that are somehow relevant to an offer that is of interest to an investor or any other person.

[0218] Several different communications technologies (including, but not limited to ADSL, cable modems, broadcast media such as radio and television, Internet multicasting, etc.) permit the very efficient distribution of information from a single source to multiple recipients. The invention allows such technologies to be utilized to distribute information about offers and trades that is tagged with relevant offer identifiers. Persons receiving such broadcasts can then filter the received information based upon offer identifiers to identify information that is of interest to the recipient.

[0219] The problem with existing methods for distributing information about offers and trades is that they either require secure communication links so that the offer matching system can confirm that the recipient is entitled to receive requested information or they publish information that is not tagged with offer identifiers so that a recipient can not be sure that any particular item of information concerns an offer that is of interest to the recipient. A recipient using a prior system might, for example, see that someone just bought 100 shares of Acme common for a price that is compatible with his or her offer, but would not know if that trade represents an execution of his or her offer or an execution of some other offer that was submitted before his or her offer.

[0220] The invention permits an investor to obtain information about an offer initiated by the investor by filtering data published by an offer matching system or an information publisher. For example, an investor (the disclosee) submits an offer to the investor's broker (the participant) who forwards the offer to the offer matching system. The offer matching system associates an identifier with the offer and the identifier is communicated from the offer matching system to the broker to the investor. The offer matching system, or an information publisher that receives data tagged with offer identifiers from the offer matching system, then publishes the offer identifier together with data about the offer. Such information could be provided either only to subscribers or could be broadcast to the public. The offer matching system or information publisher could publish similar information about many different offers. The investor can then receive the published information and filter it for information that is tagged with the offer identifier. Thus, the invention permits an investor (or anyone to whom the investor discloses the relevant offer identifier) to obtain information about orders that are of interest to the investor (or such person) without sending a request for information to the offer matching system or an information publisher and without revealing to anyone that the recipient is interested in a particular offer.

[0221] The invention permits an investor to obtain information about offers that are related in an interesting way to an offer initiated by the investor. For example, the investor (the disclosee) submits a first buy offer for a traded item to the investor's broker (the participant) who forwards the first buy offer to the offer matching system. An identifier associated with the first offer is communicated to the investor. The offer matching system or an information publishing system subsequently publishes information about other offers to buy the same traded item. The investor's computer receives such information and stores it because it concerns a security that the investor wishes to buy. The offer matching system or an information publishing system then publishes information about trades involving the security that the investor wants to buy at prices that are below the maximum price that the investor is willing to pay. The information about such trades includes offer identifiers for the buy offers involved in such trades (which are not the same as the offer identifier for the first offer). The investor's computer can see the offer identifier of the buy offer involved in such a trade, can retrieve previously stored information about such offer and can display for the investor a notice that such trade occurred and information about such offer so that the investor can see why the other offer was executed before the investor's buy offer was executed.

[0222] The invention permits the offer matching system to publish data about offers in a manner that does not require the offer matching system to respond to multiple queries from the public because the public can simply filter information published once by the offer matching system. This saves communication bandwidth.

[0223] The invention permits an investor to know whether a particular trade reported by a ticker service did or did not arise out of an offer originated by the investor. An investor who knows that a first offer identifier is associated with an offer initiated by the investor can monitor ticker data that is tagged with the offer identifier of each buy offer and sell offer that is involved in a reported trade. If data about a trade is tagged with the first offer identifier, then the investor knows that the data concerns a trade arising out of the offer initiated by the investor. Otherwise, the investor knows that the data concerns a trade that did not arise out of the offer initiated by the investor.

[0224] Those skilled in the art will realize that the invention thus permits efficient communication to multiple investors of information that is of particular interest to them without requiring multiple secure data connections and the overhead of multiple queries.

[0225] The invention permits an investor to signal to the market that the decision to initiate an offer was not based upon information that has not yet become widely known by investors. For example, an investor who wishes to sell a block of a thinly traded stock to fund the purchase of a new home, could submit an offer to sell the block at an attractive price with the stipulation that the offer could not be executed for several days. In such a scenario, other persons interested in the affected security will have several days to adjust to the idea that someone (whose identity is not revealed) wishes to sell the block of stock. By the time the investor's sell offer becomes effective, other investors will have had time to realize that the investor probably is not trading based upon superior information because the investor announced his intention to trade several days before the trade will actually occur. Also, persons with an interest in purchasing the affected security will have had several days to realize that a large, attractively priced block is going to become available for purchase at the delayed effective time specified by the investor.

[0226] The invention permits anyone who is willing to deal with a large number of small trades to obtain any price differential that might exist between round lots and odd lots. For example, a patient seller with efficient systems for processing trades might wish to submit a large offer to sell at a high price that is marked to indicate that the seller is willing to permit round lots to be broken into odd lots. If persons who wish to purchase odd lots of the relevant security should indicate a willingness to pay a somewhat high price to obtain the desired odd lot, then it might be possible for the patient seller to sell at the high prices that odd lot purchasers are willing to pay.

[0227] The invention thus permits competition for odd lot trades in the hopes of inducing competition for odd lot trades that may result in small spreads between the prices for odd lot trades and for round lot trades.

[0228] The invention permits a participant to reduce the risk that compromising physical security of a single computer system could expose the participant to large risks. If the systems that are authorized to approve offers are located remotely from the computers that are used to submit offers to the offer matching system, then it would be possible for the approving system to refuse to approve unusual offers that might be submitted by someone who wrongfully takes control of the submitting computers. The invention would also permit risk management or compliance personnel at a participant to block prohibited offers that other personnel at the participant might submit to the offer matching system.

[0229] The invention attempts to reduce price volatility in the manner that it selects a trade price. Consider the case where a buyer with a strong desire to purchase Acme common submits a buy order that specifies a limit price that is well above the last trade price and a seller with a strong desire to sell Acme common submits a sell order that specifies a limit price that is well below the last trade price. When the offer matching system detects that these two offers can be executed against one another, it must select a price at which the trade will be executed. According to the invention, the offer matching system will select a price that is indicative of recent trading activity in the applicable security, which should tend to reduce unnecessary price movements. Thus, the enthusiastic buyer who is willing to pay a high price will only need to pay a market-related price and the rushed seller who is willing to accept a low price will actually receive a market-related price.

[0230] The invention permits a short seller to enter a single limit offer that specifies the lowest price the short seller is willing to accept, even if that price is (or becomes) less than the minimum price permitted for short sales. Each time the offer matching system examines the single limit offer to see whether it can be executed, the offer matching system will treat the single limit offer as though it were an offer at the greater of the specified limit price and the minimum price permitted for short sales. This can reduce the number of times that a short seller might adjust an offer to sell short to reflect trading activity that changes the minimum price permitted for short sales.

[0231] The majority of securities transactions in the US are cleared and/or settled through the facilities of a nonprofit membership organization named the National Securities Clearing Corporation (“NSCC”). For trades that clear and/or settle through its facilities, NSCC typically charges a per transaction fee that is independent of the number of shares or the dollar amount involved in the trade. If trades arising out of an offer matching system are cleared and settled directly between the participants who submit offers to the offer matching system, then the allocation of NSCC fees can present some interesting problems. There is not a similar problem for offer matching systems where all trades are executed with a single designated intermediary, because in such a case all trades arising out of a single offer can be aggregated into a single trade with the designated intermediary. For example, consider the case where a first participant submits an offer to sell 1000 shares that executes against 10 different offers to purchase 100 shares. In such a case, the seller will be involved in 10 trades and each buyer will be involved in a single trade. It would be undesirable for the seller to pay more fees to NSCC than the buyers do because the seller would have been willing (and probably would have preferred) to do a single trade for the full 1000 shares. The invention proposes a method for collecting fees from each participant that benefits by having at least part of an offer executed, and then paying (either directly or by reimbursing the affected participants) the NSCC fees applicable to trades executed by the offer matching system. For example, the offer matching system could collect fees from each participant and then pay fees directly to NSCC.

[0232] As mentioned earlier, when using the Internet in connection with business transactions, it is desirable to utilize a secure hypertext transport protocol between a client computer system running a browser program and a server computer system running a server program.

[0233] To reduce the risk that unauthorized users will interfere with the operation of client computer systems connected to the Internet, it is often desirable to insert a “firewall” computer system between client computers running browser programs and the Internet. It is typical to configure firewall computer systems to prohibit certain types of communication between the Internet and a client computer system. Sometimes firewall computer systems are configured to block all communications unless an attempted communication is contained in a list of permitted communications.

[0234] It is possible to configure a firewall computer system so that it will pass attempts by a client computer system running a browser to establish a link over the Internet to port 80 on a server computer (which is the port normally used for hypertext transport protocol), but will block attempts to establish such a link to port 443 (which is the port normally used for the popular secure sockets protocol).

[0235] Unfortunately, configuring a firewall computer system in such a way makes it difficult for client computers connected to the firewall computer system to utilize the secure socket layer for secure communication over the Internet.

[0236] As described below, this problem can be overcome by configuring the server computer to use port 80 for secure sockets and by directing the client computer to use port 80 to establish a secure link with the server computer.

[0237] In a preferred embodiment of the invention, the server computer is an International Business Machines Personal Computer compatible system that is running Microsoft Windows NT 4.0 operating system, Microsoft Internet Information Server Version 4.0 and Microsoft Certificate Server.

[0238] Following normal setup procedures on the server computer system, establish a web server at a desired internet protocol address (for illustrative purposes only, the discussion below uses address 10.0.0.1, however, those familiar with the art will understand that any desired valid internet protocol address can be used) that supports both normal hypertext transport protocol sessions on port 80 and secure socket layer sessions on port 443. This will normally require using key manager to associate a server certificate with the virtual server. Create a default web page on the virtual server and test the installation by using a client computer running a browser such as Microsoft Internet Explorer version 4.0 to browse to the default web page using both the normal universal resource locator (the normal URL) of “http://10.0.0.1 ” and the secure socket layer universal resource locator (the SSL URL) of “https://10.0.0.1”.

[0239] On the server computer, start Microsoft Management Console for Microsoft Internet information server, navigate in the left panel to Console Root\Internet Information Server\<server name>\<virtual server name>, where <server name> is replaced with the name of the server being used and <virtual server name> is replaced with the name of the virtual server being used. Right click on the icon for <virtual server name>, left click on properties in the popup menu. In the form for Properties, select the web site tab and make the following changes:

[0240] change the TCP Port from 80 to any value other than 80 or 443 (for example, 8080); and

[0241] change the SSL Port to 80.

[0242] Left click Apply, Left click OK. Shutdown and restart the server computer.

[0243] On the client computer, browse to the default page using the modified secure socket layer universal URL (the modified URL) of “https://10.0.0.1:80”. Note that the browser establishes a secure link to the server computer using port 80 on the server computer.

[0244] Those familiar with the art will appreciate that the modified URL can be used in many ways that are typical for universal resource locators. For example, but not by way of limitation, the modified URL can be used in hypertext markup language as part of:

[0245] the target for a hyperlink, e.g.: ‘<a href= “https://10.0.0.1:80/default.htm”> click for link</a>’

[0246] the action for a form, e.g., ‘<form method=“POST”action=“https://10.0.0.1:80/dump.asp”><p><input type=“text” name=“T1” size=“20”><input type=“submit” value=“Submit” name=“B1”><input type=“reset” value=“Reset” name=“B2”></p></form>’ and

[0247] a query, e.g.: ‘<a href=“https://10.0.0.1:80/dump.asp?parameter=value”> click for query</a>’.

[0248] Those skilled in the art can readily devise obvious variations on the various embodiments of the invention as set forth above. Any and all such variations are intended to be encompassed within the scope of the invention, which is defined by the claims which follow.

Claims

1] A method for securely communicating with a server program using a secure hypertext transfer protocol which by default uses a first port number associated therewith, said method practiced in connection with a hypertext transfer protocol which defaults to the use of a second port number associated therewith, said method comprising:

(a) configuring the server program so that it listens for requests for secure hypertext transfer protocol sessions on the second port number rather than the first port number;
(b) receiving at the server program on the second port number a first data packet in a manner that is consistent with the secure hypertext transfer protocol, except that the request is received on the second port number rather than the first port number;
(c) outputting from the server program a response to the first data packet in a manner that is consistent with the secure hypertext transfer protocol, except that the request was received on the second port number rather than the first port number.

2] [c1] The method of claim 1 wherein the secure hypertext transfer protocol is the https protocol and the hypertext transfer protocol is the http protocol.

3] [c1] The method of claim 1 wherein the first port number is 443 and the second port number is 80.

4] [c1] The method of claim 1 wherein, before the first data packet is received by the server program on the second port, it passes through a system that is configured in a manner that would block the first data packet if the first data packet were addressed to the first port.

5] [c1] The method of claim 1 further comprising the following additional step:

after step (a), directing a client program to request information from the server program using a resource locator comprising an indication to use the secure hypertext transfer protocol and an indication to use the second port number.

6] [c4] The method of claim 4 further comprising the following additional step:

after step (a), directing a client program to request information from the server program using a resource locator comprising an indication to use the secure hypertext transfer protocol and an indication to use the second port number.

7] [c1 ] The method of claim 1 further comprising the following additional step:

after step (a), directing a client program to post information to the server program using a resource locator comprising an indication to use the secure hypertext transfer protocol and an indication to use the second port number.

8] [c4] The method of claim 4 further comprising the following additional step:

after step (a), directing a client program to post information to the server program using a resource locator comprising an indication to use the secure hypertext transfer protocol and an indication to use the second port number.

9] [c1 ] The method of claim 1 wherein at least one step is performed using the Internet.

10] A method for operating a web server system comprising:

(a) configuring the web server system to use port 80 for communications using a protocol selected from the group consisting of: secure socket layer, secure sockets layer, SSL, secure hypertext transfer protocol, and HTTPS;
(b) receiving at port 80 at the web server system a first data packet that is formatted in accordance with the protocol; and
(c) responding to the first data packet with a second data packet that is formatted in accordance with the protocol.

11] A web server system comprising:

(a) web server software configured to use port 80 for communications using a protocol selected from the group consisting of: secure socket layer, secure sockets layer, SSL, secure hypertext transfer protocol, and HTTPS;
(b) means for receiving at port 80 at the web server system a first data packet that is formatted in accordance with the protocol; and
(c) means for responding to the first data packet with a second data packet that is formatted in accordance with the protocol.
Patent History
Publication number: 20020023037
Type: Application
Filed: Nov 5, 2001
Publication Date: Feb 21, 2002
Inventor: Newton B. White (Morristown, NJ)
Application Number: 09682985
Classifications
Current U.S. Class: Trading, Matching, Or Bidding (705/37)
International Classification: G06F017/60;