Patent Grant
8949406
Embodiments of the present invention relate to the field of client-server communications. More particularly, embodiments of the present invention relate to a method and system for passively monitoring network communication between a server and a client, and based thereon, communicating commands and data in a client-server interaction.
Web applications have become important business, entertainment and social tools. Commerce is conducted over the Internet via merchandise transactions, financial transactions, etc. Internet communication typically involves a client computer system, e.g., having a browser, communicating with a remote server system. The server system typically has installed thereon a web application program. The client system transmits page requests to the server system which responds with page responses to create a web experience for the client user. The requests and responses are called “network traffic.”
Designers of web application programs would like to gain information about client experience including the client behavior and application behavior when interacting with a web application in order to better serve the client. In order to understand the manner in which users interact with a web application, prior art systems have been developed that are able to passively monitor and store the network traffic (without disturbing the web application program or the client) and further these passive systems can separate and store the data by sessions that are unique to a particular client. By analyzing the recorded network traffic, important client behavior may be understood. Also, by recording the network traffic by sessions, a specific client interaction can be replayed to an operator during a client telephone call in order to troubleshoot a web application program or determine how a client can be better assisted.
Unfortunately, it is not an easy task to modify a web application program to take advantage of information that may be obtained by passive monitoring and recording of the network traffic. Server based systems can be very complex and large. Many companies that run such servers resist frequent modification of them and their resident web application programs.
Accordingly, a need exists for a system and method that can provide real-time user feedback (to enhance a user's web experience) based on passive monitoring of client-server network traffic without involving substantial modifications to the server system and without involving any substantial modifications to the resident web application program installed on the server system. A need exists for a system and method that can alter a web application's program flow, according to the user's perspective, in a manner that is transparent to the web application program. It will become apparent to those skilled in the art after reading the detailed description of the present invention that the embodiments of the present invention satisfy the above mentioned needs.
For instance, in response to passive monitoring of network traffic, a communication loop may be used to send specific commands and/or information to a client system to cause certain actions to take place on that client system, e.g., a chat window may be opened, a cookie value may be cleared, a document object model (DOM) of a browser may be altered, a session may be terminated, etc. The commands and/or information may originate from a system that is separate from the server system and whose operation does not substantially alter the server system or the web application program installed thereon.
By employing such a system and method, client actions in the context of the history of the user's current session can be used to provide personalized assistance, e.g., by opening a chat window, enhancing security by preventing click fraud, terminating an active session, clearing a cookie value, etc., in a manner that is transparent to the web application program.
More specifically, embodiments of the present invention are directed to a passive monitoring system that is separate from a server system. The passive monitoring system is able to monitor and record network traffic that includes client requests and server responses. The server responses originate from a web application program that is resident on the server system. The recorded network traffic is sessionized. The network traffic can be fed to a rules engine of the passive system which can use the network traffic to recognize when one or more user events occur.
In accordance with embodiments of the present invention, an agent is made operable on the client system by the server system. The agent operates within the client browser and collects various events occurring on the client system, generally referred to as document object model (DOM) events, e.g., mouse movements, mouse clicks, key strokes, the recorded delay between key strokes, etc. The agent, using an asynchronous communication channel, then posts the event data to the server, e.g., transmits the event data to the server system in an asynchronous fashion at prescribed time intervals. In response to the asynchronous post message, the client system expects to receive, and in fact listens for, an acknowledgement signal from the server system.
The passive monitoring system takes advantage of this acknowledgement signal requirement by providing, in addition to the acknowledgement signal, certain commands and/or data that may be generated by the rules engine in response to a recognized user event. These commands and/or data can then be conveniently sent asynchronously to the agent in order to alter the flow of the web based application. Since these commands originate from the passive system, and not the web server, the program flow of the web application is altered in a way that is transparent to the web application program on the server.
An advantage of the embodiments of the present invention is that the user experience of a web application can be augmented and improved (based on user interaction with the web application program) without requiring changes to the web application program on the server side aside from including the Javascript in the response page. The logic that determines if commands and/or data should be provided to the agent can be provided separate from the server based application program, e.g., integrated into a system designed to passively collect and monitor network traffic between the server system and client systems. The only change required of the server is that it place the agent with a page response.
More particularly, the passive monitoring system maintains a set of logical rules that are programmable. Application of the set of logical rules to the collected network traffic for a given client determines whether a prescribed event has occurred. In response to the determination, the passive monitoring system may generate a command signal for execution by the agent. Upon the next agent communication to the server, a command/data package may be generated and sent to the client system (alternatively, a mere acknowledgement signal may be sent if no commands are contemporaneously required).
The command/data package may cause the agent operating on the client system to take a certain action, e.g., open a chat window such that an operator can provide help to the user, alter a cookie value, terminate an active session between a browser of the client system and the web application, alter a DOM of a browser of the client system, etc. The agent can take almost any action in response to a command/data package.
Accordingly, events occurring on the client system may be understood by collecting and monitoring network traffic. As a result, the passive monitoring system may provide assistance to a client in real-time, e.g., by opening a chat window. Moreover, security may be enhanced by enabling the agent on the client system to take certain actions in real-time, e.g., terminate an active session, clear a cookie value, prevent click fraud, etc. Importantly, these actions may be taken without substantial alteration to the web application program.
In an alternative embodiment of the present invention, the rules engine of the passive monitoring system may also take into consideration, in addition to the recorded network traffic, the client information sent from the agent. In other words, in determining if an event occurred, the rules engine may, in one embodiment, consider both events communicated from the engine, and the recorded network traffic.
Embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings. While the invention will be described in conjunction with these embodiments, it will be understood that they are not intended to limit the invention to these embodiments. On the contrary, the invention is intended to cover alternatives, modifications and equivalents, which may be included within the spirit and scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present invention, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be evident to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the invention.
Notation and Nomenclature
Some portions of the detailed descriptions which follow are presented in terms of procedures, steps, logic blocks, processing, and other symbolic representations of operations on data bits that can be performed on computer memory. These descriptions and representations are the means used by those skilled in the art to most effectively convey the substance of their work to others skilled in the art. A procedure, computer executed step, logic block, process, etc., is here, and generally, conceived to be a self-consistent sequence of steps or instructions leading to a desired result. The steps are those requiring physical manipulations of physical quantities.
Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present invention, discussions utilizing terms such as “processing” or “creating” or “transferring” or “executing” or “determining” or “instructing” or “issuing” or “halting” or “clearing” or “accessing” or “aggregating” or “obtaining” or “selecting” or “calculating” or “measuring” or “querying” or “responding” or “monitoring” or “storing” or “maintaining” or “sending” or “converting” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
Referring now to
It is appreciated that DOM events generally refer to events that change the DOM. However, “events” referred to herein are not limited to those events that change the DOM. For example, mouse movements, mouse clicks, key strokes, the recorded delay between key strokes, etc. may be DOM events. Moreover, an agent, e.g., a Javascript, operable on the user computer can generate events, e.g., posting event data to the server.
The passive system 195 is communicatively coupled with the server system 190. The passive system 195 includes a converter (packet sniffer) 140 and an event detector (canister) 150. The event detector 150 comprises a rules engine 180. The passive system 195 may monitor and record network traffic. Various methods for monitoring, capturing and encrypting the network traffic flow between the client system and the server system are described in U.S. Pat. Nos. 6,286,098 and 6,286,030, which are incorporated herein by reference in their entirety. Monitoring, synchronizing and replaying the captured network traffic between the client system and the server system are described in U.S. provisional patent application Nos. 60/806,443 and 60/969,537 which were filed on Jun. 30, 2006 and Aug. 31, 2007 respectively, are assigned to the assignee of the instant patent application and are incorporated herein by reference in their entirety. Provisional patent application No. 60/806,443 has been converted to U.S. Pat. No. 8,127,000, issued on Feb. 28, 2012, entitled: METHOD AND APPARATUS FOR MONITORING AND SYNCHRONIZING USER INTERFACE EVENTS WITH NETWORK DATA and is incorporated in its entirety by reference.
In one embodiment of the present invention, in operation, the client 110 can send a page request 112 to the server system 190. For example, the client 110 may request a particular webpage. The page request 112 travels through the network 120. The network fabric 130 receives the page request 112 and forwards the page request 112 to the web server 160 which in turn forwards the page request 112 to the application server 170. The network tap 132 forwards a copy of the page request 112 to the converter 140.
The server system 190 responds to the request by sending a page response 172. For instance, a web application program resident on the application server 170 responds by transmitting the page response 172. The page response 172 may comprise the requested webpage and the agent 174. The page response 172 is transmitted from the application server 170 to the web server 160 and thereafter to the network fabric 130. The network fabric 130 receives the page response 172 and forwards the page response 172 to the client 110 via the network 120. The network tap 132 forwards a copy of the page response 172 to the converter 140.
According to one embodiment, the page response 172 is a webpage along with an agent 174, e.g., a Javascript. The client 110 receives the page response 172 that includes the requested webpage along with the agent 174. The agent may be an AJAX (Asynchronous Javascript Execution) agent in one implementation. In one embodiment, the agent 174 may be loaded onto the webpage when transmitted. The agent 174 is operable within the client browser to monitor and collect various event data, e.g., document object model (DOM) events 114, occurring on the client 110 and is operable to send the event data to the server system 190. Event data is any action performed by the user that changes the DOM on the browser of the client 110. In one example, event data may comprise keyboard key presses, mouse clicks, mouse movements, a measure of delay in the user entering data in on-screen fields, data entered in the on-screen fields and interaction of an application with the requested webpage, etc.
Importantly, network traffic comprising requests 112 and responses 172 are monitored and collected by the passive system 195. It is appreciated that the network tap 132 supplies network traffic, e.g., page request 112 and page response 172, in a TCP format from the network fabric 130. The network traffic in TCP format 134 are transmitted to the converter (packet sniffer) 140. The converter converts the network traffic from TCP format into an HTTP/HTTPS format and sends the HTTP/HTTPS formatted network traffic 142 to the event detector (canister) 150. In other words, the converter 140 re-assembles packets such that requests and responses between the client 110 and the server system 190 can be recreated and replayed as webpages.
The HTTP/HTTPS formatted network traffic is stored and sessionized in the event detector 150 in accordance with a unique session established for the client 110. It is appreciated that each client may have its own corresponding session stored in the detector 150.
The passive system 195, via the rules engine 180, may determine whether a prescribed action or event has occurred, based on applying a programmable set of rules to the collected network traffic. As a result, an appropriate command, data and/or acknowledgement signal 152 (“command message”) may be generated and transmitted to the client system 110. Importantly, the command message 152 is communicated in response to an asynchronous message received from the agent of the client system 110. In this sense, the command message is a “loop back” signal because it is sent responsive to the post signals 114 that origin ate from the agent 174. The command message 152 causes the agent 174 to take some action on the client side in real-time to alter or enhance the web application program flow in a way that is transparent to the web application program.
According to one embodiment, the agent 174 operating on the client 110 collects event data and communicates the collected event data asynchronously in discrete messages, e.g., DOM event messages 114, and at prescribed time intervals to the server system 190. For example, the agent 174 collects and sends DOM events 114 asynchronously via the network 120 to the network fabric 130. The network fabric 130 forwards the received DOM events 114 to the web server 160 wherein the DOM event receiver 162 receives and detects the DOM events 114. It is appreciated that the discrete messages sent by the agent could also be triggered based on a certain amount of detected events occurring rather than at prescribed time intervals, or a mixture of both may be used. While this event data may or may not be considered by the rules engine of the passive system, the communication is useful because it provides the passive system with an opportunity to communicate with the client system.
The DOM event messages 114 are forwarded to the event detector (canister) 150 of the passive system 195 by the DOM event receiver 162 in one embodiment. The DOM events 114, similar to the HTTP/HTTPS formatted network traffic, may optionally be stored in the event detector 150 in a sessionized fashion. For example, event data, e.g., DOM events 114, may be stored in accordance with a unique session established for the client 110. However, it is appreciated that the network traffic and/or the event data, e.g., DOM events 114, can be processed on the fly without a need to be stored. As will be discussed more fully below, the receipt of an asynchronous DOM event message 114 states the passive system 195 with a mechanism for communicating back to the client system 110 outside of the operation of the web application program 176 by using a command message 152.
Command messages are generated as a result of certain user actions being recognized by the passive system. A plurality of logical rules may be maintained and stored by the event detector 150. The plurality of logical rules may be user programmable and user configurable at the server side typically. The plurality of logical rules may be used by the rules engine 180 to identify specific user events and/or a prescribed action. For example, a plurality of logical rules may be used to determine (by operation of the passive system 195) whether the client 110 needs help or whether the client 110 should be disconnected for security reasons. In response to the determination, a variety of commands and/or data can be sent back to the agent indicating that a value of a cookie should be altered, an active session should be terminated, a chat window should be opened, a DOM of a browser on the client 110 should be altered, a window should be opened and a new uniform resource locator (URL) should be sent, etc.
The rules engine 180 of the event detector 150 applies the plurality of rules maintained in the event detector 150 to the received and stored HTTP/HTTPS formatted network traffic 142, and optionally, the DOM events 114. As a result, the rules engine 180 may generate a command message 152 which is transmitted in response to a received DOM event message 114. Message 152 may include a command, data and/or an acknowledgement signal to be generated. In other words, the rules engine 180 detects a compound event and by applying a set of prescribed rules, maintained in the event detector 150, to the received HTTP/HTTPS formatted network traffic (and optionally the received DOM events 114) for a given client. For example, based on the application of the logical rules, the rules engine 180 may determine that a chat window for the client 110 should be opened. In this case, in response to a received DOM event message 114 the acknowledgment package 152 will include commands and data to be executed by the agent 174 to open the chat window. Alternatively, if no commands and/or data is required, then message 152 will merely be an acknowledgement of the received DOM events from message 114.
The command signal 152 is transmitted from the event detector 150 to the DOM event receiver 162 and forwarded to the client 110 via the network 120. The signal 152 may be transmitted asynchronously and is always sent in response to a received DOM event message 114. Using this loop back communication scheme, the event detector 150 is operable to communicate commands, data and/or acknowledgement signal 152 to the DOM event receiver 162 responsive to identifying a specific user event. As such, the command, data and/or acknowledgment signal 152 is based on user actions of the client system 110 but is sent responsive to a received DOM event message 114. User actions are detected based on the stored network traffic and optionally may also be based on the received DOM events.
It is appreciated that in accordance with embodiments of the present invention the command message 152 may provide additional web content and functionality that is transparent to the operation of the web application. In other words, the actions taken by the agent 174 can alter the program flow of the web application from the user's perspective. But these alterations originate from the detector 150 and not from the web application program. Therefore, embodiments of the present invention provide a mechanism for passively monitoring network traffic and based thereon for altering the apparent flow of a web application at the client system without requiring any changes to the server based web application program. For instance, situations in which a user needs help can be detected and mechanisms can be communicated to the client for that help, all done in a manner that is transparent to the application program.
It is further appreciated that the event data 114 and command messages 152 are transmitted using an asynchronous channel created by the agent 174 while network traffic comprising page requests 112 and page responses 172 are transmitted using a channel different from the channel created by the agent 174. In either case, the stream of network traffic and event data (optionally including DOM event messages 114) are observed, sessionized and analyzed by the detector 150. Based on the analysis, an appropriate command signal 152 is transmitted via the created channel in order to alter the application flow at the client 110 and to provide additional web content and behavior based thereon, e.g., by opening a window, altering a cookie value, terminating an active session, etc. For instance, a chat window opened on the client 110 may allow a live operator to communicate with the user. The additional web content and functionality may be operable to cause the agent 174 to alter a DOM of a browser of the client 110. In one embodiment, the additional web content and functionality is operable to cause the agent 174 to terminate an active session between a browser of the client 110 and the web application. In one exemplary embodiment, the additional web content and functionality is operable to cause the agent 174 to alter a cookie value of the client browser, e.g., erase a cookie value, used by a browser of the client 110. The additional web content and functionality may also cause a window to open and display the contents of a specified URL at the client side. Thus, the user experience may be enhanced or terminated without substantial alteration of the web application program at the application server 170.
Referring now to
The event detector 150 receives the HTTP/HTTPS formatted network traffic 142 from the converter unit 140. The received HTTP/HTTPS formatted network traffic 142 may be stored in a sessionized database 220 so that the HTTP/HTTPS formatted network traffic 142 may be stored in accordance with a unique session established for the client 110. Similarly, the received DOM events 114 may optionally be received and stored in the sessionized database 220. According to one alternative embodiment, the storing of the DOM events 114 may also be in accordance with a unique session established for the client 110.
A plurality of logical rules, e.g., Boolean expressions, may be maintained and stored in the set of rules memory component 210. The rules may be complex to determine compound events. It is appreciated that the plurality of logical rules maintained in the set of rules 210 may be programmable and user configurable by a server administrator. As presented and as discussed above, the plurality of logical rules may be used to determine whether a prescribed event has occurred at the client side. For example, the rules may be used to determine whether the client 110 needs help based on application of the rules to the monitored information, e.g., HTTP/HTTPS formatted network traffic 142 (and optionally DOM events 114). For instance, a set of rules may be defined for a user that enters all fields of an entry screen, but presses the “home” icon instead of the “accept” icon. A user exhibiting this behavior may need help completing the transaction. In this case, an operator window may be useful to the user. Alternatively, rules can be established to detect click fraud or other security risks. In such case, the client session can be terminated.
The rules engine 180 applies the rules maintained in the set of rules 210 memory component to the sessionized database 220 in order to detect a prescribed event. For example, application of a set of rules to a sequence of events as stored by the sessionized database 220 may detect a prescribed event, e.g., detect that a user needs help. In response to detecting the prescribed event, the event detector 150 generates a command message 152 that may include a command, data and/or an acknowledgment signal. The generated signal 152 may be transmitted to the client 110 in response to a received DOM event message 114 in order to enhance the client's experience. For example, the command message 152 may cause the agent 174 operating on the client 110 to open a chat window, enabling a live operator to chat with the client 110 in order to resolve an issue encountered.
It is appreciated that in one embodiment the rules engine 180 may apply the logical rules to the HTTP/HTTPS formatted network traffic 142 (and optionally the DOM events 114) on the fly. In other words, the rules engine 180 may apply the logical rules without a need to store the HTTP/HTTPS formatted network traffic 142 and further without a need to store DOM events 114 in the sessionized database 220.
As presented and discussed above, the generated command message 152 may provide web content and functionality that is in addition to the requested web application. For example, the command message 152 signal may cause the agent 174 operating on the client 110 to open a chat window, clear a cookie value, terminate an active session, alter a DOM of a browser of the client 110, etc. It is appreciated that the command message 152 signal is transmitted to the client asynchronously and in response to the received DOM events 114. The message 152 is forwarded to the DOM event receiver 162. The DOM event receiver 162 forwards the command message 152 to the agent 174 in response to an asynchronous DOM event message 114.
Referring now to
The server system 330 responds by sending a response 314 to the application request. The response 314 may comprise the actual requested application page along with a Javascript agent. The server system 330 may load the Javascript agent to the application prior to transmitting the response 314.
When the client system 310 receives the response, the requested web application, e.g., webpage, may be rendered by the client system 310. The received agent is then operable on the client system 310 for the requested web application, e.g., webpage.
The agent may collect and monitor various information on the client system 310 referred to as event data. Event data may comprise DOM events, as described above. The monitored data and/or DOM events 318 may be sent to the server system 330 asynchronously. It is appreciated that the server system 330 also collects network traffic information, e.g., requests 312 and responses 314. Based on the network traffic (and optionally on the monitored data and/or DOM events), the passive system 195 may detect a prescribed event. It is appreciated that a lack of event may also be an event, e.g., lack of an action within a prescribed time period.
Based on the prescribed event, the passive system 195 generates and transmits a command, data and/or acknowledgement signal 320 (“command message”) to the client system 310 asynchronously and in response to a message 318. As presented above, the generated command message 320 transmitted to the client system 310 provides additional content and functionality that is transparent to the web application program of the server system 330. For example, the command may cause the agent operating on the client system 310 to open a chat window, alter a cookie value, terminate an active session, alter a DOM for the browser operating on the client system 310, etc. If no command and/or data is required, then command message 320 may merely be a simple acknowledgement of the latest DOM event message 318.
Referring now to
The client browser receives the webpage and renders the webpage for the user. The webpage may comprise a plurality of fields and icons. For example, a first field 410 may be for the user's first name. A second field 420 may be for the user's last name. A third field 430 may be for a routing number for the user. A fourth field 440 may be an account number and the fifth field 450 may be the user's date of birth. A plurality of functional icons may also be provided. For example, a submit icon 460 may be used to submit the entered information. A cancel 470 icon may be used to cancel any transaction and a home icon 480 may be used to go to the home webpage effectively terminating any transaction before it is completed.
In
It is appreciated that the agent operable on the client 110 monitors, collects and transmits the sequence of events occurring on the client 110 in between page requests. For example, the sequence of events that the third field 430 was skipped may be transmitted to the server system 190 as event data, e.g., DOM events 114. Moreover, other event data may include delays between key strokes, mouse movements, mouse clicks, delays between key strokes, overall delay, etc., may similarly be monitored, collected and sent to the server system 190 as DOM events 114. While this event data may or may not be considered by the rules engine of the passive system, it does provide the passive system with an opportunity to communicate with the client system.
The passive system 195 may identify a prescribed action based on the sequence of events, e.g., DOM events 114, collected from the client 110 and the collected network traffic information. For example, if the home button 480 is pressed without the user filling out the required fields, the server system 190 by applying the logical rules to the network traffic may determine that the user is lost and may need help. As a result, the passive system 195 may generate a command signal 152 and transmit it to the client 110 in response to the next DOM event message 114.
The generated command signal 152 may cause the agent operating on the client 110 to provide content in addition to the webpage rendered and/or to perform a particular action. For example, when the passive system 195 identifies that the user is lost and may need help, the home webpage may be rendered on the client 110 since that was the last action taken by the user, as shown in
In one embodiment, when the user chooses to connect to an operator, the information entered by the user, e.g., DOM events 114 and the recorded network traffic information for this session may be transferred to the operator such that the operator can better assist the user. Moreover, it is appreciated that the command, data and/or acknowledgment 152 signal may cause the agent to perform other actions. For example, the command may cause the agent to alter a cookie value, open a chat window, send a new URL to the client in a new window, terminate an active session, alter a DOM of a browser of the client 110, etc. As a result, the user experience is enhanced, e.g., the program flow from the user point of view is altered, without substantial alteration to the original web application, e.g., the webpage.
Referring now to
At step 530, the passive system 195 monitors the network traffic that comprises page requests and page responses. The page requests and page responses may be in TCP format. As such, at step 540, the passive system 195 converts the network traffic from TCP format into HTTP/HTTPS format. In other words, the user's request and responses may be reassembled by converting the TCP format into the HTTP/HTTPS format in order to replay the user experience.
It is appreciated that in one embodiment at step 550, the HTTP/HTTPS formatted network traffic may be stored in accordance with a unique session established for the client 110. Each client may have a unique session and the network traffic for each client may be stored in its corresponding session.
When the response is sent to the client, the agent 174, e.g. a Javascript, begins operating on the browser of the client 110 for the requested webpage. Thus, the agent 174 begins monitoring and collecting event data, e.g., DOM events. According to one embodiment, event data may comprise data regarding any events that occur on the client 110 that alter the DOM maintained on the browser of the client 110. In one example, event data may comprise keyboard key presses, mouse clicks, mouse movements, the recorded delay in key strokes when the user is entering data in on-screen fields, the data entered in the on-screen fields and interaction of an application with the requested webpage, etc. While this event data may or may not be considered by the rules engine of the passive system, it does provide the passive system with an opportunity to communicate with the client system.
Event data, e.g., DOM events, collected and monitored by the agent 174 are sent to the server system 190 in an asynchronous manner. In other words, the event data may be communicated to the server system 190 asynchronously in discrete messages based on prescribed conditions or intervals. It is appreciated that the event data may be communicated from the agent at prescribed intervals that may be user programmable. As such, at step 560, event data is monitored as it is received from the agent operating on the client. It is appreciated that the received event data may also be stored in accordance with a unique session established for the client 110.
At step 570, the passive system 195 maintains a set of rules that define prescribed user events that may need alteration. It is appreciated that the set of rules may be user programmable and user configurable. At step 580, the set of rules may be applied to the received network traffic and/or optionally to the event data to determine whether a prescribed user event has occurred within the client system 110. For example, based on the application of the logical rules to the received network traffic and the received event data, it may be determined that the user needs help. As such, based on the determination an appropriate command, data and/or acknowledgement signal may be generated.
At step 590, the command message is sent to the agent operating on the client 110. It is appreciated that the command, data and/or acknowledgement signal is a message that is communicated asynchronously to the client responsive to the receipt of a message from the agent containing event data.
According to one embodiment, the asynchronous message comprises a command to be executed by the agent in order to provide web content and functionality that is in addition to the page responses sent to the client at step 595. Thus, the web application, e.g., webpage, is not altered. In one exemplary embodiment, the web content and functionality that is provided in addition to the page responses may cause the agent to open a chat window on the client 110 system. The web content and functionality may be operable to cause the agent to alter a DOM of a browser of the client 110, terminate an active session between a browser of the client 110 system and the web application, alter a cookie value, erase a cookie value, etc. Almost any action may be taken by the agent.
As a result, many events occurring on the client 110 are understood by collecting and analyzing network traffic and optionally event data. Thus, web applications may be augmented by providing assistance in real-time, e.g., by opening a chat window without altering the web application program at the server. Moreover, security may be enhanced by enabling the agent on the client 110 to take certain actions, e.g., terminate an active session, alter a cookie value, prevent click fraud, etc. Therefore, the user experience may be enhanced without substantial alteration to the web application program at the server.
Computer system 600 may be coupled via bus 602 to an optional display 612, such as a cathode ray tube (CRT), a liquid crystal display (LCD), etc., for displaying information to a computer user. An optional input device 614, including alphanumeric and other keys, may be coupled to bus 602 for communicating information and command selections to processor 604. Another type of user input device is cursor control 616, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 604 and for controlling cursor movement on display 612.
The term “computer-readable medium” as used herein refers to any medium that participates in providing instructions to processor 604 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 610. Volatile media includes dynamic memory, such as main memory 606. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 602. Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
Computer system 600 can send and receive messages through the network(s), network link 620 and communication interface 618. In the Internet example, a server 630 might transmit a requested code for an application program through Internet 628, ISP 626, local network 622 and communication interface 618. The received code may be executed by processor 604 as it is received, and/or stored in storage device 610, or other non-volatile storage for later execution.
In summary, events occurring on the client system are understood by monitoring and collecting network traffic and optionally by monitoring asynchronously transmitted event data. In response to the monitored and collected data, a loop back communication channel may be used to provide assistance in real-time. Moreover, security may be enhanced by enabling the agent on the client system to take certain actions, e.g., terminate an active session, alter a cookie value, etc., to prevent click fraud, for instance. Since these agent actions take place outside the web application program, the user experience may be enhanced or changed without substantial alteration to the web application program.
In the foregoing specification, embodiments of the invention have been described with reference to numerous specific details that may vary from implementation to implementation. Thus, the sole and exclusive indicator of what is, and is intended by the applicants to be, the invention is the set of claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction. Hence, no limitation, element, property, feature, advantage or attribute that is not expressly recited in a claim should limit the scope of such claim in any way. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5463547 | Markowitz | Oct 1995 | A |
| 5564043 | Siefert | Oct 1996 | A |
| 5577254 | Gilbert | Nov 1996 | A |
| 5699526 | Siefert | Dec 1997 | A |
| 5715314 | Payne et al. | Feb 1998 | A |
| 5717879 | Moran et al. | Feb 1998 | A |
| 5721906 | Siefert | Feb 1998 | A |
| 5751962 | Fanshier et al. | May 1998 | A |
| 5774552 | Grimmer | Jun 1998 | A |
| 5781735 | Southard | Jul 1998 | A |
| 5809250 | Kisor | Sep 1998 | A |
| 5825880 | Sudia | Oct 1998 | A |
| 5832458 | Jones | Nov 1998 | A |
| 5832496 | Anand et al. | Nov 1998 | A |
| 5845124 | Berman | Dec 1998 | A |
| 5848396 | Gerace | Dec 1998 | A |
| 5848412 | Rowland | Dec 1998 | A |
| 5857188 | Douglas | Jan 1999 | A |
| 5867578 | Brickell | Feb 1999 | A |
| 5870559 | Leshem et al. | Feb 1999 | A |
| 5894516 | Brandenburg | Apr 1999 | A |
| 5903652 | Mital | May 1999 | A |
| 5905868 | Baghai et al. | May 1999 | A |
| 5909492 | Payne et al. | Jun 1999 | A |
| 5930786 | Carino, Jr. et al. | Jul 1999 | A |
| 5933601 | Fanshier et al. | Aug 1999 | A |
| 5941957 | Ingrassia, Jr. et al. | Aug 1999 | A |
| 5951643 | Shelton et al. | Sep 1999 | A |
| 5951652 | Ingrassia, Jr. et al. | Sep 1999 | A |
| 5954798 | Shelton et al. | Sep 1999 | A |
| 5991791 | Siefert | Nov 1999 | A |
| 6006228 | McCollum et al. | Dec 1999 | A |
| 6026403 | Siefert | Feb 2000 | A |
| 6035332 | Ingrassia, Jr. et al. | Mar 2000 | A |
| 6085223 | Carino, Jr. et al. | Jul 2000 | A |
| 6151584 | Papierniak et al. | Nov 2000 | A |
| 6151601 | Papierniak et al. | Nov 2000 | A |
| 6169997 | Papierniak et al. | Jan 2001 | B1 |
| 6182097 | Hansen et al. | Jan 2001 | B1 |
| 6253203 | O'Flaherty et al. | Jun 2001 | B1 |
| 6286030 | Wenig | Sep 2001 | B1 |
| 6286046 | Bryant | Sep 2001 | B1 |
| 6286098 | Wenig | Sep 2001 | B1 |
| 6295550 | Choung et al. | Sep 2001 | B1 |
| 6317794 | Papierniak et al. | Nov 2001 | B1 |
| 6334110 | Walter et al. | Dec 2001 | B1 |
| 6397256 | Chan | May 2002 | B1 |
| 6418439 | Papierniak et al. | Jul 2002 | B1 |
| 6480855 | Siefert | Nov 2002 | B1 |
| 6489980 | Scott et al. | Dec 2002 | B1 |
| 6502086 | Pratt | Dec 2002 | B2 |
| 6519600 | Siefert | Feb 2003 | B1 |
| 6651072 | Carino, Jr. et al. | Nov 2003 | B1 |
| 6658453 | Dattatri | Dec 2003 | B1 |
| 6671687 | Pederson et al. | Dec 2003 | B1 |
| 6714931 | Papierniak et al. | Mar 2004 | B1 |
| 6766333 | Wu et al. | Jul 2004 | B1 |
| 6850975 | Danneels et al. | Feb 2005 | B1 |
| 6877007 | Hentzel et al. | Apr 2005 | B1 |
| 7076495 | Dutta et al. | Jul 2006 | B2 |
| 7260837 | Abraham et al. | Aug 2007 | B2 |
| 7272639 | Levergood et al. | Sep 2007 | B1 |
| 7278105 | Kitts | Oct 2007 | B1 |
| 7293281 | Moran et al. | Nov 2007 | B1 |
| 7490319 | Blackwell et al. | Feb 2009 | B2 |
| 7580996 | Allan | Aug 2009 | B1 |
| RE41903 | Wenig | Oct 2010 | E |
| 8042055 | Wenig et al. | Oct 2011 | B2 |
| 8127000 | Wenig et al. | Feb 2012 | B2 |
| 8219531 | Eagan et al. | Jul 2012 | B2 |
| 8335848 | Wenig et al. | Dec 2012 | B2 |
| 8381088 | Kikin-Gil et al. | Feb 2013 | B2 |
| 8533532 | Wenig et al. | Sep 2013 | B2 |
| 8583772 | Wenig et al. | Nov 2013 | B2 |
| 20020049840 | Squire | Apr 2002 | A1 |
| 20020056091 | Bala | May 2002 | A1 |
| 20020065912 | Catchpole et al. | May 2002 | A1 |
| 20020070953 | Barg et al. | Jun 2002 | A1 |
| 20020083183 | Pujare et al. | Jun 2002 | A1 |
| 20020112035 | Carey et al. | Aug 2002 | A1 |
| 20020165954 | Eshghi et al. | Nov 2002 | A1 |
| 20030005000 | Landsman et al. | Jan 2003 | A1 |
| 20030023715 | Reiner et al. | Jan 2003 | A1 |
| 20030128233 | Kasriel | Jul 2003 | A1 |
| 20030145071 | Straut | Jul 2003 | A1 |
| 20030154289 | Williamson et al. | Aug 2003 | A1 |
| 20040019675 | Hebeler | Jan 2004 | A1 |
| 20040059809 | Benedikt et al. | Mar 2004 | A1 |
| 20040059997 | Allen et al. | Mar 2004 | A1 |
| 20040078464 | Rajan et al. | Apr 2004 | A1 |
| 20040100507 | Hayner et al. | May 2004 | A1 |
| 20040158574 | Tom et al. | Aug 2004 | A1 |
| 20050021713 | Dugan et al. | Jan 2005 | A1 |
| 20050030966 | Cai et al. | Feb 2005 | A1 |
| 20050033803 | Vleet et al. | Feb 2005 | A1 |
| 20050066037 | Song et al. | Mar 2005 | A1 |
| 20050071464 | Kuwata et al. | Mar 2005 | A1 |
| 20050086606 | Blennerhassett et al. | Apr 2005 | A1 |
| 20050188080 | Motsinger et al. | Aug 2005 | A1 |
| 20050246651 | Krzanowski | Nov 2005 | A1 |
| 20050278565 | Frattura et al. | Dec 2005 | A1 |
| 20060048214 | Pennington et al. | Mar 2006 | A1 |
| 20060075088 | Guo | Apr 2006 | A1 |
| 20060117055 | Doyle | Jun 2006 | A1 |
| 20060123340 | Bailey et al. | Jun 2006 | A1 |
| 20060162071 | Dixon et al. | Jul 2006 | A1 |
| 20070106692 | Klein | May 2007 | A1 |
| 20070226314 | Eick | Sep 2007 | A1 |
| 20070245249 | Weisberg | Oct 2007 | A1 |
| 20070255754 | Gheel | Nov 2007 | A1 |
| 20080005661 | Yao et al. | Jan 2008 | A1 |
| 20080005793 | Wenig et al. | Jan 2008 | A1 |
| 20080034036 | Takeshima et al. | Feb 2008 | A1 |
| 20080046562 | Butler | Feb 2008 | A1 |
| 20080052377 | Light | Feb 2008 | A1 |
| 20080127217 | Wang | May 2008 | A1 |
| 20080184129 | Cancel et al. | Jul 2008 | A1 |
| 20080216094 | Anderson | Sep 2008 | A1 |
| 20080294974 | Nurmi et al. | Nov 2008 | A1 |
| 20090013347 | Ahanger | Jan 2009 | A1 |
| 20090019133 | Brimley | Jan 2009 | A1 |
| 20090024930 | Kim | Jan 2009 | A1 |
| 20090037517 | Frei | Feb 2009 | A1 |
| 20090037914 | Chagoly et al. | Feb 2009 | A1 |
| 20090063968 | Wenig | Mar 2009 | A1 |
| 20090070869 | Fan et al. | Mar 2009 | A1 |
| 20090083714 | Kiciman et al. | Mar 2009 | A1 |
| 20090138554 | Longobardi et al. | May 2009 | A1 |
| 20090228474 | Chiu et al. | Sep 2009 | A1 |
| 20090247193 | Kalavade | Oct 2009 | A1 |
| 20090254529 | Goldentouch | Oct 2009 | A1 |
| 20100058285 | Meijer | Mar 2010 | A1 |
| 20100070929 | Behl et al. | Mar 2010 | A1 |
| 20100146380 | Rousso | Jun 2010 | A1 |
| 20100211638 | Rougier | Aug 2010 | A1 |
| 20100251128 | Cordasco | Sep 2010 | A1 |
| 20100287229 | Hauser | Nov 2010 | A1 |
| 20100318507 | Grant et al. | Dec 2010 | A1 |
| 20110029665 | Wenig et al. | Feb 2011 | A1 |
| 20110320880 | Wenig | Dec 2011 | A1 |
| 20120084437 | Wenig | Apr 2012 | A1 |
| 20120102101 | Wenig | Apr 2012 | A1 |
| 20120151329 | Cordasco | Jun 2012 | A1 |
| 20120173966 | Wenig et al. | Jul 2012 | A1 |
| 20130091417 | Cordasco | Apr 2013 | A1 |
| 20130339428 | Wenig | Dec 2013 | A1 |
| 20140108911 | Damale | Apr 2014 | A1 |
| 20140115712 | Powell | Apr 2014 | A1 |
| 20140137052 | Hernandez | May 2014 | A1 |
| Number | Date | Country |
|---|---|---|
| 2656539 | Feb 2008 | CA |
| 2696884 | Mar 2009 | CA |
| 0326283 | Aug 1989 | EP |
| 0843449 | May 1998 | EP |
| 1097428 | Jun 2002 | EP |
| 07840244.3 | Feb 2008 | EP |
| 08769998.9 | Mar 2009 | EP |
| 2357680 | Jun 2008 | GB |
| 9825372 | Jun 1998 | WO |
| WO 9826571 | Jun 1998 | WO |
| 9836520 | Aug 1998 | WO |
| 0013371 | Mar 2000 | WO |
| 0217165 | Feb 2002 | WO |
| 2008019193 | Feb 2008 | WO |
| 2009029316 | Mar 2009 | WO |
| 2010019258 | Feb 2010 | WO |
| Entry |
|---|
| Lubarsky, How to Delete Cookie Using Javascript, Aug. 19, 2007 http://web.archive.org/web/20070819123555/http://blogs.x2line.com/al/articles/316.aspx. |
| Rubio, An Introduction to JSON, Feb. 28, 2007, http://www.oracle.com/technetwork/articles/entarch/introduction-json-097942.html. |
| Teare, An Introduction to Ajax, Aug. 2005, http://www.oracle.com/technetwork/articles/entarch/ajax-introduction-096831.html. |
| Stolowitz Ford Cowger LLP, Listing of Related Cases May 3, 2012. |
| Written Opinion of the International Searching Authority; PCT/US11/35410; Date of mailing Dec. 14, 2011. |
| International Search Report for PCT/US11/35410; Date of mailing Dec. 14, 2011. |
| Smith et al., “Automated Protocol Analysis,” Human Computer Interaction, 8:101-145, 1993. |
| Bishop, Matt et al., “A Model of Security Monitoring”, Department of Mathematics and Computer Science, Dartmouth College, pp. 46-52. |
| Al-Qaimare G., et al., Kaldi: A Computer-Aided Usability Engineering Tool for Supporting Testing and Analysis of Human-Computer Interation:, Computer-Aided Design of User Interfaces. Proceedings of the International Conference on Computer-Aided Design of User Interfaces, Proceedings of CADUI, xx, xx, Oct. 21, 1999, pp. 337-355. |
| International Search Report for PCT/US08/65582; Date of Mailing Sep. 11, 2008. |
| International Search Report for PCT/US2007/071096; Date of mailing May 13, 2008. |
| Written Opinion of the International Searching Authority for PCT/US08/65582; Mailing date Sep. 11, 2008. |
| Written Opinion of the International Searching Authority for PCT/US07/71096; Mailing date May 13, 2008. |
| PCT Search Report for PCT/US2011/033813; Mailing Date Jul. 28, 2011. |
| Written Opinion of the International Searching Authority for PCT/US2011/033813; Mailing Date Jul. 28, 2011. |
| Stolowitz Ford Cowger Listing of Related Cases Mar. 15, 2012. |
| International Search Report for PCT/US09/04654; Date of mailing Oct. 2, 2009. |
| Written Opinion of the International Searching Authority; PCT/US09/04654; Date of mailing Oct. 2, 2009. |
| Holloway, et al., “Cryptographic Initialization Test”, IBM Technical Dsiclsoure Bulletin, pp. 195-198, Feb. 1991. |
| Han et al., “Using Ajax for Desktop-;like Geospatial Web Application Development,” Geoinformatics, 2009 17th International Conference on Aug. 12-14, 2009, <http://geobrain.laits.gmu.edu/geobrainhome/docs/GeOnAS—Ajax.pdf>. |
| Stolowitz Ford Cowger LLP; Listing of Related Cases; Aug. 27, 2012. |
| International Search Report for PCT/US12/25971; Date of mailing May 31, 2012. |
| Written Opinion of the International Searching Authority for PCT/US12/25971; Date of mailing May 31, 2012. |
| Bishop, Matt et al., “A Model of Security Monitoring”, Department of Mathematics and Computer Science, Dartmouth College, pp. 46-52. Dec. 1989. |
| Peter Brusilovsky et. al., “Adaptive and Intelligent Web-based Educational Systems,” International Journal of Artificial Intelligence in Education, Apr. 1, 2003, pp. 159-172, XP55039152, The Netherlands Retrieved from the Internet: URL: http://www.sis.pitt.edu/˜peterb/papers/AIWBES.pdf [retrieved on Sep. 25, 2012] p. 160-161. |
| Atterer R et al. : “Knowing the User's Every Move—User Activity Tracking for Website Usability Evaluation and Implicit Interaction,” WWW '06 Procedings of the 15th World Wide Web, ACM, New York, NY, USA, May 22, 2006, pp. 203-212, XP002519605, DOI: 10.1145/1135777.1135811 ISBN 978-1-5959-323-2. |
| International Search Report for PCT/US2013/023636; Date of Mailing Aug. 13, 2013. |
| Written Opinion of the International Searching Authority for PCT/US2013/023636; Date of Mailing Aug. 13, 2013. |
| Reed Martin; Using Google Analytics Site Overlay; Community Spark; Apr. 13, 2007. Online: <http://www.community.com/using-google-analytics-site-overlay/>. |
| Stolowitz Ford Cowger LLP Listing of Related Cases May 14, 2013. |
| Communication from the EP Patent Office pursuant to Article 94(3) EPC in EP Application No. 09806979.2; dated Jan. 6, 2014. |
| Stolowitz Ford Cowger LLP; Listing of Related Cases; Dec. 19, 2013. |
| Summons to attend oral proceedings pursuant to Rule 115(1) in EP App. No. 07840244.3; Dated Dec. 12, 2013. |
| Number | Date | Country | |
|---|---|---|---|
| 20100042573 A1 | Feb 2010 | US |
