Method and apparatus for cryptographic stateless protocol using asymmetric encryption
First Claim
Patent Images
1. A method of communicating state information between a server and a client having a memory, the method comprising the steps of:
- i) providing an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server;
ii) said client communicating a client request to said server to perform a server action;
iii) said server responsive to receiving said client request, performing said server action and creating a state object containing post-action state information;
iv) encrypting said state object using said private key;
v) communicating said encrypted state object and a result of said server action to said client; and
vi) storing said encrypted state object in said client memory.
1 Assignment
0 Petitions
Accused Products
Abstract
Prior methods of encryption of the token or “cookie” communicated to a client by a server use a symmetric method of encryption which does not permit the client to look at the state information. The present invention permits the client to view the state information, but not modify it, by using an asymmetric encryption method.
34 Citations
14 Claims
-
1. A method of communicating state information between a server and a client having a memory, the method comprising the steps of:
-
i) providing an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server;
ii) said client communicating a client request to said server to perform a server action;
iii) said server responsive to receiving said client request, performing said server action and creating a state object containing post-action state information;
iv) encrypting said state object using said private key;
v) communicating said encrypted state object and a result of said server action to said client; and
vi) storing said encrypted state object in said client memory. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data processing system for communicating state information between a server and a client having a memory, said data processing system comprising:
-
i) means for receiving a client request to perform a server action;
ii) means, responsive to said client request receiving means, for performing said server action and creating a state object containing post-action state information;
iii) means for encrypting said state object comprising an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server; and
iv) means for communicating said encrypted state object and a result of said server action to said client. - View Dependent Claims (8, 9, 10)
-
-
11. A computer program product for communicating state information between a server and a client having a memory, said server provided with a public key and a private key of an asymmetric encryption method and said client provided with a public key of an asymmetric encryption method, said computer program product comprising:
-
a computer usable medium having computer readable program code means embodied in said medium for receiving a client request to perform a server action;
said computer usable medium having computer readable program code means embodied in said medium, responsive to said client request receiving means, for performing said server action and creating a state object containing post-action state information;
said computer usable medium having computer readable program code means embodied in said medium for encrypting the created state object with the private key of said asymmetric encryption method; and
said computer usable medium having computer readable program code means embodied in said medium, responsive to said encrypting means, for sending said encrypted state object and a result of said server action to said client. - View Dependent Claims (12, 13)
-
-
14. A computer program product for communicating state information between a server and a client having a memory, said server provided with a public key and a private key of an asymmetric encryption method and said client provided with a public key of an asymmetric encryption method, said computer program product comprising:
-
a computer usable medium having computer readable program code means embodied in said medium for sending a client request to perform a server action;
said computer usable medium having computer readable program code means embodied in said medium for receiving the results of said server action and a state object containing post-action state information wherein said state object is encrypted with said private key of said asymmetric encryption method, and means for storing said state object; and
said computer usable medium having computer readable program code means embodied in said medium for decrypting said state object with the public key of said asymmetric encryption method.
-
Specification