Authentication and verification of Web page content
First Claim
1. A method of authenticating and verifying that a content file accessed by a computer is identical to the content file originally received by the computer, comprising the steps of:
- registering a content file received at the computer, comprising;
generating a first digital signature of the content file, using a first key;
generating a secondary digital signature of the first digital signature and a file name of the content file, using the first key; and
storing the content file, the first digital signature, the file name, and the secondary digital signature;
accessing the stored content file, the stored first digital signature, the stored file name, and the stored secondary digital signature;
validating the first digital signature of the stored content file, using a second key corresponding to the first key; and
validating the secondary digital signature of the stored content file, using the second key.
0 Assignments
0 Petitions
Accused Products
Abstract
Authentication and verification of the integrity of multimedia content delivered from a server to a client through a computer network, such as the Internet, provides a substantial reduction in the possibility of inaccurate and/or unintended content being displayed to a user. Each content file stored on the server is cryptographically registered and such registration information is stored on the server along with the corresponding file name. A user is provided with a second (e.g., public) key corresponding to a first (e.g., private) key used to cryptographically register the content files.
Through a consumer application such as a Web browser, the user instructs the client to request Web content from the server. The server assembles a list of the content files necessary to satisfy the request and transmits the list to the client. Prior to transmitting the actual content files, the server transmits to the client the registration information for these content files. The client uses the second key to validate the cryptographic registration information for any listed content files already resident locally. If the registration information for any files can be successfully validated, then those files have been authenticated and verified and do not need to be transmitted from the server. The server then transmits the actual content files for those files not yet authenticated and verified at the client. The client again uses the second key to validate the cryptographic registration information for the content files received from the server. If the registration information for all of the files is successfully validated, then the client displays the Web page. If any files cannot be successfully validated, then the client will not display any portion of the Web page.
-
Citations
31 Claims
-
1. A method of authenticating and verifying that a content file accessed by a computer is identical to the content file originally received by the computer, comprising the steps of:
registering a content file received at the computer, comprising;
generating a first digital signature of the content file, using a first key;
generating a secondary digital signature of the first digital signature and a file name of the content file, using the first key; and
storing the content file, the first digital signature, the file name, and the secondary digital signature;
accessing the stored content file, the stored first digital signature, the stored file name, and the stored secondary digital signature;
validating the first digital signature of the stored content file, using a second key corresponding to the first key; and
validating the secondary digital signature of the stored content file, using the second key. - View Dependent Claims (3)
-
2. A method of authenticating and verifying the integrity of a content file delivered from a server computer to a client computer over a network, comprising the steps of:
-
registering a content file by generating unique registration information using a first key;
storing the content file and the registration information on the server computer;
accessing the content file and the registration information in response to a request from the client computer;
authenticating the integrity of the content file and the registration information accessed by the server computer by use of a second key; and
transmitting the authenticated content file and registration information to the client computer. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23)
-
-
12. A method of authenticating and verifying the integrity of content delivered over a public network in response to a request transmitted from a client computer to a server computer, comprising the steps of:
-
providing the client computer with a public key corresponding to a private key maintained by the server computer;
generating server registration information unique to each content file stored on the server computer, using the private key;
assembling a primary list identifying each content file responsive to the client computer'"'"'s request;
transmitting to the client computer the primary list and the server registration information associated with each content file identified in the primary list;
authenticating and verifying any content files identified in the primary list which are already resident on the client computer, comprising the steps of;
assembling a matching list identifying each content file identified in the primary list which is stored on the client computer and a non-matching list identifying each content file identified in the primary list which is not stored on the client computer;
validating the server registration information received from the server computer for each content file identified in the matching list, using the public key; and
removing from the matching list and adding to the non-matching list each content file identified in the matching list for which the server registration information is not successfully validated;
transmitting to the client computer each content file identified in the non-matching list; and
validating the server registration information for each content file received from the server computer and identified in the non-matching list, using the public key.
-
-
19. A method of browsing the web by requesting content from a server computer over a public network and displaying the content to a user on a client computer only after the integrity of such content has been authenticated and verified, comprising the steps of:
-
transmitting a request to the server computer for content necessary to build a displayable web page;
receiving from the server computer a primary list identifying each file necessary to build the web page and a server digital signature uniquely associated with each file identified in the primary list;
validating the server digital signature for each file stored locally on the client computer which is identified in the primary list;
transmitting to the server computer a secondary list identifying each file identified in the primary list which is not stored locally on the client computer or for which the server digital signature is not successfully validated;
receiving from the server computer each file identified in the secondary list;
validating the server digital signature for each file received from the server computer and identified in the secondary list; and
if the server digital signature for each file is validated, displaying on the client computer a web page incorporating the content of each file identified in the primary list if the server digital signature is successfully validated for every file received from the server computer and identified in the secondary list.
-
-
24. A web content delivery system for delivering web content from a server computer to a client computer over a public network and displaying the content on the client computer only after the integrity of such content has been authenticated and verified, comprising the steps of:
-
providing the client computer with a public key which corresponds to a private key maintained at the server computer;
generating at the server computer cryptographic registration information for each content file stored on the server computer, comprising the steps of;
generating a server digital signature of each content file stored on the server computer, using the private key;
generating a secondary digital signature of each server digital signature and corresponding file name, using the private key; and
storing on the server computer each file name along with the corresponding server digital signature and secondary digital signature;
transmitting from the client computer to the server computer a request for content necessary to build a displayable web page;
assembling at the server computer a primary list identifying each content file responsive to the request for content;
authenticating and verifying any content files identified in the primary list which are stored on the server computer, comprising the steps of;
validating the server digital signature of each content file identified in the primary list, using the private key; and
validating the secondary digital signature of each content file identified in the primary list;
transmitting from the server computer to the client computer the primary list and the server digital signature of each content file identified in the primary list;
authenticating and verifying any content files identified in the primary list which are already resident on the client computer, comprising the steps of;
assembling a matching list identifying each content file identified in the primary list which is stored on the client computer and a non-matching list identifying each content file identified in the primary list which is not stored on the client computer;
validating the server digital signature of each content file stored on the client computer and identified in the matching list, using the public key; and
removing from the matching list and adding to the non-matching list each content file identified in the matching list for which the server digital signature is not successfully validated;
transmitting from the server computer to the client computer each content file identified in the non-matching list; and
validating the server digital signature of each content file received from the server computer and identified in the non-matching list, using the public key.
-
-
25. A system for verification of file content which is transmitted from a server to a client through a network, comprising:
-
said server having therein a server program for;
(a) registering a plurality of files which comprise said content by producing registration information which includes a digital signature for each said file by use of a private key, and (b) storing said files and said registration information, (c) sending a list said files and said registration information to said client when said file content is requested, and (d) sending the ones of said files requested by said client to said client via said network, said client of said server having therein a client program for;
(a) requesting said file content via said network, (b) upon receiving said list of said files and said registration information, detecting the presence of any of said files on said list in local storage for said client, (c) for said local files, which are on said list and located in said local storage, verifying said local files by use of said registration information, and (d) requesting from said server the ones of said files on said list which were not verified by said client.
-
-
26. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform steps for authenticating and verifying that a content file accessed by a server computer is identical to the content file originally received by the server computer, comprising:
registering a content file received at the computer, comprising;
generating a first digital signature of the content file, using a first key;
generating a secondary digital signature of the first digital signature and a file name of the content file, using the first key; and
storing the content file, the first digital signature, the file name, and the secondary digital signature;
accessing the stored content file, the stored first digital signature, the stored file name, and the stored secondary digital signature;
validating the first digital signature of the stored content file, using a second key corresponding to the first key; and
validating the secondary digital signature of the stored content file, using the second key.
-
27. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform steps for authenticating and verifying the integrity of a content file delivered from a server computer to a client computer over a network, comprising:
-
registering a content file by generating unique registration information using a first key;
storing the content file and the registration information on the server computer;
accessing the content file and the registration information in response to a request from the client computer;
authenticating the integrity of the content file and the registration information accessed by the server computer by use of a second key; and
transmitting the authenticated content file and registration information to the client computer.
-
-
28. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform steps for browsing the web by requesting content from a server computer over a public network and displaying the content to a user on a client computer only after the integrity of such content has been authenticated and verified, comprising:
-
transmitting a request to the server computer for content necessary to build a displayable web page;
receiving from the server computer a primary list identifying each file necessary to build the web page and a server digital signature uniquely associated with each file identified in the primary list;
validating the server digital signature for each file stored locally on the client computer which is identified in the primary list;
transmitting to the server computer a secondary list identifying each file identified in the primary list which is not stored locally on the client computer or for which the server digital signature is not successfully validated;
receiving from the server computer each file identified in the secondary list;
validating the server digital signature for each file received from the server computer and identified in the secondary list; and
if the server digital signature for each file is validated, displaying on the client computer a web page incorporating the content of each file identified in the primary list if the server digital signature is successfully validated for every file received from the server computer and identified in the secondary list.
-
-
29. An apparatus for authenticating and verifying a content file, comprising:
-
a computer in a computer network; and
one or more computer programs, performed by the computer, for registering a content file received at the computer, comprising;
generating a first digital signature of the content file, using a first key;
generating a secondary digital signature of the first digital signature and a file name of the content file, using the first key; and
storing the content file, the first digital signature, the file name, and the secondary digital signature;
accessing the stored content file, the stored first digital signature, the stored file name, and the stored secondary digital signature;
validating the first digital signature of the stored content file, using a second key corresponding to the first key; and
validating the secondary digital signature of the stored content file, using the second key.
-
-
30. An apparatus for authenticating and verifying integrity of a content file, comprising:
-
a server computer in a computer network;
a client computer connected to the server computer via the computer network; and
one or more computer programs, performed by the server computer, for;
registering a content file by generating unique registration information using a first key;
storing the content file and the registration information on the server computer;
accessing the content file and the registration information in response to a request from the client computer;
authenticating the integrity of the content file and the registration information accessed by the server computer by use of a second key; and
transmitting the authenticated content file and registration information to the client computer.
-
-
31. An apparatus for browsing the web by requesting content from a server computer over a public network and displaying the content to a user on a client computer only after the integrity of such content has been authenticated and verified, comprising, comprising:
-
a server computer in a computer network;
a client computer connected to the server computer via the computer network; and
one or more computer programs, performed by the client computer, for;
transmitting a request to the server computer for content necessary to build a displayable web page;
receiving from the server computer a primary list identifying each file necessary to build the web page and a server digital signature uniquely associated with each file identified in the primary list;
validating the server digital signature for each file stored locally on the client computer which is identified in the primary list;
transmitting to the server computer a secondary list identifying each file identified in the primary list which is not stored locally on the client computer or for which the server digital signature is not successfully validated;
receiving from the server computer each file identified in the secondary list;
validating the server digital signature for each file received from the server computer and identified in the secondary list; and
if the server digital signature for each file is validated, displaying on the client computer a web page incorporating the content of each file identified in the primary list if the server digital signature is successfully validated for every file received from the server computer and identified in the secondary list.
-
Specification