Method and apparatus for signing and validating web pages

US 20020124172A1
Filed: 03/05/2001
Published: 09/05/2002
Est. Priority Date: 03/05/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

digitally signing a web page that includes a trigger with a private key to provide a digital signature;

transmitting the web page, the digital signature, and a digital certificate from a first computer system to a second computer system; and

responsive to the trigger, automatically verifying the digital signature on the second computer system using a public key corresponding to the private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for signing and validating web pages. In one embodiment, a web page that includes a trigger is digitally signed with a private key to provide a digital signature. The web page, digital signature, and a digital certificate are transmitted from a first computer system to a second computer system. On the second computer system, in response to the trigger, the digital signature is automatically verified using a public key corresponding to the private key. An object may optionally be transmitted with the web page from the first computer system to the second computer system. The object includes a plug-in, code, etc. The trigger includes a flag, variable, one or more lines of code, or subroutine that may be embedded or incorporated in, or appended to the web page, or a header of the web page.

Citations

24 Claims

1. A method, comprising:
- digitally signing a web page that includes a trigger with a private key to provide a digital signature;
  
  transmitting the web page, the digital signature, and a digital certificate from a first computer system to a second computer system; and
  
  responsive to the trigger, automatically verifying the digital signature on the second computer system using a public key corresponding to the private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein transmitting comprises transmitting the web page, the digital signature, and the digital certificate including the public key corresponding to the private key from the first computer system to the second computer system.
  - 3. The method of claim 1 wherein transmitting comprises transmitting the web page, the digital signature, the digital certificate, and an object from the first computer system to the second computer system.
  - 4. The method of claim 3 wherein automatically verifying comprises responsive to the trigger, automatically verifying the digital signature on the second computer system using the object.
  - 5. The method of claim 1 wherein digitally signing comprises:
    - hashing the web page to provide a message digest; and
      
      digitally signing the message digest with a private key to provide the digital signature.
  - 6. The method of claim 1 wherein the trigger includes one or more of the following:
    - a flag, variable, one or more lines of code, and subroutine.
  - 7. The method of claim 1 further comprising one of the following:
    - embedding the trigger in the web page;
      
      incorporating the trigger in the web page;
      
      appending the trigger to the web page; and
      
      placing the trigger in a HTTP header of the web page.

8. A computer system, comprising:
- a memory including one or more instructions; and
  
  a processor coupled to the memory, the processor, responsive to the one or more instructions, to, transmit a request for a web page over a communication link, receive the web page including a trigger, a digital signature, and a digital certificate, and responsive to the trigger, automatically verify the digital signature of the web page using a public key corresponding to a private key used to digitally sign the web page.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20)
- - 9. The apparatus of claim 8 wherein the processor, in response to the one or more instructions, to receive the web page, digital signature, and the digital certificate including the public key.
  - 10. The apparatus of claim 8 wherein the processor, in response to the one or more instructions, to receive the web page, digital signature, digital certificate, and an object, said object being executed by the processor to automatically verify the digital signature of the web page.
  - 11. The apparatus of claim 8 wherein the processor automatically verifies the digital signature of the web page by hashing the web page to provide a calculated message digest;
    - decrypting the digital signature using the public key to provide a recovered message digest; and
      
      comparing the calculated message digest and the recovered message digest.
  - 12. The apparatus of claim 8 wherein the trigger includes one or more of the following:
    - a flag, variable, one or more lines of code, and subroutine.
  - 13. The apparatus of claim 8 wherein the memory includes a software routine for plug-in comprising the one or more instructions.
  - 14. The apparatus of claim 8 wherein the memory includes one of a browser software program and a plug-in comprising the one or more instructions.
  - 16. The method of claim 15 wherein transmitting comprises transmitting the web page, the digital signature, and the digital certificate including a public key corresponding to the private key to the computer system, in response to receiving the request for the web page.
  - 17. The method of claim 15 wherein transmitting comprises transmitting the web page, the digital signature, the digital certificate, and an object to the computer system, in response to receiving the request for the web page.
  - 18. The method of claim 17 wherein said object, on the computer system, for detecting the trigger, and in response to detecting the trigger, automatically verifying the digital signature of the web page.
  - 19. The method of claim 15 wherein the trigger includes one or more of the following:
    - a flag, variable, one or more lines of code, and subroutine.
  - 20. The method of claim 15 further comprising one of the following:
    - embedding the trigger in the web page;
      
      incorporating the trigger in the web page;
      
      appending the trigger to the web page; and
      
      placing the trigger in a HTTP header of the web page.

15. A method, comprising:
- receiving a request for a web page;
  
  digitally signing the web page that includes a trigger with a private key to provide a digital signature, said trigger for causing a program on a computer system to automatically verify the digital signature of the web page; and
  
  transmitting the web page, the digital signature, and a digital certificate to the computer system in response to receiving the request for the web page.

21. A method, comprising:
- transmitting a web page that includes a trigger from a first computer system to a second computer system;
  
  displaying the web page on a display of the second computer system;
  
  detecting the trigger by a program executed on a processor of the second computer system;
  
  automatically requesting that the web page be digitally signed;
  
  digitally signing the web page with a private key to provide a digital signature; and
  
  transmitting the web page, digital signature, and a digital certificate to the first computer system.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21 wherein the trigger includes one or more of the following:
    - a flag, variable, one or more lines of code, and subroutine.
  - 23. The method of claim 21 further comprising one of the following:
    - embedding the trigger in the web page;
      
      incorporating the trigger in the web page;
      
      appending the trigger to the web page; and
      
      placing the trigger in a HTTP header of the web page.
  - 24. The method of claim 21 wherein the program is one or more of the following:
    - a plug in and browser program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Litronix Incorporated (Siemens AG)
Original Assignee
Litronix Incorporated (Siemens AG)
Inventors
Manahan, Brian

Application Number

US09/800,346
Publication Number

US 20020124172A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/0853 using an additional device,...

H04L 63/123 received data contents, e.g...

Method and apparatus for signing and validating web pages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for signing and validating web pages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links