Firewalls for providing security in HTTP networks and applications
First Claim
1. A method of signing communications transmitted over a network, comprising:
- intercepting a communication being forwarded to a first entity from a second entity over the network;
analyzing the communication;
abstracting the communication to derive parameters for the communication;
generating a signature associated with the communication based on the parameters of the communication;
encrypting the signature to generate an encrypted signature;
combining the encrypted signature with the communication;
permitting the communication with the encrypted signature to be forwarded to the first entity over the network;
wherein the encrypted signature enables a response to the communication from the first entity to be validated by the second entity.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods provide security to HTTP applications. Responses sent from a server, such as a web server, are analyzed and a signature is generated for each HTML object in that page. The signature is encrypted and sent to a client along with the contents of the page. When a client later sends a request, the system checks the signature associated with that request with the contents of the request itself. If the values, variables, lengths, and cardinality of the request are validated, then the request is forwarded to the web server. If, on the other hand, the request is invalidated, the request is blocked from reaching the web server, thereby protecting the web server from malicious attacks. The systems and methods offer security without being limited to a session or user.
-
Citations
20 Claims
-
1. A method of signing communications transmitted over a network, comprising:
-
intercepting a communication being forwarded to a first entity from a second entity over the network;
analyzing the communication;
abstracting the communication to derive parameters for the communication;
generating a signature associated with the communication based on the parameters of the communication;
encrypting the signature to generate an encrypted signature;
combining the encrypted signature with the communication;
permitting the communication with the encrypted signature to be forwarded to the first entity over the network;
wherein the encrypted signature enables a response to the communication from the first entity to be validated by the second entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15)
-
-
11. A method of validating communications received over a network, comprising:
-
intercepting a communication being forwarded by a first entity to a second entity;
decrypting a signature associated with the communication to generate a decrypted signature;
ascertaining parameters in the communication based on the decrypted signature;
comparing the decrypted signature and the parameters with actual contents of the communication;
forwarding the second communication to the second entity if the parameters in the signature correspond with the actual contents of the communication; and
blocking the communication from reaching the second entity if the parameters in the decrypted signature do not correspond with the contents of the communication.
-
-
16. A system for providing security to communications over a network, comprising:
-
a response interception unit for intercepting a communication being forwarded to a first entity from a second entity over the network;
a parsing unit for deriving parameters in the communication;
a signature creation unit for generating a signature associated with the communication based on the parameters of the communication;
an encryption unit for encrypting the signature to generate an encrypted signature;
the parsing combining the encrypted signature with the communication and permitting the communication with the encrypted signature to be forwarded to the first entity over the network;
wherein the encrypted signature enables a response to the communication from the first entity to be validated by the second entity. - View Dependent Claims (17, 18)
-
-
19. A computer-readable medium for storing software for use in validating communications received over a network, the software for performing a method comprising:
-
intercepting a communication being forwarded to a first entity from a second entity over the network;
analyzing the communication;
abstracting the communication to derive parameters for the communication;
generating a signature associated with the communication based on the parameters of the communication;
encrypting the signature to generate an encrypted signature;
combining the encrypted signature with the communication;
permitting the communication with the encrypted signature to be forwarded to the first entity over the network;
wherein the encrypted signature enables a response to the communication from the first entity to be validated by the second entity.
-
-
20. A computer-readable medium for storing software for use in validating communications received over a network, the software for performing a method comprising:
-
intercepting a communication being forwarded by a first entity to a second entity;
decrypting a signature associated with the communication to generate a decrypted signature;
ascertaining parameters in the communication based on the decrypted signature;
comparing the decrypted signature and the parameters with actual contents of the communication;
forwarding the second communication to the second entity if the parameters in the signature correspond with the actual contents of the communication; and
blocking the communication from reaching the second entity if the second set of parameters in the decrypted signature do not correspond with the contents of the communication.
-
Specification