Using atomic messaging to increase the security of transferring data across a network
First Claim
1. In a computer system that received an unencrypted version of a session key in response to authenticating with an authentication server, a method for including a significant portion of the information needed to process a message at an application server within the message, the method comprising:
- an act of sending a request to the authentication server, the request indicating a desire to access a service at the application server;
an act of receiving a binary token from the authentication server, the binary token containing an encrypted version of the session key, which was encrypted using a service key that is shared between the authentication server and the application server;
an act of using the unencrypted version of session key to generate encrypted application data that is to be delivered to the service at the application server;
an act of encoding the encrypted application data and the binary token into a text format; and
an act of sending a message that includes text-encoded encrypted application data and a text-encoded token which contains the encrypted version of the session key to the application server.
3 Assignments
0 Petitions
Accused Products
Abstract
A client sends a request to an authentication server requesting access to a service at an application server. The authentication server returns a token containing an encrypted version of a session key that was encrypted using a secret shared between the authentication server and the application server. The client encrypts application data using a corresponding unencrypted version of the session key and text-encodes both the encrypted application data and the encrypted version of the session key. The text-encoded application and text-encoded encrypted version of the session key are both included in a message and sent to the application server. The application server decrypts the encrypted version of the session key using the shared secret so as to reveal the unencrypted version of the session key. The application server then decrypts the encrypted application data using the revealed unencrypted version of the session key.
-
Citations
32 Claims
-
1. In a computer system that received an unencrypted version of a session key in response to authenticating with an authentication server, a method for including a significant portion of the information needed to process a message at an application server within the message, the method comprising:
-
an act of sending a request to the authentication server, the request indicating a desire to access a service at the application server;
an act of receiving a binary token from the authentication server, the binary token containing an encrypted version of the session key, which was encrypted using a service key that is shared between the authentication server and the application server;
an act of using the unencrypted version of session key to generate encrypted application data that is to be delivered to the service at the application server;
an act of encoding the encrypted application data and the binary token into a text format; and
an act of sending a message that includes text-encoded encrypted application data and a text-encoded token which contains the encrypted version of the session key to the application server. - View Dependent Claims (2, 3)
-
-
4. In an application server having one or more services that are accessible to clients, a method for processing a message to cause one of the one or more services to be accessed, the method comprising:
-
an act of establishing a shared service key with an authentication server;
an act of receiving a message that includes text-encoded encrypted application data that is to be processed by a service requested in the message and includes a text-encoded token containing an encrypted version of a session key;
an act of decoding the text-encoded token to expose a corresponding binary token that contains the encrypted version of the session key;
an act of decoding the text-encoded encrypted application data to expose corresponding encrypted application data;
an act of using the shared service key to decrypt the encrypted version of the session key contained in the binary token to reveal an unencrypted version of the session key;
an act of decrypting the encrypted application data using the decrypted session key to reveal unencrypted binary application data; and
an act of delivering the unencrypted application data to the requested service. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
12. In an application server having one or more services that are accessible to clients, a method for processing a message to cause one of the one or more services to be accessed, the method comprising:
-
an act of establishing a shared service key with an authentication server;
an act of receiving a message that includes text-encoded encrypted application data that is to be processed by a service requested in the message and includes a text-encoded token containing an encrypted version of a session key;
a step for preparing application data for delivery to the requested service; and
an act of delivering unencrypted application data to the requested service. - View Dependent Claims (13)
-
-
14. A computer program product for use in a computer system that received an unencrypted version of a session key in response to authenticating with an authentication server, the computer program product for implementing a method for including a significant portion of the information needed to process a message at an application server within the message, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for sending a request to the authentication server, the request indicating a desire to access a service at the application server;
computer-executable instructions for receiving a binary token from the authentication server, the binary token containing an encrypted version of the session key, which was encrypted using a service key that is shared between the authentication server and the application server;
computer-executable instructions for using the unencrypted version of session key to generate encrypted application data that is to be delivered to the service at the application server;
computer-executable instructions for encoding the encrypted application data and the binary token into a text format; and
computer-executable instructions for sending a message that includes text-encoded encrypted application data and a text-encoded token which contains the encrypted version of the session key to the application server. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product for use in an application server having one or more services that are accessible to clients, the computer program product for implementing method for processing a message to cause one of the one or more services to be accessed, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for establishing a shared service key with an authentication server;
computer-executable instructions for receiving a message that includes text-encoded encrypted application data that is to be processed by a service requested in the message and includes a text-encoded token containing an encrypted version of a session key;
computer-executable instructions for decoding the text-encoded token to expose a corresponding binary token that contains the encrypted version of the session key;
computer-executable instructions for decoding the text-encoded encrypted application data to expose corresponding encrypted application data;
computer-executable instructions for using the shared service key to decrypt the encrypted version of the session key contained in the binary token to reveal an unencrypted version of the session key;
computer-executable instructions for decrypting the encrypted application data using the decrypted session key to reveal unencrypted binary application data; and
computer-executable instructions for delivering the unencrypted application data to the requested service. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. One or more computer-readable media having stored thereon a data structure, the data structure comprising:
-
a first field representing text-encoded encrypted application data that is to be delivered to a requested service;
a second field representing a text-encoded token that can be processed to reveal a session key for decrypting the text-encoded encrypted data represented in the first field. - View Dependent Claims (30, 31, 32)
-
Specification