System and method for secure configuration of sensitive web services

US 20030084350A1
Filed: 09/12/2002
Published: 05/01/2003
Est. Priority Date: 11/01/2001
Status: Active Grant

First Claim

Patent Images

11. A client system for configuration of sensitive Web-Services provided by a server system having a communication component for establishing communication with a client SOAP-communication component, a configuration data file providing access rights to a sensitive Web-Service, a sensitive Web-Service, a filter component for identifying and discarding non-valid requests, an access control manager component for providing authentication examination for incoming SOAP-requests indicating configuration of the configuration data file, a component for updating said current configuration data file with an updated configuration data file being offline updated by a client system, wherein said client system is connected via a data link to said server system, comprising:

a SOAP-communication component for establishing communication with said communication component of said server system, a browser component, a configuration data file containing access rights for said sensitive Web-Service, and a client configuration component for updating said configuration data file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a system and method for configuration of access rights to sensitive information handled by a sensitive Web-Service. In a case of requested configuration changes initiated by the client system the Web-Server system provides a configuration data file to the client system preferably using a SOAP-communication protocol. The changes of the configuration data file are exclusively performed offline at the client side and the updated configuration data file is signed with authentication information and sent as a part of a SOAP-request to the Web-Server system. The Web-Server system provides a filter component for identifying and discarding non-SOAP requests as well as an access control manager for providing authentication examination for incoming SOAP-requests. After successful passing these components the SOAP-request is used for updating the existing configuration data file.

222 Citations

20 Claims

11. A client system for configuration of sensitive Web-Services provided by a server system having a communication component for establishing communication with a client SOAP-communication component, a configuration data file providing access rights to a sensitive Web-Service, a sensitive Web-Service, a filter component for identifying and discarding non-valid requests, an access control manager component for providing authentication examination for incoming SOAP-requests indicating configuration of the configuration data file, a component for updating said current configuration data file with an updated configuration data file being offline updated by a client system, wherein said client system is connected via a data link to said server system, comprising:
- a SOAP-communication component for establishing communication with said communication component of said server system, a browser component, a configuration data file containing access rights for said sensitive Web-Service, and a client configuration component for updating said configuration data file.
- View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 17, 18, 19, 20)
- - 1. A server system for providing a sensitive Web-Service comprising a communication component for establishing communication with a client SOAP-communication component, a current configuration data file providing access rights to said sensitive Web-Service, a sensitive Web-Service, characterized by the following further components a filter component for identifying and discarding non-valid requests, an access control manager component for providing authentication examination upon all incoming SOAP-requests indicating configuration of said configuration data file, and a component for updating said current configuration data file with a configuration data file being offline updated by a client system.
  - 2. A system according to claim 1, wherein the communication between said server and client system is based on a SOAP-HTTP protocol.
  - 3. A system according to claim 1, wherein said filter component accepts SOAP-HTTP requests only.
  - 4. A system according to claim 2, wherein said filter component further provides a single HTTP-Port to said server system.
  - 5. A system according to claim 1, wherein said access control manager having an interface to a system of the Certification Authority providing access to user certificates.
  - 6. A system according to claim 1, wherein said configuration data file is in an XML-file.
  - 7. A system according to claim 5, wherein said XML-file is sent to said client'"'"'s system as part of a SOAP-HTTP response.
  - 8. A system according to claim 1, further comprising a client configuration component allowing configuration of said configuration data file at said client system, wherein said client configuration component is sent to said client'"'"'s system after a client request.
  - 9. A system according to claim 8, wherein said sensitive Web-Service is a secure electronic vault Web-Service.
  - 10. A system according to claim 5, wherein said XML-file is stored in said data store.
  - 12. A method for configuration of sensitive Web-Service provided by a server system having a communication component for establishing communication with a client SOAP-communication component, a configuration data file providing access rights to a sensitive Web-Service, a sensitive Web-Service, a filter component for identifying and discarding non-SOAP requests, an access control manager component for providing authentication examination for incoming SOAP-requests indicating configuration of the configuration data file, a component for updating said current configuration data file with an updated configuration data file being offline updated by a client system having a component for configuration of said configuration data file, wherein said method at said server system side comprises the steps of:
    - receiving a client request indicating configuration of said configuration data file, examining said SOAP-request at said filter component of said server upon valid access port to said server as well as type of valid requests, examining said authentication information of said SOAP-request at said access control manager, accessing said configuration data file, sending a SOAP-response to said client system containing said configuration data file and authentication information of said server, receiving a client SOAP-request for updating said configuration data file containing client'"'"'s authentication information and updated configuration data file being configured by a configuration component at said client system examining said client SOAP-request at said filter component of said server upon valid access port to said server as well as type of valid request, examining said authentication information of said SOAP-request at said access control manager, updating said current configuration data file with said update of said configuration data file.
  - 13. A method according to claim 12, wherein said authentication information is a private key.
  - 14. A method according to claim 12, wherein said configuration component is a browser.
  - 15. A method according to claim 11, wherein the content of said client'"'"'s SOAP-request and said server'"'"'s SOAP-response is encrypted.
  - 17. A method according to claim 11, wherein said configuration data file is presented as a XML file.
  - 18. A method according to claim 11, wherein said sensitive Web-Service is a secure electronic vault Web-Service.
  - 19. A method according to claim 18, wherein said secure electronic vault Web-Service providing different handler for accessing different types of sensitive information.
  - 20. A computer program product stored in the internal memory of a digital computer, containing computer program code to execute the method in accordance with and of claims 11 to 19.

12-1. A method according to claim 11, wherein said communication between said client and said server system is based on a SOAP/HTTP protocol.

16. A method according 11, wherein said configuration component is an Java applet being provided from the server system to the client system before a configuration request is being sent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Eibach, Wolfgang, Kuebler, Dietmar, Gruetzner, Matthias

Granted Patent

US 7,392,391 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

System and method for secure configuration of sensitive web services

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

222 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure configuration of sensitive web services

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

222 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links