Stateless methods for resource hiding and access control support based on URI encryption
First Claim
1. A method for providing controlled access to resources at a resource provider server, the method comprising:
- responsive to a resource request from a client, wherein the resource request comprises a uniform resource identifier (URI) having an encrypted portion, decrypting the encrypted portion using a predetermined key to obtain a decrypted segment;
extracting additional information from the decrypted segment;
verifying the additional information;
deriving a decrypted URI with at least a portion of the decrypted segment; and
forwarding the decrypted URI to a resource producer server.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method are disclosed for enabling controlled access to resources at a resource provider server. The invention may encrypt or decrypt a portion of a uniform resource identifier (URI), according to a stateless method for hiding resources and/or providing access control support. Upon receipt of a URI having an encrypted portion, the invention decrypts the encrypted portion using a predetermined key to obtain a decrypted segment, extracts additional information from the decrypted segment and forms a decrypted URI, before the decrypted URI is forwarded to a resource producer server. The invention may also encrypt a URI from a resource provider server before it is sent to a client in response to a client request.
-
Citations
30 Claims
-
1. A method for providing controlled access to resources at a resource provider server, the method comprising:
-
responsive to a resource request from a client, wherein the resource request comprises a uniform resource identifier (URI) having an encrypted portion, decrypting the encrypted portion using a predetermined key to obtain a decrypted segment;
extracting additional information from the decrypted segment;
verifying the additional information;
deriving a decrypted URI with at least a portion of the decrypted segment; and
forwarding the decrypted URI to a resource producer server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product stored in a computer operable media for controlling access to a resource producer server comprising:
-
a storage medium;
instructions for receiving a uniform resource identifier (URI) comprising a transparent portion and an encoded encrypted portion;
instructions for extracting the encoded encrypted portion;
instructions for decoding the encoded encrypted portion to obtain an encrypted segment;
instructions for decrypting the encrypted segment using a predetermined key to obtain a decrypted segment;
instructions for extracting additional information from the decrypted segment; and
instructions for verifying the additional information. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for providing controlled access to resources at a resource provider server, the method comprising:
-
obtaining a uniform resource identifier (URI) having an encrypted portion, decrypting the encrypted portion using a predetermined key to obtain a decrypted segment;
extracting additional information from the decrypted segment;
verifying the additional information;
forming a decrypted URI with at least a portion of the decrypted segment; and
forwarding the decrypted URI to a resource producer server. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method of providing a service enabling controlled access to an external resource producer server comprising:
-
responsive to a request from a client for access to a resource, determining whether one or more transactional requirements are satisfied;
if the one or more transactional requirements are satisfied, creating a uniform resource identifier (URI) responsive to the request, wherein the URI includes predetermined data in a predetermined structure;
encrypting at least a portion of the URI; and
sending the URI with the encrypted portion in response to the request. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification