Stateless methods for resource hiding and access control support based on URI encryption

US 20060106802A1
Filed: 11/18/2004
Published: 05/18/2006
Est. Priority Date: 11/18/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing controlled access to resources at a resource provider server, the method comprising:

responsive to a resource request from a client, wherein the resource request comprises a uniform resource identifier (URI) having an encrypted portion, decrypting the encrypted portion using a predetermined key to obtain a decrypted segment;

extracting additional information from the decrypted segment;

verifying the additional information;

deriving a decrypted URI with at least a portion of the decrypted segment; and

forwarding the decrypted URI to a resource producer server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method are disclosed for enabling controlled access to resources at a resource provider server. The invention may encrypt or decrypt a portion of a uniform resource identifier (URI), according to a stateless method for hiding resources and/or providing access control support. Upon receipt of a URI having an encrypted portion, the invention decrypts the encrypted portion using a predetermined key to obtain a decrypted segment, extracts additional information from the decrypted segment and forms a decrypted URI, before the decrypted URI is forwarded to a resource producer server. The invention may also encrypt a URI from a resource provider server before it is sent to a client in response to a client request.

Citations

30 Claims

1. A method for providing controlled access to resources at a resource provider server, the method comprising:
- responsive to a resource request from a client, wherein the resource request comprises a uniform resource identifier (URI) having an encrypted portion, decrypting the encrypted portion using a predetermined key to obtain a decrypted segment;
  
  extracting additional information from the decrypted segment;
  
  verifying the additional information;
  
  deriving a decrypted URI with at least a portion of the decrypted segment; and
  
  forwarding the decrypted URI to a resource producer server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the additional information comprises data supporting at least one of integrity, access control, session management and application specific purposes.
  - 3. The method of claim 1, wherein verifying the additional information comprises comparing access control details contained in the additional information with access control data stored in a data store.
  - 4. The method of claim 1, further comprising verifying the encrypted portion.
  - 5. The method of claim 1, further comprising decoding the encrypted portion.
  - 6. The method of claim 1, further comprising:
    - receiving, from a resource producer server, a resource responsive to the request, wherein the resource comprises one or more unencrypted URIs having a transparent segment and an opaque segment;
      
      encrypting at least a portion of the opaque segment; and
      
      forming an encrypted URI with the transparent segment and the encrypted portion.
  - 7. The method of claim 6, further comprising forming a combined segment from the opaque segment and other additional information and encrypting the combined segment to form the encrypted portion.
  - 8. The method of claim 7, wherein the other additional information comprises data supporting at least one of integrity, access control, session management and application specific purposes.
  - 9. The method of claim 6, further comprising forwarding the encrypted URI to the client.
  - 10. The method of claim 6, further comprising encoding the encrypted portion.

11. A computer program product stored in a computer operable media for controlling access to a resource producer server comprising:
- a storage medium;
  
  instructions for receiving a uniform resource identifier (URI) comprising a transparent portion and an encoded encrypted portion;
  
  instructions for extracting the encoded encrypted portion;
  
  instructions for decoding the encoded encrypted portion to obtain an encrypted segment;
  
  instructions for decrypting the encrypted segment using a predetermined key to obtain a decrypted segment;
  
  instructions for extracting additional information from the decrypted segment; and
  
  instructions for verifying the additional information.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11, further comprising instructions for producing a second URI derived from at least one of the transparent portion and the decrypted segment.
  - 13. The computer program product of claim 12, further comprising instructions for forwarding the second URI to an application program associated with the resource producer server.
  - 14. The computer program product of claim 11, further comprising:
    - instructions for receiving a resource comprising one or more unencrypted URIs having a transparent segment and an opaque segment;
      
      instructions for encrypting data derived from at least one of the transparent portion and the opaque segment;
      
      instructions for encoding the encrypted data; and
      
      instructions for forming an encrypted URI with the transparent segment and the encoded encrypted data.
  - 15. The computer program product of claim 14, further comprising instructions for forwarding the encrypted URI to a client.

16. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for providing controlled access to resources at a resource provider server, the method comprising:
- obtaining a uniform resource identifier (URI) having an encrypted portion, decrypting the encrypted portion using a predetermined key to obtain a decrypted segment;
  
  extracting additional information from the decrypted segment;
  
  verifying the additional information;
  
  forming a decrypted URI with at least a portion of the decrypted segment; and
  
  forwarding the decrypted URI to a resource producer server.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The program storage device of claim 16, wherein the method further comprises comparing access control details contained in the additional information with access control data stored in a data store.
  - 18. The program storage device of claim 16, wherein the method further comprises verifying the encrypted portion.
  - 19. The program storage device of claim 16, wherein the method further comprises decoding the encrypted portion.
  - 20. The program storage device of claim 16, wherein the method further comprises:
    - obtaining, from a resource producer server, a resource comprising one or more unencrypted URIs having a transparent segment and an opaque segment;
      
      encrypting at least a portion of the opaque segment; and
      
      forming an encrypted URI with the transparent segment and the encrypted portion.

21. A method of providing a service enabling controlled access to an external resource producer server comprising:
- responsive to a request from a client for access to a resource, determining whether one or more transactional requirements are satisfied;
  
  if the one or more transactional requirements are satisfied, creating a uniform resource identifier (URI) responsive to the request, wherein the URI includes predetermined data in a predetermined structure;
  
  encrypting at least a portion of the URI; and
  
  sending the URI with the encrypted portion in response to the request.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21, further comprising storing transaction details pertaining to the request in a data store.
  - 23. The method of claim 21, further comprising encoding the encrypted portion of the URI.
  - 24. The method of claim 21, further comprising separately communicating the predetermined data and the predetermined structure to the external resource producer.
  - 25. The method of claim 21, further comprising communicating transactional details pertaining to resource requests to the external resource producer to obtain payment.
  - 26. The method of claim 21, wherein the one or more transactional requirements comprises payment from the client.
  - 27. The method of claim 21, wherein the one or more transactional requirements comprises determining whether the client satisfies one or more access requirements.
  - 28. The method of claim 21, wherein determining whether one or more transactional requirements are satisfied comprises comparing access control details contained in the request with access control data stored in a data store.
  - 29. The method of claim 21, wherein the URI with the encrypted portion is an electronic ticket.
  - 30. The method of claim 21, wherein the predetermined data comprises data supporting at least one of integrity, access control, session management and application specific purposes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Riordan, James F., Giblin, Christopher J., Pietraszek, Tadeusz J., Vanden Berghe, Chris P.

Application Number

US10/991,580
Publication Number

US 20060106802A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/955   using information identifie...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06Q 30/0601   Electronic shopping [e-shop...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/168   above the transport layer

H04L 9/00   Cryptographic mechanisms or...

Stateless methods for resource hiding and access control support based on URI encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Stateless methods for resource hiding and access control support based on URI encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links