Opaque cryptographic web application data protection
First Claim
1. A method for protecting Web application data between a server and a client comprising the steps of a) building a response for the client;
- b) invoking a data protection service for the response, the response comprising a first data having a first state;
c) modifying the response by replacing the first data with a protected data;
d) sending the modified response to the client;
e) receiving a request with the protected data from the client;
f) passing the received protected data to the data protection service for verification;
g) restoring the request corresponding to the first state of the response at the data protection service; and
h) sending the request to a Web application.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and a system for external and distributed protection of Web application data against prying, tempering, and impersonation using cryptographic mechanisms. The protection is offered opaquely so as to not expose the cryptographic mechanism to the Web application. Protection against prying prevents users from looking at data the Web application considers private. When protected against prying, protect data may be sent to the client but the user will not be able to understand it. Protection against tempering, guaranties the Web application that the data it is receiving originated from a trusted source, usually the Web application itself. A user session state stored client-side is a good candidate for tempering protection. Protection against impersonation ensures the Web application that the data it is receiving comes from a specific user.
52 Citations
30 Claims
-
1. A method for protecting Web application data between a server and a client comprising the steps of
a) building a response for the client; -
b) invoking a data protection service for the response, the response comprising a first data having a first state;
c) modifying the response by replacing the first data with a protected data;
d) sending the modified response to the client;
e) receiving a request with the protected data from the client;
f) passing the received protected data to the data protection service for verification;
g) restoring the request corresponding to the first state of the response at the data protection service; and
h) sending the request to a Web application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A storage medium readable by a computer encoding a computer program for execution by the computer to carry out a method for protecting Web application data between a server and a client, the computer program comprising:
-
a) code means for building a response for the client;
b) code means for invoking a data protection service for the response, the response comprising a first data having a first state;
c) code means for modifying the response by replacing the first data with a protected data;
d) code means for sending the modified response to the client;
e) code means for receiving a request with the protected data from the client;
f) code means for passing the received protected data to the data protection service for verification and converting to the first data;
g) code means for restoring the request corresponding to the first state of the response; and
h) code means for sending the request to a Web application. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer system for protecting Web application data between a server and a client comprising:
-
a) means for building a response for the client;
b) means for invoking a data protection service for the response, the response comprising a first data having a first state;
c) means for modifying the response by replacing the first data with a protected data;
d) means for sending the modified response to the client;
e) means for receiving a request with the protected data from the client;
f) means for passing the received protected data to the data protection service for verification and converting to the first data;
g) means for restoring the request corresponding to the first state of the response; and
h) means for sending the request to a Web application. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification