Method and system for stateless validation

US 20080256612A1
Filed: 04/13/2007
Published: 10/16/2008
Est. Priority Date: 04/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising the steps of:

a) building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint;

b) receiving the response by the untrusted client;

c) building the subsequent request, the subsequent request including the subsequent request data and the validation rule;

d) sending the subsequent request to the server;

e) receiving the subsequent request at the server; and

f) validating the subsequent request data using the validation rule.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.

Citations

13 Claims

1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising the steps of:
- a) building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint;
  
  b) receiving the response by the untrusted client;
  
  c) building the subsequent request, the subsequent request including the subsequent request data and the validation rule;
  
  d) sending the subsequent request to the server;
  
  e) receiving the subsequent request at the server; and
  
  f) validating the subsequent request data using the validation rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as claimed in claim 1, wherein the characteristic is a response primitive affecting the subsequent request data.
  - 3. The method as claimed in claim 2, wherein the response primitive is a parameter.
  - 4. The method as claimed in claim 2, wherein the response primitive is a structure of a plurality of parameters.
  - 5. The method as claimed in claim 1, wherein the request has a parameter, and a validation rule corresponding to the parameter.
  - 6. The method as claimed in claim 1, wherein the response and the subsequent request further comprise a target ID.
  - 7. The method as claimed in claim 1, wherein the response and the subsequent request further comprise a session ID.
  - 8. The method as claimed in claim 1, further comprising the step of digitally signing one member selected from the group consisting of:
    - the constraints in the validation rule, the validation rule, the plurality of validation rules, the plurality of validation rules with target ID, the plurality of validation rules with session ID, and a combination thereof.
  - 9. The method as claimed in claim 8 wherein the step of digitally signing uses a keyed hash message authentication code (HMAC).
  - 10. The method as claimed in claim 8 wherein the step of digitally signing uses a public private key signature.
  - 11. The method as claimed in claim 1, further comprising the step of ensuring the correctness of the subsequent request at the client using the validation rule.

12. A system for validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
- means for building a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints;
  
  means for receiving the response by the untrusted client;
  
  means for building the subsequent request, the subsequent request including the subsequent request data and the validation rule;
  
  means for sending the subsequent request to the server;
  
  means for receiving the subsequent request at the server; and
  
  means for validating the subsequent request data using the validation rule.

13. A storage medium readable by a computer encoding a computer program for execution by the computer to carry out a method for validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising, the computer program comprising:
- code means for building a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints;
  
  code means for receiving the response by the untrusted client;
  
  code means for building the subsequent request, the subsequent request including the subsequent request data and the validation rule;
  
  code means for sending the subsequent request to the server;
  
  code means for receiving the subsequent request at the server; and
  
  code means for validating the subsequent request data using the validation rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Cognos Incorporated (International Business Machines Corporation)
Inventors
Roy, Patrick, Desbiens, Robert

Granted Patent

US 9,178,705 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

Method and system for stateless validation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for stateless validation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links