Securing Asynchronous Client Server Transactions

US 20110145891A1
Filed: 12/15/2009
Published: 06/16/2011
Est. Priority Date: 12/15/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for securing asynchronous client server transactions, the computer implemented method comprising:

receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application;

generating a service identifier responsive to a session with the second application being valid;

generating a registry at the first application, the registry including information about a set of services and data that the second application is permitted to use;

generating a catalog based on the registry, the catalog including a transformed subset of the registry; and

sending the service identifier and the catalog to the second application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.

44 Citations

View as Search Results

28 Claims

1. A computer implemented method for securing asynchronous client server transactions, the computer implemented method comprising:
- receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application;
  
  generating a service identifier responsive to a session with the second application being valid;
  
  generating a registry at the first application, the registry including information about a set of services and data that the second application is permitted to use;
  
  generating a catalog based on the registry, the catalog including a transformed subset of the registry; and
  
  sending the service identifier and the catalog to the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer implemented method of claim 1 further comprising:
    - receiving a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier;
      
      determining a validity of the sub-request by determining a combination of (i) whether the service identifier has expired, (ii) whether the sub-request requests a service that is permissible according to the catalog, and (iii) whether the service identifier is used in conjunction with the second application;
      
      providing, responsive to the sub-request being valid, the service in response to the sub-request.
  - 3. The computer implemented method of claim 2, wherein the determining the validity further uses in the combination (iv) determining whether the catalog is outdated.
  - 4. The computer implemented method of claim 2, wherein the determination whether the service identifier is used in conjunction with the second application comprises determining whether the service identifier is used together with the application identifier and the application version of the second application.
  - 5. The computer implemented method of claim 2, further comprising:
    - providing, responsive to the sub-request being invalid, one of (i) a renewed service identifier, and (ii) a renewed catalog.
  - 6. The computer implemented method of claim 5, wherein the renewed service identifier is one of (i) a new service identifier, (ii) the service identifier including a modified security feature, and (iii) the service identifier corresponding to a modification of the security feature validation criterion at the first application, and wherein the providing occurs before the asynchronous client server transaction is concluded.
  - 7. The computer implemented method of claim 5, wherein the renewed catalog is one of (i) a new catalog, (ii) an update to the catalog, and (iii) a modification to an expiration parameter of the catalog, and wherein the providing occurs before the asynchronous client server transaction is concluded.
  - 8. The computer implemented method of claim 2, further comprising:
    - determining whether the service requires additional authentication, forming a determination of additional authentication;
      
      receiving additional authentication information responsive to the determination of additional authentication being true; and
      
      determining whether the additional authentication information is valid, wherein the service is provided responsive to the additional authentication information being valid.
  - 9. The computer implemented method of claim 2, wherein the determination whether the service is permissible according to the catalog by determining whether the service is permissible using the registry.
  - 10. The computer implemented method of claim 1, further comprising:
    - generating an original service identifier, wherein the service identifier is a transformed version of the original service identifier.

11. A computer implemented method for securing asynchronous client server transactions, the computer implemented method comprising:
- receiving, from a first application, at a second application executing in a data processing system, a security identifier and a catalog responsive to sending an application identifier and an application version associated with the second application, the catalog including a transformed subset of a registry associated with the first application;
  
  dynamically constructing a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier, and the sub-request further including a request for a service from the catalog;
  
  receiving, responsive to the sub-request being valid according to the first application, data associated with the service.
- View Dependent Claims (12, 13)
- - 12. The computer implemented method of claim 11, wherein the sub-request further includes the application identifier and the application version associated with the second application.
  - 13. The computer implemented method of claim 11, further comprising:
    - receiving, responsive to the sub-request being invalid, one of (i) a renewed service identifier, and (ii) a renewed catalog, wherein the sub-request is invalid due to a determination that one of (i) the service identifier is invalid, (ii) the service is not within the catalog, and (iii) the catalog is outdated; and
      
      dynamically constructing a second sub-request using one of (i) the renewed service identifier, and (ii) the renewed catalog.

14. A computer usable program product comprising a computer usable storage medium including computer usable code for securing asynchronous client server transactions, the computer usable code comprising:
- computer usable code for receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application;
  
  computer usable code for generating a service identifier responsive to a session with the second application being valid;
  
  computer usable code for generating a registry at the first application, the registry including information about a set of services and data that the second application is permitted to use;
  
  computer usable code for generating a catalog based on the registry, the catalog including a transformed subset of the registry; and
  
  computer usable code for sending the service identifier and the catalog to the second application.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The computer usable program product of claim 14 further comprising:
    - computer usable code for receiving a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier;
      
      computer usable code for determining a validity of the sub-request by determining a combination of (i) whether the service identifier has expired, (ii) whether the sub-request requests a service that is permissible according to the catalog, and (iii) whether the service identifier is used in conjunction with the second application; and
      
      computer usable code for providing, responsive to the sub-request being valid, the service in response to the sub-request.
  - 16. The computer usable program product of claim 15, wherein the determining the validity further uses in the combination (iv) determining whether the catalog is outdated.
  - 17. The computer usable program product of claim 15, wherein the determination whether the service identifier is used in conjunction with the second application comprises determining whether the service identifier is used together with the application identifier and the application version of the second application.
  - 18. The computer usable program product of claim 15, further comprising:
    - computer usable code for providing, responsive to the sub-request being invalid, one of (i) a renewed service identifier, and (ii) a renewed catalog.
  - 19. The computer usable program product of claim 18, wherein the renewed service identifier is one of (i) a new service identifier, (ii) the service identifier including a modified security feature, and (iii) the service identifier corresponding to a modification of the security feature validation criterion at the first application, and wherein the providing occurs before the asynchronous client server transaction is concluded.
  - 20. The computer usable program product of claim 18, wherein the renewed catalog is one of (i) a new catalog, (ii) an update to the catalog, and (iii) a modification to an expiration parameter of the catalog, and wherein the providing occurs before the asynchronous client server transaction is concluded.
  - 21. The computer usable program product of claim 15, further comprising:
    - computer usable code for determining whether the service requires additional authentication, forming a determination of additional authentication;
      
      computer usable code for receiving additional authentication information responsive to the determination of additional authentication being true; and
      
      computer usable code for determining whether the additional authentication information is valid, wherein the service is provided responsive to the additional authentication information being valid.
  - 22. The computer usable program product of claim 15, wherein the determination whether the service is permissible according to the catalog by determining whether the service is permissible using the registry.
  - 23. The computer usable program product of claim 14, further comprising:
    - computer usable code for generating an original service identifier, wherein the service identifier is a transformed version of the original service identifier.
  - 24. The computer usable program product of claim 14, wherein the computer usable code is stored in a computer readable storage medium in a data processing system, and wherein the computer usable code is transferred over a network from a remote data processing system.
  - 25. The computer usable program product of claim 14, wherein the computer usable code is stored in a computer readable storage medium in a server data processing system, and wherein the computer usable code is downloaded over a network to a remote data processing system for use in a computer readable storage medium associated with the remote data processing system.

26. A data processing system for securing asynchronous client server transactions, the data processing system comprising:
- a storage device including a storage medium, wherein the storage device stores computer usable program code; and
  
  a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises;
  
  computer usable code for receiving, from a first application, at a second application executing in a data processing system, a security identifier and a catalog responsive to sending an application identifier and an application version associated with the second application, the catalog including a transformed subset of a registry associated with the first application;
  
  computer usable code for dynamically constructing a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier, and the sub-request further including a request for a service from the catalog; and
  
  computer usable code for receiving, responsive to the sub-request being valid according to the first application, data associated with the service.
- View Dependent Claims (27, 28)
- - 27. The data processing system of claim 26, wherein the sub-request further includes the application identifier and the application version associated with the second application.
  - 28. The data processing system claim 26, further comprising:
    - computer usable code for receiving, responsive to the sub-request being invalid, one of (i) a renewed service identifier, and (ii) a renewed catalog, wherein the sub-request is invalid due to a determination that one of (i) the service identifier is invalid, (ii) the service is not within the catalog, and (iii) the catalog is outdated; and
      
      computer usable code for dynamically constructing a second sub-request using one of (i) the renewed service identifier, and (ii) the renewed catalog.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bade, Steven A., Zurko, Mary Ellen, Moss, Harold

Granted Patent

US 8,479,268 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/30   Authentication, i.e. establ...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/12   Applying verification of th...

H04L 63/1466   Active attacks involving in...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 9/32   including means for verifyi...

H04W 12/06   Authentication

Securing Asynchronous Client Server Transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Securing Asynchronous Client Server Transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links