HTTP Signing
First Claim
Patent Images
1. A method for signing data transferred over a network, comprising:
- receiving a request for a first resource;
generating a content identifier for the first resource;
generating a content expiration time for the first resource;
generating a digital signature based on at least a portion of the first resource and at least one of the content identifier and the content expiration time;
embedding the content identifier, the content expiration time, and the digital signature into a response header; and
transmitting a response message, the response message includes the response header and the at least a portion of the first resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for signing data transferred over a computer network is described. In one aspect, the HTTP header of an HTTP response message is extended to include a content identifier, a content expiration time, and a digital signature. The digital signature may be generated from the content identifier, the content expiration time, and the message body of the HTTP response message.
69 Citations
20 Claims
-
1. A method for signing data transferred over a network, comprising:
-
receiving a request for a first resource; generating a content identifier for the first resource; generating a content expiration time for the first resource; generating a digital signature based on at least a portion of the first resource and at least one of the content identifier and the content expiration time; embedding the content identifier, the content expiration time, and the digital signature into a response header; and transmitting a response message, the response message includes the response header and the at least a portion of the first resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic device for verifying the authenticity of a first resource, comprising:
-
a network interface, the network interface transmits a first request for a first resource, the network interface receives a response to the first request from a content delivery network, the response includes a header and at least a portion of the first resource, the header includes a content identifier field and a content expiration field, the header further includes a digital signature, the digital signature is generated using the content identifier field, the content expiration field, and the at least a portion of the first resource; and a processor, the processor verifies that the at least a portion of the first resource is authentic by decyrypting the digital signature and comparing the decrypted digital signature to portions of the content identifier field, the content expiration field, and the at least a portion of the first resource. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more storage devices containing processor readable code for programming one or more processors to perform a method comprising the steps of:
-
transmitting a list of one or more game updates, the one or more game updates includes a particular game update; receiving a first request for the particular game update; establishing a secure connection with an origin server; sending a second request for the particular game update to the origin server; receiving a response to the second request from the origin server, the response includes the particular game update; generating a content identifier for the particular game update; generating a content expiration time for the particular game update; generating a digital signature based on the particular game update, the content identifier, and the content expiration time; embedding the content identifier, the content expiration time, and the digital signature into a response header; and transmitting a response message to a content delivery network, the response message includes the response header and the particular game update. - View Dependent Claims (18, 19, 20)
-
Specification