HTTP Signing

US 20120124384A1
Filed: 11/11/2010
Published: 05/17/2012
Est. Priority Date: 11/11/2010
Status: Active Grant

First Claim

Patent Images

1. A method for signing data transferred over a network, comprising:

receiving a request for a first resource;

generating a content identifier for the first resource;

generating a content expiration time for the first resource;

generating a digital signature based on at least a portion of the first resource and at least one of the content identifier and the content expiration time;

embedding the content identifier, the content expiration time, and the digital signature into a response header; and

transmitting a response message, the response message includes the response header and the at least a portion of the first resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for signing data transferred over a computer network is described. In one aspect, the HTTP header of an HTTP response message is extended to include a content identifier, a content expiration time, and a digital signature. The digital signature may be generated from the content identifier, the content expiration time, and the message body of the HTTP response message.

69 Citations

View as Search Results

20 Claims

1. A method for signing data transferred over a network, comprising:
- receiving a request for a first resource;
  
  generating a content identifier for the first resource;
  
  generating a content expiration time for the first resource;
  
  generating a digital signature based on at least a portion of the first resource and at least one of the content identifier and the content expiration time;
  
  embedding the content identifier, the content expiration time, and the digital signature into a response header; and
  
  transmitting a response message, the response message includes the response header and the at least a portion of the first resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - the response header is an HTTP response header; and
      
      the response header includes a cache expiration field, the cache expiration field specifies a time at which cached copies of the at least a portion of the first resource must be refreshed, the content expiration time is at a time prior to the cache expiration time.
  - 3. The method of claim 1, wherein:
    - the content identifier includes a uniform resource name; and
      
      the content expiration time is specified according to Greenwich Mean Time.
  - 4. The method of claim 1, wherein:
    - the response header includes a cache expiration field, the cache expiration field specifies a time at which cached copies of the at least a portion of the first resource must be refreshed, the content expiration time is specified relative to the cache expiration time.
  - 5. The method of claim 1, wherein:
    - the step of generating a digital signature includes using an asymmetric signature algorithm, the asymmetric signature algorithm takes as inputs the at least a portion of the first resource and at least one of the content identifier and the content expiration time.
  - 6. The method of claim 1, wherein:
    - the step of transmitting includes transmitting the response message to a content delivery network.
  - 7. The method of claim 1, further comprising:
    - establishing a secure connection with a proxy server; and
      
      the step of transmitting includes transmitting the response message to the proxy server.

8. An electronic device for verifying the authenticity of a first resource, comprising:
- a network interface, the network interface transmits a first request for a first resource, the network interface receives a response to the first request from a content delivery network, the response includes a header and at least a portion of the first resource, the header includes a content identifier field and a content expiration field, the header further includes a digital signature, the digital signature is generated using the content identifier field, the content expiration field, and the at least a portion of the first resource; and
  
  a processor, the processor verifies that the at least a portion of the first resource is authentic by decyrypting the digital signature and comparing the decrypted digital signature to portions of the content identifier field, the content expiration field, and the at least a portion of the first resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The electronic device of claim 8, wherein:
    - the header is an HTTP response header; and
      
      the header includes a cache expiration field, the cache expiration field specifies a time at which cached copies of the at least a portion of the first resource must be refreshed, the content expiration field specifies a content expiration time at which the at least a portion of the first resource is no longer valid, the content expiration time is at a time different than the cache expiration time.
  - 10. The electronic device of claim 8, wherein:
    - the content identifier field associates the at least a portion of the first resource with a uniform resource name; and
      
      the processor discards the at least a portion of the first resource if authentication of the at least a portion of the first resource fails.
  - 11. The electronic device of claim 8, wherein:
    - the content expiration field specifies a content expiration time at which the at least a portion of the first resource is no longer valid, the content expiration time is specified according to Greenwich Mean Time.
  - 12. The electronic device of claim 11, wherein:
    - the processor verifies that the content expiration time plus a time specified by a given window of time has not occurred.
  - 13. The electronic device of claim 8, wherein:
    - the digital signature is generated using an asymmetric signature algorithm.
  - 14. The electronic device of claim 13, wherein:
    - the processor verifies that the digital signature was created using the content identifier field, the content expiration field, and the at least a portion of the first resource.
  - 15. The electronic device of claim 13, wherein:
    - the processor executes verification software, the verification software acquires a public key from a trusted third party, the verification software uses the public key to decrypt the digital signature.
  - 16. The electronic device of claim 13, wherein:
    - the processor executes verification software, the verification software acquires a public key from a secure location on a local storage device, the verification software uses the public key to decrypt the digital signature.

17. One or more storage devices containing processor readable code for programming one or more processors to perform a method comprising the steps of:
- transmitting a list of one or more game updates, the one or more game updates includes a particular game update;
  
  receiving a first request for the particular game update;
  
  establishing a secure connection with an origin server;
  
  sending a second request for the particular game update to the origin server;
  
  receiving a response to the second request from the origin server, the response includes the particular game update;
  
  generating a content identifier for the particular game update;
  
  generating a content expiration time for the particular game update;
  
  generating a digital signature based on the particular game update, the content identifier, and the content expiration time;
  
  embedding the content identifier, the content expiration time, and the digital signature into a response header; and
  
  transmitting a response message to a content delivery network, the response message includes the response header and the particular game update.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more storage devices of claim 17, wherein:
    - the response header is an HTTP response header; and
      
      the response header includes a cache expiration field, the cache expiration field specifies a time at which cached copies of the particular game update must be refreshed, the content expiration field specifies a content expiration time at which the particular game update is no longer valid, the content expiration time is at a time equal to the cache expiration time.
  - 19. The one or more storage devices of claim 18, wherein:
    - the content identifier field includes a uniform resource name; and
      
      the content expiration field includes a time specified according to Greenwich Mean Time.
  - 20. The one or more storage devices of claim 19, wherein:
    - the digital signature is generated using an asymmetric signature algorithm, the asymmetric signature algorithm takes as inputs the content identifier field, the content expiration field, and the particular game update.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Livni, Felix, Chen, Hao

Granted Patent

US 8,677,134 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/178
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0281   Proxies

H04L 63/0442   wherein the sending and rec...

H04L 63/126   the source of the received ...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 9/3247   involving digital signatures

HTTP Signing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HTTP Signing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links