Secure URL update for HTTP redirects

US 20140280883A1
Filed: 03/15/2013
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method to securely update references to a request-URI, comprising:

responsive to receipt of a protocol-compliant redirect, determining whether the protocol-compliant redirect is authentic; and

responsive to a determination that the protocol-compliant redirect is authentic, updating at least one reference to the request-URI to a new reference returned with the protocol-compliant redirect.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique to update URLs is provided in an HTTP-based client upon receipt of an HTTP redirect in response to a request-URI. One or more references to the request-URI are saved in or in association with the client. Upon receipt of an HTTP 301 (permanent) redirect, the client automatically re-links the one or more stored references to the request-URI to one or more new references returned by the server (as identified in the HTTP redirect) when the redirect can be verified to originate from the application to which the client is attempting to connect. Preferably, the automatic re-linking is accomplished using a link editing capability for permanent (e.g., HTTP 301) redirects.

25 Citations

View as Search Results

23 Claims

1. A method to securely update references to a request-URI, comprising:
- responsive to receipt of a protocol-compliant redirect, determining whether the protocol-compliant redirect is authentic; and
  
  responsive to a determination that the protocol-compliant redirect is authentic, updating at least one reference to the request-URI to a new reference returned with the protocol-compliant redirect.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the protocol-compliant redirect is an HTTP permanent redirect.
  - 3. The method as described in claim 1 wherein the protocol-compliant redirect is authentic if it can be verified to have originated from a server application to which the request-URI was directed.
  - 4. The method as described in claim 1 wherein the determination verifies that the request-URI and the protocol-compliant redirect are communicated over a SSL-secured communication link.
  - 5. The method as described in claim 1 wherein the determination verifies that the request-URI and the protocol-compliant redirect are communicated over a trusted communication link.
  - 6. The method as described in claim 1 wherein the determination includes issuing a prompt to determine whether updating should occur;
    - anddetermining that an affirmative response to the prompt has been received.
  - 7. The method as described in claim 6 further including associating risk information with the prompt.

9. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor securely update references to a request-URI, the computer program instructions comprising;
  
  code responsive to receipt of a protocol-compliant redirect to determine whether the protocol-compliant redirect is authentic; and
  
  code responsive to a determination that the protocol-compliant redirect is authentic to update at least one reference to the request-URI to a new reference returned with the protocol-compliant redirect.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus as described in claim 9 wherein the protocol-compliant redirect is an HTTP permanent redirect.
  - 11. The apparatus as described in claim 9 wherein the protocol-compliant redirect is authentic if it can be verified to have originated from a server application to which the request-URI was directed.
  - 12. The apparatus as described in claim 9 wherein the determination verifies that the request-URI and the protocol-compliant redirect are communicated over a SSL-secured communication link.
  - 13. The apparatus as described in claim 9 wherein the determination verifies that the request-URI and the protocol-compliant redirect are communicated over a trusted communication link.
  - 14. The apparatus as described in claim 9 further including:
    - code to issue a prompt to determine whether updating should occur; and
      
      code to determine that an affirmative response to the prompt has been received.
  - 15. The apparatus as described in claim 14 wherein risk information is associated with the prompt.

16. A computer program product in a non-transitory computer readable storage medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, securely update references to a request-URI, the code comprising:
- code responsive to receipt of a protocol-compliant redirect to determine whether the protocol-compliant redirect is authentic; and
  
  code responsive to a determination that the protocol-compliant redirect is authentic to update at least one reference to the request-URI to a new reference returned with the protocol-compliant redirect.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer program product as described in claim 16 wherein the protocol-compliant redirect is an HTTP permanent redirect.
  - 18. The computer program product as described in claim 16 wherein the protocol-compliant redirect is authentic if it can be verified to have originated from a server application to which the request-URI was directed.
  - 19. The computer program product as described in claim 16 wherein the determination verifies that the request-URI and the protocol-compliant redirect are communicated over a SSL-secured communication link.
  - 20. The computer program product as described in claim 16 wherein the determination verifies that the request-URI and the protocol-compliant redirect are communicated over a trusted communication link.
  - 21. The computer program product as described in claim 16 further including:
    - code to issue a prompt to determine whether updating should occur; and
      
      code to determine that an affirmative response to the prompt has been received.
  - 22. The computer program product as described in claim 21 wherein risk information is associated with the prompt.

23. Apparatus, comprising:
- a processor;
  
  computer memory;
  
  a user-agent that issues a request-URI and receives a response to the request-URI; and
  
  computer program instructions executed by the processor upon receipt of an HTTP permanent redirect to automatically re-link one or more stored references to the request-URI to one or more new references returned in the HTTP redirect when the HTTP redirect can be verified to originate from an application to which the client directed the request-URI.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Pieczul, Olgierd S., Pajecki, Mariusz, Pogorzelska-Pieczul, Isabela, Yates, Robert L.

Application Number

US13/832,952
Publication Number

US 20140280883A1
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/563   Data redirection of data ne...

Secure URL update for HTTP redirects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Secure URL update for HTTP redirects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others