Process for verifying the preservation of the integrity of an unprotected request sent by a client to a server by verifying the integrity of the response
First Claim
1. A computer implemented process for verifying the preservation of the integrity of an unprotected request sent by a client to a server which provides a response to the request and in which a signature key of the server is used, comprising adding a flag to a request sent by the client to the server, the flag specifying whether or not the server must offer a guarantee of non-repetition, as well as a unique number which never repeats or has a low probability of repetition, consisting either of a random number with a low probability of repetition or of a concatenation of a time indicator and a random number with a certainty of non-repetition, verifying said integrity by the client during the reception of a global response to the request, the global response including the response to the request plus the result of a one-way compression function applied to the request, flag, and unique number combination, the integrity of the global response moreover being protected by means of the key of the server.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a process for verifying the preservation of the integrity of an unprotected request sent by an anonymous client to a server, in which only one public key, that of the server, is used. This process is remarkable in that the anonymous client sends, along with his request, a flag which specifies whether or not the server must offer an absolute guarantee of non-repetition of the requests received as well as a unique number, that is, a number which never repeats or has a low probability of repetition, consisting either of a random number with a low probability of repetition or the concatenation of a time indicator and a random number with a certainty of non-repetition, the verification of said integrity being performed during the reception of the response to the request, for which reason the global response includes the response to the request plus the result of a one-way compression function applied to the request, flag and unique number combination, the integrity of the global response moreover being protected either by means of the public key of the server used as a signature key, or by means of a private key established using the public key of the server as an encryption key.
-
Citations
14 Claims
- 1. A computer implemented process for verifying the preservation of the integrity of an unprotected request sent by a client to a server which provides a response to the request and in which a signature key of the server is used, comprising adding a flag to a request sent by the client to the server, the flag specifying whether or not the server must offer a guarantee of non-repetition, as well as a unique number which never repeats or has a low probability of repetition, consisting either of a random number with a low probability of repetition or of a concatenation of a time indicator and a random number with a certainty of non-repetition, verifying said integrity by the client during the reception of a global response to the request, the global response including the response to the request plus the result of a one-way compression function applied to the request, flag, and unique number combination, the integrity of the global response moreover being protected by means of the key of the server.
Specification