Dynamic assignment of security parameters to web pages

US 6,029,245 A
Filed: 03/25/1997
Issued: 02/22/2000
Est. Priority Date: 03/25/1997
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer system, a method for dynamically assigning security parameters to each one of a secure set of Hypertext Markup Language (HTML) pages as the pages are accessed, said method comprising the steps of:

storing information as HTML pages;

providing a security injection profile defining security parameters for said HTML pages for a plurality of security protocols;

receiving a request for a particular one of the HTML pages from a browser enabled with one of said security protocols;

retrieving said one requested HTML page;

accessing the security injection profile to obtain the security parameters for said one security protocol defined in the security injection profile for said one requested HTML page;

adding said obtained security parameters to said retrieved HTML page to produce a new version of the retrieved HTML page that conforms to said one security protocol; and

delivering said new version of the retrieved HTML page to the browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and means are provided for dynamically assigning security parameters to hypertext markup language (HTML) pages of an information provider on the worldwide web, whereby only one set of HTML pages need be stored and maintained for retrieval by client computers using differing security protocols. A security injection profile is provided for storing security parameters for each respective security protocol. When a browser enabled with a particular security protocol requests one of the HTML pages in the secure set, the page is accessed from web server storage, security parameters of the particular protocol are accessed and injected into the accessed page, and the page is sent to the requesting browser.

138 Citations

13 Claims

1. In a computer system, a method for dynamically assigning security parameters to each one of a secure set of Hypertext Markup Language (HTML) pages as the pages are accessed, said method comprising the steps of:
- storing information as HTML pages;
  
  providing a security injection profile defining security parameters for said HTML pages for a plurality of security protocols;
  
  receiving a request for a particular one of the HTML pages from a browser enabled with one of said security protocols;
  
  retrieving said one requested HTML page;
  
  accessing the security injection profile to obtain the security parameters for said one security protocol defined in the security injection profile for said one requested HTML page;
  
  adding said obtained security parameters to said retrieved HTML page to produce a new version of the retrieved HTML page that conforms to said one security protocol; and
  
  delivering said new version of the retrieved HTML page to the browser.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the security protocols include Secure Hypertext Transfer Protocol (SHTTP), and the security parameters defined for SHTTP in the security injection profile include Header and Cryptopts.
  - 3. The method of claim 2,wherein for each of the HTML pages, the security injection profile includes a "to" section defining default Header and Cryptopts security parameters for the HTML page, andthe "to" sections in the security injection profile further include one "from" section for each of the HTML pages that link to the HTML page corresponding to the "to" section if such linking requires other Header and Cryptopt security parameters to override the default Header and Cryptopts security parameters in the "to" section.
  - 4. The method of claim 1, wherein the security protocols include Secure Sockets Layer (SSL).

5. In a computer network, a method for enabling a network information provider to maintain a single set of HTML pages that can be served to browsers that use differing security protocols, said method comprising the steps of:
- storing information as a set of Hypertext Markup Language (HTML) pages;
  
  providing a security injection profile defining security paramneters for a plurality of security protocols;
  
  receiving a request for a particular one of the HTML pages from a browser that uses one of said security protocols;
  
  retrieving said one requested HTML page;
  
  accessing the security injection profile to obtain the security parameters for said one security protocol;
  
  adding said obtained security parameters to said retrieved HTML page to produce a new version of the retrieved HTML page that conforms to said one security protocol; and
  
  delivering said new version of the retrieved HTML page to the browser for handling in accordance with the added security parameters.
- View Dependent Claims (6)
- - 6. The method of claim 5, wherein the security protocols include Secure Hypertext Transfer Protocol (SHTTP) and Secure Sockets Layer (SSL), and the security parameters defined for SHTTP in the security injection profile include Header and Cryptopts.

7. A system coupled through a network to client computers having differing security protocols enabled by browsers running thereon, said system comprising:
- storage means for storing information of a network information provider as a single set of Hypertext Markup Language (HTML) pages;
  
  at least one server coupled to the client computers and to the storage means, the web server delivering the HTML pages to the browsers in response to requests from the browsers; and
  
  security injection means for dynamically assigning security parameters to each HTML page delivered to one of the browsers in accordance with the security protocol enabled in the one browser,wherein said security injection means includes;
  
  a security injection profile defining security parameters for each of the HTML pages for each of the security protocols;
  
  means responsive to a request from one of the browsers for accessing a requested one of the HTML pages;
  
  means for accessing the security injection profile to obtain the security parameters defined in the security injection profile for the requested one of the HTML pages and the security protocol of the browser making the request; and
  
  means for injecting the accessed security parameters into the accessed HTML page.
- View Dependent Claims (8)
- - 8. The system of claim 7,wherein for each of the HTML pages, the security injection profile includes a "to" section defining default security parameters for the HTML page, andthe "to" sections in the security injection profile further include one "from" section for each of the HTML pages that link to the HTML page corresponding to the "to" section if such linking requires other security parameters to override the default security parameters in the "to" section.

9. In a computer network that includes client computers, storage means for storing information as HTML pages, and at least one server coupled to the storing means and the client computers, a method for dynamically assigning security parameters to each of the HTML pages that is delivered to one of the client computers in accordance with a type of security used by the one client computer to make requests and to receive results, said method comprising the steps of:
- passing names of "from" and "to" pages and the type of security used by the one client computer to a security injection program;
  
  having the security injection program read from a security injection profile a security header parameter defined for the "to" page and inject the defined header into the "to" page;
  
  having the security injection program read from the security injection profile a security cryptopts parameter for each Uniform Resource Locator (URL) associated with the "to" page and set said cryptopts parameters in said "to" page to create a security enhanced "to" page; and
  
  sending the security enhanced "to" page to the one client computer, so as to allow only one set of HTML pages to be stored for retrieval by client computers using differing types of security.

10. A method for dynamically assigning security parameters to each one of a secure set of web pages as the web pages are accessed, said method comprising the steps of:
- storing information as web pages;
  
  providing a security injection profile defining security parameters for the web pages for a plurality of security protocols;
  
  receiving a request for a particular one of the web pages from a client system enabled with one of the security protocols;
  
  retrieving the one requested web page;
  
  using the security injection profile to obtain the security parameters for the one security protocol defined in the security injection profile for the one requested web page;
  
  adding the obtained security parameters to the retrieved web page to produce a security enhanced version of the retrieved web page; and
  
  delivering the security-enhanced version of the retrieved web page to the client system.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, wherein the security protocols include Secure Hypertext Transfer Protocol (SHTTP), and the security parameters defined for SHTTP in the security injection profile include Header and Cryptopts.
  - 12. The method of claim 11,wherein for each of the web pages, the security injection profile includes a "to" section defining default Header and Cryptopts security parameters for the web page, andthe "to" sections in the security injection profile further include one "from" section for each of the web pages that link to the web page corresponding to the "to" section if such linking requires other Header and Cryptopt security parameters to override the default Header and Cryptopts security parameters in the "to" section.
  - 13. The method of claim 10, wherein the security protocols include Secure Sockets Layer (SSL).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Scanlan, Thomas K.
Primary Examiner(s)
Sheikh, Ayaz R.
Assistant Examiner(s)
PHAN, RAYMOND NGAN

Application Number

US08/823,172
Time in Patent Office

1,064 Days
Field of Search

380/3, 380/4, 380/5, 380/23-25, 380/48-49, 395/186, 395/187.01, 395/188.01, 395/200.57-200.58, 395/200.33, 395/200.78-200.8
US Class Current

726/4
CPC Class Codes

G06F 21/6263 during internet communicati...

Dynamic assignment of security parameters to web pages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

138 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic assignment of security parameters to web pages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links