Apparatus and method for securing documents posted from a web resource
First Claim
1. A method for securing Web resources in a network system, the method comprising the steps of:
- generating a unique token each time a client browser receives a request for service;
transmitting said unique token to a security server each time the client browser responds to the request for service;
transmitting the request for service and said unique token to an application server to satisfy the request for service, wherein the application server forwards said unique token to the security server to verify said unique token;
receiving a requested service from the application server when a match notice from the security server indicates to the application server, that said unique token from the client browser and said unique token from the application server match; and
receiving an error message from the application server when a predetermined timeout period expires between when said unique token is received from the client browser and when said second unique token is received from the application server.
5 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method provide flexible and heightened security for accessing web resources with a client browser, where the web resources are on a server. In particular, the apparatus and method are accomplished by having the client browser generate a token that is provided to a security server to provide third party validation of a client request for service. The client browser then makes a call for service, and includes the token as a argument of the call. A CGI-BIN program that receives the call for service also receives the service identifier and arguments, among which is the client user interface generated token. The CGI-BIN program establishes a connection to the security server, and then sends the token received as an argument to the security server for third-party verification. If the token is verified by the security server, then the CGI-BIN program executes the requested service program.
-
Citations
20 Claims
-
1. A method for securing Web resources in a network system, the method comprising the steps of:
-
generating a unique token each time a client browser receives a request for service;
transmitting said unique token to a security server each time the client browser responds to the request for service;
transmitting the request for service and said unique token to an application server to satisfy the request for service, wherein the application server forwards said unique token to the security server to verify said unique token;
receiving a requested service from the application server when a match notice from the security server indicates to the application server, that said unique token from the client browser and said unique token from the application server match; and
receiving an error message from the application server when a predetermined timeout period expires between when said unique token is received from the client browser and when said second unique token is received from the application server. - View Dependent Claims (2, 3, 4)
utilizing a random number generator to generate the unique token.
-
-
3. The method of claim 2, wherein the step of generating a unique token further includes the step of:
-
determining a port number for the security server connection to the client browser; and
adding the port number to said unique token.
-
-
4. The method of claim 1, further comprising the step of:
registering the client browser with the security sever.
-
5. A system for securing Web resources in a network system, comprising:
-
means for generating a unique token each time a client browser receives a request for service;
means for transmitting said unique token to a security server each time the client browser responds to the request for service; and
means for transmitting the request for service and said unique token to an application server to satisfy the request for service, wherein the application server forwards said unique token to the security server to verify said unique token;
means for receiving a requested service from the application server when a match notice from the security server indicates to the application server that said unique token from the client browser and said unique token from the application server match; and
means for receiving an error message from the application server when a predetermined timeout period expires between when said unique token is received from the client browser and when said second unique token is received from the application server. - View Dependent Claims (6, 7)
means for determining a port number of a connection of the client browser to the security server;
means for using a random number generator to generate a random number; and
means for adding said port number to said random number to create said unique token.
-
-
7. The system of claim 5, further comprising:
means for registering the client browser with the security server to obtain a port number.
-
8. A client device for providing security to web resources, comprising:
-
a first client mechanism for generating a unique token each time the client device sends a request for service to an application device;
a second client mechanism for transmitting the unique token to a security device to provide third party validation;
a third client mechanism for transmitting the unique token with said request for service to the application device, wherein the application device forwards said unique token to the security device to validate said unique token;
a fourth client mechanism for receiving a requested service from the application device when a match notice from the security device indicates to the application device, that said unique token from the client device and said unique token from the application device match; and
a fifth client mechanism for receiving an error message from the application device when a predetermined timeout period expires between when said unique token is received from the client device and when said second unique token is received from the application device. - View Dependent Claims (9, 10)
a sixth client mechanism for determining a port number of a connection of the client device to the security device;
a seventh client mechanism for using a random number generator to generate a random number for said unique token; and
a eighth client mechanism for adding the port number to said random number to create said unique token.
-
-
10. The system of claim 8, further comprising:
a ninth client mechanism for registering the client device with the security device to obtain a port number.
-
11. A security server for securing resources in a network, comprising:
-
means for receiving a unique token from a client browser, said unique token is different each time the client browser generates a request for service;
means for receiving a second unique token from an application server to verify said request for service from the client browser;
means for comparing said unique token received from the client browser and said second unique token received from the application server;
means for generating a match notice when said unique token received from the client browser and said second unique token received from the application server match, the match notice authorizing the application server to provide a requested service to the client browser when the match notice is received;
means for generating a nonmatch notice when a predetermined timeout period expires between when said unique token is received from the client browser and when said second unique token is received from the application server, the nonmatch notice prohibiting the application server to provide the requested service to the client browser when the nonmatch notice is received; and
means for transmitting the notice generated to the application server to indicate if said request for service is verified. - View Dependent Claims (12)
-
-
13. A system for providing security of web resources to a client device that generates a unique token each time the client device generates a request for service, and an application device for providing a requested service;
- said computer system comprising;
a security device for verifying the unique token generated by the client device with the request for service, wherein said security device further comprises;
a first security mechanism that compares the unique token received from the client device and a second unique token received from the application device;
a second security mechanism that generates a match notice when the unique token received from the client device and the second unique token received from the application device match, the match notice authorizing the application device to provide the requested service to the client device when the match notice is received; and
a third security mechanism generating a nonmatch notice when a predetermined timeout period expires between when the unique token is received from the client device and when the second unique token is received from the application device, the nonmatch notice prohibiting the application device to provide the requested service to the client device when the nonmatch notice is received. - View Dependent Claims (14, 15, 16)
a fourth security mechanism for receiving the unique token from the client browser device; and
a fifth security mechanism for receiving the second unique token from the application device.
- said computer system comprising;
-
16. The security system of claim 13, further comprising:
a fifth security mechanism for transmitting the notice generated to the application server to indicate if said request for service is verified.
-
17. A method for a security server to secure Web resources in a network system, the method comprising the steps of:
-
receiving a unique token from a client device each time the client device generates a token in response to a request for service;
receiving a verification request for a second unique token from an application server;
comparing the unique token received from the client device and the second unique token received from the application server;
generating a match notice when the unique token received from the client device and the second unique token received from the application server match, the match notice authorizing the application server to provide the requested service when the match notice is received; and
generating a nonmatch notice when a predetermined timeout period expires between when the unique token is received from the client device and when the second unique token is received from the application server, the nonmatch notice prohibiting the application server to provide the requested service when the nonmatch notice is received. - View Dependent Claims (18, 19, 20)
transmitting the generated notice to the application server.
-
-
20. The method of claim 17, further including the step of:
-
receiving a registration request from the client device; and
authenticating the registration request.
-
Specification