System and method providing improved error detection related to transmission of data over a communication link
First Claim
1. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising:
- an interface means to a client;
a server configured with a pre-processing means and a post-processing means which operate together to detect whether a parameter value sent from the server to the client and subsequently returned to the server from the client has been tampered with, wherein the pre-processing means and post-processing means further comprise a hashing means that operates on a parameter value and on a received parameter value;
a transmitted data string transmitted to the client comprising the parameter value and the hash of the parameter value;
a received data string received from the client comprising the received parameter value and hash of the parameter value;
a communication link connecting the server to the client; and
a comparison means,wherein the post-processing means operates on the received parameter value to determine the hash of the received parameter value, wherein further the comparison means compares the hash of the parameter value to the hash of the received parameter value to determine if the parameter value transmitted to the client is the same as the received parameter value received from the client, wherein further an unfavorable comparison of the hash of the parameter value and the hash of the received parameter value indicates that the parameter value was tampered with after the transmitted data string was transmitted to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention detects changes in one or more parameter values sent by a server through user space. In one embodiment, a Web server communicates with a client over the Internet. Before sending the parameter value or values to the client, the server performs a pre-processing step, creating a formatted data string. The server then transmits the formatted data string to the client in a URL or a cookie. When the client returns the formatted data string and other data to the server, the server performs a post-processing step to verify that the parameter value or values have not been tampered with. This round trip technique is a departure from approaches that merely detect tampering of data as it passes between two nodes of a network.
-
Citations
35 Claims
-
1. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising:
-
an interface means to a client; a server configured with a pre-processing means and a post-processing means which operate together to detect whether a parameter value sent from the server to the client and subsequently returned to the server from the client has been tampered with, wherein the pre-processing means and post-processing means further comprise a hashing means that operates on a parameter value and on a received parameter value; a transmitted data string transmitted to the client comprising the parameter value and the hash of the parameter value; a received data string received from the client comprising the received parameter value and hash of the parameter value; a communication link connecting the server to the client; and a comparison means, wherein the post-processing means operates on the received parameter value to determine the hash of the received parameter value, wherein further the comparison means compares the hash of the parameter value to the hash of the received parameter value to determine if the parameter value transmitted to the client is the same as the received parameter value received from the client, wherein further an unfavorable comparison of the hash of the parameter value and the hash of the received parameter value indicates that the parameter value was tampered with after the transmitted data string was transmitted to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for error detection for detecting errors in data transmitted between a server and a client, the method comprising:
-
a) pre-processing at a server, comprising a first hash of at least one parameter value, the parameter value corresponding to a parameter; b) formatting a data string containing at least one parameter value and the first hash of the at least one parameter value; c) transmitting the formatted data string from the server to a client; d) receiving a modified data string from the client at the server, the modified data string comprising a received parameter value and the first hash of the at least one parameter value, the received parameter value corresponding to the parameter; e) post-processing at the server, comprising a second hash of the received parameter value in the modified data string; and f) comparing the first hash of the at least one parameter value to the second hash of the received parameter value, whereby an unfavorable comparison of the first hash of the at least one parameter value to the second hash of the received parameter value indicates that parameter values corresponding to at least one parameter that originated at the server were sent to the client, and were received back at the server from the client in a changed condition. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising:
-
an interface with a client; a server configured with a pre-processing unit and a post-processing unit which operate together to detect whether a parameter value transmitted from the server to the client and subsequently returned to the server has been tampered with, wherein the pre-processing unit and post-processing units further comprise a transformation unit that operates on the parameter value and a received parameter value using a secret; a transmitted data string transmitted to the client comprising the parameter value and a transformation of the parameter value; a received data string received from the client comprising the received parameter value and the transformation of the parameter value; a communication link connecting the server to the client; and a comparison unit, wherein the post-processing unit operates on the received parameter value to determine the transformation of the received parameter value, wherein further the comparison unit compares the transformation of the parameter value to the transformation of the received parameter value to determine if the parameter value transmitted to the client is the same as the received parameter value received from the client, wherein further an unfavorable comparison of the transformation of the parameter value and the transformation of the received parameter value indicates that the parameter value was tampered with after the transmitted data string was transmitted to the client. - View Dependent Claims (26, 27)
-
-
28. A method for error detection for detecting errors in data transmitted between a server and a client, the method comprising:
-
a) pre-processing at a server, comprising a transformation of a parameter value in a data string using a secret, the parameter value corresponding to a parameter, the data string comprising the parameter value and the transformed parameter value; b) transmitting the data string from the server to a client; c) receiving a modified data string from the client at the server, the modified data string comprising a received parameter value and the transformed parameter value; d) post-processing at the server, comprising a transformation of the received parameter value in the modified data string using the secret; and e) comparing the transformed parameter value to the transformed received parameter value to detect whether the parameter value that originated at the server and was sent to a client was received back at the server from the client in a changed condition. - View Dependent Claims (29, 30)
-
-
31. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising:
-
a communications link between a server and at least one client; a pre-processing unit connected to the server; a post-processing unit connected to the server; a comparison unit connected to the server, the pre-processing unit and the post-processing unit; a broadcast data string comprising a first parameter value corresponding to a parameter, and a transformed first parameter value corresponding to the first parameter value; and a return data string comprising the transformed first parameter value and a second parameter value corresponding to the same parameter, wherein the broadcast data string is communicated from the server to at least one client and the return data string is returned to the server in a subsequent communication from the client to the server; wherein the pre-processing unit transforms the first parameter value in the broadcast data string using a secret to provide the transformed first parameter value, wherein further the post-processing unit transforms the second parameter value in the return data string using the same secret to provide a transformed second parameter value; wherein further the transformed first parameter value and the transformed second parameter value are compared by the comparison unit to determine if the first parameter value in the broadcast data string is the same as the second parameter value in the return data siring. - View Dependent Claims (32, 33, 34, 35)
-
Specification