Systems and methods for state signing of internet resources
First Claim
1. A method for an intermediary device to provide security between a client and server via state signing of resources controlled by policy, the method comprising the steps of:
- (a) intercepting, by a device between a client and a server, a response from the server to a request of the client, the response comprising a plurality of application data items;
(b) determining, via a policy, one or more application data items of the plurality of application data items to sign;
(c) generating, by a state signer responsive to the policy, a signature for each of the determined one or more application data items;
(d) incorporating, by the state signer, a control word having metadata to control signature verification in each of the one or more signed application data items;
(e) transmitting, by the device, to the client in response to the request, a modified response having the signed one or more application data items and corresponding control words; and
(f) receiving, by the device, a second request from the client and verifying the signature of the one or more signed application data items in accordance with the control word.
10 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and software for state signing of Internet resources is presented in which web pages and other Internet resources are signed after the insertion of metadata indicating intended and authorized uses. In one embodiment, the signing is accomplished through use of a cryptographic signature added to any data item passed to a client that is likely to be passed back to the server later, such as a cookie, URL, or data integrity item. Enabling and disabling of state signing for various data items can be controlled through policies tied to URL prefixes.
-
Citations
20 Claims
-
1. A method for an intermediary device to provide security between a client and server via state signing of resources controlled by policy, the method comprising the steps of:
-
(a) intercepting, by a device between a client and a server, a response from the server to a request of the client, the response comprising a plurality of application data items; (b) determining, via a policy, one or more application data items of the plurality of application data items to sign; (c) generating, by a state signer responsive to the policy, a signature for each of the determined one or more application data items; (d) incorporating, by the state signer, a control word having metadata to control signature verification in each of the one or more signed application data items; (e) transmitting, by the device, to the client in response to the request, a modified response having the signed one or more application data items and corresponding control words; and (f) receiving, by the device, a second request from the client and verifying the signature of the one or more signed application data items in accordance with the control word. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for an intermediary device to provide security between a client and server via state signing of resources using a control word to verify signed resources, the method comprising the steps of:
-
(a) intercepting, by a device between a client and a server, a response from the server to a request of the client, the response comprising a plurality of application data items; (b) incorporating, by a state signer, a control word into one or more application data items of the plurality of application data items, the control word comprising metadata to control verification of a signed application data item; (c) generating, by the state signer, a signature for the each of the one or more application data items; (d) transmitting, by the device, to the client in response to the request, a modified response having the signed one or more application data items and corresponding control words (e) receiving, by the device, a second request from the client and verifying the signature of one or more signed application data items in accordance with the control word. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification