Transmitting security data in multipart communications over a network

US 8,230,224 B2
Filed: 03/08/2005
Issued: 07/24/2012
Est. Priority Date: 03/08/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product embodied on a non-transitory computer readable medium for transmitting data and a security feature within a message having a plurality of parts, wherein the message is transmitted over a connection-oriented protocol through a network, comprising:

program code for receiving a hypertext transport protocol GET request for data, wherein a first hypertext transport protocol response is transmitted in response to the hypertext transport protocol GET request;

program code for determining a security feature for the data including program code for determining a digital signature for the data;

program code for transmitting, subsequent to the first hypertext transport protocol response, the message in a second hypertext transport protocol response to the GET request,wherein the second hypertext transport protocol response comprises a first part that contains the data and a second part that contains the security feature, andwherein the first hypertext transport protocol response comprises information indicating that one of the plurality of parts of the second hypertext transport protocol response contains said security feature,wherein the security feature includes the digital signature for the data and a result of a validation of the digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide for efficiently implementing security features over HTTP communications. In some embodiments, a security feature, such as a digital signature, can be efficiently implemented over HTTP communications. The HTTP communications are conducted in parts. The first part contains the payload data of the message. The second part, if appropriate, contains information for the digital signature, such as the digital signature itself or the result of a signature verification.

16 Citations

View as Search Results

22 Claims

1. A computer program product embodied on a non-transitory computer readable medium for transmitting data and a security feature within a message having a plurality of parts, wherein the message is transmitted over a connection-oriented protocol through a network, comprising:
- program code for receiving a hypertext transport protocol GET request for data, wherein a first hypertext transport protocol response is transmitted in response to the hypertext transport protocol GET request;
  
  program code for determining a security feature for the data including program code for determining a digital signature for the data;
  
  program code for transmitting, subsequent to the first hypertext transport protocol response, the message in a second hypertext transport protocol response to the GET request,wherein the second hypertext transport protocol response comprises a first part that contains the data and a second part that contains the security feature, andwherein the first hypertext transport protocol response comprises information indicating that one of the plurality of parts of the second hypertext transport protocol response contains said security feature,wherein the security feature includes the digital signature for the data and a result of a validation of the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer program product of claim 1, wherein program code for determining the security feature for the data comprises:
    - program code for validating the digital signature for the data; and
      
      program code for determining nail the result of the validation of the digital signature.
  - 3. The computer program product of claim 1, wherein program code for transmitting the message comprises program code for transmitting a multipart hypertext transport protocol message.
  - 4. The computer program product of claim 1, wherein program code for transmitting the message comprises:
    - program code for transmitting the first part that contains the data; and
      
      program code for transmitting, after the first part, the second part that contains the security feature.
  - 5. The computer program product of claim 1,wherein the request is received from a client, andwherein the first hypertext transport protocol response is transmitted from a resource manager to the client, andwherein the resource manager works in conjunction with a library server to retrieve the data.
  - 6. The computer program product of claim 5, wherein the first hypertext transport protocol response further comprises information about the resource manager.
  - 7. The computer program product of claim 1, wherein the first hypertext transport protocol response comprises information indicating the format of the message in the second hypertext transport protocol response.

8. A computer program product embodied on a non-transitory computer readable medium for requesting data and a security feature associated with the data within a second hypertext transport protocol response that has been sent through a network, comprising:
- program code for sending a hypertext transport protocol GET request for the data, wherein a first hypertext transport protocol response is transmitted in response to the hypertext transport protocol GET request;
  
  program code for receiving the first hypertext transport protocol response to the GET request;
  
  program code for receiving, subsequent to the first hypertext transport protocol response, a message in the second hypertext transport protocol response to the GET request;
  
  program code for determining whether the second hypertext transport protocol response contains multiple parts;
  
  program code for determining whether the second hypertext transport protocol response contains a security feature includes program code for extracting a digital signature for the data;
  
  program code for extracting from a first part of the multiple parts the requested data; and
  
  program code for extracting from a second part of the multiple parts said security feature that is associated with the requested data,wherein the program code for determining whether the second hypertext transport protocol response contains said security feature comprises program code for identifying information in the first hypertext transport protocol response that indicates said security feature,wherein the security feature includes the digital signature for the data and a result of a validation of the digital signature.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, wherein the program code for determining whether the second hypertext transport protocol response contains multiple parts comprises program code for identifying a flag in a header of the first hypertext transport protocol response that indicates a multipart response.
  - 10. The computer program product of claim 9, wherein the program code for determining whether the second hypertext transport protocol response contains multiple parts comprises program code for identifying a hypertext multipart byte range in the first hypertext transport protocol response.
  - 11. The computer program product of claim 8, wherein the program code for extracting from the first part of the multiple parts the requested data comprises program code for extracting data from the first part until a set of delimiting codes is reached.
  - 12. The computer program product of claim 8, wherein the program code for extracting the security feature from the second part of the multiple parts comprises program code for extracting the result that indicates flail the validation of a digital signature associated with the requested data.
  - 13. The computer program product of claim 8,wherein the request is sent from a client, andwherein the first hypertext transport protocol response is transmitted from a resource manager to the client, andwherein the resource manager works in conjunction with a library server to retrieve data.

14. A server configured to provide data and a security feature associated with the data, said server comprising:
- a processor; and
  
  a memory, coupled to the processor, that stores program code for receiving a hypertext transport protocol GET request for data, wherein a first hypertext transport protocol response is transmitted in response to the hypertext transport protocol GET request, program code for determining a security feature for the data including program code for determining a digital signature for the data, and program code for transmitting, subsequent to the first hypertext transport protocol response, a message in a second hypertext transport protocol response to the GET request,wherein the second hypertext transport protocol response comprises a first part that contains the data and a second part that contains the security feature, andwherein the first hypertext transport protocol response comprises information indicating that one of a plurality of parts of the second hypertext transport protocol response contains said security feature,wherein the security feature includes the digital signature for the data and a result of a validation of the digital signature.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The server of claim 14, wherein the processor is configured by program code to format the message as said second hypertext transport protocol response having multiple parts.
  - 16. The server of claim 14, wherein the processor is configured by program code to transmit the first part of the message before the second part of the message.
  - 17. The server of claim 14, wherein the processor is configured by program code to transmit the digital signature in the second part of the message.
  - 18. The server of claim 14, wherein the processor is configured by program code to transmit the result that indicates whether the digital signature is valid.
  - 19. The server of claim 14, wherein the processor is configured by program code to format the message as a hypertext multipart byte range response.
  - 20. The server of claim 14, wherein the processor is configured by program code to transmit at least one of the first and second parts over a secure hypertext transport protocol connection.
  - 21. The server of claim 14, wherein the processor is configured by program code to transmit the message over a secure sockets layer connection.
  - 22. The server of claim 14,wherein the request is received from a client, andwherein the first hypertext transport protocol response is transmitted from a resource manager to the client, andwherein the resource manager works in conjunction with a library server to retrieve the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chakraborty, Anirban
Primary Examiner(s)
Zee, Edward
Assistant Examiner(s)
NGUY, CHI D

Application Number

US11/073,616
Publication Number

US 20060206711A1
Time in Patent Office

2,695 Days
Field of Search

713/176, 713/170, 713/160, 713180-181, 709201-203, 709/225
US Class Current

713/176
CPC Class Codes

H04L 63/12 Applying verification of th...

Transmitting security data in multipart communications over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Transmitting security data in multipart communications over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links