Method for enhancing network application security
First Claim
1. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
sending the session credential security token to the client;
receiving a second request from the client to download the application, the second request including the value of the session credential security token;
in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
embedding the second security token in application code prior to sending an instance of the application code to the client, the instance of the application code being tied to the session credential security token;
sending the instance of the application code with the embedded security token to the client;
receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and
verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for securing communications between a server and an application downloaded over a network onto a client of the server is disclosed. A first request is received from the client, and in response a session credential security token is generated and sent to the client. A second request is received from the client to download the application and includes the value of the session credential security token. The server verifies that the value of the session credential security token is valid and, if so, generates a second security token that is tied to the session credential security token. The second token is embedded in application code and then the application code is sent to the client. A subsequent request for data from the application running on the client includes the value of the session credential security token and the value of the embedded security token. Verification of validity of the values of the session credential security token and the second security token received with the data request then occurs at least in part by determining that the values are cryptographically tied to one another. Upon verification, the requested data is sent to the client.
87 Citations
18 Claims
-
1. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending an instance of the application code to the client, the instance of the application code being tied to the session credential security token; sending the instance of the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending the application code to the client; sending the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client; wherein sending the session credential security token to the client comprises; embedding the session credential security token into download initiation code that enables the client to send a request for downloading of the application; and sending the download initiation code with the embedded session credential security token to the client.
-
-
7. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending the application code to the client; sending the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client; wherein embedding the second security token in application code comprises splitting the second security token into a plurality of portions and embedding each of said portions at a different location within the application code.
-
-
8. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending the application code to the client; sending the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client; upon verifying that the value of the session credential security token is valid in response to the second request, generating a third security token that is tied to the session credential security token; embedding the third security token in application code prior to sending the application code to the client; and upon receiving the request for data, encrypting the requested data using the third security token prior to sending the requested data to the client.
-
-
9. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending the application code to the client; sending the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client; receiving a third request from the client to download a second application, the request including the value of the session credential security token; upon verifying that the value of the session credential security token is valid in response to the third request, generating a third security token that is tied to the session credential security token; embedding the third security token in the second application code; sending the second application code to the client; and upon receiving the request for data, encrypting the requested data using the third security token prior to sending the requested data to the client.
-
-
10. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending the application code to the client; sending the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client; upon verifying that the value of the session credential security token is valid in response to the second request, generating a third security token that is tied to the session credential security token; embedding the third security token in application code prior to sending the application code to the client; receiving a third request from the client to download a second application, the third request including the value of the session credential security token; upon verifying that the value of the session credential security token is valid in response to the third request, generating a fourth security token that is tied to the session credential security token; embedding the fourth security token in the second application code; sending the second application code to the client; and upon receiving the request for data, encrypting the requested data using the third security token and the fourth security token prior to sending the requested data to the client.
-
-
11. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the second request including the value of the session credential security token; in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token; embedding the second security token in application code prior to sending the application code to the client; sending the application code with the embedded security token to the client; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client; upon verifying that the value of the session credential security token is valid in response to the second request, generating a first public key value in accordance with a cryptographic protocol; embedding the public key value in application code prior to sending the application code to the client; upon receiving the request for data that includes a second public key value in accordance with the cryptographic protocol, calculating an encryption key value; and encrypting the requested data using the encryption key value prior to sending the requested data to the client.
-
-
12. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
sending a first request to the server; receiving a first security token, the first security token being a session credential security token from the server; sending a second request to the server to download the application, the request including the value of the session credential security token; receiving an instance of application code from the server, the instance of the application code having a second security token that is tied to the session credential security token embedded therein, the instance of the application code being tied to the session credential security token; extracting the second security token from the application code; sending a request for data, the request including the value of the session credential security token and the value of the second security token; and receiving the requested data from the server. - View Dependent Claims (13, 14)
-
-
15. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
sending a first request to the server; receiving a first security token, the first security token being a session credential security token; sending a second request to the server to download the application, the second request including the value of the session credential security token; receiving application code from the server, the application code having a second security token that is tied to the session credential security token embedded therein and a third security token that is tied to the session credential security token embedded therein; extracting the second security token from the application code; sending a request for data, the request including the value of the session credential security token and the value of the second security token; receiving the requested data from the server; extracting the third security token from the application code; and decrypting the requested data that is received from the server using the third security token.
-
-
16. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
-
receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token; sending the session credential security token to the client; receiving a second request from the client to download the application, the request including the value of the session credential security token; in response to the second request, generating, based in part on the session credential information, a second security token; sending an instance of application code and the second security token to the client, the instance of the application code being tied to the session credential security token; receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the second security token; and verifying that the value of the session credential security token and the value of the second security token received with the data request are valid and, if so, transmitting the requested data to the client. - View Dependent Claims (17, 18)
-
Specification