Method for enhancing network application security

US 8,302,170 B2
Filed: 09/22/2009
Issued: 10/30/2012
Est. Priority Date: 09/22/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:

receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;

sending the session credential security token to the client;

receiving a second request from the client to download the application, the second request including the value of the session credential security token;

in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;

embedding the second security token in application code prior to sending an instance of the application code to the client, the instance of the application code being tied to the session credential security token;

sending the instance of the application code with the embedded security token to the client;

receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and

verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communications between a server and an application downloaded over a network onto a client of the server is disclosed. A first request is received from the client, and in response a session credential security token is generated and sent to the client. A second request is received from the client to download the application and includes the value of the session credential security token. The server verifies that the value of the session credential security token is valid and, if so, generates a second security token that is tied to the session credential security token. The second token is embedded in application code and then the application code is sent to the client. A subsequent request for data from the application running on the client includes the value of the session credential security token and the value of the embedded security token. Verification of validity of the values of the session credential security token and the second security token received with the data request then occurs at least in part by determining that the values are cryptographically tied to one another. Upon verification, the requested data is sent to the client.

87 Citations

View as Search Results

18 Claims

1. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending an instance of the application code to the client, the instance of the application code being tied to the session credential security token;
  
  sending the instance of the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein sending the session credential security token to the client comprises sending the value of the session credential security token to the client as a cookie.
  - 3. The method of claim 1 wherein verifying that the value of the session credential security token is valid in response to the second request comprises extracting and verifying the validity of signature data and a time stamp from the session credential security token.
  - 4. The method of claim 1 wherein verifying that the values of the session credential security token and the second security token received with the data request are valid further comprises verifying that client IP address information encoded in each token matches the client IP address information associated with the data request.
  - 5. The method of claim 1 wherein verifying that the values of the session credential security token and the second security token received with the data request are valid further comprises verifying that the tokens have not expired.

6. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending the application code to the client;
  
  sending the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client;
  
  wherein sending the session credential security token to the client comprises;
  
  embedding the session credential security token into download initiation code that enables the client to send a request for downloading of the application; and
  
  sending the download initiation code with the embedded session credential security token to the client.

7. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending the application code to the client;
  
  sending the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token; and
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client;
  
  wherein embedding the second security token in application code comprises splitting the second security token into a plurality of portions and embedding each of said portions at a different location within the application code.

8. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending the application code to the client;
  
  sending the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token;
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client;
  
  upon verifying that the value of the session credential security token is valid in response to the second request, generating a third security token that is tied to the session credential security token;
  
  embedding the third security token in application code prior to sending the application code to the client; and
  
  upon receiving the request for data, encrypting the requested data using the third security token prior to sending the requested data to the client.

9. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending the application code to the client;
  
  sending the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token;
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client;
  
  receiving a third request from the client to download a second application, the request including the value of the session credential security token;
  
  upon verifying that the value of the session credential security token is valid in response to the third request, generating a third security token that is tied to the session credential security token;
  
  embedding the third security token in the second application code;
  
  sending the second application code to the client; and
  
  upon receiving the request for data, encrypting the requested data using the third security token prior to sending the requested data to the client.

10. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending the application code to the client;
  
  sending the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token;
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client;
  
  upon verifying that the value of the session credential security token is valid in response to the second request, generating a third security token that is tied to the session credential security token;
  
  embedding the third security token in application code prior to sending the application code to the client;
  
  receiving a third request from the client to download a second application, the third request including the value of the session credential security token;
  
  upon verifying that the value of the session credential security token is valid in response to the third request, generating a fourth security token that is tied to the session credential security token;
  
  embedding the fourth security token in the second application code;
  
  sending the second application code to the client; and
  
  upon receiving the request for data, encrypting the requested data using the third security token and the fourth security token prior to sending the requested data to the client.

11. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the second request including the value of the session credential security token;
  
  in response to the second request, verifying that the value of the session credential security token is valid and, if so, generating a second security token that is tied to the session credential security token;
  
  embedding the second security token in application code prior to sending the application code to the client;
  
  sending the application code with the embedded security token to the client;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the embedded security token;
  
  verifying that the values of the session credential security token and the second security token received with the data request are valid at least in part by determining that the values are cryptographically tied to one another, and, if so, sending the requested data to the client;
  
  upon verifying that the value of the session credential security token is valid in response to the second request, generating a first public key value in accordance with a cryptographic protocol;
  
  embedding the public key value in application code prior to sending the application code to the client;
  
  upon receiving the request for data that includes a second public key value in accordance with the cryptographic protocol, calculating an encryption key value; and
  
  encrypting the requested data using the encryption key value prior to sending the requested data to the client.

12. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- sending a first request to the server;
  
  receiving a first security token, the first security token being a session credential security token from the server;
  
  sending a second request to the server to download the application, the request including the value of the session credential security token;
  
  receiving an instance of application code from the server, the instance of the application code having a second security token that is tied to the session credential security token embedded therein, the instance of the application code being tied to the session credential security token;
  
  extracting the second security token from the application code;
  
  sending a request for data, the request including the value of the session credential security token and the value of the second security token; and
  
  receiving the requested data from the server.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 further comprising:
    - sending a third request to the server to download a second application, the third request including the value of the session credential security token;
      
      receiving the code of the second application from the server, the second application code having a third security token that is tied to the session credential security token embedded therein;
      
      extracting the third security token from the code of the second application; and
      
      decrypting the requested data that is received from the server using the third security token.
  - 14. The method of claim 12 wherein the application code further has a third security token that is tied to the session credential security token embedded therein;
    - the method further comprising;
      
      extracting the third security token from the application code;
      
      sending a third request to the server to download a second application, the third request including the value of the session credential security token;
      
      receiving the code of the second application from the server, the second application code having a fourth security token that is tied to the session credential security token embedded therein;
      
      extracting the fourth security token from the code of the second application; and
      
      decrypting the requested data that is received from the server.

15. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- sending a first request to the server;
  
  receiving a first security token, the first security token being a session credential security token;
  
  sending a second request to the server to download the application, the second request including the value of the session credential security token;
  
  receiving application code from the server, the application code having a second security token that is tied to the session credential security token embedded therein and a third security token that is tied to the session credential security token embedded therein;
  
  extracting the second security token from the application code;
  
  sending a request for data, the request including the value of the session credential security token and the value of the second security token;
  
  receiving the requested data from the server;
  
  extracting the third security token from the application code; and
  
  decrypting the requested data that is received from the server using the third security token.

16. A method for securing communications between a server and an application downloaded over a network onto a client of the server, comprising:
- receiving a first request from the client, and in response generating a first security token, the first security token being a session credential security token;
  
  sending the session credential security token to the client;
  
  receiving a second request from the client to download the application, the request including the value of the session credential security token;
  
  in response to the second request, generating, based in part on the session credential information, a second security token;
  
  sending an instance of application code and the second security token to the client, the instance of the application code being tied to the session credential security token;
  
  receiving a request for data from the application running on the client, the request including the value of the session credential security token and the value of the second security token; and
  
  verifying that the value of the session credential security token and the value of the second security token received with the data request are valid and, if so, transmitting the requested data to the client.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 wherein the security token is embedded in the application code prior to sending the application code to the client.
  - 18. The method of claim 16 wherein the session credential information includes the client IP address and a time indicative of when the application code was sent to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Richemont International SA (Compagnie Financiere Richemont SA)
Original Assignee
Bespoke Innovations SARL (Compagnie Financiere Richemont SA)
Inventors
Kramer, Glenn A., Van Vleck, Thomas H.
Primary Examiner(s)
McNally, Michael S

Application Number

US12/564,087
Publication Number

US 20100077216A1
Time in Patent Office

1,134 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/168   above the transport layer

H04L 9/002   Countermeasures against att...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3234   involving additional secure...

H04L 9/3273   for mutual authentication n...

Method for enhancing network application security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for enhancing network application security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links