Optimization of signing soap body element

US 8,375,211 B2
Filed: 04/21/2009
Issued: 02/12/2013
Est. Priority Date: 04/21/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for processing an extensible markup language digital signature, the computer implemented method comprising:

receiving a non-canonicalized serialized byte array and a source hash value, wherein the non-canonicalized serialized byte array comprises a source extensible markup language document, wherein the source hash value is calculated using the non-canonicalized serialized byte array, a source offset that indicates a beginning of the source extensible markup language document, and a source length value that indicates a total length of one of the source extensible markup language document or a payload, and wherein the source hash value is an element in the extensible markup language digital signature used to sign a subset of the non-canonicalized serialized byte array;

calculating, by a computer, a target offset and a target length value of a signed part in the non-canonicalized serialized byte array;

calculating a target hash value using the non-canonicalized serialized byte array, the target offset, and the target length value; and

verifying an integrity of the non-canonicalized serialized byte array by comparing the target hash value and the source hash value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An XML digital signature mechanism for providing message integrity. A sending party serializes a source XML document into a serialized byte array, calculates the source offset and length of the array of the signed part in the serialized byte array, and calculates a source hash value using the serialized array and the source offset and length. The serialized byte array is a non-canonicalized array. The array and source hash value used to sign a part or the whole of the serialized byte array is sent to a receiving party. The receiving party calculates the target offset and length of the signed part in the serialized byte array and calculates a target hash value of the signed part by using the array and the target offset and length. The receiving party compares the target hash value and the source hash value to verify the integrity of the target XML document.

Citations

20 Claims

1. A computer implemented method for processing an extensible markup language digital signature, the computer implemented method comprising:
- receiving a non-canonicalized serialized byte array and a source hash value, wherein the non-canonicalized serialized byte array comprises a source extensible markup language document, wherein the source hash value is calculated using the non-canonicalized serialized byte array, a source offset that indicates a beginning of the source extensible markup language document, and a source length value that indicates a total length of one of the source extensible markup language document or a payload, and wherein the source hash value is an element in the extensible markup language digital signature used to sign a subset of the non-canonicalized serialized byte array;
  
  calculating, by a computer, a target offset and a target length value of a signed part in the non-canonicalized serialized byte array;
  
  calculating a target hash value using the non-canonicalized serialized byte array, the target offset, and the target length value; and
  
  verifying an integrity of the non-canonicalized serialized byte array by comparing the target hash value and the source hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented method of claim 1, wherein verifying the integrity of the serialized byte array further comprises:
    - determining the non-canonicalized serialized byte array is valid if the target hash value matches the source hash value; and
      
      determining the non-canonicalized serialized byte array is invalid if the target hash value does not match the source hash value.
  - 3. The computer implemented method of claim 1, wherein the source extensible markup language document comprises a request for a web service.
  - 4. The computer implemented method of claim 1, further comprising:
    - responsive to verifying the integrity of the non-canonicalized serialized byte array, deserializing the non-canonicalized serialized byte array into a target extensible markup language document.
  - 5. The computer implemented method of claim 1, wherein a communications path between the sending party and the receiving party comprises intermediaries, and wherein no deserialization or serialization of the serialized byte array is performed by the intermediaries.
  - 6. The computer implemented method of claim 1, wherein a reference element in the extensible markup language digital signature used to sign a subset of or the whole of the serialized byte array comprises a character array for a transformation algorithm that specifies the serialized byte array is handled as binary data.
  - 7. The computer implemented method of claim 1, wherein the target hash value is calculated without canonicalizing the non-canonicalized serialized byte array.

8. An apparatus comprising:
- a bus;
  
  a storage device connected to the bus, wherein the storage device contains computer usable code;
  
  at least one managed device connected to the bus;
  
  a communications unit connected to the bus; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code to receive a non-canonicalized serialized byte array and a source hash value, wherein the non-canonicalized serialized byte array comprises a source extensible markup language document, wherein the source hash value is calculated using the non-canonicalized serialized byte array, a source offset that indicates a beginning of the source extensible markup language document, and a source length value that indicates a total length of one of the source extensible markup language document or a payload, and wherein the source hash value is an element in the extensible markup language digital signature used to sign a subset of the non-canonicalized serialized byte array;
  
  calculate a target offset and a target length value of a signed part in the non-canonicalized serialized byte array;
  
  calculate a target hash value using the non-canonicalized serialized byte array, the target offset, and the target length value; and
  
  compare the target hash value and the source hash value to verify an integrity of the non-canonicalized serialized byte array.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8, wherein the computer usable code to verify the integrity of the serialized byte array further comprises computer usable code to determine the non-canonicalized serialized byte array is valid if the target hash value matches the source hash value, and determine the non-canonicalized serialized byte array is invalid if the target hash value does not match the source hash value.
  - 10. The apparatus of claim 8, wherein the processing unit further executes the computer usable code to deserialize the non-canonicalized serialized byte array into a target extensible markup language document in response to verifying the integrity of the serialized byte array.
  - 11. The apparatus of claim 8, wherein a communications path between the sending party and the receiving party comprises intermediaries, and wherein no deserialization or serialization of the serialized byte array is performed by the intermediaries.
  - 12. The apparatus of claim 8, wherein a reference element in the extensible markup language digital signature used to sign a subset of the serialized byte array comprises a character array for a transformation algorithm that specifies the serialized byte array is handled as binary data.
  - 13. The apparatus of claim 8, wherein the target hash value is calculated without canonicalizing the non-canonicalized serialized byte array.

14. A computer program product for processing an extensible markup language digital signature in a non-transitory computer recordable storage medium having computer usable program code stored thereon, the computer usable program code for execution by a computer, comprising:
- computer usable program code for receiving a non-canonicalized serialized byte array and a source hash value, wherein the non-canonicalized serialized byte array comprises a source extensible markup language document, wherein the source hash value is calculated using the non-canonicalized serialized byte array, a source offset that indicates a beginning of the source extensible markup language document, and a source length value that indicates a total length of one of the source extensible markup language document or a payload, and wherein the source hash value is an element in the extensible markup language digital signature used to sign a subset of the non-canonicalized serialized byte array;
  
  computer usable program code for calculating a target offset and a target length value of a signed part in the non-canonicalized serialized byte array;
  
  computer usable program code for calculating a target hash value using the non-canonicalized serialized byte array, the target offset, and the target length value; and
  
  computer usable program code for comparing the target hash value and the source hash value to verify an integrity of the non-canonicalized serialized byte array.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14, wherein the computer usable program code for verifying the integrity of the serialized byte array further comprises:
    - computer usable program code for determining the non-canonicalized serialized byte array is valid if the target hash value matches the source hash value; and
      
      computer usable program code for determining the non-canonicalized serialized byte array is invalid if the target hash value does not match the source hash value.
  - 16. The computer program product of claim 14, wherein the source extensible markup language document comprises a request for a web service.
  - 17. The computer program product of claim 14, further comprising:
    - computer usable program code for deserializing the non-canonicalized serialized byte array into a target extensible markup language document in response to verifying the integrity of the serialized byte array.
  - 18. The computer program product of claim 14, wherein a communications path between the sending party and the receiving party comprises intermediaries, and wherein no deserialization or serialization of the serialized byte array is performed by the intermediaries.
  - 19. The computer program product of claim 14, wherein a reference element in the extensible markup language digital signature used to sign a subset of the serialized byte array comprises a character array for a transformation algorithm that specifies the serialized byte array is handled as binary data.
  - 20. The computer program product of claim 14, wherein the target hash value is calculated without canonicalizing the non-canonicalized serialized byte array.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chung, Hyen Vui, Nogayama, Takahide, Truty, Gregory Louis, Ueno, Kenichiro
Primary Examiner(s)
Vu, Kimyen
Assistant Examiner(s)
MORAN, RANDAL D

Application Number

US12/427,095
Publication Number

US 20100268952A1
Time in Patent Office

1,393 Days
Field of Search

713/170
US Class Current

713/170
CPC Class Codes

H04L 2209/68   Special signature format, e...

H04L 2209/80   Wireless

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Optimization of signing soap body element

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Optimization of signing soap body element

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links