×

HTTP signing

  • US 8,677,134 B2
  • Filed: 11/11/2010
  • Issued: 03/18/2014
  • Est. Priority Date: 11/11/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method for signing data transferred over a network, comprising:

  • receiving a request for a first resource;

    generating a first header field of a set of header fields, the first header field associated with a content identifier for the first resource;

    generating a second header field of the set of header fields, the second header field associated with a content expiration time for the first resource;

    determining a plurality of header fields corresponding with a message digest, the plurality of header fields includes at least one of the first header field or the second header field;

    generating the message digest, the generating the message digest includes hashing the plurality of header fields and at least a portion of the first resource;

    generating a supplemental header, the supplemental header specifies the plurality of header fields used to generate the message digest;

    generating a digital signature based on the message digest;

    embedding the set of header fields, the supplemental header, and the digital signature into a response header; and

    transmitting a response message, the response message includes the response header and the at least a portion of the first resource,wherein the plurality of header fields is a subset of the set of header fields;

    the response header is an HTTP response header;

    the first resource comprises a file;

    the supplemental header comprises a non-standard HTTP header; and

    the response header includes a cache expiration field, the cache expiration field specifies a time at which cached copies of the at least a portion of the first resource must be refreshed, the content expiration time is at a time prior to the cache expiration time.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×