Method and system for stateless validation
First Claim
Patent Images
1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
- receiving the request data from the untrusted client;
building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint;
sending the response to the untrusted client;
receiving a subsequent request that includes the subsequent request data and the validation rule; and
validating the subsequent request data using the validation rule.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.
-
Citations
20 Claims
-
1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
-
receiving the request data from the untrusted client; building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint; sending the response to the untrusted client; receiving a subsequent request that includes the subsequent request data and the validation rule; and validating the subsequent request data using the validation rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
-
a processor that receives the request data from the untrusted client, builds a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints, sends the response to the untrusted client, and receives a subsequent request from the untrusted client, the subsequent request including the subsequent request data and the validation rule; and a validation engine that validates the subsequent request data using the validation rule. - View Dependent Claims (18, 19, 20)
-
-
13. A storage medium readable by a computer encoding a computer program for execution by the computer to carry out a method for validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
-
receiving the request data from the untrusted client; building a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints; sending response the untrusted client; receiving a subsequent request that includes the subsequent request data and the validation rule; and validating the subsequent request data using the validation rule. - View Dependent Claims (14, 15, 16, 17)
-
Specification