Method and system for stateless validation

US 9,178,705 B2
Filed: 04/13/2007
Issued: 11/03/2015
Est. Priority Date: 04/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:

receiving the request data from the untrusted client;

building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint;

sending the response to the untrusted client;

receiving a subsequent request that includes the subsequent request data and the validation rule; and

validating the subsequent request data using the validation rule.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.

Citations

20 Claims

1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
- receiving the request data from the untrusted client;
  
  building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint;
  
  sending the response to the untrusted client;
  
  receiving a subsequent request that includes the subsequent request data and the validation rule; and
  
  validating the subsequent request data using the validation rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as claimed in claim 1, wherein the characteristic is a response primitive affecting the subsequent request data.
  - 3. The method as claimed in claim 2, wherein the response primitive is a parameter.
  - 4. The method as claimed in claim 2, wherein the response primitive is a structure of a plurality of parameters.
  - 5. The method as claimed in claim 1, wherein the request has a parameter, and a validation rule corresponding to the parameter.
  - 6. The method as claimed in claim 1, wherein the response and the subsequent request further comprise a target ID.
  - 7. The method as claimed in claim 1, wherein the response and the subsequent request further comprise a session ID.
  - 8. The method as claimed in claim 1, further comprising:
    - digitally signing one member selected form the group consisting of;
      
      the constraints in the validation rule, the validation rule, the plurality of validation rules, the plurality of validation rules with target ID, the plurality of validation rules with session ID, and a combination thereof.
  - 9. The method as claimed in claim 8 wherein a keyed hash message authentication code (HMAC) is used to digitally sign the one member.
  - 10. The method as claimed in claim 8 wherein a public private key signature is used to digitally sign the one member.
  - 11. The method as claimed in claim 1, further comprising:
    - ensuring the correctness of the subsequent request at the untrusted client using the validation rule.

12. A system of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
- a processor thatreceives the request data from the untrusted client,builds a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints,sends the response to the untrusted client, andreceives a subsequent request from the untrusted client, the subsequent request including the subsequent request data and the validation rule; and
  
  a validation engine that validates the subsequent request data using the validation rule.
- View Dependent Claims (18, 19, 20)
- - 18. The system as claimed in claim 12, wherein the characteristic is a response primitive affecting the subsequent request data.
  - 19. The system as claimed in claim 18, wherein the response primitive is a parameter.
  - 20. The system as claimed in claim 18, wherein the response primitive is a structure of a plurality of parameters.

13. A storage medium readable by a computer encoding a computer program for execution by the computer to carry out a method for validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
- receiving the request data from the untrusted client;
  
  building a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints;
  
  sending response the untrusted client;
  
  receiving a subsequent request that includes the subsequent request data and the validation rule; and
  
  validating the subsequent request data using the validation rule.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The storage medium as claimed in claim 13, wherein the characteristic is a response primitive affecting the subsequent request data.
  - 15. The storage medium as claimed in claim 14, wherein the response primitive is a parameter.
  - 16. The storage medium as claimed in claim 14, wherein the response primitive is a structure of a plurality of parameters.
  - 17. The storage medium as claimed in claim 13, wherein the request has a parameter, and a validation rule corresponding to the parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Roy, Patrick, Desbiens, Robert
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US11/787,268
Publication Number

US 20080256612A1
Time in Patent Office

3,126 Days
Field of Search

726/5, 726/10
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

Method and system for stateless validation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for stateless validation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links