Binding digitally signed requests to sessions
First Claim
Patent Images
1. A computer-implemented method, comprising:
- establishing a cryptographically protected communications session;
after the cryptographically protected communications session is established,receiving, from a client over the cryptographically protected communications session, a request and a digital signature, the request including a parameter specific to a cryptographically protected communications session over which the request was submitted;
determining whether the cryptographically protected communications session is the same as the cryptographically protected communications session over which the request was submitted by at least;
determining information specific to the cryptographically protected communications session;
determining whether the information specific to the cryptographically protected communications session matches the parameter specific to the cryptographically protected communications session over which the request was submitted;
accessing a cryptographic key registered prior to establishment of the cryptographically protected communications session and in association with the client; and
determining, based at least in part on the request and the cryptographic key, whether the digital signature is valid; and
as a result of both the digital signature being valid and the information specific to the cryptographically protected communications session matching the parameter specific to the cryptographically protected communications session over which the request was submitted;
generating a response to the request;
using the cryptographic key to generate a digital signature of the response; and
transmitting the generated response and the generated digital signature to the client over the cryptographically protected communications session.
1 Assignment
0 Petitions
Accused Products
Abstract
A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct. The server may perform mitigating operations if either or both of the information or the digital signature is/are invalid.
33 Citations
21 Claims
-
1. A computer-implemented method, comprising:
-
establishing a cryptographically protected communications session; after the cryptographically protected communications session is established, receiving, from a client over the cryptographically protected communications session, a request and a digital signature, the request including a parameter specific to a cryptographically protected communications session over which the request was submitted; determining whether the cryptographically protected communications session is the same as the cryptographically protected communications session over which the request was submitted by at least; determining information specific to the cryptographically protected communications session; determining whether the information specific to the cryptographically protected communications session matches the parameter specific to the cryptographically protected communications session over which the request was submitted; accessing a cryptographic key registered prior to establishment of the cryptographically protected communications session and in association with the client; and determining, based at least in part on the request and the cryptographic key, whether the digital signature is valid; and as a result of both the digital signature being valid and the information specific to the cryptographically protected communications session matching the parameter specific to the cryptographically protected communications session over which the request was submitted; generating a response to the request; using the cryptographic key to generate a digital signature of the response; and transmitting the generated response and the generated digital signature to the client over the cryptographically protected communications session. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising at least one computing device configured to implement one or more services, the one or more services configured to:
-
receive, over an established cryptographically protected communications session, a digital signature and a request associated with a client; obtain, prior to establishment of the established cryptographically protected communications session, a cryptographic key associated with the client; perform, based at least in part on the request, the cryptographic key, and the digital signature, a verification of whether the request was transmitted from the client to the system over the established cryptographically protected communications session; and perform one or more mitigating actions if the verification results in the request being transmitted from the client to the system over the established cryptographically protected communications session being unverified. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
establish a cryptographically protected communications session; after establishment of the cryptographically protected communications session, determine information usable to distinguish the established cryptographically protected communications session from other cryptographically protected communications session; digitally sign a request that includes the determined information using a cryptographic key obtained prior to establishment of the cryptographically protected communications session, thereby generating a digital signature; and transmit the request and the digital signature over the cryptographically protected communications session. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification