Low code-footprint security solution

US 7,725,927 B2
Filed: 10/28/2005
Issued: 05/25/2010
Est. Priority Date: 10/28/2005
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for conducting secured communications with a client device in a network, wherein the apparatus includes a processor, and a non-transitory computer readable storage medium having computer readable instructions for:

receiving at the server a request message from the client device, wherein the request message comprises a nonce, a nonce count and an encrypted request, and wherein the request message is transported in a Hypertext Transfer Protocol (HTTP) message body;

determining whether the client device has permission to access the server using the nonce and the nonce count;

forming an encrypted server response message in response to the encrypted request and the client device having permission to access the server; and

issuing the encrypted server response message from the server to the client device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for conducting secured communications with a client device in a network are disclosed. The method includes receiving at the server a request message from the client device, wherein the request message comprises a nonce, a nonce count and an encrypted request, determining whether the client device has permission to access the server using the nonce and the nonce count, forming an encrypted server response message in response to the encrypted request and the client device has permission to access the server, and issuing the encrypted server response message from the server to the client device.

13 Citations

View as Search Results

36 Claims

1. An apparatus for conducting secured communications with a client device in a network, wherein the apparatus includes a processor, and a non-transitory computer readable storage medium having computer readable instructions for:
- receiving at the server a request message from the client device, wherein the request message comprises a nonce, a nonce count and an encrypted request, and wherein the request message is transported in a Hypertext Transfer Protocol (HTTP) message body;
  
  determining whether the client device has permission to access the server using the nonce and the nonce count;
  
  forming an encrypted server response message in response to the encrypted request and the client device having permission to access the server; and
  
  issuing the encrypted server response message from the server to the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, wherein the request message comprises:
    - a header block, wherein the header block includes version, content type, payload type, message authentication code, and user ID.
  - 3. The apparatus of claim 1, wherein the request message further comprises:
    - one or more encrypted data blocks, wherein each data block includes compressed content data, message authentication code, and padding data.
  - 4. The apparatus of claim 1, wherein determining whether the client device has permission to access the server using the nonce and the nonce count comprises:
    - verifying that the nonce and nonce count exist in a nonce table, wherein the nonce table stores a list of nonces associated with a corresponding list of client requests.
  - 5. The apparatus of claim 1, wherein forming an encrypted server response message comprises:
    - decrypting the encrypted request to form a decrypted request according to a predetermined decryption scheme;
      
      decompressing the decrypted request to form a decompressed request according to a predetermined decompression scheme; and
      
      preparing a server response message according to the decompressed request.
  - 6. The apparatus of claim 5, wherein forming an encrypted server response message further comprises:
    - compressing the server response message to form a compressed server response message according to a predetermined compression scheme; and
      
      encrypting the compressed server response message to form the encrypted server response message according to a predetermined encryption scheme.
  - 7. The apparatus of claim 6, wherein compressing comprises:
    - representing predefined portions of a message format by corresponding numeric values;
      
      storing mappings of the predefined portions of the message format and the corresponding numeric values in a compression dictionary; and
      
      encoding a uncompressed message with numeric values using the mappings of the compression dictionary.
  - 8. The apparatus of claim 5, wherein decompressing comprises:
    - representing predefined portions of a message format by corresponding numeric values;
      
      storing mappings of the predefined portions of the message format and the corresponding numeric values in a compression dictionary; and
      
      decoding numeric values of a compressed message using the mappings of the compression dictionary.
  - 9. The apparatus of claim 1 further comprising computer readable instructions for:
    - forming a new nonce in response to the nonce and the nonce count having empty values;
      
      storing the new nonce in a nonce table;
      
      issuing a response to the client device, wherein the response includes the new nonce; and
      
      receiving from the client device a second request message, wherein the second request message comprises the new nonce, a corresponding new nonce count, and a second encrypted request.
  - 10. The apparatus of claim 1 further comprising computer readable instructions for:
    - forming a new nonce in response to the nonce and the nonce count having expired;
      
      storing the new nonce in a nonce table;
      
      issuing a response to the client device, wherein the response includes the new nonce; and
      
      receiving from the client device a second request message, wherein the second request message comprises the new nonce, a corresponding new nonce count, and a second encrypted request.
  - 11. The apparatus of claim 1 further comprising computer readable instructions for:
    - forming a new nonce prior to expiration of the nonce and the nonce count;
      
      storing the new nonce in a nonce table; and
      
      issuing a response to the client device, wherein the response includes the new nonce and an encrypted response message.
  - 12. The apparatus of claim 1, wherein the client device comprises:
    - one or more components, wherein each component includes a communication thread that uses a unique nonce to communicate with the server, and wherein the corresponding nonce count of each unique nonce is incremented independent of the other nonce counts.

13. A method for conducting secured communications between a server and a client device in a network, comprising:
- receiving at the server a request message from the client device, wherein the request message comprises a nonce, a nonce count and an encrypted request, and wherein the request message is transported in a Hypertext Transfer Protocol (HTTP) message body;
  
  determining whether the client device has permission to access the server using the nonce and the nonce count;
  
  forming an encrypted server response message in response to the encrypted request and the client device having permission to access the server; and
  
  issuing the encrypted server response message from the server to the client device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein the request message comprises:
    - a header block, wherein the header block includes version, content type, payload type, message authentication code, and user ID.
  - 15. The method of claim 13, wherein the request message further comprises:
    - one or more encrypted data blocks, wherein each data block includes compressed content data, message authentication code, and padding data.
  - 16. The method of claim 13, wherein determining comprises:
    - verifying that the nonce and nonce count exist in a nonce table, wherein the nonce table stores a list of nonces associated with a corresponding list of client requests.
  - 17. The method of claim 13, wherein forming an encrypted server response message comprises:
    - decrypting the encrypted request to form a decrypted request according to a predetermined decryption scheme;
      
      decompressing the decrypted request to form a decompressed request according to a predetermined decompression scheme; and
      
      preparing a server response message according to the decompressed request.
  - 18. The method of claim 17, wherein forming an encrypted server response message further comprises:
    - compressing the server response message to form a compressed server response message according to a predetermined compression scheme; and
      
      encrypting the compressed server response message to form the encrypted server response message according to a predetermined encryption scheme.
  - 19. The method of claim 18, wherein compressing comprises:
    - representing predefined portions of a message format by corresponding numeric values;
      
      storing mappings of the predefined portions of the message format and the corresponding numeric values in a compression dictionary; and
      
      encoding a uncompressed message with numeric values using the mappings of the compression dictionary.
  - 20. The method of claim 17, wherein decompressing comprises:
    - representing predefined portions of a message format by corresponding numeric values;
      
      storing mappings of the predefined portions of the message format and the corresponding numeric values in a compression dictionary; and
      
      decoding numeric values of a compressed message using the mappings of the compression dictionary.
  - 21. The method of claim 13 further comprising:
    - forming a new nonce in response to the nonce and the nonce count have empty values;
      
      storing the new nonce in a nonce table;
      
      issuing a response to the client device, wherein the response includes the new nonce; and
      
      receiving from the client device a second request message, wherein the second request message comprises the new nonce, a corresponding new nonce count, and a second encrypted request.
  - 22. The method of claim 13 further comprising:
    - forming a new nonce in response to the nonce and the nonce count have expired;
      
      storing the new nonce in a nonce table;
      
      issuing a response to the client device, wherein the response includes the new nonce; and
      
      receiving from the client device a second request message, wherein the second request message comprises the new nonce, a corresponding new nonce count, and a second encrypted request.
  - 23. The method of claim 13 further comprising:
    - forming a new nonce in response to the nonce and the nonce count are about to expire;
      
      storing the new nonce in a nonce table; and
      
      issuing a response to the client device, wherein the response includes the new nonce and an encrypted response message.
  - 24. The method of claim 13, wherein the client device comprises:
    - one or more components, wherein each component includes a communication thread that uses a unique nonce to communicate with the server, and wherein the corresponding nonce count of each unique nonce is incremented independent of the other nonce counts.

25. A non-transitory computer readable storage medium comprising computer readable instructions for conducting secured communications between a server and a client device in a network, the computer readable instructions for:
- receiving at the server a request message from the client device, wherein the request message comprises a nonce, a nonce count and an encrypted request, and wherein the request message is transported in a Hypertext Transfer Protocol (HTTP) message body;
  
  determining whether the client device has permission to access the server using the nonce and the nonce count;
  
  forming an encrypted server response message in response to the encrypted request and the client device having permission to access the server; and
  
  issuing the encrypted server response message from the server to the client device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The non-transitory computer readable storage medium of claim 25, wherein the request message comprises:
    - a header block, wherein the header block includes version, content type, payload type, message authentication code, and user ID.
  - 27. The non-transitory computer readable storage medium of claim 25, wherein the request message further comprises:
    - one or more encrypted data blocks, wherein each data block includes compressed content data, message authentication code, and padding data.
  - 28. The non-transitory computer readable storage medium of claim 25, wherein determining whether the client device has permission to access the server using the nonce and the nonce count comprises:
    - verifying that the nonce and nonce count exist in a nonce table, wherein the nonce table stores a list of nonces associated with a corresponding list of client requests.
  - 29. The non-transitory computer readable storage medium of claim 25, wherein forming an encrypted server response message comprises:
    - decrypting the encrypted request to form a decrypted request according to a predetermined decryption scheme;
      
      decompressing the decrypted request to form a decompressed request according to a predetermined decompression scheme; and
      
      preparing a server response message according to the decompressed request.
  - 30. The non-transitory computer readable storage medium of claim 29, wherein forming an encrypted server response message further comprises:
    - compressing the server response message to form a compressed server response message according to a predetermined compression scheme; and
      
      encrypting the compressed server response message to form the encrypted server response message according to a predetermined encryption scheme.
  - 31. The non-transitory computer readable storage medium of claim 30, wherein compressing comprises:
    - representing predefined portions of a message format by corresponding numeric values;
      
      storing mappings of the predefined portions of the message format and the corresponding numeric values in a compression dictionary; and
      
      encoding a uncompressed message with numeric values using the mappings of the compression dictionary.
  - 32. The non-transitory computer readable storage medium of claim 29, wherein decompressing comprises:
    - representing predefined portions of a message format by corresponding numeric values;
      
      storing mappings of the predefined portions of the message format and the corresponding numeric values in a compression dictionary; and
      
      decoding numeric values of a compressed message using the mappings of the compression dictionary.
  - 33. The non-transitory computer readable storage medium of claim 25 further comprising computer readable instructions for:
    - forming a new nonce in response to the nonce and the nonce count have empty values;
      
      storing the new nonce in a nonce table;
      
      issuing a response to the client device, wherein the response includes the new nonce; and
      
      receiving from the client device a second request message, wherein the second request message comprises the new nonce, a corresponding new nonce count, and a second encrypted request.
  - 34. The non-transitory computer readable storage medium of claim 25 further comprising computer readable instructions for:
    - forming a new nonce in response to the nonce and the nonce count have expired;
      
      storing the new nonce in a nonce table;
      
      issuing a response to the client device, wherein the response includes the new nonce; and
      
      receiving from the client device a second request message, wherein the second request message comprises the new nonce, a corresponding new nonce count, and a second encrypted request.
  - 35. The non-transitory computer readable storage medium of claim 25 further comprising computer readable instructions for:
    - forming a new nonce in response to the nonce and the nonce count are about to expire;
      
      storing the new nonce in a nonce table; and
      
      issuing a response to the client device, wherein the response includes the new nonce and an encrypted response message.
  - 36. The non-transitory computer readable storage medium of claim 25, wherein the client device comprises:
    - one or more components, wherein each component includes a communication thread that uses a unique nonce to communicate with the server, and wherein the corresponding nonce count of each unique nonce is incremented independent of the other nonce counts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
R2 Solutions LLC (Acacia Research Corporation)
Original Assignee
Yahoo! Inc. (Apollo Global Management, Inc.)
Inventors
Kraus, Thomas, Srinivasan, Venkatachary, Meyer, Markus, Yang, Lie
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
HO, VIRGINIA T

Application Number

US11/262,194
Publication Number

US 20070101412A1
Time in Patent Office

1,670 Days
Field of Search

726/5, 713/151, 713160-161
US Class Current

726/5
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 2221/2103   Challenge-response

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/20   Manipulating the length of ...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 63/0869   for achieving mutual authen...

H04L 9/3271   using challenge-response

Low code-footprint security solution

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Low code-footprint security solution

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links