CA2322597C - Method and apparatus for cryptographic stateless protocol using asymmetric encryption - Google Patents
Method and apparatus for cryptographic stateless protocol using asymmetric encryption Download PDFInfo
- Publication number
- CA2322597C CA2322597C CA002322597A CA2322597A CA2322597C CA 2322597 C CA2322597 C CA 2322597C CA 002322597 A CA002322597 A CA 002322597A CA 2322597 A CA2322597 A CA 2322597A CA 2322597 C CA2322597 C CA 2322597C
- Authority
- CA
- Canada
- Prior art keywords
- server
- client
- state object
- action
- medium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Abstract
Prior methods of encryption of the token or "cookie" communicated to a client by a server use a symmetric method of encryption which does not permit the client to look at the state information. The present invention permits the client to view the state information, but not modify it, by using an asymmetric encryption method.
Description
METHOD AND APPARATUS FOR CRYPTOGRAPHIC STATELESS
PROTOCOL USING ASYMMETRIC ENCRYPTION
Technical Field The invention relates to the field of client-server communications in a computer network such as the Internet, and more particularly to methods of performing a secure stateless server protocol where the client stores the encrypted state information.
Background Art Computer networks such as the Internet involve communication between a first subset of computers which are the source of information and documents, referred to herein as "servers", and a second subset of computers which request such information and documents from servers, referred to herein as "clients". The most ubiquitous system for exchange of information between clients and servers is the World Wide Web. The following terms are well understood in the art and have been defined in a Glossary set out in United States Patent no. 5,961,601 owned by the applicant herein:
World Wide Web; Web Browser; Universal Resource Locator (URL); Hyperlink;
Hypertext Markup Language (HTML); Hypertext Transfer Protocol (HTTP). Clients obtain documents formatted in HTML from servers over the Internet using HTTP by linking an HTML-compatible browser to the server's URL.
HTTP is a stateless protocol in that each request sent from a client using the protocol is treated independently. The server does not keep any record of previous requests (that is, an HTTP
communication does not carry with it any state information). In that case the server is referred to as a "stateless" server. Such a stateless protocol has advantages in terms of server efficiency. A
stateless server is faster and more scalable as it is not required to store the state information of multiple clients. In many situations, however, it is useful for the client to retain information about a session after the session is closed, and then communicating the state information to the server when the next communication between that client and that server is made. See United States patent no.
5,774,670 Montulli issued June 30, 1998 to Netscape Communications Corp. and United States patent no. 5,774,670 Montulli issued October 20, 1998 also to Netscape Communications Corp.
which describe the communication of state information from the server to the client in a state object called a "cookie", which is stored at the client and contains the URL to which it is to be repeated back. A client containing such state information is referred to as "stateful".
Sometimes it may be undesirable for a client to modify the "cookie" or token which it is storing (cookies or tokens are types of information containing objects referred to herein as "state objects"). For example, where the token contains an expiry date, it is undesirable to allow the client to modify that expiry date. Consequently a method involving the encryption of the token has been developed. See United States patent no. 6,065,117 White issued May 16, 2000 to International Business Machines Corp. According to that method, a symmetric method of encryption is used. A
seed value, which is some dynamic variable such as the client's network address, is used to generate a symmetric key to encrypt a token sent to the client. The encrypted token is returned to the client.
The token therefore cannot be read or modified by the client. It may be important however to permit the client to read, but not modify, the token or "cookie". There is a need therefore for a method of providing secure state information between a stateless server and a stateful client which permits the client to read but not modify the state object.
Methods of public key encryption are well known in the art. Unlike symmetric methods of encryption, where the sender and the recipient use the same code to encrypt and decrypt the message, public key encryption is asymmetric encryption. In this form of encryption, the server has a pair of keys. One key is a public key, which can be made freely available to clients. The other key carefully guarded by the server is a private key. A message encoded with the particular public key can only be decoded using the corresponding private key, and vice versa.
Disclosure of Invention The present invention therefore provides a method of communicating state information between a server and a client having a memory, the method comprising the steps of i) providing an asymmetric encryption method having a public key provided to said client and the server and a private key provided to the server; ii) the client communicating a client request to the server to perform a server action; iii) the server responsive to receiving the client request, performing the server action and creating a state object containing post-action state information; iv) encrypting the state object using the private key; v) communicating the encrypted state object and a result of the server action to the client; and vi) storing the encrypted state object in the client memory. The method according to the invention may comprise the further step of the client decrypting the state object using the public key. According to a further aspect of the invention, the method further comprises the steps of: vii) the client communicating a subsequent client request to the server to perform a server action and the server receiving from the client the encrypted state object with the subsequent client request; and viii) the server, responsive to receiving the subsequent client request, decrypting the received encrypted state object using the public key.
According to a further aspect of the invention, the invention further comprises the step of:
1 S ix) the server, after decrypting the received encrypted state obj ect, verifying whether the received state object has been modified. According to a further aspect of the invention, the invention further comprises the steps o~ x) the server, after verifying that the received state object has not been modified, using state information contained therein to perform the requested action; xi) responsive to performing the requested action, replacing previous state information with new state information in the state object; xii) encrypting the state object with the private key;
and xiii) sending the encrypted state object and a result of the server action to the client.
The present invention further provides a data processing system for communicating state information between a server and a client having a memory, the data processing system comprising:
i) means for receiving a client request to perform a server action; ii) means, responsive to the client request receiving means, for performing the server action and creating a state obj ect containing post-action state information; iii) means for encrypting the state object comprising an asymmetric enc-ryption method having a public key provided to the client and the server and a private key provided to the server; and iv) means for communicating the encrypted state object and a result of the server action to the client.
According to a further aspect of the invention, the invention further comprises: v) means for receiving from the client the encrypted state object with a subsequent client request to perform a server action; vi) means, responsive to the means for receiving the subsequent client request, for decrypting the received encrypted state object using the public key; and vii) means for verifying whether the received state object has been modified. According to a further aspect of the invention, the invention further comprises viii) means, responsive to the verifying means, for using state information contained in the state object to perform the requested server action; ix) means for replacing previous state information with new state information in the state object; x) means for encrypting the state object using the private key; and xi) means for sending said encrypted state object and a result of the server action to the client. According to a further aspect of the invention, the invention further comprises means for receiving said encrypted state obj ect; means for decrypting said state object using said public key; and means for storing said encrypted state object.
The invention further comprises a computer program product for communicating state information between a server and a client having a memory and provided with a public key of an asymmetric encryption method, the computer program product comprising: a computer usable medium having computer readable program code means embodied in the medium for receiving a client request to perform a server action; the computer usable medium having computer readable program code means embodied in the medium, responsive to the client request receiving means, for performing the server action and creating a state object containing post-action state information; the computer usable medium having computer readable program code means embodied in the medium for encrypting the created state object with the private key of the asymmetric encryption method;
and the computer usable medium having computer readable program code means embodied in the medium, responsive to the encrypting means, for sending the encrypted state object and a result of the server action to the client.
According to a further aspect of the invention, the invention further comprises: computer readable program code means embodied in the medium for receiving from the client the encrypted state object with a subsequent client request to perform a server action;
computer readable program code means embodied in the medium, responsive to the means for receiving the subsequent client request, for decrypting the received encrypted state object using the public key; and computer readable program code means embodied in the medium, responsive to the decrypting means, for verifying that the received state object whether the received state object has been modified.
The invention further comprises a computer program product for communicating state information between a server and a client having a memory, the server provided with a public key and a private key of an asymmetric encryption method and the client provided with a public key of an asymmetric encryption method, the computer program product comprising: a computer usable medium having computer readable program code means embodied in the medium for sending a client request to perform a server action; the computer usable medium having computer readable program code means embodied in the medium for receiving the results of the server action and a state object containing post-action state information wherein the state object is encrypted with the private key of the asymmetric encryption method, and means for storing the state object; and the computer usable medium having computer readable program code means embodied in the medium for decrypting the state object with the public key of the asymmetric encryption method. According to a further aspect of the invention the computer program product further comprises computer readable program code means embodied in the medium for replacing previous state information with new state information in the state object; computer readable program code means embodied in the medium for encrypting the state object using the private key; and computer readable program code means embodied in the medium for sending the encrypted state object with new state information and a result of the server action resulting from the subsequent client request to the client.
Brief Description of Drawings In drawings which disclose a preferred embodiment of the invention:
Fig. 1 is a schematic illustration of a computer network according to the present invention;
Fig. 2 is a block diagram illustrating a data processing system for implementing the invention; and Fig. 3 is a flow chart illustrating the method of the invention.
Best Models) For Carrying Out the Invention With reference to Fig. 1, a computer network is designated generally as 10.
Network 10 includes a client 12 and a server 14. While in the preferred embodiment such network is the Internet, it will be apparent to those skilled in the art that the present invention also has application in any local or wide area network or "intranet" incorporating one or more clients and one or more servers.
Fig. 2 illustrates a data processing system applicable to either the client 12 or server 14. It comprises a memory 20 which communicates with a central processing unit 22 by means of bus 24.
Memory 20 stores an operating system 26 and applications programs which include an asymmetric encryption program 28. Memory 20 also stores, in the case of the client, the public key 30 for the encryption program, and in the case of the server 14 both the public key 30 and private key 32, and stores the state object 16.
With reference to Fig. 3, the client 12 sends a stateless protocol request, such as an HTTP
protocol request, to server 14. Server 14 collects the requested information, and forms a state object 16 with the desired state information, which may include the server's URL for returning the state object. Server 14 encrypts the state object using its private key. Server 14 sends the encrypted state object to client 12 along with the requested information. The state object is stored in the client's memory. The client can then use the server's public key to look at the state object, but cannot modify the state object without corrupting it. When the client 12 makes another request to server 14 the encrypted state object is returned with the request and the server uses its public key to verify that the state obj ect has not been tampered with. It then obtains the requested information. If a new or updated state object is desired, it prepares and encrypts the new state object with its private key.
The requested information and encrypted state object is then returned to the client 12 and the encrypted state object 16 is again saved in the memory of client 12.
The present invention is described above as a computer-implemented method and data processing system. It may also be embodied as a computer hardware apparatus, computer software code or a combination of same. The invention may also be embodied as a computer-readable storage medium embodying code for implementing the invention. Such storage medium may be magnetic or optical, hard or floppy disk, CD-ROM, firmware or other storage media.
As will be apparent to those skilled in the art in the light of the foregoing disclosure, many alterations and modifications are possible in the practice of this invention without departing from the spirit or scope thereof. Accordingly, the scope of the invention is to be construed in accordance with the substance defined by the following claims.
PROTOCOL USING ASYMMETRIC ENCRYPTION
Technical Field The invention relates to the field of client-server communications in a computer network such as the Internet, and more particularly to methods of performing a secure stateless server protocol where the client stores the encrypted state information.
Background Art Computer networks such as the Internet involve communication between a first subset of computers which are the source of information and documents, referred to herein as "servers", and a second subset of computers which request such information and documents from servers, referred to herein as "clients". The most ubiquitous system for exchange of information between clients and servers is the World Wide Web. The following terms are well understood in the art and have been defined in a Glossary set out in United States Patent no. 5,961,601 owned by the applicant herein:
World Wide Web; Web Browser; Universal Resource Locator (URL); Hyperlink;
Hypertext Markup Language (HTML); Hypertext Transfer Protocol (HTTP). Clients obtain documents formatted in HTML from servers over the Internet using HTTP by linking an HTML-compatible browser to the server's URL.
HTTP is a stateless protocol in that each request sent from a client using the protocol is treated independently. The server does not keep any record of previous requests (that is, an HTTP
communication does not carry with it any state information). In that case the server is referred to as a "stateless" server. Such a stateless protocol has advantages in terms of server efficiency. A
stateless server is faster and more scalable as it is not required to store the state information of multiple clients. In many situations, however, it is useful for the client to retain information about a session after the session is closed, and then communicating the state information to the server when the next communication between that client and that server is made. See United States patent no.
5,774,670 Montulli issued June 30, 1998 to Netscape Communications Corp. and United States patent no. 5,774,670 Montulli issued October 20, 1998 also to Netscape Communications Corp.
which describe the communication of state information from the server to the client in a state object called a "cookie", which is stored at the client and contains the URL to which it is to be repeated back. A client containing such state information is referred to as "stateful".
Sometimes it may be undesirable for a client to modify the "cookie" or token which it is storing (cookies or tokens are types of information containing objects referred to herein as "state objects"). For example, where the token contains an expiry date, it is undesirable to allow the client to modify that expiry date. Consequently a method involving the encryption of the token has been developed. See United States patent no. 6,065,117 White issued May 16, 2000 to International Business Machines Corp. According to that method, a symmetric method of encryption is used. A
seed value, which is some dynamic variable such as the client's network address, is used to generate a symmetric key to encrypt a token sent to the client. The encrypted token is returned to the client.
The token therefore cannot be read or modified by the client. It may be important however to permit the client to read, but not modify, the token or "cookie". There is a need therefore for a method of providing secure state information between a stateless server and a stateful client which permits the client to read but not modify the state object.
Methods of public key encryption are well known in the art. Unlike symmetric methods of encryption, where the sender and the recipient use the same code to encrypt and decrypt the message, public key encryption is asymmetric encryption. In this form of encryption, the server has a pair of keys. One key is a public key, which can be made freely available to clients. The other key carefully guarded by the server is a private key. A message encoded with the particular public key can only be decoded using the corresponding private key, and vice versa.
Disclosure of Invention The present invention therefore provides a method of communicating state information between a server and a client having a memory, the method comprising the steps of i) providing an asymmetric encryption method having a public key provided to said client and the server and a private key provided to the server; ii) the client communicating a client request to the server to perform a server action; iii) the server responsive to receiving the client request, performing the server action and creating a state object containing post-action state information; iv) encrypting the state object using the private key; v) communicating the encrypted state object and a result of the server action to the client; and vi) storing the encrypted state object in the client memory. The method according to the invention may comprise the further step of the client decrypting the state object using the public key. According to a further aspect of the invention, the method further comprises the steps of: vii) the client communicating a subsequent client request to the server to perform a server action and the server receiving from the client the encrypted state object with the subsequent client request; and viii) the server, responsive to receiving the subsequent client request, decrypting the received encrypted state object using the public key.
According to a further aspect of the invention, the invention further comprises the step of:
1 S ix) the server, after decrypting the received encrypted state obj ect, verifying whether the received state object has been modified. According to a further aspect of the invention, the invention further comprises the steps o~ x) the server, after verifying that the received state object has not been modified, using state information contained therein to perform the requested action; xi) responsive to performing the requested action, replacing previous state information with new state information in the state object; xii) encrypting the state object with the private key;
and xiii) sending the encrypted state object and a result of the server action to the client.
The present invention further provides a data processing system for communicating state information between a server and a client having a memory, the data processing system comprising:
i) means for receiving a client request to perform a server action; ii) means, responsive to the client request receiving means, for performing the server action and creating a state obj ect containing post-action state information; iii) means for encrypting the state object comprising an asymmetric enc-ryption method having a public key provided to the client and the server and a private key provided to the server; and iv) means for communicating the encrypted state object and a result of the server action to the client.
According to a further aspect of the invention, the invention further comprises: v) means for receiving from the client the encrypted state object with a subsequent client request to perform a server action; vi) means, responsive to the means for receiving the subsequent client request, for decrypting the received encrypted state object using the public key; and vii) means for verifying whether the received state object has been modified. According to a further aspect of the invention, the invention further comprises viii) means, responsive to the verifying means, for using state information contained in the state object to perform the requested server action; ix) means for replacing previous state information with new state information in the state object; x) means for encrypting the state object using the private key; and xi) means for sending said encrypted state object and a result of the server action to the client. According to a further aspect of the invention, the invention further comprises means for receiving said encrypted state obj ect; means for decrypting said state object using said public key; and means for storing said encrypted state object.
The invention further comprises a computer program product for communicating state information between a server and a client having a memory and provided with a public key of an asymmetric encryption method, the computer program product comprising: a computer usable medium having computer readable program code means embodied in the medium for receiving a client request to perform a server action; the computer usable medium having computer readable program code means embodied in the medium, responsive to the client request receiving means, for performing the server action and creating a state object containing post-action state information; the computer usable medium having computer readable program code means embodied in the medium for encrypting the created state object with the private key of the asymmetric encryption method;
and the computer usable medium having computer readable program code means embodied in the medium, responsive to the encrypting means, for sending the encrypted state object and a result of the server action to the client.
According to a further aspect of the invention, the invention further comprises: computer readable program code means embodied in the medium for receiving from the client the encrypted state object with a subsequent client request to perform a server action;
computer readable program code means embodied in the medium, responsive to the means for receiving the subsequent client request, for decrypting the received encrypted state object using the public key; and computer readable program code means embodied in the medium, responsive to the decrypting means, for verifying that the received state object whether the received state object has been modified.
The invention further comprises a computer program product for communicating state information between a server and a client having a memory, the server provided with a public key and a private key of an asymmetric encryption method and the client provided with a public key of an asymmetric encryption method, the computer program product comprising: a computer usable medium having computer readable program code means embodied in the medium for sending a client request to perform a server action; the computer usable medium having computer readable program code means embodied in the medium for receiving the results of the server action and a state object containing post-action state information wherein the state object is encrypted with the private key of the asymmetric encryption method, and means for storing the state object; and the computer usable medium having computer readable program code means embodied in the medium for decrypting the state object with the public key of the asymmetric encryption method. According to a further aspect of the invention the computer program product further comprises computer readable program code means embodied in the medium for replacing previous state information with new state information in the state object; computer readable program code means embodied in the medium for encrypting the state object using the private key; and computer readable program code means embodied in the medium for sending the encrypted state object with new state information and a result of the server action resulting from the subsequent client request to the client.
Brief Description of Drawings In drawings which disclose a preferred embodiment of the invention:
Fig. 1 is a schematic illustration of a computer network according to the present invention;
Fig. 2 is a block diagram illustrating a data processing system for implementing the invention; and Fig. 3 is a flow chart illustrating the method of the invention.
Best Models) For Carrying Out the Invention With reference to Fig. 1, a computer network is designated generally as 10.
Network 10 includes a client 12 and a server 14. While in the preferred embodiment such network is the Internet, it will be apparent to those skilled in the art that the present invention also has application in any local or wide area network or "intranet" incorporating one or more clients and one or more servers.
Fig. 2 illustrates a data processing system applicable to either the client 12 or server 14. It comprises a memory 20 which communicates with a central processing unit 22 by means of bus 24.
Memory 20 stores an operating system 26 and applications programs which include an asymmetric encryption program 28. Memory 20 also stores, in the case of the client, the public key 30 for the encryption program, and in the case of the server 14 both the public key 30 and private key 32, and stores the state object 16.
With reference to Fig. 3, the client 12 sends a stateless protocol request, such as an HTTP
protocol request, to server 14. Server 14 collects the requested information, and forms a state object 16 with the desired state information, which may include the server's URL for returning the state object. Server 14 encrypts the state object using its private key. Server 14 sends the encrypted state object to client 12 along with the requested information. The state object is stored in the client's memory. The client can then use the server's public key to look at the state object, but cannot modify the state object without corrupting it. When the client 12 makes another request to server 14 the encrypted state object is returned with the request and the server uses its public key to verify that the state obj ect has not been tampered with. It then obtains the requested information. If a new or updated state object is desired, it prepares and encrypts the new state object with its private key.
The requested information and encrypted state object is then returned to the client 12 and the encrypted state object 16 is again saved in the memory of client 12.
The present invention is described above as a computer-implemented method and data processing system. It may also be embodied as a computer hardware apparatus, computer software code or a combination of same. The invention may also be embodied as a computer-readable storage medium embodying code for implementing the invention. Such storage medium may be magnetic or optical, hard or floppy disk, CD-ROM, firmware or other storage media.
As will be apparent to those skilled in the art in the light of the foregoing disclosure, many alterations and modifications are possible in the practice of this invention without departing from the spirit or scope thereof. Accordingly, the scope of the invention is to be construed in accordance with the substance defined by the following claims.
Claims (14)
1. A method of communicating state information between a server and a client having a memory, the method comprising the steps of:
i) providing an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server;
ii) said client communicating a client request to said server to perform a server action;
iii) said server responsive to receiving said client request, performing said server action and creating a state object containing post-action state information;
iv) encrypting said state object using said private key;
v) communicating said encrypted state object and a result of said server action to said client;
and vi) storing said encrypted state object in said client memory.
i) providing an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server;
ii) said client communicating a client request to said server to perform a server action;
iii) said server responsive to receiving said client request, performing said server action and creating a state object containing post-action state information;
iv) encrypting said state object using said private key;
v) communicating said encrypted state object and a result of said server action to said client;
and vi) storing said encrypted state object in said client memory.
2. A method according to claim 1, further comprising the steps of:
vii) said client communicating a subsequent client request to said server to perform a server action and said server receiving from said client said encrypted state object with said subsequent client request; and viii) said server, responsive to receiving the subsequent client request, decrypting said received encrypted state object using said public key.
vii) said client communicating a subsequent client request to said server to perform a server action and said server receiving from said client said encrypted state object with said subsequent client request; and viii) said server, responsive to receiving the subsequent client request, decrypting said received encrypted state object using said public key.
3. The method according to claim 2, further comprising the step of:
ix) said server, after decrypting said received encrypted state object, verifying whether said received state object has been modified.
ix) said server, after decrypting said received encrypted state object, verifying whether said received state object has been modified.
4. The method according to claim 1 wherein said server is stateless, not keeping records of previous requests, and said client is stateful, retaining information about previous state information.
5. The method according to claim 1 comprising the further step of said client decrypting said state object using said public key.
6. The method according to claim 3, said method comprising the further steps of:
x) said server, after verifying that said received state object has not been modified, using state information contained therein to perform the requested action;
xi) responsive to performing the requested action, replacing previous state information with new state information in said state object;
xii) encrypting said state object with said private key; and xiii) sending said encrypted state object and a result of said server action to the client.
x) said server, after verifying that said received state object has not been modified, using state information contained therein to perform the requested action;
xi) responsive to performing the requested action, replacing previous state information with new state information in said state object;
xii) encrypting said state object with said private key; and xiii) sending said encrypted state object and a result of said server action to the client.
7. A data processing system for communicating state information between a server and a client having a memory, said data processing system comprising:
i) means for receiving a client request to perform a server action;
ii) means, responsive to said client request receiving means, for performing said server action and creating a state object containing post-action state information;
iii) means for encrypting said state object comprising an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server; and iv) means for communicating said encrypted state object and a result of said server action to said client.
i) means for receiving a client request to perform a server action;
ii) means, responsive to said client request receiving means, for performing said server action and creating a state object containing post-action state information;
iii) means for encrypting said state object comprising an asymmetric encryption method having a public key provided to said client and said server and a private key provided to said server; and iv) means for communicating said encrypted state object and a result of said server action to said client.
8. A data processing system according to claim 7, further comprising:
v) means for receiving from said client said encrypted state object with a subsequent client request to perform a server action;
vi) means, responsive to said means for receiving said subsequent client request, for decrypting said received encrypted state object using said public key; and vii) means for verifying whether said received state object has been modified.
v) means for receiving from said client said encrypted state object with a subsequent client request to perform a server action;
vi) means, responsive to said means for receiving said subsequent client request, for decrypting said received encrypted state object using said public key; and vii) means for verifying whether said received state object has been modified.
9 9. A data processing system according to claim 8, further comprising:
viii) means, responsive to said verifying means, for using state information contained in said state object to perform said requested server action;
vi) means for replacing previous state information with new state information in said state object;
vii) means for encrypting said state object using said private key; and viii) means for sending said encrypted state object and a result of said server action to said client.
viii) means, responsive to said verifying means, for using state information contained in said state object to perform said requested server action;
vi) means for replacing previous state information with new state information in said state object;
vii) means for encrypting said state object using said private key; and viii) means for sending said encrypted state object and a result of said server action to said client.
10. The data processing system according to claim 9 further comprising means for receiving said encrypted state object; means for decrypting said state object using said public key; and means for storing said encrypted state object.
11. A computer program product for communicating state information between a server and a client having a memory, said server provided with a public key and a private key of an asymmetric encryption method and said client provided with a public key of an asymmetric encryption method, said computer program product comprising:
a computer usable medium having computer readable program code means embodied in said medium for receiving a client request to perform a server action;
said computer usable medium having computer readable program code means embodied in said medium, responsive to said client request receiving means, for performing said server action and creating a state object containing post-action state information;
said computer usable medium having computer readable program code means embodied in said medium for encrypting the created state object with the private key of said asymmetric encryption method; and said computer usable medium having computer readable program code means embodied in said medium, responsive to said encrypting means, for sending said encrypted state object and a result of said server action to said client.
a computer usable medium having computer readable program code means embodied in said medium for receiving a client request to perform a server action;
said computer usable medium having computer readable program code means embodied in said medium, responsive to said client request receiving means, for performing said server action and creating a state object containing post-action state information;
said computer usable medium having computer readable program code means embodied in said medium for encrypting the created state object with the private key of said asymmetric encryption method; and said computer usable medium having computer readable program code means embodied in said medium, responsive to said encrypting means, for sending said encrypted state object and a result of said server action to said client.
12. A computer program product according to claim 11, further comprising:
computer readable program code means embodied in said medium for receiving from said client said encrypted state object with a subsequent client request to perform a server action;
computer readable program code means embodied in said medium, responsive to said means for receiving the subsequent client request, for decrypting said received encrypted state object using said public key; and computer readable program code means embodied in said medium, responsive to said decrypting means, for verifying whether said received state object has been modified.
computer readable program code means embodied in said medium for receiving from said client said encrypted state object with a subsequent client request to perform a server action;
computer readable program code means embodied in said medium, responsive to said means for receiving the subsequent client request, for decrypting said received encrypted state object using said public key; and computer readable program code means embodied in said medium, responsive to said decrypting means, for verifying whether said received state object has been modified.
13. A computer program product according to claim 12, further comprising:
computer readable program code means embodied in said medium for replacing previous state information with new state information in said state object;
computer readable program code means embodied in said medium for encrypting said state object using said private key; and computer readable program code means embodied in said medium for sending said encrypted state object with said new state information and a result of said server action resulting from said subsequent client request to said client.
computer readable program code means embodied in said medium for replacing previous state information with new state information in said state object;
computer readable program code means embodied in said medium for encrypting said state object using said private key; and computer readable program code means embodied in said medium for sending said encrypted state object with said new state information and a result of said server action resulting from said subsequent client request to said client.
14. A computer program product for communicating state information between a server and a client having a memory, said server provided with a public key and a private key of an asymmetric encryption method and said client provided with a public key of an asymmetric encryption method, said computer program product comprising:
a computer usable medium having computer readable program code means embodied in said medium for sending a client request to perform a server action;
said computer usable medium having computer readable program code means embodied in said medium for receiving the results of said server action and a state object containing post-action state information wherein said state object is encrypted with said private key of said asymmetric encryption method, and means for storing said state object; and said computer usable medium having computer readable program code means embodied in said medium for decrypting said state object with the public key of said asymmetric encryption method.
a computer usable medium having computer readable program code means embodied in said medium for sending a client request to perform a server action;
said computer usable medium having computer readable program code means embodied in said medium for receiving the results of said server action and a state object containing post-action state information wherein said state object is encrypted with said private key of said asymmetric encryption method, and means for storing said state object; and said computer usable medium having computer readable program code means embodied in said medium for decrypting said state object with the public key of said asymmetric encryption method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002322597A CA2322597C (en) | 2000-10-06 | 2000-10-06 | Method and apparatus for cryptographic stateless protocol using asymmetric encryption |
| US09/754,863 US20020049900A1 (en) | 2000-10-06 | 2001-01-05 | Method and apparatus for cryptographic stateless protocol using asymmetric encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002322597A CA2322597C (en) | 2000-10-06 | 2000-10-06 | Method and apparatus for cryptographic stateless protocol using asymmetric encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2322597A1 CA2322597A1 (en) | 2002-04-06 |
| CA2322597C true CA2322597C (en) | 2004-11-30 |
Family
ID=4167334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002322597A Expired - Fee Related CA2322597C (en) | 2000-10-06 | 2000-10-06 | Method and apparatus for cryptographic stateless protocol using asymmetric encryption |
Country Status (2)
| Country | Link |
|---|---|
| US (1) | US20020049900A1 (en) |
| CA (1) | CA2322597C (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1212565C (en) * | 2001-05-14 | 2005-07-27 | 株式会社Ntt都科摩 | System for managing program stored in storage block of mobile terminal |
| WO2004107132A2 (en) * | 2003-05-28 | 2004-12-09 | Caymas Systems, Inc. | Method, system and software for state signing of internet resources |
| US20050204139A1 (en) * | 2004-03-10 | 2005-09-15 | Helland Patrick J. | Service broker security |
| US7376972B2 (en) * | 2004-04-14 | 2008-05-20 | Microsoft Corporation | Session key exchange key |
| US7356846B2 (en) * | 2004-04-14 | 2008-04-08 | Microsoft Corporation | Unilateral session key shifting |
| US7925694B2 (en) * | 2007-10-19 | 2011-04-12 | Citrix Systems, Inc. | Systems and methods for managing cookies via HTTP content layer |
| US8090877B2 (en) * | 2008-01-26 | 2012-01-03 | Citrix Systems, Inc. | Systems and methods for fine grain policy driven cookie proxying |
| US8176539B2 (en) * | 2008-10-28 | 2012-05-08 | Check Point Software Technologies Ltd. | Methods for protecting against cookie-poisoning attacks in networked-communication applications |
| GB2485373B (en) * | 2010-11-11 | 2013-04-10 | Nds Ltd | Service protection |
| US10891599B2 (en) * | 2012-09-12 | 2021-01-12 | Microsoft Technology Licensing, Llc | Use of state objects in near field communication (NFC) transactions |
| GB2531770A (en) * | 2014-10-30 | 2016-05-04 | Ibm | Confidential Extracting System Internal Data |
| US11657391B1 (en) | 2019-05-24 | 2023-05-23 | Hiro Systems Pbc | System and method for invoking smart contracts |
| US11513815B1 (en) | 2019-05-24 | 2022-11-29 | Hiro Systems Pbc | Defining data storage within smart contracts |
| US10699269B1 (en) * | 2019-05-24 | 2020-06-30 | Blockstack Pbc | System and method for smart contract publishing |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5774670A (en) * | 1995-10-06 | 1998-06-30 | Netscape Communications Corporation | Persistent client state in a hypertext transfer protocol based client-server system |
| US6065117A (en) * | 1997-07-16 | 2000-05-16 | International Business Machines Corporation | Systems, methods and computer program products for sharing state information between a stateless server and a stateful client |
| US6374359B1 (en) * | 1998-11-19 | 2002-04-16 | International Business Machines Corporation | Dynamic use and validation of HTTP cookies for authentication |
-
2000
- 2000-10-06 CA CA002322597A patent/CA2322597C/en not_active Expired - Fee Related
-
2001
- 2001-01-05 US US09/754,863 patent/US20020049900A1/en not_active Abandoned
Also Published As
| Publication number | Publication date |
|---|---|
| US20020049900A1 (en) | 2002-04-25 |
| CA2322597A1 (en) | 2002-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100745438B1 (en) | Stateless methods for resource hiding and access control support based on uri encryption | |
| US8302169B1 (en) | Privacy enhancements for server-side cookies | |
| US6732277B1 (en) | Method and apparatus for dynamically accessing security credentials and related information | |
| CA2322597C (en) | Method and apparatus for cryptographic stateless protocol using asymmetric encryption | |
| US6065117A (en) | Systems, methods and computer program products for sharing state information between a stateless server and a stateful client | |
| EP1346548B1 (en) | Secure session management and authentication for web sites | |
| CA2450052C (en) | System and method for transmitting reduced information from a certificate to perform encryption operations | |
| EP0844767B1 (en) | User controlled browser | |
| US6202159B1 (en) | Vault controller dispatcher and methods of operation for handling interaction between browser sessions and vault processes in electronic business systems | |
| US6836795B2 (en) | Mapping connections and protocol-specific resource identifiers | |
| US8214510B2 (en) | Maintaining state information on a client | |
| US20060218623A1 (en) | Method and apparatus for distributed information management | |
| US20030037232A1 (en) | Encoding of universal resource locators in a security gateway to enable manipulation by active content | |
| US20010047477A1 (en) | Transparent user and session management for web applications | |
| JPH1131127A (en) | Document delivery system | |
| US7805608B2 (en) | User privacy through one-sided cookies | |
| CA2547154A1 (en) | Secure file transfer for web service | |
| JPH1131126A (en) | Method for adjusting operation between server groups | |
| US20090158035A1 (en) | Public Key Encryption For Web Browsers | |
| US20030120672A1 (en) | Method and mechanism for managing content objects over a network | |
| JP7319380B2 (en) | Protect browser cookies | |
| EP1613014B1 (en) | A computer system and data processing method for using a web service | |
| US6978298B1 (en) | Method and apparatus for managing session information in a data processing system | |
| JP2022548827A (en) | Anonymous event proof by group signature | |
| US20020184490A1 (en) | Anti-piracy network storage device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |