Patent · US Expired

Piggy-backed key exchange protocol for providing secure, low-overhead browser connections when a server will not use a message encoding scheme proposed by a client

US6694431B1 · kind B1 · utility

57Cited by

9References

61Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Carl Binding · Thalwil, CH
Stefan Georg Hild · Zürich, CH
Yen-Min Huang · Raleigh, US
Luke O'Connor · Adliswil, CH
Sandeep K. Singhal · Kirkland, US
Victor Shoup · Zürich, CH
Michael Steiner · Windom, US

Key dates

Filing date	Oct 12, 1999
Grant date	Feb 17, 2004
Priority date	—
Expiry date	Oct 12, 2019

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/061
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method, system, and computer program product for establishing security parameters that are used to exchange data on a secure connection. A piggy-backed key exchange protocol is defined, with which these security parameters are advantageously exchanged. By piggy-backing the key exchange onto other already-required messages (such as a client's HTTP GET request, or the server's response thereto), the overhead associated with setting up a secure browser-to-server connection is minimized. This technique is defined for a number of different scenarios, where the client and server may or may not share an encoding scheme, and is designed to maintain the integrity of application layer communication protocols. In one scenario, a client proposes a message encoding scheme, but the server will not use this proposed scheme. The server proposes a different scheme, after which the client re-issues its request for secure content.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.