Method for enhancing network application security
US8302170B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 22, 2009 |
| Grant date | Oct 30, 2012 |
| Priority date | — |
| Expiry date | Jan 5, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/60
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for securing communications between a server and an application downloaded over a network onto a client of the server is disclosed. A first request is received from the client, and in response a session credential security token is generated and sent to the client. A second request is received from the client to download the application and includes the value of the session credential security token. The server verifies that the value of the session credential security token is valid and, if so, generates a second security token that is tied to the session credential security token. The second token is embedded in application code and then the application code is sent to the client. A subsequent request for data from the application running on the client includes the value of the session credential security token and the value of the embedded security token. Verification of validity of the values of the session credential security token and the second security token received with the data request then occurs at least in part by determining that the values are cryptographically tied to one another. Upon verification, the requested data is sent to the client.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.