Patent · US Active

HTTP layer countermeasures against blockwise chosen boundary attack

US8996855B2 · kind B2 · utility

0Cited by

2References

24Claims

0Family size

Assignees

BlackBerry Limited · CA
Certicom Corp. · CA

Inventors

Alexander Sherkin · Vaughan, CA
Gregory Marc Zaverucha · Mississauga, CA
Alexander Truskovsky · Waterloo, CA
Michael Matovsky · Vaughan, CA
Osman Zohaib Arfeen · Ajax, CA

Key dates

Filing date	Nov 14, 2012
Grant date	Mar 31, 2015
Priority date	—
Expiry date	Mar 1, 2033

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/166
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.