The assignee for this patent, patent number 8819787, is
Reporters obtained the following quote from the background information supplied by the inventors: "The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method for providing data security. Still more particularly, the present invention relates to a computer implemented method for securing asynchronous client server transactions.
"Data is frequently exchanged between various data processing systems using one or more data networks. Some data processing systems may be regarded as client data processing systems in that they are consumers of data or services. Other data processing systems may be regarded as server data processing systems in that they provide the requested data or services. Applications executing as clients, to wit, as consumers of data or services, are called client applications. Applications executing as servers, to wit, providing data or services, are called server applications.
"Security of the data, the systems the data resides on, and the networks where the systems operate, is a concern in data communications. Typically, security of a data processing system, contents thereof, and networks that the data processing system operates on is accomplished by some security mechanism. A user identifier (UID) and password authentication is a common method of accomplishing security objectives in data processing environments.
"Client and server data processing systems may communicate with each other using a variety of protocols. Data communication occurring between a client and a server data processing system includes a series of requests and responses. Requests and responses that are related to one another form a transaction.
"Security of the client server transactions is presently achieved in a variety of ways. Certain protocols, such as HyperText Transfer Protocol Secure (HTTPS) accomplish security of the client server transactions by using encryption and secure identification of the server data processing system. Certain other transaction security mechanisms include using session identifiers (session ID). A session ID is an identifier used to identify a session between a client and a server data processing system. A typical session may include a series of transactions.
"In some cases, a client may request data from a server asynchronously. Asynchronous data transfer is transferring data without interfering with the behavior of an ongoing task. For example, a web browser application may be a client application. The web browser may request data from a web server asynchronously such that the behavior or the display of a page being displayed in the web browser is not affected by the asynchronous data request or response. An asynchronous request also does not wait for a corresponding response. In other words, a response to an asynchronous request may arrive and be processed at the client at any time. The client does not wait for a response to an asynchronous request, but continues to work on other tasks.
"An asynchronous request is a request for asynchronous data or service. An asynchronous client server transaction is a client server transaction occurring asynchronously with respect to another ongoing task.
In addition to obtaining background information on this patent, VerticalNews editors also obtained the inventors' summary information for this patent: "The illustrative embodiments provide a method for securing asynchronous client server transactions. An embodiment receives a request at a first application executing in a data processing system. The request includes an application identifier and a version associated with a second application. The embodiment generates a service identifier if a session with the second application is valid. The embodiment generates a registry at the first application. The registry includes information about a set of services and data that the second application is permitted to use. The embodiment generates a catalog based on the registry. The catalog includes a subset of the contents, or some transformation thereof, of the registry. The embodiment sends the service identifier and the catalog to the second application.
"Another embodiment further receives a sub-request. The sub-request is a part of an asynchronous client server transaction and includes the service identifier. The embodiment determines the validity of the sub-request by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the embodiment provides the service in response to the sub-request.
"In another embodiment, the determining of the validity may further combine in the combination, determining whether the catalog is outdated.
"In another embodiment, the determination whether the service identifier is used in conjunction with the second application includes determining whether the service identifier is used together with the application identifier and the application version of the second application.
"If the sub-request is invalid, another embodiment further provides a renewed service identifier, a renewed catalog, or a combination thereof. The sub-request may then be re-tried with the renewed service identifier, renewed catalog, or a combination thereof.
"In an embodiment, the renewed service identifier may be a new service identifier, the service identifier including a modified security feature, the service identifier corresponding to a modification of the security feature validation criterion at the first application, or a combination thereof. A sub-request may be re-tried with the renewed service identifier. The providing in such an embodiment occurs before the asynchronous client server transaction is concluded.
"In another embodiment, the renewed catalog may be a new catalog, an update to the catalog, a modification to an expiration parameter of the catalog, or a combination thereof. A sub-request may be re-tried with the renewed catalog. In such an embodiment, the providing occurs before the asynchronous client server transaction is concluded.
"Another embodiment further determines whether the service requires additional authentication. If additional authentication is needed, the embodiment receives additional authentication information in response to a request for the additional authentication information. The embodiment determines whether the additional authentication information is valid. The embodiment provides the service if the additional authentication information is valid.
"In an embodiment, the determination whether the service is permissible according to the catalog is performed by determining whether the service is permissible using the registry.
"Another embodiment generates an original service identifier. In such an embodiment, the service identifier is a transformed version of the original service identifier."
For more information, see this patent: Bade, Steven A; Moss, Harold; Zurko, Mary Ellen. Securing Asynchronous Client Server Transactions. U.S. Patent Number 8819787, filed
Keywords for this news article include: Information Technology, Information and Data Processing,
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Tablets, Cars Drive AT&T Gains
- Small Businesses Add 3 More Worries to Their List
- 2015 Mazda MX-5 Miata Is Fast and Eager
- DOMA Tech Adding Jobs to Process VA Claims
- Apple Warns of China iCloud Attack
- Tech Firms Flock to LA's 'Silicon Beach'
- Job Hunting Is Hard Work
- Ford, GM Expect to Report Strong Profits
- Stocks Subdued After Gains Earlier in Week
- Consumer Prices Edge Up, Surprising Economists