IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0644579
(2000-08-24)
|
등록번호 |
US-7747866
(2010-07-19)
|
발명자
/ 주소 |
|
출원인 / 주소 |
- JPMorgan Chase Bank, N.A.
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
11 인용 특허 :
186 |
초록
▼
The invention detects changes in one or more parameter values sent by a server through user space. In one embodiment, a Web server communicates with a client over the Internet. Before sending the parameter value or values to the client, the server performs a pre-processing step, creating a formatted
The invention detects changes in one or more parameter values sent by a server through user space. In one embodiment, a Web server communicates with a client over the Internet. Before sending the parameter value or values to the client, the server performs a pre-processing step, creating a formatted data string. The server then transmits the formatted data string to the client in a URL or a cookie. When the client returns the formatted data string and other data to the server, the server performs a post-processing step to verify that the parameter value or values have not been tampered with. This round trip technique is a departure from approaches that merely detect tampering of data as it passes between two nodes of a network.
대표청구항
▼
What is claimed is: 1. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising: an interface means to a client; a server configured with a pre-processing means and a post-processing means which operate together to detect whether a p
What is claimed is: 1. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising: an interface means to a client; a server configured with a pre-processing means and a post-processing means which operate together to detect whether a parameter value sent from the server to the client and subsequently returned to the server from the client has been tampered with, wherein the pre-processing means and post-processing means further comprise a hashing means that operates on a parameter value and on a received parameter value; a transmitted data string transmitted to the client comprising the parameter value and the hash of the parameter value; a received data string received from the client comprising the received parameter value and hash of the parameter value; a communication link connecting the server to the client; and a comparison means, wherein the post-processing means operates on the received parameter value to determine the hash of the received parameter value, wherein further the comparison means compares the hash of the parameter value to the hash of the received parameter value to determine if the parameter value transmitted to the client is the same as the received parameter value received from the client, wherein further an unfavorable comparison of the hash of the parameter value and the hash of the received parameter value indicates that the parameter value was tampered with after the transmitted data string was transmitted to the client. 2. The system of claim 1, wherein the pre-processing means comprises use of a session identification number. 3. The system of claim 1, wherein the pre-processing means comprises date and time stamping. 4. The system of claim 1, wherein the pre-processing means comprises encryption. 5. The system of claim 4, wherein the encryption comprises use of a private server key. 6. The system of claim 1, wherein the post-processing means comprises decryption. 7. The system of claim 6, wherein the decryption comprises use of a private server key. 8. The system of claim 1, wherein the hashing means comprises operation on a session identification number. 9. The system of claim 1, wherein the hashing means comprises operation on a date and time stamp. 10. A method for error detection for detecting errors in data transmitted between a server and a client, the method comprising: a) pre-processing at a server, comprising a first hash of at least one parameter value, the parameter value corresponding to a parameter; b) formatting a data string containing at least one parameter value and the first hash of the at least one parameter value; c) transmitting the formatted data string from the server to a client; d) receiving a modified data string from the client at the server, the modified data string comprising a received parameter value and the first hash of the at least one parameter value, the received parameter value corresponding to the parameter; e) post-processing at the server, comprising a second hash of the received parameter value in the modified data string; and f) comparing the first hash of the at least one parameter value to the second hash of the received parameter value, whereby an unfavorable comparison of the first hash of the at least one parameter value to the second hash of the received parameter value indicates that parameter values corresponding to at least one parameter that originated at the server were sent to the client, and were received back at the server from the client in a changed condition. 11. The method of claim 10, wherein the step a) of pre-processing comprises the use of a session identification number. 12. The method of claim 11, wherein the use of a session identification number comprises hashing. 13. The method of claim 10, wherein the step a) of pre-processing comprises the use of time-stamping. 14. The method of claim 13, wherein the use of time-stamping comprises hashing. 15. The method of claim 10, wherein the step a) of pre-processing comprises encryption. 16. The method of claim 15, wherein the encryption uses a private server key. 17. The method of claim 10, wherein the step b) of formatting comprises appending the data string containing at least one parameter value with a session identification number. 18. The method of claim 11, wherein the step b) of formatting comprises appending the data string containing at least one parameter value with a date and time stamp. 19. The method of claim 11, wherein the step b) of formatting comprises appending the data string containing at least one parameter value with at least one hash. 20. The method of claim 10, wherein the step c) of transmitting comprises embedding at least one parameter value in a uniform resource locator. 21. The method of claim 10, wherein the step c) of transmitting comprises embedding at least one parameter value in a cookie. 22. The method of claim 10, wherein the step e) of post-processing comprises decryption. 23. The method of claim 22, wherein the decryption comprises use of a private server key. 24. The method of claim 10, wherein the step e) of post-processing comprises a comparison of the first and second hashes for at least one parameter value of interest. 25. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising: an interface with a client; a server configured with a pre-processing unit and a post-processing unit which operate together to detect whether a parameter value transmitted from the server to the client and subsequently returned to the server has been tampered with, wherein the pre-processing unit and post-processing units further comprise a transformation unit that operates on the parameter value and a received parameter value using a secret; a transmitted data string transmitted to the client comprising the parameter value and a transformation of the parameter value; a received data string received from the client comprising the received parameter value and the transformation of the parameter value; a communication link connecting the server to the client; and a comparison unit, wherein the post-processing unit operates on the received parameter value to determine the transformation of the received parameter value, wherein further the comparison unit compares the transformation of the parameter value to the transformation of the received parameter value to determine if the parameter value transmitted to the client is the same as the received parameter value received from the client, wherein further an unfavorable comparison of the transformation of the parameter value and the transformation of the received parameter value indicates that the parameter value was tampered with after the transmitted data string was transmitted to the client. 26. The system of claim 25, wherein the transformation unit comprises a hashing unit. 27. The system of claim 25, wherein the transformation unit comprises an encrypting unit. 28. A method for error detection for detecting errors in data transmitted between a server and a client, the method comprising: a) pre-processing at a server, comprising a transformation of a parameter value in a data string using a secret, the parameter value corresponding to a parameter, the data string comprising the parameter value and the transformed parameter value; b) transmitting the data string from the server to a client; c) receiving a modified data string from the client at the server, the modified data string comprising a received parameter value and the transformed parameter value; d) post-processing at the server, comprising a transformation of the received parameter value in the modified data string using the secret; and e) comparing the transformed parameter value to the transformed received parameter value to detect whether the parameter value that originated at the server and was sent to a client was received back at the server from the client in a changed condition. 29. The method of claim 28, wherein the transformation comprises hashing. 30. The method of claim 28, wherein the transformation comprises encryption. 31. A system for error detection for detecting errors in data transmitted between a server and a client, the system comprising: a communications link between a server and at least one client; a pre-processing unit connected to the server; a post-processing unit connected to the server; a comparison unit connected to the server, the pre-processing unit and the post-processing unit; a broadcast data string comprising a first parameter value corresponding to a parameter, and a transformed first parameter value corresponding to the first parameter value; and a return data string comprising the transformed first parameter value and a second parameter value corresponding to the same parameter, wherein the broadcast data string is communicated from the server to at least one client and the return data string is returned to the server in a subsequent communication from the client to the server; wherein the pre-processing unit transforms the first parameter value in the broadcast data string using a secret to provide the transformed first parameter value, wherein further the post-processing unit transforms the second parameter value in the return data string using the same secret to provide a transformed second parameter value; wherein further the transformed first parameter value and the transformed second parameter value are compared by the comparison unit to determine if the first parameter value in the broadcast data string is the same as the second parameter value in the return data siring. 32. The system of claim 31, wherein the transformation comprises hashing. 33. The system of claim 31, wherein the transformation comprises encryption. 34. The system of claim 31, wherein the secret is maintained in the server. 35. The system of claim 31, wherein the parameter comprises a price for a good or service.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.