Patent Number: 7,765,310

Title: Opaque cryptographic web application data protection

Abstract: Mechanisms for external and distributed protection of Web application data against prying, tampering, and impersonation using cryptographic mechanisms are provided. The protection is offered opaquely so as to not expose the cryptographic mechanism to the Web application. Protection against prying prevents users from looking at data the Web application considers private. When protected against prying, protect data may be sent to the client but the user will not be able to understand it. Protection against tampering, guaranties the Web application that the data it is receiving originated from a trusted source, usually the Web application itself. A user session state stored client-side is a good candidate for tampering protection. Protection against impersonation ensures the Web application that the data it is receiving comes from a specific user.

Inventors: Graveline; Marc (Ottawa, CA), Roy; Patrick (Gatineau, CA), Viney; Ulf (Ottawa, CA)

Assignee: International Business Machines Corporation

International Classification: G06F 15/16 (20060101); G06F 17/30 (20060101); G06F 9/00 (20060101); G06F 17/00 (20060101); G06F 7/04 (20060101); H04N 7/16 (20060101)

Expiration Date: 7/27/12018