公开(公告)号：US12101307B2

公开(公告)日：2024-09-24

申请号：US17829238

申请日：2022-05-31

Applicant: Open Text Corporation

Inventor： Conrado Eduardo Poole Siguero ,  Sandip Chitale ,  Derek Zasiewski

IPC: H04L9/40 ,  H04L9/32 ,  H04L67/02

CPC classification number: H04L63/0807 ,  H04L9/3247 ,  H04L63/10 ,  H04L67/02

Abstract: Systems and methods for secure stateless client-server communication. User credentials in a client authorization request are authenticated and used to generate a JSON web token (JWT). The JWT header and signature are encrypted and included in an HTTP-only cookie. The JWT payload is encrypted and sent to the client in a response body along with the HTTP-only cookie. Each subsequent client request includes the cookie and has the encrypted JWT payload in the request header. Upon receiving the request, the server decrypts the encrypted JWT payload from the header and decrypts the encrypted JWT header and signature from the cookie, then reconstructs the JWT from the JWT header, payload and signature. The server validates the JWT and, if valid, processes the request according to authorizations in the JWT payload.

公开(公告)号：US12177352B2

公开(公告)日：2024-12-24

申请号：US17829237

申请日：2022-05-31

Applicant: Open Text Corporation

Inventor： Conrado Eduardo Poole Siguero ,  Sandip Chitale ,  Derek Zasiewski

IPC: H04L9/32 ,  H04L67/02 ,  H04L67/146 ,  H04L69/22

Abstract: Systems and methods for secure stateless client-server communication. User credentials in a client authorization request are authenticated and used to generate a JSON web token (JWT). The JWT header and signature are encrypted and included in an HTTP-only cookie. The JWT payload is encrypted and sent to the client in a response body along with the HTTP-only cookie. Each subsequent client request includes the cookie and has the encrypted JWT payload in the request header. Upon receiving the request, the server decrypts the encrypted JWT payload from the header and decrypts the encrypted JWT header and signature from the cookie, then reconstructs the JWT from the JWT header, payload and signature. The server validates the JWT and, if valid, processes the request according to authorizations in the JWT payload.

公开(公告)号：US20230388119A1

公开(公告)日：2023-11-30

申请号：US17829237

申请日：2022-05-31

Applicant: Open Text Corporation

Inventor： Conrado Eduardo Poole Siguero ,  Sandip Chitale ,  Derek Zasiewski

IPC: H04L9/32 ,  H04L67/02 ,  H04L69/22 ,  H04L67/146

CPC classification number: H04L9/3213 ,  H04L9/3247 ,  H04L67/02 ,  H04L69/22 ,  H04L67/146

Abstract: Systems and methods for secure stateless client-server communication. User credentials in a client authorization request are authenticated and used to generate a JSON web token (JWT). The JWT header and signature are encrypted and included in an HTTP-only cookie. The JWT payload is encrypted and sent to the client in a response body along with the HTTP-only cookie. Each subsequent client request includes the cookie and has the encrypted JWT payload in the request header. Upon receiving the request, the server decrypts the encrypted JWT payload from the header and decrypts the encrypted JWT header and signature from the cookie, then reconstructs the JWT from the JWT header, payload and signature. The server validates the JWT and, if valid, processes the request according to authorizations in the JWT payload.