AU2002213673B2 - Encoding of universal resource locators in a security gateway to enable manipulation by active content - Google Patents
Encoding of universal resource locators in a security gateway to enable manipulation by active content Download PDFInfo
- Publication number
- AU2002213673B2 AU2002213673B2 AU2002213673A AU2002213673A AU2002213673B2 AU 2002213673 B2 AU2002213673 B2 AU 2002213673B2 AU 2002213673 A AU2002213673 A AU 2002213673A AU 2002213673 A AU2002213673 A AU 2002213673A AU 2002213673 B2 AU2002213673 B2 AU 2002213673B2
- Authority
- AU
- Australia
- Prior art keywords
- record identifier
- encrypted
- path
- query
- remote record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
WO 02/39286 PCT/AU01/01434 ENCODING OF UNIVERSAL RESOURCE LOCATORS IN A SECURITY GATEWAY TO ENABLE MANIPULATION BY ACTIVE CONTENT.
Field of the Invention The present invention relates to the field of interconnected computers, and more particularly to the field of gateways which facilitate data distributed on interconnected computers. The present invention is directed to a system which enhances the security of the data which is distributed.
Background of the Invention The World Wide Web (WWW) is one of the most popular applications of the Internet today. The WWW provides a mechanism for the distribution of information in many different forms, such as Hypertext Markup Language (HTML), Wireless Markup Language (WML), Extensible Markup Language (XML), Page Description Format (PDF) as well as images, sounds, video and various application formats (wordprocessing files, spreadsheets etc.).
HTML, WML, XML, PDF and many other of these information formats can contain 'links' (pointers) to other information contained on a server accessible on the Internet. A user of the system operates a computer program (browser) which can display or process information in one or more of these formats. The browser can retrieve an initial file (page) of information from an internet connected computer system. The user can then instruct the browser to 'follow' links contained in the file, by using the information provided in the link to locate and retrieve the 'linked' information from either the original server or another server.
The usual representation of a link is a Uniform Resource Locator (URL) [T.Berners-Lee: Uniform Resource Locators (URL), A Unifying Syntax for the Expression of Names and Addresses of Objects on the Network, RFC1738,RFC2396 1994-1998.
http://www.ietf.org/rfc/rfc2396.txt] a standardised encoding specifying a protocol (http, ftp, nntp others), the Domain Name Service (DNS) name or Internet Protocol (IP) address of a server and a reference to the location (path) of the information on the server.
Table 1 is a chart illustrating an expression of the generic form of a URL for URLs encoding the http:, https:, ftp:, gopher: and similar schemes based upon a hierarchical path Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 2 based information storage system. Typical URLs are presented to illustrate the generic form description.
TABLE 1 1 s://N:p/P1/P2/-/Pn?Q#F Typical URLs matching the generic form http://www.microsoft.com/business/investment/pressrelease.htm ftp://ftp.netscape.com/new/navigator.exe http://www.shopping.com/cart/add_item.php?item=apple Key for Table 1 S protocol scheme commonly http:, https:, ftp:, gopher:, nmtp: N:p server name or address, optionally a protocol 'port', p PI-Pn a path (address) to a file of information (page), consisting of a plurality of path elements (parts) serparated by characters Q an optional query string, consisting of a plurality of names and values provided either by the server or the browser F an optional fragment identifier a 'sub-address' referring to an area within a single file of information this is normally processed only by the browser, and is not shown in most of the following tables The Internet WWW system is powerful and useful, so its mechanisms and standards have been widely adopted for private and corporate computer networks, known as intranets. Because these intranets usually contain confidential or proprietary information, they are usually not connected directly to the Internet information on intranet servers is generally only available to other computers and users on the same intranet.
Various mechanisms have been developed to allow controlled access to information on intranet servers from computers outside the intranet, to allow public access to information, collaboration with external organizations and remote access for users who are not able to directly access the intranet, mobile workers, salespeople etc.
Although these exact mechanisms vary depending upon the protocols utilized by specific systems, they are generally known as firewalls, gateways or proxies.
The general function of a proxy or gateway is to act as an intermediary between the system requesting the information (client) and the system providing the information (server). A gateway is commonly defined as an intermediary which can convert an access Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 3 request from one protocol to another to connect otherwise incompatible systems, or which can translate information from the server into a format which is acceptable to the client.
Apart from protocol conversion, the intermediary system can fulfill a range of other functions such as security access control, language translation, annotation services, charging and accounting and data validation.
With the widescale deployment of browsers which understand the HTML information format and use the http protocol, a common requirement is for gateways which can convert information from various formats (including HTML) and protocols (including http) to the HTML format and deliver it using the http protocol.
When a browser retrieves information in a format that contains URLs (such as HTML), each URL contains details on where and how to access related (linked) information. When a Gateway retrieves a file (page) from a server on behalf of a client and returns it the client, the details of each link (URL) may be dynamically altered by the Gateway so that the URL specifies to the client that it should request the linked information from the Gateway, rather than directly from the server containing the original information.
This allows the Gateway to continue to provide the appropriate conversion, access control or other service to the client browser. A Gateway that uses this mechanism may be termed a URL rewriting gateway or URL rewriting proxy.
Examples of gateways of the prior art that use the URL rewriting mechanism to provide a service to the client or server: Delegate, 1994 [Yutaka Sato, Electrotechnical Laboratory (AIST,MITI), Tsukuba, Ibaraki 305, JAPAN "Delegate Development of a Protocol Mediation System", TR- 94-17, 1994 http://www.delegate.org] a URL rewriting gateway which converts http,ftp, nntp gopher to http protocol/HTML and provides functions for controlling access to intranet services. (English language description [Meyers, Steven, Computing Japan Magzine "ETL: Laying the Groundwork for New Industrial Technologies DeleGate Multipurpose Protocol Mediation", September 1995]).
SThe Anonymizer, 1995 [J.Boyan "The Anonymizer Protecting User Privacy On The Web", December Communications, 1997 http://www.december.com/cmc/mag/1997/sep/boyan.html] a URL rewriting gateway Substitute Sheet n2 Th- 7 WO 02/39286 PCT/AU01/01434 4 which provides a privacy service for the client, by hiding information about the client from the server.
SBabel Fish 1997, [Babel Fish Altavista Systran SA 1997 http://babelfish.altavista.com/] a URL re-writing gateway which provides a (human) language translation servive the service retrieves a page from an http server, translates between any two of English, French, German, Spanish or Italian and returns the translated page to the client. URLs are rewritten to allow the user to follow links and continue to have the gateway perform language translation.
Anti Censorship Proxy 1999, [Haselton, Bennet et al. 'Anti-Censorship Proxy' Technology for Circumventing Internet Censorship, Computers, Freedom Privacy Conference Proceedings 1999 (Originally published at http://www.cfp99.org/program/papers/haselton.htm, currently archived at http://www.infowar.com/class_1/00/classl_042400ej.shtml] an encrypted URL rewriting proxy for providing privacy enhanced web browser access.
Using a gateway to provide access control to intranet services is only one of the elements required to provide a secure environment in which a client and server can interact.
One feature of most browser clients which adversely affects the security of processed information is the 'history' function. The browser maintains a list of URLs which have been accessed, including the name of the server, the name of the file (path) which was requested, the title of the requested information and the date and time when requested. The list is maintained even when the user has stopped using the browser, often for 30 days or more.
This information can be extremely revealing to a third party who can access the history function.
Some gateways [Encrypted URLs Anonymizer, 1998 http://www.anonymizer.com] offer a service which 'encrypts' or 'conceals' the URL information in each file provided to the client. The client can request an encrypted URL (see 6 in Table 2) from the Gateway, which can convert the URL back into un-encrypted form before requesting the appropriate file from the relevant server. Anyone examining the history function of the browser (or other audit trails) will see only the encrypted URL information, which should be meaningless.
Table 2 is a chart illustrating common URL encoding schemes used by URL Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 rewriting gateways of the prior art. This chart provides the basis for the comparison chart provided in Table 3.
TABLE 2 Example Example Original URJL Example Modified URL Rewriting 2 simple http://serverl/foldera/paget html littp://gatewayl .comlsimple/http://serverl/fol HTTP dera/pagel htmlA Gateway 3 Generic s:I/NI-/P l/Pn h:/IG/L1I-/Ln/s:I/N/P l/-/Pn __Form 4 Hidden http;//serverl/foldera/PagetI html http://gatcwayl.com/mountpoint/pagel.html (Mounted) Note 14 ___Gateway Generic s:I/N/P1/-IPn h://G/Ll/-Ln/NIP l/-!(Pn ___Form 6 Encrypted http://serverl/foldera/Pagel.html http://gatewayl .com/crypt/FDoQGwsLCi4+C UTRL Cg+HQALBSMwDzwQGSIQBSYxGjsYKx Gateway 00 7 Generic s:I/N/P1I-/Pn h://G/Ll/-/Ln/E ___Form 8 Simple http://ser-verl/foldera/pri(el .php?itc http://gatewayl .coii-/siiniple/lhttp://serverl/fol Gateway m--apple dera/pricel .php?itemr-apple with Query 9 Generic h://G/LlI-/Ln/s:IIN/Pll/Pn?Q Form Encrypted http://ser-verl/foldera/Pricel .php?ite http://gatewayl .con-icrypt/LaZXcLCi4+CCg URL m7-apple +IIPxcOlwDzwQGSIQBSYxGjsYKxOo Gateway with Query Encrypted http://serverl/foldera/Pricel .php~ite http://gatewayl .coni/crypt/LaZXcLCi4+CCg URL =apple +HPxcOlwDzwQGSIQBSYxGjsYKxOo?ite Gateway mr-apple with Query 11 Generic h://GIL1I-/Ln!E?Q ___Form 12 Encrypted http://serverl/$(foldervar)/Pagel .w http://gatewayl.com/cryptFHgs5flusu3fkPku URL n1i1 6zwz18876±kwedb Gateway with page variable 13 Generic l/-IPn h:/GITLl/-ILnIE Form Key for Table 2 h rotocol scheme for gateway conmmonly http:, https: in the preferred embodiment, but mnay also be ftp:, gopher, nttp: etc.
G gateway name or address, possibly including a protocol port Ll-Ln a path (address) local to the gateway, consisting of a zero or a plurality of path elements (parts) Substitute Sheet (Rule 26) IRO/AU WO 02/39286 PCT/AU01/01434 Key for Table 2 h protocol scheme for gateway commonly http:, https: in the preferred embodiment, but may also be ftp:, gopher:, nttp: etc.
separated characters, possibly indicating which gateway service is required E An encrypted string of characters encoding the Original URL. The prior art form of'E' may include the character as a natural result of a possible character encoding scheme Freed et al. Multipurpose Internet Mail Extensions RFC1341,RFC2045 1992-1996 http://www.ietf.org/rfc/rfc2045.txt] (or otherwise), but is not considered to be composed of a plurality of elements El-En, as is treated as an opaque value by the browser and processed as a single path element by the encryption function of the gateway. [Encrypted RLs Anonymizer, 1998 http://www.anonymizer.com] Note 14 A hidden (or 'mounted') gateway URL can be formed when the gateway contains an internal reference list indicating that, in this example, path element 'mountpoint' maps to 'http://server2/folderb' [Yutaka Sato, Electrotechnical Laboratory (AIST,MITI), Tsukuba, Ibaraki 305, JAPAN "Delegate Development of a Protocol Mediation System", 1994 http://www.delegate.org/],[ JP11177629A2 in the name of Nippon Telegraph and Telephone Corporation] The process of re-writing URLs has certain practical limitations. A major limitation has come about as newer, more sophisticated file formats are delivered to the browser. These newer formats include various kinds of'active' content program instructions which are delivered to the browser to control its actions, rather than simple static files to be displayed.
These formats (such as Javascript/ECMAscript, WMLScript, Java, ActiveX, Flash) may not contain URLs directly, but rather contain program instructions which, when executed by the browser, dynamically create a URL link from information provided either with the program or obtained from the user. In the general case, the Gateway is not able to recognise a URL, so the URL cannot be re-written to reference the Gateway service.
Sophisticated Gateways [iPlanet Portal Server, Sun-Netscape Alliance, 2000 http://www.iplanet.com] may include facilities to recognise and modify certain types of program code, but these facilities must be customised and modified for each variation of active content and server type, which can be complex and expensive and must be preconfigured for all possible servers and content which is to be processed by the Gateway.
The limitation is manageable for many Gateways, because many URLs (including those generated by active content) are specified as 'relative' URLs although the Gateway Substitute Sheet (R.n1o 9A TRPf/ATT WO 02/39286 PCT/AU01/01434 7 may not recognise and modifyr the program code which creates a URL, the generated URL is specified as the 'difference' between the current URL known to the browser and the new, required URL. (Refer Table 3, 304 305 306 307 308 309 310) The browser calculates the 'full' LJRL from the requested relative UIRL and passes the request to the Gateway.
The limitation becomes much more serious when the technique of URL encryption is applied to the content. Because the browser can no longer understand the formnat of the encrypted IJRL, it is unable to correctly calculate a full UIRL from a relative UJRL, and so fails to request the correct information from the Gateway. (See examples 27, 28, 29 and 0 Table 3 is a chart illustrating the defects of the rewritten LIRE encoding schemes, of the prior art when employed with active and semi active content.
TABLE 3 Example Base Encoded UIRL Relative URL applied Resulting Encoded URL Type by the active content No Gateway http://serverl/f'oldera/page page2.html http://serverl/foldera/Page2.htnl 16 No Gateway http://ser-verl/foldera/page folderb/page3 html http://serverl/foldera/folderb/page ilitnil 3h 17 No Gateway htt://serverl1/foldera/page /page4.html http://serverl/foldera/page4.htn-l 1.html 18 No Gateway http://serverl/foldera/folde /..otlier folder! http://serverl/otlierfolder/ rb/page3.hbnl page5.html 19 Simple http://gatewayl.com/simnpl page2.html http://gatewayl .com/simple/http://s Gateway e/http://serverl/foldera/pag erverl/foldera/Page2.html e Lhtml Simple http://gatewayl.com/si.npl folderb/page3 htmrl http://gatewayl .com/simple/http://s Gateway e/http://serverl/foldera/pag erverl/foldera/folderb/Page3 html ellitmiA 21 Simple btt://gatewayl .com/simpl Ipage4.html http://gatewayl .com/simple/http://s Gateway e/http://serverl/foldera/pag erverl/page4.html ellitmi 22 Simple http://gatewayl .coni/simpl I..otherfolder/ littp:/gatewayl .com/sirnple/http://s Gateway e/http://serverl/foldera/fol page5 .html derb/page3.html 23 Hidden http://gatewayl.com/moun page2.htnil http://gatewayl.com/mountpoint/pa Gatewa tpoint/pagel.html ge2.hhml 24 Hidden http://gatewayl.com/moun folderb/page html littp://gatewayl.com/mountpoint/fo Gaeway tpomntpagel.html Iderb/page3.hbmi Hidden http://gatewayl .com/moun /page4.html http://gatewayl.comipage4 legal Gatewy tpoint/pagel.htmi but incorrect UIRL Note 32 26 Hidden http://gatewayl .com/moun /otherfolder/ tittp://gatewayl.com/folderb/Page3.
Gateway tpoint/folderb/page3 .htrrl page5.html htmlA legal but incorrect URL Note 32 27 Encrypted http://gatewayl.com/crypt! page2.html http://gatewayl.comi/crypt/page2.ht URI FDoQGwvsLCi4+GCg±-HQ ml legal but incorrect URL Gateway ALBSMwDzwQGSJQBS Note 33 Substitute Sheet (Rule 26) RO/ATJ WO 02/39286 PCT/AU01/01434 Example Base Encoded URL Relative URL applied Resulting Encoded URL Type by the active content 28 Encrypted http://gatewayl.com/crypt/ folderb/page3.html http://gatewayl.com/crypt/folderb/ URL FDoQGwsLCi4+CCg+HQ page3.html legal but incorrect Gateway ALBSMwDzwQGSIQBS URL Note 33 YxGjsYKxOo 29 Encrypted http://gatewayl.com/crypt/ /page4.html http://gatewayl.com/page4 URL FDoQGwsLCi4+CCg+HQ legal but incorrect URL Gateway ALBSMwDzwQGSIQBS Note 33 YxGjsYKxOo Encrypted http://gatewayl.com/crypt/ /../otherfolder/ illegal URL URL FDoQGwsLCi4+CCg+HQ page5.html Note 34 Gateway ALBSMwDzwQGSIQBS YxGjsYKxOo 31 Encrypted http://gatewayl.co /newfolder/page6.html http://gatewayl.com/newfolder/pag URL m/crypt/FDoQGwsLCi e6,html legal but incorrect URL Gateway 4+CCg+HQALBSMwDzwQ -Note 33 GSIQBSYxGjsYKxOo Notes for Table 3 Note 32 Cannot be decoded.
These resulting URLs no longer contains the path element 'mountpoint' which the gateway requires as a key to lookup 'http://serverl/foldera'. Without this key, the gateway cannot decode and process the requested URL this will result in a failed request for the client browser.
Note 33 Cannot be decoded.
These resulting URLs no longer contain an encrypted path element Without this element, the gateway cannot decode and process the requested URL this will result in a failed request for the client browser.
Note 34 Cannot be decoded.
This relative URL cannot be legally applied to the base URL, which means that the browser cannot generate any legal request for the gateway.
A further class of limitations are apparent when considering active content which constructs URLs which are not 'relative' to the the current base URL. When such 'absolute path' URLs are submitted to the gateway, they have lost all encrypted content and all additional information that the gateway may require to identify and decode the request.
(See example 31 in Table 3) Other limitations with encrypted URLs arise depending upon the precise instructions of the active content program some programs search for specific key codes in an existing URL and use these as the basis for modifying or generating a new request URL.
(For example, see Table Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 9 Another class of content may be termed 'semi-active' the WML format, for example, allows content to include 'page variables' a placeholder for dynamically changing information which, whilst not defining a program, is another mechanism which would commonly defeat URL rewriting and encryption mechanisms. (See 12 in Table 2) A limitation also exists with URLs that contain a 'query string' element (See Table separated from the path part of the Original URL by a question mark. This element encodes variable information used by a server when selecting the appropriate content to be returned for a particular client request. The query element may be preserved by a browser when requesting a link, or it may be replaced with new values which are the result of user input. If the encrypted URL encrypts the query string element (10a in Table then the browser will be unable to recognise the query string in those situations where active content wishes to modify the existing query string. If the query string element is not included in the encrypted element (10b in Table then the content can update the query string element if required, but the contents of the query string (which may contain private information) are no longer protected by the encryption mechanism.
Summary of the Invention In one form, although it need not be the only or indeed the broadest form, the invention resides in a method of encoding a remote record identifier to an encrypted rewritten record identifier including the steps of: separating the remote record identifier into a base remote record identifier portion and a path and/or query portion; encrypting said base remote record identifier portion to form an encrypted base remote record identifier portion; processing said path and/or query portion to produce a substitute path and/or query element for each path and/or query; merging the substitute path and/or query elements to produce a composite substitute path and/or query portion; merging the composite substitute path and/or query portion with the encrypted base remote record identifier portion to produce a composite encrypted remote record identifier; and merging the composite encrypted remote record identifier with gateway parameters to form said encrypted rewritten record identifier.
Substitute Slhc (Rule 26) RO, A i WO 02/39286 PCT/AU01/01434 Suitably the invention also resides in a method of decoding an encrypted rewritten record identifier to a remote record identifier including the steps of: separating gateway paramters from said encrypted rewritten record identifier to produce a composite encrypted remote record identifier; splitting said composite encrypted remote record identifier into an encrypted base remote record identifier portion and a composite substitute path and/or query portion; splitting the composite substitute path and/or query portion into substitute path and/or query elements; processing each substitute path and/or query element to produce a path and/or query portion; decoding said encrypted base remote record identifier portion to a base remote record identifier portion; combining said base remote record identifier portion and said path and/or query portion to form said remote record identifier.
In a further form, the invention resides in a gateway apparatus for mediating communication between a client system and a server system, said gateway apparatus comprising: means for establishing communication between said gateway apparatus and one or more communication networks; a protocol engine for processing communication received or sent by said means for establishing communication and identifying encrypted remote record identifier elements; a decode engine processing said encrypted remote record identifier elements to produce an unencrypted remote record identifier; and a content retrieval means for retrieving content identified by said unencrypted remote record identifier.
Preferably the apparatus may further comprising an encode engine for encoding remote record identifiers.
In a yet further form the invention resides in a method of recovering encrypted elements and other elements of a rewritten record identifier when said rewritten record identifier lacks expected identifying elements, said method including the steps of: determining that said rewritten record identifier lacks expected identifying elements and identifying present elements of said rewritten record identifier; Substitute Shlet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 11 determining that said rewritten record identifier is presented with an accompanying referral record identifier; extracting required encrypted and other elements from said referral record identifier; constructing a composite rewritten record identifier composed of said encrypted and other elements of said referral record identifier and the identified elements of said rewritten record identifier; and decoding said composite re-written record identifier in place of said re-written record identifier.
Brief Description of the Drawings Figure 1 is a block diagram showing a system where a client may access a server system through a gateway; Figure 2 is a data flow diagram showing the method of URL encoding of the invention in the basic case of a standard URL; Figure 3 is a data flow diagram showing the method of URL encoding of the invention in the case where pre-specified features and a query string are present in the URL; Figure 4 is a data flow diagram showing the method of URL decoding of the invention; and Figure 5 is a data flow diagram showing the method of recovering encrypted path and gateway information from URLs which have been modified using an absolute path.
Detailed Description of the Invention Referring to Figure 1, there is shown a block diagram of an interconnected computer system network, comprising a plurality of client systems 100, server systems 110 and a gateway system 104 mediating communications between the other systems.
The client system 100 comprises a computer processing unit 101 and client software 102. The client software 102 makes requests for information to the computer system network by means of a communications network 103.
The server system 110 comprises a computer processing unit 111 and server software 112 which responds to requests from the computer system network received by means of a communications network 109.
Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 12 To control access to the server system 110 by client systems 100 a gateway system 104 is provided to mediate communications between systems connected to communications networks 103 and 109. In the preferred embodiment communication network 103 comprises the Internet and communication network 109 comprises a private network intranet. In alternate embodiments both communications networks 103 and 109 may comprise identical networks or other commercial or private networks.
The gateway system 104 comprises a means 105 to receive and send information to client systems 100 via communications network 103, decode engine 106 and a means 107 to send and receive information to servers 110 via communications network 109.
When processing an information request, an encrypted URL 113 is submitted by the user of client system 100 through the client software 102 to the pseudo-server 105 on the gateway 104.
The URL decode engine 106 converts the encrypted URL into an unencrypted form 114 as described below, which is passed to the content retrieval process (pseudo-client) 107. The pseudo-client 107 acts on behalf of the real client 100 to request the URL from the server 110 The server returns the requested information 115 which may contain further URLs each a reference to another set of information.
The pseudo-client 107 passes the retrieved information 115 back to the pseudoserver 105 through the URL encode engine 108. The encode engine 108 replaces each URL in the original information 115 with an encoded encrypted URL in the information response sent to the client 116, as described in detail below.
The user of the client system 100 may instruct the client software 102 to select a new URL from the response 116 returned in the previous request and so repeat the sequence of request and response. The simple case is where the user directly requests a URL contained in the previous response 116, the encoded URL is used directly to submit to the gateway 104 for the next request.
In the case where the information returned to the client system includes active content which contains programmatic instructions to be interpreted by the client software 102, these instructions may specify how the client software should manipulate a received URL to construct a new URL before submitting a subsequent request.
Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 13 Referring now to Table 4, there is shown a table illustrating the manipulations to a URL which may be made by active content. The simple case described above, where no manipulation is made by active content is shown first. Table 4 shows that all manipulations by Active Content produce valid results TABLE 4 Base Encoded URL Relative IJRL Resulting Encoded IJRL applied by the active 401 http://gatewayl.com/cryptIFDoQ http://gatewayl.com/crypt/FDoQGw GwsLCi4+CCg+HQALBSMwDz sL~i4-ftCg+HQALBSMwDzwQG _______wQGSIQBSYxGjsYKxOo/X/X SIQBSYxGjsYKxOo/X/X 402 http://gatewayl.comi/crypt/FDoQ page2.html http://gatewayl.com/crypt/FDoQGw GwsLCi4-iCCg+HQALBSMwDz sLCi4+CCg±HQALBSMwDzwQG wQGSIQBSYxGjsYKxOo/X/X SIQBSYxGjsYKxOo/XI 403 http://gatewayl.com/crypt/FDoQ folderb/page3 .html http://gatewayl.coni/crypt/FDoQGw GwsLCi4-lCCg+HQALBSMwDz sLCi4+CCg+HQALBSMwDzwQG wQGSIQBSYxGjsYKxOo/X/X SIQBSYxGjsYKxOo/folderb/ page3.htuml 404 http://gatewayl.com/crypt/FDoQ /page4.html http://gatewayl.com/crypt/FI~oQGw GwsLCi4+CCg-iHQALBSIVwDz sLCi4+CCg±HQALBSMwDzwQG wQGSIQBSYxGjsYKxOoI/JX SIQBSYxGjsYKx~o/page4.html 405 http://gatewayl.corn/crypt/FDoQ /J.otherfolder/page5. http://gatewayl.corn/crypt/FDoQGw GwsLCi4+CCg+HQALBSMwDz htmlA sLCi4+CCg+HQALBSMwDzwQGi wQGSIQBSYxGjsYKxOo/X/X SIQBSYxGjsYKxOo/otherfolder/ 406 http://gateway1.com/crypt/FDoQ page2.htn-l http://gatewayl.comr/crypt/FfloQGw pre-specified GwsLCi4+CCg-IHQALBSMwDz sLCi4+CCg+HQA-LBSMwDzwQG feature wQGSIQBSYxGjsYKxOo/X/X.ins SIQBSYxGjsYKxOo/X/X.nsfl fIX ae.t- 407 http://gatewayl .coni/crypt/FDoQ page2.wml http://gatewayl.comr/crypt/FDoQGw marker GwsLCi4±C~g-I-QALBSMwDz $(user)="bob" sLCi4±CCg±HQA-LBSMwDzwxQG character wQGSIQBSYxGjsYKxOo/$(user) Note 421 SIQBSYxGjsYKxOoibob/ 408 http:J/gatewayl.comi/crypt/FDoQ /newfolder/page6.htmld http://gatewayl .com/newfolder/ absolute URE GwsLCi4-ICCg+HQALBSMwDz page6.html wQGSIQBSYxGjsYKxOo/X/X http://gatewayl.com/cryptlFdoQGw sLCi4+CCg+HQALBSMwDzwQG SIQB3SYxGjsY~xOo/newfolderl page6.html 422 Notes for Table 4 421 Semi-active content may define page variables which may be interpolated into URLs using special marker characters ('T'in this WML example). The resulting URL is dependant upon the relative UIRL and any page variables used in the IJRL.
422 This illustrates the 'absolute path' recovery mechanism described in the invention. The 'HTTP Referer' information supplied by the client is used to recover the encrypted path and gateway information elements and reconstruct a valid request UIRL Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 14 The various alternate manipulations 402, 403, 404, 405, 406, 407 show the range of relative URLs which may be applied by the active content to either the original URL or an encrypted URL supplied in the response 116.
Referring now to Figure 2, there is shown a data flow diagram illustrating the details of the steps of the method of encoding a URL into the output form, in the case where no pre-specified features are included in the input URL.
In the initial step, the input URL 200 undergoes two separate processes: 1) The input URL is encrypted by one of a number of mechanisms 201, in the preferred embodiment the Blowfish symmetric encryption cipher is applied to the URL string and the output encoded in a modified form of base64 encoding to produce the encrypted URL 208; 2) The input URL 200 is processed 202 to extract the path elements of the URL 203. The path elements are processed 204 to produce a number of substitute path elements 205, as many substitute elements 205 are generated as there are path elements in the input URL 203. The substitute elements 205 are merged 206 to produce a composite substitute path 207.
In the subsequent steps, the encrypted URL 208 and the substitute path 207 are merged to provide a composite encrypted URL 210, which is then merged 212 with parameters identifying the location and type of the gateway 211 to produce the final encoded encrypted output URL 213.
This output URL 213 replaces the input URL 200 in the response information 116.
The following pseudo-code describes the steps of the method illustrated in Figure 2, the method of encoding a basic URL.
encode_basic(url) encrypted_url encrypt(url) urlpath extract_path(url) pathparts[] splitatslashes(url_path) substitute path="" foreach path_part in path_parts[] substitute_path=substitute_path+"/X" Substitute Shoet (Rule 26) ROiAU WO 02/39286 PCT/AU01/01434 if (last character(url_path) substitute_path substitute_path+"/" outputurl encryptedurl+substitute_path return output_url Referring now to Figure 3, there is shown a data flow diagram illustrating the details of the steps of the method of encoding a URL into the output form in the case where a pre-specified feature and a pre-specified query string parameter are included in the input
URL.
In the initial step, the input URL 300 undergoes two separate processes: 1) The input URL is encrypted by one of a number of mechanisms 301, in the preferred embodiment the Blowfish symmetric encryption cipher is applied to the URL string and the output encoded in a modified form of base64 encoding, to produce the encrypted URL 312 2) The input URL 300 is processed 302 to extract the path 303 and query elements 304 of the input URL 300. The path 303 element of the input is processed 305 to produce a number of substitute path elements 306, 307, 308, as many substitute elements 306, 307, 308 are generated as there are path elements in the input URL 303. Path elements matching the pre-specified pattern are substituted with elements which conform to the same pattern 307. The query element 304 is examined for pre-specified patterns and a substitute query element 309 is generated conforming to the same pattern. The substitute path 306, 307, 308 and query 309 elements are merged 310 to produce a composite substitute path 311.
In the subsequent steps, the encrypted URL 312 and the substitute path 311 are merged to provide a composite encrypted URL 314, which is then merged 316 with parameters identifying the location and type of the gateway 315 to produce the final encoded encrypted URL output 317.
The following pseudo-code describes the steps of the method illustrated in Figure 3, the method of encoding a URL containing pre-specified path and query string elements. In this pseudo-code, the pre-specified elements are '.nsf in the path and 'seq='in the query string.
Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 16 encode-special(url)
I
encryptedunl encrypt(url) urljpath extractpath(url) query string extract query string(url) pathjparts[] split-at_slashes(urlJpath) substitute-path="" foreach pathpart in pathparts[D
I
if (contains special(path part," .nsf"))
I
substitutejpath substitute-path+"/X.nsf" }else substitute-Path substitutepath+"IX" if (last character(url.path) substitute~path substitutepath±"/" substitute _query-"" if (defined(query string) and contains special(query string," seq"))
I
substitute query 9 seq=-X" output url encrypted url+substitutepath+substitute _query return output url The following pseudo-code describes the steps of the method of encoding a IJRL containing pre-specified marker characters that are recognized by semi-active content. This illustrates an alternative embodiment of Figure 3. In this pseudo-code, the pre-specified marker character is the '$'symbol, a symbol used to mark a page variable in the WML format. In the method illustrated in Figure 3, the step of preparing substitute path and query elements 305 involves selecting the original path or queiy string element as the substitute element when a marker character is found.
encode -marker(url) 1 encryptedurl encrypt(ul) Sbttt he (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 17 urlpath extractpath(url) query-string extract query string(url) pathparts [I=split-at-slashes(urljpatb) substitutepath="" foreach pathpart in pathjarts[J
I
if (contains special(pathjpart,"$")) f substitutepath substitutepath~p athpart I else I substitute-Path substitute-path±"/X" if (last character(urljiath) "I) substitutepath =substltutepath+"/" substitute _query-" if (deflned(query string) and contains special(query string," substitute _query 1+query string
I
output-uri encrypted url~substitutejathIsubstitute query return output url
I
Table 5 is a chart illustrating the URL encoding scheme of the invention when employed with active and semi-active content, showing that the invention remedies the defects of those schemes of the prior art.
TABLE Example Example Original TJRL Example Encoded TUL 501 Encrypted http://serverl/foldera/ hittp://gatewayl.comicrypt/FDoQGwsLCi4+ URL with pagel1.htmnl CCg±IIQALBSMwDzwQGSIQBSYxGjsYK substitute path X~oIX/X elements concatenated 502 Generic Form lI-tPn H://G/Ll/-/LnfEc/XI/-/Xn 503 Encrypted http://serverl/foldera/ http://gatewayl .com/crypt/FDoQGwsLCi4+ URL with specialnsf/pagel .htmnl CCg+HQALBSMwDzwQGSIQBSYxGjsYK identifiable xcoiX/X.nsflX Substitute Sheet (Rule 26) RO/AU WO 02/39286 WO 0239286PCTAU01IO1434 Example Example Original URL Example Encoded UIRL path features Note 521 notespath 504 Generic Form s:IINIP H://G/Ll/-/LnIEc/Xl,'-/Xf/-Xn 505 Encrypted littp://serverl/foldera/ lattp://gatewayl .com/crypt/FDoQGwsLCA4+ TJRL with pricel .php?item--apple&seq=1 CCg+HQA-LBSMwI~zwQGSIQBSYxGjsYK identifiable xOo/XIX?seq=l query string-Nt52 features 506 Generic Form g 1&qf H://G/LI/-/LnIEc/Xl'-/Xn?qf 507 Encrypted http://server I/$(user)/ http://gatewayl .com/cryptlFDoQGwsLCi4+ URI with pagel~wml CCg+1HQALBSMwI~zwQGSIQBSYxGjsYK identifiable xOoI$(user)/X marker characters WML macros 508 Generic 5orm s://NIP l!-/PmI-YPn H://GILl/-/LnIEc/Xlb'-/PmI-/Xn 509 Encrypted http://serverl/foldera/ littp://gatewayl .com/crypt/FDoQGwsLCi4+ TiRE with page 1 wri1?amount-4price CCg-iHQALBSMwDzwQGSIQBSYxGjsYK identifiable xoo/X/X?amount=$Sprice marker characters ini query string 510 Generic Form s:I/NIPl/-/Pn?Qm H://G/L1/-/LnIEc/Xl/-/Xn?Qm 511 UIRL with http://serverl/newfolder/page6. http://gateway1.coni/newfolder/Page6.ht1i missing html?itemw-apple http referrer information encrypted elements and gateway parameters 512 Generic Form s:I/N/P 1/-/Pn?Q H://G/Pl/-/Pn?Q http referrer information Notes for Table Ec Anencrypted string of characters encoding the entire Original TiRL In the preferred embodiment, the form 'Ec' does not include the 'I character, although this is not an absolute requirement.
XAn Substitute ('dummy) path elements (parts), where the numnber of parts Vn is the same (or greater than) the number of parts in the Original TJRL (P 11-/Pa). The substitute path element shown in example 501 is the 'X character, though any character sequence may be used. In te preferred embodiment, the sequence consists of a single character which is unlikely to be te same as any path element P1-Pa.
Pf Aninstance of a path element P 1-Pu which contains a pre-specified feature Xf Asubstitute path element which contains the same pre-specified feature as element Pf qi-qa Sub elements of the query string Q Qf Asub element which contains a pre-specified feature Pm Aninstance of a path element P 1-Pn which contains identifiable marker characters Qm A query sting element which contains identifiable marker characters Substitute Sheet WO 02/39286 PCT/AU01/01434 Key Notes for Table Note 521 rhis example recognizes the feature '.nsf in the original URL and preserves the feature in the modified URL.
Note 522 This example recognizes the feature 'seq=' in the query string of the original URL and reserves the feature in the modified URL.
Referring now to Figure 4, there is shown a data flow diagram illustrating the details of the steps of the method of decoding a URL presented in the encoded form of the invention. The encoded input URL 401 illustrates the results of the output URL 317 of Figure 3 after manipulation by active content.
The encoded input URL 401 is processed 402 to remove elements identifying the gateway and gateway parameters to produce the composite encrypted URL 403. The composite encrypted URL is split into the encrypted URL 405 and the substitute element 406. The encrypted URL 407 is decrypted to produce the original base URL 409. The original base URL is processed 411 to produce the original host element 430, original path element 414 and original query string 413.
The substitute element 406 is processed 408 to produce the substitute path element 412 and substitute query string 410.
Each of the original path element 414 and the substitute path element 412 are processed 415, 416 to separate them into individual original path elements 417, 418, 419 and substitute path elements 420, 421, 422. There are as many original path elements 417, 418, 419 as there are path elements in the original URL 409. There are as many substitute path elements 420, 421, 422 as there are substitute path elements in the substitute element 406.
Each substitute path element 420, 421, 422 is compared 424, 425, 426 with the corresponding original path element 417, 418, 419. Where the substitute path element has not been modified from the encoded encrypted URL output to the client 317, the original path elements 417, 418 are selected 424, 425 as output elements 427, 428. Where the substitute path element has been modified from or appears in addition to the encoded encrypted URL output to the client 317, the substitute path element 422 is selected 426 as an output element 429 and the original path element 419 is discarded.
The substitute query string 410 is compared with the original query string 413. If Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 the substitute query string is present it is selected as the output query string 43 1. If no substitute query string is present, the original query string 413 is selected as the output query string 43 1.
The original host element 430, the selected output path elements 427, 428, 429 and the selected output query string 431 are combined 432 to produce the final output decoded URL 433 which is passed to the pseudo-client 107.
The following pseudo-code implements the method illustrated in Figue 4, for decoding a URL to produce the original input URL.
decode-ur(input-url) input -url remove gatewayparameters(url) encrypted -uri extract-encrypted url(input uri) substitute-element extract-substitute element(input uri) base_-unl decrypt(encrypted-url) original -host =extract -host(base-url) original-Path =exratpath(basecurl) original query string extract query string(base url) substitutepath extractjpath(substitute-element) substitute query string=extract query strng(substitute-element) snbstitutepathparts [I split-at_slashes(substitute-path) originalpathjpartsil split-at-slashcs(originalpath) new-path foreach substitutepart in substittepathjparts originalpart next(originalJpathparts it (defined(originalpart) and (substitutepart or substitutepart "tX.nsf"~)) new-path new-path originalpart }else new-path new-path snbstitutepart if (last -character(input url) new-path newjpath+"/"
I
if (defined(substitutequery_tring)) Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01I01434 new_query string substitute querystring }else I new_query string original querystring output-url originalhost newath new query string return output url Table 6 is a chart illustrating that the manipulations shown in Table 5 are successfully decoded by the URL decoding scheme of the invention, without being affected by the defects illustrated in Table 3, TABLE 6 Encoded URI Decoded URL 601 http://gatewayl.com/crypt/EDo http://serverl/foldera/pagel.htnm QGwsLCi4+CCg+HQALBSM wDzwQGSIQBSYxGjsYKxOo
/X/X
602 http://gatewayl.com/crypt/FDo http://serverl/folderapage2.htm1 QGwsLCi44CCg4-HQALBSM wDzwQGSIQBSYxGjsYKxOo /X/page2.html 603 http://gatewayl.com/crypt/FDo http://severl/folderb/page3.htn1d QGwsLCi4+CCg+HQALBSM wDzwQGSIQBSYxGjsYKxOo /folderb/Page3 .html 604 http://gatewayl.com/crypt/FDo http://serverl/page4.htm1 QGwsLCi4+CCg+HQALBSM wDzwQGSIQBSYxGjsYKxOo /page4.html 605 http://gatewayl.com/crypt/FDo QGwsLCi4+CCg+HQALBSM wT)zwQGSTQBSYxGjsYKxOo .html 606 http:/Jgatewayl.com/crypt/FDo http:!/serverl/folderaspecial.nsfjpage2.html QGwsLCi4+CCg+IQALBSM wDzwQGSIQBSYxGjsYKxOo /Y/X.nsffpage2.htnl 607 http://gatewayl.com/cryptFDo http:lserverl/bobpage2.vml QGwsL~i4+CCg+HQALBSM wDzwQGSIQBSYxGjsYKxOo /bob/Page.wrnl Referring now to Figure 5, there is shown a data flow diagram illustrating the detail of the steps of the method of recovering encrypted path and gateway information from URLs which are presented by the client system without these elements. This situation occurs when active content attempts to specify an absolute path element when Substitute Sheet (Rule 26) RO/ATT WO 02/39286 PCT/AU01/01434 22 manipulating a URL, as illustrated in Table 5 at 508.
The input URL 501 does not contain any encrypted path component or gateway identifying information. The gateway can identify this situation, in the preferred embodiment, this case is detected by the '404 NOT FOUND' error detection mechanism and determine that it should handle this condition using the method illustrated in figure The input client request 500 comprises of the said input URL 501 and other additional HTTP request information 502. One element of the HTTP request information is extracted 503 to provide the 'Referrer' element 505. The Referrer element is processed 506 to remove the substitute path and query elements, leaving the base encrypted URL and gateway information 507.
The input URL 501 is processed 504 to extract the input path and any query elements 508.
The base encrypted URL and gateway information 507 is merged 509 with the input path and query elements 508 to provide a complete input URL 510. This input URL 510 represents the corrected form of the encoded URL which is provided as the input URL 401 to the steps illustrated in Figure 4.
The following pseudo-code implements the method illustrated in Figure 5, the method of recovering encrypted path and gateway information from URLs which are presented by the client system without these elements.
recover_url(u(rl,input_request_information) referer extract_http_header( input request_information,"Referer") base_encrypted_url extract host(url) extract_gateway_params(url) extract_encrypted_element(url) input_path_and_query extractpath_and_query_strg(ig(inputurl) complete inputurl base_encrypted_url input_path_andquery return completeinput_url Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 23 It will be appreciated that, unlike the prior art, the invention comprises an apparatus and method of encoding for both re-writing and encrypting URLs that provides the privacy and security benefits of encrypted URLs whilst retaining compatibility with the use of relative URLs in active content. The invention also provides an apparatus and method of decoding the re-written encrypted URLs after manipulation by a browser to recover the original or new URL.
Furthermore, an enhancement of the invention provides an apparatus and method for recovering encrypted URL information and gateway information from requests where active content has modified a re-written encrypted URL in such a way as to remove the encrypted path element or other gateway information. The invention maintains compatibility with the class of active content which searches for specific features in URLs whilst minimizing any loss of the privacy provided by URL encryption. The invention also maintains compatibility with the page variable mechanism used by the class of semi-active content.
Unlike prior art systems, the invention optimally encrypts URLs which contain a query string element, which generally protects the content of the query string whilst allowing the browser to submit an alternative query string when required to do so via user input.
Throughout the specification the aim has been to describe embodiments of the invention without limiting the invention to any specific combination alternate features.
Substitute Sheet (Rule 26) RO/AU
Claims (14)
1. A method of encoding a remote record identifier to an encrypted rewritten record identifier including the steps of: separating the remote record identifier into a base remote record identifier portion and a path and/or query portion; encrypting said base remote record identifier portion to form an encrypted base remote record identifier portion; processing said path and/or query portion to produce a substitute path and/or query element for each path and/or query; merging the substitute path and/or query elements to produce a composite substitute path and/or query portion; merging the composite substitute path and/or query portion with the encrypted base remote record identifier portion to produce a composite encrypted remote record identifier; and merging the composite encrypted remote record identifier with gateway parameters to form said encrypted rewritten record identifier.
2. The method of claim 1 wherein the step of processing said path and/or query portion involves substituting each path and/or query having a pre-specified pattern with a substitute path and/or query element conforming to the same pattern.
3. The method of claim 1 wherein the gateway parameters include location and type.
4. A method of decoding an encrypted rewritten record identifier to a remote record identifier including the steps of: separating gateway parameters from said encrypted rewritten record identifier to produce a composite encrypted' remote record identifier; splitting said composite encrypted remote record identifier into an encrypted base remote record identifier portion and a composite substitute path and/or query portion; splitting the composite substitute path and/or query portion into substitute path and/or query clcments; processing each substitute path and/or query element to produce a path and/or query portion; decoding said encrypted base remote record identifier portion to a base remote record identifier portion; Substitute Sheet (Rule 26) RO/AU WO 02/39286 PCT/AU01/01434 combining said base remote record identifier portion and said path and/or query portion to form said remote record identifier.
The method of claim 4 wherein the step of processing each substitute path and/or query element involves substituting each path and/or query element having a pre-specified pattern with a substitute path and/or query conforming to the same pattern.
6. The method of claim 4 wherein the gateway parameters include location and type.
7. A method of mediating encrypted communication between a client system and a server system including the steps of: at a client system, encoding a remote record identifier to an encrypted rewritten record identifier by: separating the remote record identifier into a base remote record identifier portion and a path and/or query portion; encrypting said base remote record identifier portion; processing said path and/or query portion to produce a substitute path and/or query element for each path and/or query; merging the substitute path and/or query elements to produce a composite substitute path and/or query portion; merging the composite substitute path and/or query portion with the encrypted base remote record identifier portion to produce a composite encrypted remote record identifier; and merging the composite encrypted remote record identifier with gateway parameters to form said encrypted rewritten record identifier; transmitting the encrypted rewritten record identifier to a gateway system; at a gateway system, decoding the encrypted rewritten record identifier to the remote record identifier by: separating gateway parameters from said encrypted rewritten record identifier to produce a composite encrypted remote record identifier; splitting said composite encrypted remote record identifier into an encrypted base. remote record identifier portion and a composite substitute path and/or query portion; splitting the composite substitute path and/or query portion into substitute path Substitute Sheet (Rule 26) RO/AU PCT/AU01/01434 Received 07 October 2002 26 and/or query elements; processing each substitute path and/or query element to produce a path and/or query portion; decoding said encrypted base remote record identifier portion to a base remote record identifier portion; combining said base remote record identifier portion and said path and/or query portion to form said remote record identifier; retrieving from said server system information identified by said remote record identifier; and forwarding the information to the client system.
8. The method of claim 7 further including the step of encrypting said information identified by said remote record identifier prior to forwarding the information to the client system.
9. The method of claim 8-further including the step of encoding remote record identifiers in the information identified by said remote record identifier.
10. An apparatus for encoding a remote record identifier to an encrypted rewritten record identifier comprising: means for separating-the remote record identifier into a baseremote record identifier portion and a path and/or query portion; means for encrypting said base remote record identifier portion to form an encrypted base remote record. identifier portion; means for processing said path and/or query portion to produce a substitute path and/or query element for each path and/or query; means for merging the substitute path and/or query elements to produce a composite substitute path and/or query portion; means for merging the composite substitute path and/or query portion with the encrypted base remote record identifier portion to produce a composite encrypted remote record identifier; and means for merging the composite encrypted remote record identifier with gateway parameters to form said encrypted rewritten record identifier.
11. An apparatus for decoding an encrypted rewritten record identifier to a remote record identifier comprising: means for separating gateway parameters from said encrypted rewritten record identifier to produce a composite encrypted remote record identifier; means for splitting said composite encrypted remote record identifier into an AMENDED SHEE7' IPENA/U PCT/AU01/01434 Received 07 October 2002 .27 encrypted base remote record identifier portion and a composite substitute path and/or query portion; means for splitting the composite substitute path and/or query portion into substitute path and/or query elements; means processing each substitute path and/or query element to produce a path and/or query portion; means for decoding said encrypted base remote record identifier portion to a base remote record identifier portion; means for combining said base remote record identifier portion and said path and/or query portion to form said remote record identifier.
12. The apparatus of claim 10 wherein said apparatus includes a gateway for mediating communication between a client system and a server system.
13. The apparatus of claim 12, wherein said gateway includes: means for establishing communication between said gateway and one or more communication networks; an encode engine for encoding remote record identifiers; a protocol engine for processing communication received or sent by said means for establishing communication and identifying encrypted remote record identifier elements; a decode engine processing said encrypted-remote record identifier elements to produce an unencrypted remote record identifier; and a content retrieval means for retrieving content identified by said unencrypted remote record identifier.
14. The apparatus of claim 11, wherein said apparatus includes a gateway for mediating communication between a client system and a server system. The apparatus of claim 14, wherein said gateway includes: a protocol engine for processing communication received or sent by said means for establishing communication and identifying encrypted remote record identifier elements; a decode engine processing said encrypted remote record identifier elements to produce an encrypted remote record identifier; and a content retrieval means for retrieving content identified by said encrypted remote record identifier. AMENDED SHEET rIPEAU
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2002213673A AU2002213673B2 (en) | 2000-11-07 | 2001-11-07 | Encoding of universal resource locators in a security gateway to enable manipulation by active content |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPR1293 | 2000-11-07 | ||
| AUPR1293A AUPR129300A0 (en) | 2000-11-07 | 2000-11-07 | Encoding of universal resource locators in a security gateway to enable manipulation by active content |
| AU2002213673A AU2002213673B2 (en) | 2000-11-07 | 2001-11-07 | Encoding of universal resource locators in a security gateway to enable manipulation by active content |
| PCT/AU2001/001434 WO2002039286A1 (en) | 2000-11-07 | 2001-11-07 | Encoding of universal resource locators in a security gateway to enable manipulation by active content |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU2002213673A1 AU2002213673A1 (en) | 2002-07-25 |
| AU2002213673B2 true AU2002213673B2 (en) | 2006-07-27 |
Family
ID=39339642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2002213673A Ceased AU2002213673B2 (en) | 2000-11-07 | 2001-11-07 | Encoding of universal resource locators in a security gateway to enable manipulation by active content |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2002213673B2 (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11177629A (en) * | 1997-12-11 | 1999-07-02 | Nippon Telegr & Teleph Corp <Ntt> | Security gateway server, www server url concealing method using the server and recording medium recording www server url concealing program |
| US6081842A (en) * | 1996-04-02 | 2000-06-27 | National Semiconductor Corporation | Method and apparatus for encoding and using network resource locators |
-
2001
- 2001-11-07 AU AU2002213673A patent/AU2002213673B2/en not_active Ceased
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6081842A (en) * | 1996-04-02 | 2000-06-27 | National Semiconductor Corporation | Method and apparatus for encoding and using network resource locators |
| JPH11177629A (en) * | 1997-12-11 | 1999-07-02 | Nippon Telegr & Teleph Corp <Ntt> | Security gateway server, www server url concealing method using the server and recording medium recording www server url concealing program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20030037232A1 (en) | Encoding of universal resource locators in a security gateway to enable manipulation by active content | |
| US7584500B2 (en) | Pre-fetching secure content using proxy architecture | |
| Sun et al. | Handle system overview | |
| US7373406B2 (en) | Method and system for effectively communicating file properties and directory structures in a distributed file system | |
| EP1346548B1 (en) | Secure session management and authentication for web sites | |
| Krishnamurthy et al. | Key differences between HTTP/1.0 and HTTP/1.1 | |
| Berners-Lee et al. | Uniform resource identifier (URI): Generic syntax | |
| US8365271B2 (en) | Controlling access of a client system to access protected remote resources supporting relative URLs | |
| Berners-Lee et al. | RFC 3986: Uniform resource identifier (uri): Generic syntax | |
| US6725214B2 (en) | Apparatus and method to support management of uniform resource locators and/or contents of database servers | |
| US6321242B1 (en) | Re-linking technology for a moving web site | |
| US6732277B1 (en) | Method and apparatus for dynamically accessing security credentials and related information | |
| US9578123B2 (en) | Light weight portal proxy | |
| US20170142116A1 (en) | Dynamic encryption of a universal resource locator | |
| US8539224B2 (en) | Obscuring form data through obfuscation | |
| US6633915B1 (en) | Personal information management apparatus and customizing apparatus | |
| US20030061275A1 (en) | Method and system for remotely managing persistent state data | |
| GB2418999A (en) | Categorizing uniform resource locators | |
| US7454506B2 (en) | Method for maintaining state information on a client | |
| US20080276005A1 (en) | Method and apparatus for translating web addresses and using numerically entered web addresses | |
| US20050138004A1 (en) | Link modification system and method | |
| JP5347429B2 (en) | Uniform resource locator rewriting method and apparatus | |
| KR101109371B1 (en) | System and method for name resolution | |
| Jackson | Web Technologies | |
| US20010037302A1 (en) | Data web object host discovery system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |