公开(公告)号：US08996855B2

公开(公告)日：2015-03-31

申请号：US13676730

申请日：2012-11-14

Applicant: Research In Motion Limited ,  Certicom Corp.

Inventor： Alexander Sherkin ,  Gregory Marc Zaverucha ,  Alexander Truskovsky ,  Michael Matovsky ,  Osman Zohaib Arfeen

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/0823 ,  H04L63/166

Abstract: A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.

Abstract translation: 当由处理器执行时，客户端应用程序可操作以创建包含包含机密值的目标报头的超文本传输​​协议（HTTP）请求。 HTTP请求将通过安全套接字层（SSL）3.0连接或传输层安全（TLS）1.0连接发送到Web服务器。 客户端应用程序在其HTTP层实现了对块选择边界攻击的对策。 客户机应用程序生成一个额外的标头，其标题名称不能由Web服务器识别，并将附加标头插入到目标标题之前的HTTP请求中，从而创建修改的HTTP请求。 修改的HTTP请求将通过SSL 3.0连接或与服务器的TLS 1.0连接发送，而不是未修改的HTTP请求。