1. Technical Field
This disclosure relates generally to securing data messages over a communication network.
2. Background of the Related Art
Asynchronous JavaScript and XML (collectively referred to as AJAX) are well-known technologies that allow user interaction with Web pages to be decoupled from the Web browser's communications with a Web server. AJAX is built upon dynamic HTML (DHTML) technologies including: JavaScript, a scripting language commonly used in client-side Web applications; the Document Object Model (DOM), a standard object model for representing HTML or XML documents; and Cascading Style Sheets (CSS), a style sheet language used to describe the presentation of HTML documents. In AJAX, client-side JavaScript updates the presentation of a Web page by dynamically modifying a DOM tree and a style sheet. In addition, asynchronous communication, enabled by additional technologies, allows dynamic updates of data without the need to reload the entire Web page. These additional technologies include XMLHttpRequest, an application programming interface (API) that allows client-side JavaScript to make HTTP connections to a remote server and to exchange data, and JavaScript Serialized Object Notation (JSON), a lightweight, text-based, language-independent data-interchange format.
JSON is based on a subset of the JavaScript Programming Language, Standard ECMA-262, 3rd Edition, dated December 1999. It is also described in Request for Comment (RFC) 4627. JSON syntax is a text format defined with a collection of name/value pairs and an ordered list of values. JSON is very useful for sending structured data over the wire (e.g., the Internet) that is lightweight and easy to parse. It is language-independent but uses conventions that are familiar to C-family programming conventions. Further information about JSON can be found as json.org.
Currently, JSON messages are secured over the wire using mere transport security (such as SSL), which only provides point-to-point message security. The data in the message, however, is provided in the clear and, as a result, such data can still be compromised through various means, such as by malicious altering by an attacker, or accidental altering through transmission errors.
There remains a need to add data confidentiality protection to JSON messages.