Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-08-02
2004-10-12
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C709S203000, C713S180000, C713S193000, C713S194000, C713S152000, C713S152000
Reexamination Certificate
active
06804778
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to the field of data communications and especially to verification of outgoing data.
BACKGROUND OF THE INVENTION
A WWW server is an excellent target for hackers and for other miscreants who desire to have their exploits publicized. The server usually has a captive audience that downloads information (usually WWW pages) from the server. By modifying the information sent out by the server, such a miscreant publishes his exploits. For the owner of the server, the damage is disproportionate—the credibility of the server is severely reduced. In addition, erroneously published information may directly harm the server's owner, for example, by misrepresenting prices of services. The server owner would like to be able to stand behind what is “published” at the WWW site.
There appear to be two approaches in the art to avoiding interference with WWW services. A digital signature approach puts the onus on the receiver of a document (data) to verify that the document is what it purports to be. If the document does not match its attached signature, the receiver can assume that the document is bogus or corrupted. This solution, however, requires that the receiver be able to validate the document using the signature, typically requiring a copy of a public encryption key used by the signing protocol.
A security approach attempts to nullify the possibility of an outside break-in into the WWW server, for example using a firewall, so that it can be assumed that any information provided by the server is not adulterated by an outside hacker. Unfortunately, constructing a completely secure system is difficult, if not impossible, and miscreants are unusually creative in their efforts to “hack” into supposedly secure systems. An even greater problem is internal security. A disgruntled employee can bypass many security features by working at his computer terminal, inside the server physical location or by using a password which is known to him.
In addition, some secure systems disseminate information to a requester only after the requester's identity has been verified (usually using a password) and his permission to access the information confirmed.
Some types of firewall block requests for transmission of certain named files.
U.S. Pat. 4,672,572, the disclosure of which is incorporated herein by reference, describes various protection schemes for computer networks. One of the described schemes is a command filter which can monitor data transfers which pass through it and detect, block or modify sensitive information being transferred or sensitive commands from being carried out.
Recently, mail servers have been patched with software code that prevents the transmission of messages which appear to contain certain viruses.
The tripwire software and various virus detection software maintain a list of signatures of files. If one of the files is corrupted and does not match its signature, a system operator may be altered. In a virus detection system such a determination of mismatch may be made when a file is loaded into a computer memory for execution. In some systems, files are checked against their signatures periodically.
SUMMARY OF THE INVENTION
An object of some preferred embodiments of the invention is to assure the quality of data being published at a WWW site. In a preferred embodiment of the invention, incorrect content is prevented from being disseminated, irrespective of the manner in which it was generated (e.g., mistake, disgruntled employee or hacker).
An aspect of some preferred embodiments of the invention relates to a method of verifying, by a data provider, that data which is provided meets certain quality assurance criteria. In a preferred embodiment of the invention, data is checked before it is transmitted from the data provider, to determine if it meets the certain criteria. In a preferred embodiment of the invention, data is stamped with a digital signature. Preferably, the signature is determined by the time at which it is created and/or the time at which it is checked. Alternatively or additionally, the signature is determined based on the document contents. Thereafter, when the data is to be sent out, an output monitor checks that the data matches its signature. In some cases, some types of data may be stamped with a signature indicating that no quality assurance checking is to be performed. Preferably, the data is transmitted by Internet, for example using an HTTP protocol, an ftp protocol or an e-mail protocol. As used herein, the terms “quality control” and “quality assurance” relate to how data is assembled, generated and/or approved for transmission, not to security considerations.
An aspect of some preferred embodiments of the invention relate to data redress by an output monitor. In a preferred embodiment of the invention, a copy of some or all the data which can be transmitted is stored at a secure location. When data is proscribed from being transmitted, for example for reason of it being tampered, the output monitor obtains a “clean” copy of the data from the secure location and transmits the clean data instead. In some cases, the clean data may be more limited than the original data, for example a message which indicates that data is not being transmitted. Alternatively, proscribed data is not transmitted, so that transmitted WWW pages contain blank areas. Alternatively, a standard message is transmitted, to fill in the blank areas. Alternatively or additionally, the transmitted WWW page is modified so that the page appears not to be missing data and/or so that the distortion of the page is minimized. Alternatively, the altered data is allowed to go out, with an additional message, for example, to warn the user of possible corruption. An example of such a message is a disclaimer of warranty for the content of the data. Another example of a message is a warning that the data may be incorrect.
An aspect of some preferred embodiments of the invention relates to extending the data verification to a user of the data, preferably without an intermediate. In a preferred embodiment of the invention, a user can request that certain display objects be provided as verified objects. Alternatively or additionally, a user viewing program (for instance a browser) can indicate to a user if a displayed object is verified, bogus or does not require a signature.
An aspect of some preferred embodiments of the invention relates to extending the data verification to the verification of requests by a user. In a preferred embodiment of the invention, when a user request is received, the request is stamped so that it cannot be modified inside the server without the modification being detected. Thus, when the response to the request is sent out, it is possible to verify that the response matches the query, i.e., is appropriate and not corrupted.
There is therefore provided in accordance with a preferred embodiment of the invention, a method of data transmission comprising:
receiving a request for data over an Internet, by a data provider;
obtaining data, in response to said request, at said data provider;
assuring a quality of said obtained data, responsive to said request, at said provider; and
transmitting said data over said Internet responsive to said assurance. Preferably, assuring a quality comprises assuring that said data is pre-approved for transmission. Alternatively or additionally, assuring comprises verifying a digital signature of said data. Preferably, verifying comprises applying a public-key decryption to said digital signature. Alternatively or additionally, verifying comprises applying a secret-key decryption to said digital signature.
In a preferred embodiment of the invention, said assuring comprises comparing said data to said request. Alternatively or additionally, assuring comprises comparing said data to stored data. Alternatively or additionally, assuring comprises checking secure information associated with said data. Alternatively or additionally, assuring comprises checking a limited usage-code associated
Feitelberg Rafael
Levi Shaul
Topaz Assaf
Fenster & Company
Gilian Technologies, Ltd.
Moorthy Aravind
Sheikh Ayaz
LandOfFree
Data quality assurance does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data quality assurance, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data quality assurance will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3266037