Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-07-30
2004-07-06
Sheikh, Ayaz (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S155000, C709S203000, C709S227000
Reexamination Certificate
active
06760844
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a security system for validating Web-Based requests, and more specifically, to a security system whereby web browser users can interact with transaction applications implemented using an incompatible security technique.
2. Description of the Prior Art
The methods by which companies conduct business with their customers are undergoing fundamental changes, due in large part to World Wide Web technology. In addition, the same technology that makes a company accessible to the world, may be used on internal company networks for conducting operational and administrative tasks.
One of the technologies underlying the World Wide Web is the web browser. Web browsers have become a de facto user interface standard because of their ability to interpret and display information having standard formats (e.g., HyperText Markup Language (HTML), standard test, GIF, etc.). Client software programs, popularly referred to as web browsers (e.g., Mosaic, Netscape Navigator, Microsoft Internet Explorer, etc.), execute on client systems and issue requests to server systems. The server systems typically execute HyperText Transport Protocol (HTTP) server programs which process requests from the web browsers and deliver data to them. The system that executes an HTTP server program and returns data to the web browser will hereinafter be referred to as a Web Server System. An HTTP server program itself will be referred to as a web server.
A Web Server System has access to on-line documents that contain data written in HyperText Markup Language (HTML). The HTML documents contain display parameters, capable of interpretation by a web browser, and references to other HTML documents and web servers (source: World Wide Web: Beneath the Surf, from UCL Press, by Mark Handley and Jon Crowcroft, on-line at http://www.cs.ucl.ac.uk/staff/jon/book/book.html).
As web browsers are making their mark as a “standard” user interface, many businesses have a wealth of information that is managed by prior art data base management systems such as DMS, RDMS, DB2, Oracle, Ingres, Sybase, Informix, and many others. In addition, many of the database management systems are available as resources in a larger transaction processing system. There are also mission critical applications which still reside on enterprise servers, since these type of systems have resiliency and recovery features historically not available on other smaller types of servers.
One key to the future success of a business may lie in its ability to capitalize on the growing prevalence of web browsers in combination with selectively providing access to the data that is stored in its databases. Common Gateway Interface (CGI) programs are used to provide web browser access to such databases.
The Common Gateway Interface (CGI) is a standard for interfacing external applications, such as web browsers, to obtain information from information servers, such as web servers. The CGI allows programs (CGI programs) to be referenced by a web browser and executed on the Web Server System. For example, to make a UNIX database accessible via the World Wide Web, a CGI program is executed on the Web Server System to: 1) transmit information to the database engine; 2) receive the results from the database engine; and 3) format the data in an HTML document which is returned to the web browser. CGI variables typically include information such as the IP address of the browser, or the port number of the server.
Often associated with CGI Variables, cookies are packets of information which may be sent back to a user system after the user accesses a web site. These packets of information indicate how a user utilized various functions associated with the site. This information will be stored on the user system along with the Uniform Resource Locator (URL) for the web site, and the information is passed back to the server if the user accesses the web site again.
Server software uses the user history provided by the cookies to make decisions regarding how the user request is to be handled. For example, assume the web site involves history. The cookie information will inform the server that the current request is from a user interested in the Civil War. This allows the server to provide the user with advertisements on books related to the Civil War.
There is a growing need for greater assurances that information being passed along the Internet is secure and will not be intercepted. Some of the problems involved with Internet hacking include stolen access, stolen resources, email counterfeiting, vandalization, and Internet agents (worms) (source: Matteo Foschetti, Internet Security, California State University, Fullerton, April 1996, available on-line at: http://www.ecs.fullerton.edu/~foschett/security.html). Many consumers have the general perception that transacting business on the Internet is not safe, thus they are reluctant to participate in Internet activities such as online shopping, sending messages, submitting to newsgroups, or web surfing. Although some people's perception of Internet security breaches may be somewhat overblown, figures do prove the vulnerability of the Internet. It has been estimated that over 80% of all computer crimes take place using the Internet. With over 30,000 interconnected networks and 4.8 million attached computers including over 30 million users, there is a legitimate Internet security concern.
Businesses are faced with the challenge of adapting their present usage of yesterday's technology to new opportunities that are made available with the World Wide Web. Most business application software and underlying databases are not equipped to handle interaction with web browsers. It would therefore be desirable to have a secure, flexible and efficient means for allowing interoperability between enterprise-based business application software and the World Wide Web. Unfortunately, because many of the existing commercial data base systems were implemented before the internet, they often times have different and incompatible security approaches from those utilized by commercially available web browsers.
SUMMARY OF THE INVENTION
The present invention overcomes many of the disadvantages associated with the prior art by providing a system and method which allows the secure interchange of transaction information between a web browser user employing a first security approach and an existing On-Line Transaction Processing (OLTP) enterprise server employing a second security approach. Previously, it was necessary to conform the web browser and enterprise server security systems, or conduct only unprotected and non-secure transactions.
Many existing OLTP systems have security systems with closed and application imbedded security logic. These techniques developed in an era in which user terminals tended to lack the processing capability to actively participate in the security effort. However, current web based systems have basic user terminals which are personal computers having substantial processing capability. As a result, open and terminal intensive security systems have become the norm.
As a result of the need to add security provisions to web based applications and the availability of user terminal processing capability, the current commercial browsers (e.g., Microsoft Internet Explorer, Netscape Navigator, etc.) have been equipped with Secure Socket Layer (SSL) and other standardized security techniques. These standardized approaches are most concerned with providing security for each individual data transfer. Wherein as this type of security is important, it is primarily directed to web information gathering activities.
Many typical existing applications on the OLTP enterprise servers involve transaction sessions. These require a user to “sign-on” with a user-id and password. The purpose of this sign-on is to identify the user and the user's level of access to the OLTP enterprise server. Following validation of the user-id and password, the user typically interacts w
LeBlanc Wayne J.
McCarthy Thomas E.
Baum Ronald
Johnson Charles A.
Nawrocki, Rooney & Sivertson P.A.
Sheikh Ayaz
Starr Mark T.
LandOfFree
Secure transactions sessions does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure transactions sessions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure transactions sessions will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3252564