Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-08-28
2001-09-04
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06286098
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a system and method for encrypting audit information in network applications. More particularly, the present invention relates to a system and method for encrypting and storing information transmitted between a client and a server environment during a user session that can be used to recreate the user session or to later verify that a particular event occurred during the user session.
2. Discussion of the Related Art
In a network application, also referred to as a client/server application, a client requests information from a server. In response to each request, the server provides information to the client. A typical server may be responding to several hundred clients at one time, while the client may access several servers intermittently and over a very short period of time. As a result of the very dynamic nature of such applications, problems associated with the application are difficult to isolate, repeat, and/or diagnose. Furthermore, such problems are difficult to attribute to either the server or the client.
Another problem associated with network applications, particularly those dealing in electronic commerce (“e-commerce”), is that the precise behavior of the purchaser during the transaction is difficult to ascertain and even more difficult to evaluate or understand. For example, website developers may wish to understand how a particular buyer using an e-commerce application navigates through the website to purchase an item. Given the nature of conventional network applications, such understanding is difficult to obtain.
Yet another problem associated with network applications, particularly those where data associated with the user session is stored is security and privacy. Clients may be adverse to data regarding their users sessions being stored. Servers may be adverse to information regarding their clients' and their associated behavior susceptible to access by competitors.
Still yet another problem associated with network applications is that clients and servers are unable to verify or prove that certain events (e.g., purchases, etc.) occurred during a particular user session.
Other problems exists with network applications, some of which are discussed in further detail below. A need exists for a system and method for auditing network applications that solves the problems described herein.
SUMMARY OF THE INVENTION
Accordingly, the present invention is directed to a system and method for encrypting audit information in network application. In particular, the present invention captures requests and responses sent between a client and a server during a particular user session of a network application. The present invention encrypts either the entire user session or portions of the user session to maintain privacy, provide security, and/or permit verification of the events that occurred during the user session. The present invention stores the encrypted user session (or portion thereof) in an auditor storage. The present invention distributes the key used to encrypt the user session to the participants. Subsequently, the present invention retrieves the user session from the auditor storage, retrieves the necessary keys from participants, and decrypts the user session.
One of the features of the present invention is that a user session, or a portion thereof, is privately and securely stored in the auditor storage. In one embodiment, the user session can only be decrypted with the knowledge and permission of each of the participants to the user session much like a safety deposit box.
Another feature of the present invention is that particular events can be verified as having occurred during the user session. In other words, a client can show that, for example, he performed a particular transaction (e.g., made an electronic purchase) during the user session. The client does so by providing the server or an appropriate third party information that corresponds to and demonstrates the occurrence of a particular event during the user session.
Additional features and advantages of the present invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the process particularly pointed out in the written description and claims hereof as well as the appended drawings.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.
REFERENCES:
patent: 5463547 (1995-10-01), Markowitz et al.
patent: 5825880 (1998-10-01), Sudia et al.
patent: 5832458 (1998-11-01), Jones
patent: 5848396 (1998-12-01), Gerace
patent: 5867578 (1999-02-01), Brickell et al.
patent: 5903652 (1999-05-01), Mital
patent: 0 843 449 (1998-05-01), None
patent: WO 98/25372 (1998-06-01), None
patent: WO 98/36520 (1998-08-01), None
patent: WO 00/13371 (2000-03-01), None
Matt Bishop, A Model of Security Monitoring, IEEE Department of Mathematics and Computer Science, 1999, pp. 46-52.
XP-002128785, “Cryptographic Initialization Test,” IBM Technical Disclosure Bulletin, 33:195-198, 1991.
Tsyganskiy Igor
Wenig Robert
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
SAP Aktiengesellschaft
Smithers Matthew
Swann Tod
LandOfFree
System and method for encrypting audit information in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for encrypting audit information in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for encrypting audit information in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2503406