METHOD AND SYSTEM FOR SECURE DATA TRANSMISSION
Technical Field
The present invention relates to secure data transmission and in particular to secure data transmission over a network such as, for example, the world- wide web. Background of the Invention
Systems exist at the present time for secure transmission but the current systems are not as secure as they might be and this has led to a loss of confidence by users when utilising the world-wide web particularly when sending important private information such as credit card numbers. It is considered that this lack of confidence in the security of transaction data is a major inhibiting factor to the growth of transactions via the world-wide web. As a result there is a demand for reliable secure transmission of data in an efficient and cost effective manner. Summary of the Invention
The present invention proposes to transfer data over a network such as, for example, the world-wide web by means of pre-prepared pages which can be stored in an encrypted form ready for transmission to a user. In view of the above, from a first aspect the present invention provides a data-page generation method for generating encrypted data pages suitable for secure transmission across a network, comprising the steps of:- generating one or more data pages containing data; and encrypting at least part of said data pages; characterised in that said generating and encrypting steps are performed in advance of the receipt of requests for transmission of the data pages across the network.
An advantage of the first aspect of the present invention is that it allows for the processing burden of encryption to be performed at opportune
moments in advance of the time when the data page is actually requested. This removes the need for dynamic encryption for all data pages other than those which must be dynamically generated, thus allowing for a reduction in the time needed to service user requests for data pages. By "data pages", we particularly envisage such data pages as
HTML, XML, WML, or any other mark-up language page. The pages preferably contain fields for data values for user-specific data. However, it is not essential that the page be composed in a mark-up language, and any other data structure that can contain data is suitable for use in the present invention, and is intended to be encompassed by our use of the term "data page".
From a second aspect, the present invention also provides a method of secure data transmission across a network, comprising the steps of storing one or more encrypted data pages generated by the data page generation method of any of claims 1 to 9 or the data-page generation system of any of claims 12 to 20; receiving user requests for the encrypted data pages across the network; and transnritting the requested encrypted pages to the user who requested them across the network. An advantage of the second aspect is that user requests for encrypted pages can be serviced in a quicker time than is conventionally the case, due to the pre-encrypted pages being stored ready for transmission upon request. In addition, as the pages have been pre-encrypted then it is possible for a third party page storage provider to store the pages and process user requests therefor, even when the pages may contain sensitive data.
From a third aspect, the present invention further provides a data- page generation system for generating encrypted data pages suitable for secure transmission across a network, comprising:
page generation means for generating one or more data pages containing data; and page encryption means for encrypting at least part of said data pages; said system being characterised in that both said page generation means and said page encryption means are arranged to operate to produce encrypted data pages in advance of the receipt of requests for transmission of the data pages across the network.
In addition, another aspect of a present invention provides a system for secure data transmission across a network, comprising:- page storage means for storing one or more encrypted data pages generated by the data page generation system of any of claims 12 to 20 or the data-page generation method of any of claims 1 to 9; page request receipt means for receiving user requests for the encrypted data pages across the network; and page transmission means for transmitting the requested encrypted pages to the user who requested them across the network.
The third and fourth aspects have the same advantages as the above described first and second aspects respectively. In the case where the web page contains standard information such as would be present in a form which requires completion by a user, all the page can be encrypted including certain user input and/or subsequently generated data. Alternatively, only the user input and/or subsequently generated data included is a pre-formatted page. The present invention is particularly useful with the method and system for multi-user access of a database which is described in our earlier UK application No 9925841.0 and International patent application No. PCT/GB00/04184 and the contents of the present application should be read in
conjunction with the disclosure of our earlier UK and International patent applications.
Brief Description of the Drawings
Further features and advantages of the present invention will become apparent from a consideration of the following description of a specific embodiment thereof given by way of example only with reference to the accompanying drawings, in which:-
Figure 1 shows a schematic diagram of the overall system architecture of a system which covers the background of the present invention; Figure 2 shows a flow diagram of the basic steps taken in processing a user request;
Figure 3 shows a flow diagram illustrating the process steps in dynamically creating Web pages;
Figure 4 shows a flow diagram illustrating the process steps in updating semi-static pages; and
Figure 5 has a schematic diagram of a modification of the architecture shown in Figure 1 to show an embodiment of the present invention.
Description of an Embodiment An example system architecture of a system which forms the background of the present invention will now be described with reference to Figure 1.
In Figure 1, a user 2 is equipped with a computer arranged to access the Internet using a standard Web browser. When desiring to access the online database, the user can access a Web server 8 by means of the Internet in the usual manner. The Web server 8 is arranged to communicate with an application server 10 which together form means for providing the Website 6. The Website in question consists of a number of user specific Web pages 14, each user having their own Web pages which are accessible only by
themselves. The provision of private Web pages and the security required to implement them are well known in the art, but we prefer to utilise a new security system according to the present invention which has been specially created to take advantage of the structure about to be described. The new security system will be explained in detail later.
Each page of each set of user specific Web pages 14 is divided into one of three types, being static pages 16, semi-static pages 18, and dynamic pages 20. Static pages are Web pages arranged to contain information which does not need to be updated frequently such as information regarding company contact details, product information, etc. etc. These static pages are provided on the Website in the usual manner, and are provided to the user from the Web server upon request in the usual way.
Semi-static pages are Web pages which contain information which must be updated regularly or periodically such as, for example, on a nightly basis. These pages can be pages specifically created and maintained for the user and contain all of their personal information. Furthermore the pages can contain action buttons to allow specific requests and actions to be performed OLTP for the specific user on the information shown on the specific page. For example, where the system is being used for online insurance purposes, a specific user's semi-static page may relate to their own insurance policy and contain all of the policy details. Action buttons can be provided on the page to allow the user to perform various actions on the policy, such as for instance make a claim against the policy.
The third type of page are dynamic pages and these are created dynamically by the back end system 100 to be described later for specific user requests. Many prior art systems provide dynamic page creation, and the use of dynamic pages is well known.
The application server 10 is arranged to communicate with the back end system 100 which comprises a parser means 34 provided with an
associated file system 38, the parser means being arranged to communicate with a database access means 32 which accesses the central database 50. For example, when used in an insurance application, the central database 50 may be the insurance company's central database containing records of all of their policy holders together with the present states of their insurance policies. System adininistration means 40 can be provided in order to directly access the parser means, the database access means, and the Website in the form of the Web server and application server.
From a consideration of the above-described architecture, it will be apparent that the information in the central database 50 is centrally and collectively stored therein for each and every user, but that at least parts of this information are recreated privately for each user on the respective private user specific Web pages. This architecture eliminates the need for the back end system to have to access the data base to service each user request by dividing the information into user specific Web pages, which are themselves static, semi-static, or dynamically created.
The process which the system utilises in processing a user request for information is shown in Figure 2. Herein, at step 202 a user uses a computer equipped with a standard Web browser to request information from the respective user specific Web pages. The request is in the form of a universal resource locator (URL) which identifies the Web page required, and is transmitted to the Web server 8 by the Internet 4 at step 204. The Web server 8 analyses the request at step 206 to determine whether the Web page requested is a static page, a semi-static page, or a dynamic page. If it is determined that the requested page is a static page or a semi-static page, then the page is transmitted from the server to the user at steps 208 or 210 respectively. If it is determined that the requested page is a dynamically created page which requires data to be retrieved from the central database 50, the request is passed to the back end system 100 for processing and page
creation. Herein, the request is processed at step 212, the data is obtained from the database at step 214, and the obtained data is merged with the Web page at step 216. Steps 212, 214 and 216 constitute process 300 which is described more fully with reference to Figure 3 later. Once the dynamic Web page has been created, it is then transmitted to the user at step 218.
The process for dynamic page creation will now be described with reference to Figure 3.
Where a user has made a request for information which requires data to be dynamically extracted from the central database 50, ie. the user has requested a dynamic Web page, the request is passed from the application server 10 to the parser means provided in the back end system at step 302. The parser examines the URL passed from the application server and obtains the HTML file relating to the URL from the file system 38. The HTML file will contain specialist tags and other flags, and in this respect can more properly be considered to be an XML file. The user means parses the received HTML file at step 306 to locate the specialist tags, and for each tag found calls an appropriate database procedure at step 308 by passing instructions to the database access means. The database access means then executes the database procedure to obtain data from the central database 50 at step 310, and the retrieved data is passed back to the parser at step 312. The parser then merges the retrieved data into the HTML file to create the Web page. An evaluation 316 is then performed to determine if the end of the HTML file has been reached and if not the parsing and database access procedure is repeated line by line until the end of the HTML file is reached. Once the end of the file has been reached, the file together with the retrieved data merged therein is passed back to the application server and then to the Web server for transmission to the user. In this manner Web pages can be dynamically created containing information from the central database in response to user requests. This arrangement for dynamically creating the Web pages has the further advantage
that the visual layout of the HTML file can be specified in advance by specialist marketing and graphic designers, and the data can be simply merged into the file where required. This therefore takes the responsibility for the layout of the pages out of the hands of the specialist database programmers. The procedure for refreshing semi-static pages will now be described with reference to Figure 4.
As discussed previously semi-static pages are pages which contain information which must be updated on a regular basis, but which do not need to be dynamically created in response to a specific user request. The updating of these pages is initiated by a refresh event at step 402. Valid refresh events which cause the procedure to be started may be for example timer events which are arranged to run periodically, or may be specifically initiated upon command from the administration system as required. In this respect the refreshing of the semi-static pages can be considered to be the equivalent of a batch process, and therefore has the advantage that the refresh routines can be performed at a time when the load on the system is not high. In addition, it may be possible for some users to initiate refresh events from their Web pages, the ability of each user to do this being dependent upon the particular database services provided to each user. The refresh routine for each semi-static page may be slightly different, but will generally follow the outline given below.
Upon initiation of the refresh event at step 402 the central database 50 in the back end system is accessed by the database access means and the necessary data is retrieved therefrom. Any processing which may be required upon the data prior to insertion into the semi-static Web pages can be performed at this point at step 406, and then the results of this processing or the retrieved data can be merged with the page to update the page. In refreshing each semi-static page it is envisaged that the same method for dynamically creating pages can be used utilising the parser means to parse the page HTML
file for specialist tags, and then using the found tags to control the database access means to retrieve the necessary data from the central database.
Although in the above-described background we have provided three different types of Web pages being static, semi-static, and dynamic, it will be understood that this need not be the case, and that a combination of two or more different types can be used as required.
The preferred form of security system according to the present invention will now be described in relation to Figure 5 which shows a modification of the system shown in Figure 1 to provide a preferred embodiment of the invention. The basic concept behind the new security system is that the semi-static web page will be encrypted and stored in an encrypted form until such time as the user wishes to access the page. Thereupon the encrypted semi-static page will be transmitted via the worldwide web to the user where the browser program in the user's computer will be modified to decrypt the received semi-static page and render it a plain text page.
Exactly where the encryption will take place in the sequence of operations will depend to an extent on the exact system in operation but for the present situation, it is assumed that the application server 10 will be provided with the encryption system so that web pages to be created from the back end system 100 are encrypted as soon as they are received from the back end system 100 and then stored ready for transmission to a user in an encrypted form when the user requests his web page. The benefit of carrying out this procedure is that the encryption can be carried out at a time when it is most convenient for the back end system 100. The problem with current security systems is that they are always trying to encrypt in a dynamic fashion which occupies considerable amounts of computer power and introduces additional delays in to the system.
Utilising our preferred system, it is possible to incorporate a full private/public key exchange security system between the user and the on-line database provider. Private/public key security systems are well known in their own right and one such system which could be utilised in the present situation is for the well known PGP system to be utilised which provides a high degree of security.
As described thus far, it is assumed that the on-line database provider will be holding his web site and the web pages on his own computer system. However, there is a move currently to move web site provision to trusted third parties. Utilising the present security system, it would therefore be possible to prepare the semi-static pages at the on-line database site and forward them to a trusted third party who would manage the actual web site with the security being ensured by the fact that the semi-static pages would be sent to the trusted third party site in an encrypted form and stored in an encrypted form waiting for the user to access the third party site. This has the advantage that it would no longer be as important as it currently is to ensure that all employees of third party sites were vetted and the site certified by a certification authority.
The manner in which the public/private keys are exchanged between the user and the on-line database provider is once more a matter of system design depending on particular circumstances but we currently prefer the system whereby when the user logs on the user is sent their own permanent or semi-permanent (rotating) key for decryption which they hold on their browser or on their person. The actual mode of transmission of the key again depends on the actual system to be constructed but could be via the post in much the same way as pin numbers are sent to bank customers.
In view of the fact that the semi-static pages are being pre- encrypted and stored in encrypted form, it is possible to pre-encrypt a complete web page including static information which always appears on the web page in
addition to the user specific information such as credit card details or bank balances As an alternative, it would be possible to send m plain text the standard information mcludmg eg a company logo or headmgs for particular sections and only encrypt user specific information It will be appreciated that when the user enters personal details m to the system, his browser program must encrypt the information before transmitting it to the world-wide web Once more, dependmg on system design considerations, one could envisage only encrypting the personal details which are transmitted back to the on-lme database provider or alternatively encrypting all information transmitted back In any event, with a private/public key security system with web pages pre-encrypted usmg the public key only the user with the correspondmg pπvate key can decrypt a page and equally when the user encrypts his user-entered information utilising the public key of the on- lme database provider only the data base provider with the correspondmg pπvate key can decrypt the user specific information Such a system may require the use of more than one public key for a database provider There should be no need to provide a specific database provider public key for each user particularly if the database provider's public key is a semi-permanent (rotatmg) key which can be transmitted to the user as and when required The speed of operation of the system is dependent on the level of security provided by the security system and whether or not the pages or how much of the pages can be pre-encrypted It is thus possible to envisage when implementing a system such as is described previously m this application with static, semi-static and dynamic pages that the semi-static and dynamic pages only would be encrypted There would be a speed loss when encrypting the dynamic pages or the user specific information within a dynamic page but the concept of pre-encryption will be the prevalent mechanism m operation m the prefeπed embodiment
Whilst the above embodiment has described the invention in relation to a remote user using a computer equipped with a browser to request the encrypted pages, it should be understood that the invention is not limited to such users, and that in fact the user could be equipped with any device suitable for processing the data. As examples of alternative devices, we particularly envisage the use of mobile phones or hand-held PDAs such as those sold under the trademarks "Handspring" or "PalmPilot". In addition, the device used to display the data need not be provided with a browser as such, but may merely be equipped with any appropriate software which allows for page requests to be sent and the received pages to be displayed.
Furthermore, we have described the invention above in relation to transmitting the data pages over the world wide web or Internet, but it should also be understood that the invention can be used with any data communications protocol over any type of network.