WO2001061962A1 - Method and system for secure data transmission - Google Patents

Method and system for secure data transmission Download PDF

Info

Publication number
WO2001061962A1
WO2001061962A1 PCT/GB2001/000699 GB0100699W WO0161962A1 WO 2001061962 A1 WO2001061962 A1 WO 2001061962A1 GB 0100699 W GB0100699 W GB 0100699W WO 0161962 A1 WO0161962 A1 WO 0161962A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
page
pages
user
encrypted
Prior art date
Application number
PCT/GB2001/000699
Other languages
French (fr)
Inventor
Graham Kennedy Twaddle
Colin Gordon
Original Assignee
Sherwood International Group Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sherwood International Group Ltd. filed Critical Sherwood International Group Ltd.
Priority to AU33898/01A priority Critical patent/AU3389801A/en
Publication of WO2001061962A1 publication Critical patent/WO2001061962A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Definitions

  • the present invention relates to secure data transmission and in particular to secure data transmission over a network such as, for example, the world- wide web.
  • the present invention proposes to transfer data over a network such as, for example, the world-wide web by means of pre-prepared pages which can be stored in an encrypted form ready for transmission to a user.
  • a data-page generation method for generating encrypted data pages suitable for secure transmission across a network comprising the steps of:- generating one or more data pages containing data; and encrypting at least part of said data pages; characterised in that said generating and encrypting steps are performed in advance of the receipt of requests for transmission of the data pages across the network.
  • An advantage of the first aspect of the present invention is that it allows for the processing burden of encryption to be performed at opportune moments in advance of the time when the data page is actually requested. This removes the need for dynamic encryption for all data pages other than those which must be dynamically generated, thus allowing for a reduction in the time needed to service user requests for data pages.
  • data pages we particularly envisage such data pages as
  • HTML, XML, WML, or any other mark-up language page preferably contain fields for data values for user-specific data. However, it is not essential that the page be composed in a mark-up language, and any other data structure that can contain data is suitable for use in the present invention, and is intended to be encompassed by our use of the term "data page”.
  • the present invention also provides a method of secure data transmission across a network, comprising the steps of storing one or more encrypted data pages generated by the data page generation method of any of claims 1 to 9 or the data-page generation system of any of claims 12 to 20; receiving user requests for the encrypted data pages across the network; and transnritting the requested encrypted pages to the user who requested them across the network.
  • An advantage of the second aspect is that user requests for encrypted pages can be serviced in a quicker time than is conventionally the case, due to the pre-encrypted pages being stored ready for transmission upon request.
  • a third party page storage provider it is possible for a third party page storage provider to store the pages and process user requests therefor, even when the pages may contain sensitive data.
  • the present invention further provides a data- page generation system for generating encrypted data pages suitable for secure transmission across a network, comprising: page generation means for generating one or more data pages containing data; and page encryption means for encrypting at least part of said data pages; said system being characterised in that both said page generation means and said page encryption means are arranged to operate to produce encrypted data pages in advance of the receipt of requests for transmission of the data pages across the network.
  • another aspect of a present invention provides a system for secure data transmission across a network, comprising:- page storage means for storing one or more encrypted data pages generated by the data page generation system of any of claims 12 to 20 or the data-page generation method of any of claims 1 to 9; page request receipt means for receiving user requests for the encrypted data pages across the network; and page transmission means for transmitting the requested encrypted pages to the user who requested them across the network.
  • the third and fourth aspects have the same advantages as the above described first and second aspects respectively.
  • all the page can be encrypted including certain user input and/or subsequently generated data.
  • only the user input and/or subsequently generated data included is a pre-formatted page.
  • the present invention is particularly useful with the method and system for multi-user access of a database which is described in our earlier UK application No 9925841.0 and International patent application No. PCT/GB00/04184 and the contents of the present application should be read in conjunction with the disclosure of our earlier UK and International patent applications.
  • Figure 1 shows a schematic diagram of the overall system architecture of a system which covers the background of the present invention
  • Figure 2 shows a flow diagram of the basic steps taken in processing a user request
  • Figure 3 shows a flow diagram illustrating the process steps in dynamically creating Web pages
  • Figure 4 shows a flow diagram illustrating the process steps in updating semi-static pages
  • Figure 5 has a schematic diagram of a modification of the architecture shown in Figure 1 to show an embodiment of the present invention.
  • a user 2 is equipped with a computer arranged to access the Internet using a standard Web browser.
  • the user can access a Web server 8 by means of the Internet in the usual manner.
  • the Web server 8 is arranged to communicate with an application server 10 which together form means for providing the Website 6.
  • the Website in question consists of a number of user specific Web pages 14, each user having their own Web pages which are accessible only by themselves.
  • the provision of private Web pages and the security required to implement them are well known in the art, but we prefer to utilise a new security system according to the present invention which has been specially created to take advantage of the structure about to be described. The new security system will be explained in detail later.
  • Each page of each set of user specific Web pages 14 is divided into one of three types, being static pages 16, semi-static pages 18, and dynamic pages 20.
  • Static pages are Web pages arranged to contain information which does not need to be updated frequently such as information regarding company contact details, product information, etc. etc. These static pages are provided on the Website in the usual manner, and are provided to the user from the Web server upon request in the usual way.
  • Semi-static pages are Web pages which contain information which must be updated regularly or periodically such as, for example, on a nightly basis. These pages can be pages specifically created and maintained for the user and contain all of their personal information. Furthermore the pages can contain action buttons to allow specific requests and actions to be performed OLTP for the specific user on the information shown on the specific page. For example, where the system is being used for online insurance purposes, a specific user's semi-static page may relate to their own insurance policy and contain all of the policy details. Action buttons can be provided on the page to allow the user to perform various actions on the policy, such as for instance make a claim against the policy.
  • the third type of page are dynamic pages and these are created dynamically by the back end system 100 to be described later for specific user requests.
  • Many prior art systems provide dynamic page creation, and the use of dynamic pages is well known.
  • the application server 10 is arranged to communicate with the back end system 100 which comprises a parser means 34 provided with an associated file system 38, the parser means being arranged to communicate with a database access means 32 which accesses the central database 50.
  • the central database 50 may be the insurance company's central database containing records of all of their policy holders together with the present states of their insurance policies.
  • System adininistration means 40 can be provided in order to directly access the parser means, the database access means, and the Website in the form of the Web server and application server.
  • a user uses a computer equipped with a standard Web browser to request information from the respective user specific Web pages.
  • the request is in the form of a universal resource locator (URL) which identifies the Web page required, and is transmitted to the Web server 8 by the Internet 4 at step 204.
  • the Web server 8 analyses the request at step 206 to determine whether the Web page requested is a static page, a semi-static page, or a dynamic page. If it is determined that the requested page is a static page or a semi-static page, then the page is transmitted from the server to the user at steps 208 or 210 respectively.
  • the request is passed to the back end system 100 for processing and page creation.
  • the request is processed at step 212, the data is obtained from the database at step 214, and the obtained data is merged with the Web page at step 216.
  • Steps 212, 214 and 216 constitute process 300 which is described more fully with reference to Figure 3 later.
  • the request is passed from the application server 10 to the parser means provided in the back end system at step 302.
  • the parser examines the URL passed from the application server and obtains the HTML file relating to the URL from the file system 38.
  • the HTML file will contain specialist tags and other flags, and in this respect can more properly be considered to be an XML file.
  • the user means parses the received HTML file at step 306 to locate the specialist tags, and for each tag found calls an appropriate database procedure at step 308 by passing instructions to the database access means.
  • the database access means then executes the database procedure to obtain data from the central database 50 at step 310, and the retrieved data is passed back to the parser at step 312.
  • the parser then merges the retrieved data into the HTML file to create the Web page.
  • An evaluation 316 is then performed to determine if the end of the HTML file has been reached and if not the parsing and database access procedure is repeated line by line until the end of the HTML file is reached. Once the end of the file has been reached, the file together with the retrieved data merged therein is passed back to the application server and then to the Web server for transmission to the user. In this manner Web pages can be dynamically created containing information from the central database in response to user requests.
  • This arrangement for dynamically creating the Web pages has the further advantage that the visual layout of the HTML file can be specified in advance by specialist marketing and graphic designers, and the data can be simply merged into the file where required. This therefore takes the responsibility for the layout of the pages out of the hands of the specialist database programmers.
  • the procedure for refreshing semi-static pages will now be described with reference to Figure 4.
  • semi-static pages are pages which contain information which must be updated on a regular basis, but which do not need to be dynamically created in response to a specific user request.
  • the updating of these pages is initiated by a refresh event at step 402.
  • Valid refresh events which cause the procedure to be started may be for example timer events which are arranged to run periodically, or may be specifically initiated upon command from the administration system as required.
  • the refreshing of the semi-static pages can be considered to be the equivalent of a batch process, and therefore has the advantage that the refresh routines can be performed at a time when the load on the system is not high.
  • the refresh routine for each semi-static page may be slightly different, but will generally follow the outline given below.
  • the central database 50 in the back end system is accessed by the database access means and the necessary data is retrieved therefrom. Any processing which may be required upon the data prior to insertion into the semi-static Web pages can be performed at this point at step 406, and then the results of this processing or the retrieved data can be merged with the page to update the page.
  • the same method for dynamically creating pages can be used utilising the parser means to parse the page HTML file for specialist tags, and then using the found tags to control the database access means to retrieve the necessary data from the central database.
  • Private/public key security systems are well known in their own right and one such system which could be utilised in the present situation is for the well known PGP system to be utilised which provides a high degree of security.
  • the device used to display the data need not be provided with a browser as such, but may merely be equipped with any appropriate software which allows for page requests to be sent and the received pages to be displayed.

Abstract

A data-page generation method and system provides for the generation of data pages such as HTML or XML pages which may contain user-specific data, and for the encryption of such generated pages in advance of the receipt of user requests for the data. A secure data transmission method and system then stores the pages as generated by the page generation method and system, and transmits them to users upon receipt of a request therefor. As the pages have been pre-encrypted prior to the receipt of a request for the page there is no need for dynamic encryption of each page on demand resulting in both a reduction in dynamic processing and improved service. In addition the pre-encrypted pages can be stored in third party storage means even though the data contained within the encrypted pages may be sensitive.

Description

METHOD AND SYSTEM FOR SECURE DATA TRANSMISSION
Technical Field
The present invention relates to secure data transmission and in particular to secure data transmission over a network such as, for example, the world- wide web. Background of the Invention
Systems exist at the present time for secure transmission but the current systems are not as secure as they might be and this has led to a loss of confidence by users when utilising the world-wide web particularly when sending important private information such as credit card numbers. It is considered that this lack of confidence in the security of transaction data is a major inhibiting factor to the growth of transactions via the world-wide web. As a result there is a demand for reliable secure transmission of data in an efficient and cost effective manner. Summary of the Invention
The present invention proposes to transfer data over a network such as, for example, the world-wide web by means of pre-prepared pages which can be stored in an encrypted form ready for transmission to a user. In view of the above, from a first aspect the present invention provides a data-page generation method for generating encrypted data pages suitable for secure transmission across a network, comprising the steps of:- generating one or more data pages containing data; and encrypting at least part of said data pages; characterised in that said generating and encrypting steps are performed in advance of the receipt of requests for transmission of the data pages across the network.
An advantage of the first aspect of the present invention is that it allows for the processing burden of encryption to be performed at opportune moments in advance of the time when the data page is actually requested. This removes the need for dynamic encryption for all data pages other than those which must be dynamically generated, thus allowing for a reduction in the time needed to service user requests for data pages. By "data pages", we particularly envisage such data pages as
HTML, XML, WML, or any other mark-up language page. The pages preferably contain fields for data values for user-specific data. However, it is not essential that the page be composed in a mark-up language, and any other data structure that can contain data is suitable for use in the present invention, and is intended to be encompassed by our use of the term "data page".
From a second aspect, the present invention also provides a method of secure data transmission across a network, comprising the steps of storing one or more encrypted data pages generated by the data page generation method of any of claims 1 to 9 or the data-page generation system of any of claims 12 to 20; receiving user requests for the encrypted data pages across the network; and transnritting the requested encrypted pages to the user who requested them across the network. An advantage of the second aspect is that user requests for encrypted pages can be serviced in a quicker time than is conventionally the case, due to the pre-encrypted pages being stored ready for transmission upon request. In addition, as the pages have been pre-encrypted then it is possible for a third party page storage provider to store the pages and process user requests therefor, even when the pages may contain sensitive data.
From a third aspect, the present invention further provides a data- page generation system for generating encrypted data pages suitable for secure transmission across a network, comprising: page generation means for generating one or more data pages containing data; and page encryption means for encrypting at least part of said data pages; said system being characterised in that both said page generation means and said page encryption means are arranged to operate to produce encrypted data pages in advance of the receipt of requests for transmission of the data pages across the network.
In addition, another aspect of a present invention provides a system for secure data transmission across a network, comprising:- page storage means for storing one or more encrypted data pages generated by the data page generation system of any of claims 12 to 20 or the data-page generation method of any of claims 1 to 9; page request receipt means for receiving user requests for the encrypted data pages across the network; and page transmission means for transmitting the requested encrypted pages to the user who requested them across the network.
The third and fourth aspects have the same advantages as the above described first and second aspects respectively. In the case where the web page contains standard information such as would be present in a form which requires completion by a user, all the page can be encrypted including certain user input and/or subsequently generated data. Alternatively, only the user input and/or subsequently generated data included is a pre-formatted page. The present invention is particularly useful with the method and system for multi-user access of a database which is described in our earlier UK application No 9925841.0 and International patent application No. PCT/GB00/04184 and the contents of the present application should be read in conjunction with the disclosure of our earlier UK and International patent applications.
Brief Description of the Drawings
Further features and advantages of the present invention will become apparent from a consideration of the following description of a specific embodiment thereof given by way of example only with reference to the accompanying drawings, in which:-
Figure 1 shows a schematic diagram of the overall system architecture of a system which covers the background of the present invention; Figure 2 shows a flow diagram of the basic steps taken in processing a user request;
Figure 3 shows a flow diagram illustrating the process steps in dynamically creating Web pages;
Figure 4 shows a flow diagram illustrating the process steps in updating semi-static pages; and
Figure 5 has a schematic diagram of a modification of the architecture shown in Figure 1 to show an embodiment of the present invention.
Description of an Embodiment An example system architecture of a system which forms the background of the present invention will now be described with reference to Figure 1.
In Figure 1, a user 2 is equipped with a computer arranged to access the Internet using a standard Web browser. When desiring to access the online database, the user can access a Web server 8 by means of the Internet in the usual manner. The Web server 8 is arranged to communicate with an application server 10 which together form means for providing the Website 6. The Website in question consists of a number of user specific Web pages 14, each user having their own Web pages which are accessible only by themselves. The provision of private Web pages and the security required to implement them are well known in the art, but we prefer to utilise a new security system according to the present invention which has been specially created to take advantage of the structure about to be described. The new security system will be explained in detail later.
Each page of each set of user specific Web pages 14 is divided into one of three types, being static pages 16, semi-static pages 18, and dynamic pages 20. Static pages are Web pages arranged to contain information which does not need to be updated frequently such as information regarding company contact details, product information, etc. etc. These static pages are provided on the Website in the usual manner, and are provided to the user from the Web server upon request in the usual way.
Semi-static pages are Web pages which contain information which must be updated regularly or periodically such as, for example, on a nightly basis. These pages can be pages specifically created and maintained for the user and contain all of their personal information. Furthermore the pages can contain action buttons to allow specific requests and actions to be performed OLTP for the specific user on the information shown on the specific page. For example, where the system is being used for online insurance purposes, a specific user's semi-static page may relate to their own insurance policy and contain all of the policy details. Action buttons can be provided on the page to allow the user to perform various actions on the policy, such as for instance make a claim against the policy.
The third type of page are dynamic pages and these are created dynamically by the back end system 100 to be described later for specific user requests. Many prior art systems provide dynamic page creation, and the use of dynamic pages is well known.
The application server 10 is arranged to communicate with the back end system 100 which comprises a parser means 34 provided with an associated file system 38, the parser means being arranged to communicate with a database access means 32 which accesses the central database 50. For example, when used in an insurance application, the central database 50 may be the insurance company's central database containing records of all of their policy holders together with the present states of their insurance policies. System adininistration means 40 can be provided in order to directly access the parser means, the database access means, and the Website in the form of the Web server and application server.
From a consideration of the above-described architecture, it will be apparent that the information in the central database 50 is centrally and collectively stored therein for each and every user, but that at least parts of this information are recreated privately for each user on the respective private user specific Web pages. This architecture eliminates the need for the back end system to have to access the data base to service each user request by dividing the information into user specific Web pages, which are themselves static, semi-static, or dynamically created.
The process which the system utilises in processing a user request for information is shown in Figure 2. Herein, at step 202 a user uses a computer equipped with a standard Web browser to request information from the respective user specific Web pages. The request is in the form of a universal resource locator (URL) which identifies the Web page required, and is transmitted to the Web server 8 by the Internet 4 at step 204. The Web server 8 analyses the request at step 206 to determine whether the Web page requested is a static page, a semi-static page, or a dynamic page. If it is determined that the requested page is a static page or a semi-static page, then the page is transmitted from the server to the user at steps 208 or 210 respectively. If it is determined that the requested page is a dynamically created page which requires data to be retrieved from the central database 50, the request is passed to the back end system 100 for processing and page creation. Herein, the request is processed at step 212, the data is obtained from the database at step 214, and the obtained data is merged with the Web page at step 216. Steps 212, 214 and 216 constitute process 300 which is described more fully with reference to Figure 3 later. Once the dynamic Web page has been created, it is then transmitted to the user at step 218.
The process for dynamic page creation will now be described with reference to Figure 3.
Where a user has made a request for information which requires data to be dynamically extracted from the central database 50, ie. the user has requested a dynamic Web page, the request is passed from the application server 10 to the parser means provided in the back end system at step 302. The parser examines the URL passed from the application server and obtains the HTML file relating to the URL from the file system 38. The HTML file will contain specialist tags and other flags, and in this respect can more properly be considered to be an XML file. The user means parses the received HTML file at step 306 to locate the specialist tags, and for each tag found calls an appropriate database procedure at step 308 by passing instructions to the database access means. The database access means then executes the database procedure to obtain data from the central database 50 at step 310, and the retrieved data is passed back to the parser at step 312. The parser then merges the retrieved data into the HTML file to create the Web page. An evaluation 316 is then performed to determine if the end of the HTML file has been reached and if not the parsing and database access procedure is repeated line by line until the end of the HTML file is reached. Once the end of the file has been reached, the file together with the retrieved data merged therein is passed back to the application server and then to the Web server for transmission to the user. In this manner Web pages can be dynamically created containing information from the central database in response to user requests. This arrangement for dynamically creating the Web pages has the further advantage that the visual layout of the HTML file can be specified in advance by specialist marketing and graphic designers, and the data can be simply merged into the file where required. This therefore takes the responsibility for the layout of the pages out of the hands of the specialist database programmers. The procedure for refreshing semi-static pages will now be described with reference to Figure 4.
As discussed previously semi-static pages are pages which contain information which must be updated on a regular basis, but which do not need to be dynamically created in response to a specific user request. The updating of these pages is initiated by a refresh event at step 402. Valid refresh events which cause the procedure to be started may be for example timer events which are arranged to run periodically, or may be specifically initiated upon command from the administration system as required. In this respect the refreshing of the semi-static pages can be considered to be the equivalent of a batch process, and therefore has the advantage that the refresh routines can be performed at a time when the load on the system is not high. In addition, it may be possible for some users to initiate refresh events from their Web pages, the ability of each user to do this being dependent upon the particular database services provided to each user. The refresh routine for each semi-static page may be slightly different, but will generally follow the outline given below.
Upon initiation of the refresh event at step 402 the central database 50 in the back end system is accessed by the database access means and the necessary data is retrieved therefrom. Any processing which may be required upon the data prior to insertion into the semi-static Web pages can be performed at this point at step 406, and then the results of this processing or the retrieved data can be merged with the page to update the page. In refreshing each semi-static page it is envisaged that the same method for dynamically creating pages can be used utilising the parser means to parse the page HTML file for specialist tags, and then using the found tags to control the database access means to retrieve the necessary data from the central database.
Although in the above-described background we have provided three different types of Web pages being static, semi-static, and dynamic, it will be understood that this need not be the case, and that a combination of two or more different types can be used as required.
The preferred form of security system according to the present invention will now be described in relation to Figure 5 which shows a modification of the system shown in Figure 1 to provide a preferred embodiment of the invention. The basic concept behind the new security system is that the semi-static web page will be encrypted and stored in an encrypted form until such time as the user wishes to access the page. Thereupon the encrypted semi-static page will be transmitted via the worldwide web to the user where the browser program in the user's computer will be modified to decrypt the received semi-static page and render it a plain text page.
Exactly where the encryption will take place in the sequence of operations will depend to an extent on the exact system in operation but for the present situation, it is assumed that the application server 10 will be provided with the encryption system so that web pages to be created from the back end system 100 are encrypted as soon as they are received from the back end system 100 and then stored ready for transmission to a user in an encrypted form when the user requests his web page. The benefit of carrying out this procedure is that the encryption can be carried out at a time when it is most convenient for the back end system 100. The problem with current security systems is that they are always trying to encrypt in a dynamic fashion which occupies considerable amounts of computer power and introduces additional delays in to the system. Utilising our preferred system, it is possible to incorporate a full private/public key exchange security system between the user and the on-line database provider. Private/public key security systems are well known in their own right and one such system which could be utilised in the present situation is for the well known PGP system to be utilised which provides a high degree of security.
As described thus far, it is assumed that the on-line database provider will be holding his web site and the web pages on his own computer system. However, there is a move currently to move web site provision to trusted third parties. Utilising the present security system, it would therefore be possible to prepare the semi-static pages at the on-line database site and forward them to a trusted third party who would manage the actual web site with the security being ensured by the fact that the semi-static pages would be sent to the trusted third party site in an encrypted form and stored in an encrypted form waiting for the user to access the third party site. This has the advantage that it would no longer be as important as it currently is to ensure that all employees of third party sites were vetted and the site certified by a certification authority.
The manner in which the public/private keys are exchanged between the user and the on-line database provider is once more a matter of system design depending on particular circumstances but we currently prefer the system whereby when the user logs on the user is sent their own permanent or semi-permanent (rotating) key for decryption which they hold on their browser or on their person. The actual mode of transmission of the key again depends on the actual system to be constructed but could be via the post in much the same way as pin numbers are sent to bank customers.
In view of the fact that the semi-static pages are being pre- encrypted and stored in encrypted form, it is possible to pre-encrypt a complete web page including static information which always appears on the web page in addition to the user specific information such as credit card details or bank balances As an alternative, it would be possible to send m plain text the standard information mcludmg eg a company logo or headmgs for particular sections and only encrypt user specific information It will be appreciated that when the user enters personal details m to the system, his browser program must encrypt the information before transmitting it to the world-wide web Once more, dependmg on system design considerations, one could envisage only encrypting the personal details which are transmitted back to the on-lme database provider or alternatively encrypting all information transmitted back In any event, with a private/public key security system with web pages pre-encrypted usmg the public key only the user with the correspondmg pπvate key can decrypt a page and equally when the user encrypts his user-entered information utilising the public key of the on- lme database provider only the data base provider with the correspondmg pπvate key can decrypt the user specific information Such a system may require the use of more than one public key for a database provider There should be no need to provide a specific database provider public key for each user particularly if the database provider's public key is a semi-permanent (rotatmg) key which can be transmitted to the user as and when required The speed of operation of the system is dependent on the level of security provided by the security system and whether or not the pages or how much of the pages can be pre-encrypted It is thus possible to envisage when implementing a system such as is described previously m this application with static, semi-static and dynamic pages that the semi-static and dynamic pages only would be encrypted There would be a speed loss when encrypting the dynamic pages or the user specific information within a dynamic page but the concept of pre-encryption will be the prevalent mechanism m operation m the prefeπed embodiment Whilst the above embodiment has described the invention in relation to a remote user using a computer equipped with a browser to request the encrypted pages, it should be understood that the invention is not limited to such users, and that in fact the user could be equipped with any device suitable for processing the data. As examples of alternative devices, we particularly envisage the use of mobile phones or hand-held PDAs such as those sold under the trademarks "Handspring" or "PalmPilot". In addition, the device used to display the data need not be provided with a browser as such, but may merely be equipped with any appropriate software which allows for page requests to be sent and the received pages to be displayed.
Furthermore, we have described the invention above in relation to transmitting the data pages over the world wide web or Internet, but it should also be understood that the invention can be used with any data communications protocol over any type of network.

Claims

1. A data-page generation method for generating encrypted data pages suitable for secure transmission across a network, comprising the steps of- generating one or more data pages containing data; and encrypting at least part of said data pages; characterised in that said generating and encrypting steps are performed in advance of the receipt of requests for transmission of the data pages across the network.
2. A data-page generation method according to claim 1, wherein one or more of said data pages contain user-specific data, and said generating step further comprises: retrieving user-specific data from a database; and generating a user-specific data-page incorporating said user- specific data.
3. A data-page generation method according to claim 2, wherein the generating step includes the step of: merging the retrieved data from the database with a suitable generic data page template to give the user-specific data page.
4. A data-page generation method according to claims 2 or 3, wherein only the user-specific data on a generated data-page is encrypted.
5. A data-page generation method according to any of the preceding claims wherein the generated pages are encrypted using a public encryption key of a user for whom the pages have been generated, the encryption being such that decryption is performed using a private encryption key held by a particular user.
6. A data-page generation method according to claim 5, wherein when there are a plurality of users, each generated page is encrypted using the public encryption key of the respective user for which the page was generat d.
7. A data-page generation method according to claims 5 or 6, wherein the encryption keys used to encrypt the data pages are changeable.
8. A data-page generation method according to any of the preceding claims, and further comprising the steps of: transmitting the encrypted data pages to a page storage means for storage, wherein in use the encrypted pages are requested from the storage means by a user.
9. A data-page generation method according to any of the preceding claims, wherein the data pages are composed in a mark-up language.
10. A method of secure data transmission across a network, comprising the steps ofi- storing one or more encrypted data pages generated by the data page generation method of any of claims 1 to 9 or the data-page generation system of any of claims 12 to 20; receiving user requests for the encrypted data pages across the network; and transmitting the requested encrypted pages to the user who requested them across the network.
1 1 A method according to claim 10, wherem the network is the
Internet
12 A data-page generation system for generating encrypted data pages suitable for secure transmission across a network, comprising page generation means for generatmg one or more data pages contammg data, and page encryption means for encrypting at least part of said data pages, said system being characterised m that both said page generation means and said page encryption means are aπanged to operate to produce encrypted data pages m advance of the receipt of requests for transmission of the data pages across the network
13 A data-page generation system accordmg to claim 12, wherem one or more of said data pages contam user-specific data, and said page generation means further comprises means for retrieving user-specific data from a database, the page generation means being further arranged to generate a user-specific data-page incorporating said user-specific data
14 A data-page generation system according to claim 13, wherem the page generation means mcludes page merging means for merging the retrieved data from the database with a suitable generic data template to give the user-specific data page
15. A data-page generation system according to claims 13 or 14, wherein only the user-specific data on a generated data-page is encrypted by the encryption means.
16. A data-page generation system according to any of claims 12 to 15 wherein the encryption means operates to encrypt the generated pages using a public encryption key of a user for whom the pages have been generated, the encryption being such that decryption is performed using a private encryption key held by a particular user.
17. A data-page generation system according to claim 16, wherein when there are a plurality of users, the encryption means operates to encrypt each generated page using the public encryption key of the respective user for which the page was generated.
18. A data-page generation system according to claims 16 or 17, wherein the encryption keys used by the encryption means to encrypt the data pages are changeable.
19. A data-page generation system according to any of claims 12 to
18, and further comprising: transmission means for transmitting the encrypted data pages to a page storing means for storage, wherein in operation the encrypted pages are requested from the storage means by a user.
20. A data-page generation system according to any of claims 12 to
19, wherein the data pages are composed in a mark-up language.
21. A system for secure data transmission across a network, comprising :- page storage means for storing one or more encrypted data pages generated by the data page generation system of any of claims 12 to 20 or the data-page generation method of any of claims 1 to 9; page request receipt means for receiving user requests for the encrypted data pages across the network; and page transmission means for transmitting the requested encrypted pages to the user who requested them across the network.
22. A system according to claim 21, wherein the network is the Internet.
PCT/GB2001/000699 2000-02-17 2001-02-19 Method and system for secure data transmission WO2001061962A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU33898/01A AU3389801A (en) 2000-02-17 2001-02-19 Method and system for secure data transmission

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0003739A GB0003739D0 (en) 2000-02-17 2000-02-17 Method and system for secure data transmission
GB0003739.0 2000-02-17

Publications (1)

Publication Number Publication Date
WO2001061962A1 true WO2001061962A1 (en) 2001-08-23

Family

ID=9885854

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/000699 WO2001061962A1 (en) 2000-02-17 2001-02-19 Method and system for secure data transmission

Country Status (3)

Country Link
AU (1) AU3389801A (en)
GB (1) GB0003739D0 (en)
WO (1) WO2001061962A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0632397A2 (en) * 1993-07-02 1995-01-04 Nippon Telegraph And Telephone Corporation Book data service system with data delivery by broadcasting
WO1999010823A1 (en) * 1997-08-26 1999-03-04 Citibank, N.A. A method and system for bill presentment and payment
US5897622A (en) * 1996-10-16 1999-04-27 Microsoft Corporation Electronic shopping and merchandising system
US5991414A (en) * 1997-09-12 1999-11-23 International Business Machines Corporation Method and apparatus for the secure distributed storage and retrieval of information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0632397A2 (en) * 1993-07-02 1995-01-04 Nippon Telegraph And Telephone Corporation Book data service system with data delivery by broadcasting
US5897622A (en) * 1996-10-16 1999-04-27 Microsoft Corporation Electronic shopping and merchandising system
WO1999010823A1 (en) * 1997-08-26 1999-03-04 Citibank, N.A. A method and system for bill presentment and payment
US5991414A (en) * 1997-09-12 1999-11-23 International Business Machines Corporation Method and apparatus for the secure distributed storage and retrieval of information

Also Published As

Publication number Publication date
GB0003739D0 (en) 2000-04-05
AU3389801A (en) 2001-08-27

Similar Documents

Publication Publication Date Title
US8484480B2 (en) Transmitting information using virtual input layout
US5815665A (en) System and method for providing trusted brokering services over a distributed network
ES2212768T3 (en) METHOD AND SYSTEM OF DEVELOPMENT, DEPLOYMENT AND IMPLEMENTATION OF WEB PAGES THROUGH DATABASE.
EP0913789B1 (en) Pre-paid links to networks servers
US6633915B1 (en) Personal information management apparatus and customizing apparatus
US5857191A (en) Web application server with secure common gateway interface
US20040073512A1 (en) Unique session storage design
CA2262874C (en) System and method for controlling data access in a computer network
US20060004771A1 (en) Computer systems and data processing methods for using a web service
CN103780631B (en) System and method for digital rights management using a standard rendering engine
US8966010B1 (en) Scalable transaction system for a network environment
CN111460503B (en) Data sharing method, device, equipment and storage medium
KR100988198B1 (en) Coding method
JP3941253B2 (en) Hypertext system and method for handling hypertext
US20020120536A1 (en) Financial institution wireless internet system and method
JPH10320478A (en) Ciphered/deciphered communication system and method therefor
US7350071B1 (en) Encrypted and non-encrypted communication of message data
WO2001061962A1 (en) Method and system for secure data transmission
JPH11120127A (en) Network service system
US20030131092A1 (en) System for sending messages to all users in a web hosting environment
US8600880B2 (en) Method and system for providing point of sale services
JP2002152188A (en) Information acquisition system
JP2002359618A (en) Personal information protection system and personal information protecting method
JP6843346B1 (en) Information processing equipment, computer control methods and control programs
Dos Santos et al. Safe areas of computation for secure computing with insecure applications

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP