Browse Prior Art Database

Internet Based Secure Transactions Using Encrypting Applets and CGI-Scripts Independent of Browser or Server Capabilities

IP.com Disclosure Number: IPCOM000123161D
Original Publication Date: 1998-Jun-01
Included in the Prior Art Database: 2005-Apr-04
Document File: 3 page(s) / 129K

Publishing Venue

IBM

Related People

Maes, SH: AUTHOR

Abstract

This invention proposes the use of Java applets or ActiveX components executed on a client (browser side) but sent by the server (web server) in order to encrypt the remainder of the communication between the client and the server.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 42% of the total text.

Internet Based Secure Transactions Using Encrypting Applets and CGI-Scripts
Independent of Browser or Server Capabilities

   This invention proposes the use of Java applets or ActiveX
components executed on a client (browser side) but sent by the
server (web server) in order to encrypt the remainder of the
communication between the client and the server.

   This is especially important and useful as it allows secure
transactions under conditions which would normally require special
clients and more problematic, special server with appropriate
encryption and communication capabilities.  Using Java applets, or
equivalent, to transfer a temporary encryption algorithm to the
client the client encrypts accordingly the data using a randomly
selected option and an encrypted key sent within the applet code.
The data is sent back to the server.  It guarantees that only the
originating server can decrypt the data.

   Currently, it is commonly considered non-acceptable to
engage in transactions over the internet without encrypting critical
information like credit card numbers.  Solutions have been developed
to provide secure transactions.  All these security systems require
that browser as well as server support the encryption schemes and
security systems solution.  Therefore, all these approaches require
significant investments from service providers who must own a server
offering the selected type of secure communication or use the service
of a company by linking to pages/sites hosted on such compatible
servers.  For example, when a secure credit card orders is required,
a CGI/Java or ActiveX script, or an httpd redirection are used to
connect to the appropriate page of the secure server provider.
Transaction or hosting is thereafter billed to the merchand.  :p,
This invention propose the use of Java applet, ActiveX or any other
code, preferably binary or compiled rather than which is sent by the
server and executed on the client during a browser/webserver
transaction.  The resulting encryption scheme requires only a web
server and a browser which are Java compatible or which support the
appropriate language used instead of Java.

   Assuming the use of Java applets, a secure encrypted
transaction follows the steps described hereafter:

Server side:

   Selection of an encryption scheme, with different encoding
and decoding keys.  Note that in simplified cases, the encryption
key can be the same as the decryption key and both can therefore be
public.  However the key is always hidden in the Java code.  Suppose
a CGI (Common Gate Interface) script on the server side which compile
applets with a random set of keys, selected from a database of
acceptable keys.  Again this database can be replaced by a code which
generates the keys on the fly.  The CGI script is called when a user
selects the CGI link.  It selects randomly a subset of the database,
index the keys and encrypts them with an encryption algorithm.  In
practice this encry...