Web Form Notary System
Original Publication Date: 2001-Apr-01
Included in the Prior Art Database: 2003-Jun-12
Disclosed is a method for building an electronic notary system for Web form input. With the method, an electronic notary system can be built which records data stream between a user's Web browser and a Web server. Users can prove Web pages that they saw on their Web browsers, and what they inputted on Web forms on their Web browsers. Figure 1 shows the system overview. Users have to access to Web servers via the notary proxy server. The notary proxy server relays the HTTP requests sent by users' Web browsers and HTTP responses sent by Web servers, and saves both the HTTP requests and the HTTP responses in its notary database. The notary proxy server calculates a hash value for an HTTP request or HTTP response, sends it to the time stamp authority that provides the official clock. The time stamp authority gives the time stamp for the hash value by digitally signing the hash value with its private key, save the signed hash value to its database, and sends back the signed hash value to the notary proxy server. The notary proxy server stores the signed hash value into its notary database. When a SSL(Secure Sockets Layer) is needed between a user's Web browser and a Web server, two SSL sessions will be established as shown in Figure 1. In such a case, the notary proxy server modifies the Web page to embed the Web server's certification. The notary proxy server has a cookie manager that includes the same cookie as the Web browser's cookie. With the cookie manager, the notary proxy server can send a cookie to the Web server instead of the user's Web browser. When the user logs in the notary proxy server, the notary proxy server sends a Web page that includes a program, such as signed Java applet or ActiveX control, that synchronize the cookies between the Web browser and the cookie manager of the notary proxy server. When the notary proxy server receives a new cookie from a Web server, the notary proxy server embed the program into the Web page to synchronize the new cookie.