WO2001047205A2 - Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges - Google Patents
Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges Download PDFInfo
- Publication number
- WO2001047205A2 WO2001047205A2 PCT/IB2000/001765 IB0001765W WO0147205A2 WO 2001047205 A2 WO2001047205 A2 WO 2001047205A2 IB 0001765 W IB0001765 W IB 0001765W WO 0147205 A2 WO0147205 A2 WO 0147205A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption
- data
- client computer
- network
- computer
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Definitions
- the present invention relates to data communications systems and in particular to methods and systems for providing encryption and decryption of data messages transmitted over insecure or dubiously-secure networks, such as the internet.
- This capability allows businesses additional, and potentially profitable, options for communicating and transacting business both on a retail level and in business-to-business dealings with other companies, vendors, customers, or other transactional counterparts. Businesses need not create entire purpose-built private networks to ensure communications with each of their transactional counterparts, but rather can avail of the public , worldwide network infrastructure provided by the internet, thus achieving more efficient communication.
- Neither the company nor the end user can control or monitor comprehensively the path taken by a communication between the company fi.e., as generated by the company's server computer) and the end user (as received by the end user's client computer) (or vice versa). Rather, the communication may pass through any number of network nodes, each of which may be potentially vulnerable to monitoring or interception of communication by a variety of means, and by a variety of unauthorized parties.
- phrases such as "applying encryption” and “imposing encryption standards” as used herein comprehend the steps of both (a) encrypting data outbound from a computer for transmission over non-secure or dubiously-secure data lines, and (b) decrypting such data when it is inbound at the destination computer for use by that computer's processor and memory, which typically may locally process data and make it available to a user (e.g., by display or output) in unencrypted form.
- the security concerns addressed in by the instant invention are found only during communications over public data networks, and not when data is processed locally upon either a client computer or network server, so that data can and should be provided for such local processing in unencrypted form.
- the most common prior art encryption systems are those denoted by the Secure Socket Layer (SSL) and IPSEC protocols.
- SSL Secure Socket Layer
- IPSEC IPSEC protocols.
- non-reciprocal systems such as described in U.S. Patent 4,218,582
- a first party to a communication generates a numerical sequence and uses that sequence to generate non-reciprocal and different encrypting and decrypting keys.
- the encrypting key is then transferred to a second party in a non-secure communication.
- the second party uses the encrypting key (called a public key because it is no longer secure) to encrypt a message that can only be decrypted by the decrypting key retained by the first party.
- the key generation algorithm is arranged such that the decrypting key cannot be derived from the public encrypting key. Similar methods are known for using non-reciprocal keys for authentication of a transmission.
- the non-secure "public” key is used to decrypt a message that has been encrypted using a secure "private” key known only to the originating party. In this method the receiving party has assurance that the origination of the message is the party who has supplied the "public" decrypting key.
- U.S. Patent No. 5,978,918 describes a method for supplementing security protocols in conjunction with SSL/DES encryption, using public key encryption, and employing a dedicated communication line for non-internet communication of private data.
- U.S. Patent No. 5,781,632 discloses a method and apparatus for securing transmission of data using standard encryption in conjunction with data switches.
- a variety of often-disparate standards for encryption and decryption have evolved. Implementations of these standards are generally readily available in off-the-shelf form. Some of these standards are considered “strong” or high-security encryption standards, and others are considered “weaker” or lower-security.
- the "strength" of an encryption algorithm correlates with the complexity of the encrypting process.
- Each level of encryption standard may have utility for certain applications, and for a certain duration of time. No one encryption standard may be regarded as a panacea for all types of online transactions, and no standard may be considered permanent. This is so for a variety of reasons.
- the sensitivity of data transmitted over networks may vary. A client who transmits a request to a company website to view a particular, non-confidential, portion of that website, probably is not concerned (nor is the company) with maintaining absolute secrecy of his request for that page. Therefore, both the client communication to the company server, and the server's responsive transmission of the non-confidential page, may likely be satisfactorily conducted over a communication channel that is not encrypted, or that is encrypted with a weaker encryption method.
- Encryption standards have a tendency to be obsolescent; that is, they have decidedly finite useful lifetimes.
- Computer processing power is continually increasing, and the ready availability of more and more powerful computer processors, coupled with the ingenuity of criminals and other "hackers” who apply this processing power to the "cracking" or decryption of standard encryption methods, dictates that an encryption standard that is deemed sufficiently strong at a given point in time may, within a short while, become unacceptably vulnerable to widespread penetration by hackers.
- 5 bit encryption which has been used as a standard encryption method in certain network browser software (i.e., web browsers), can no longer be regarded as a strong encryption method, and many online financial transaction businesses will not provide their services to end users/clients unless it is possible to ensure that the transactions between the business and the end user/client will be protected (in both directions) by 128 bit (or higher) encryption standards. Even 128 bit encryption standards may soon be deemed compromised for the most sensitive transactions (for instance, those involving electronic funds transfers or other transactions by large security-conscious banking institutions), so that still-stronger encryption standards (e.g., 448 bit) may in time become de rigeur for the most security-intensive online transactions.
- 128 bit encryption standards may soon be deemed compromised for the most sensitive transactions (for instance, those involving electronic funds transfers or other transactions by large security-conscious banking institutions), so that still-stronger encryption standards (e.g., 448 bit) may in time become de rigeur for the most security-intensive online transactions.
- company server e.g., a web server
- client computer e.g., a web server
- company web servers typically are configured to be compatible with a number of different encryption protocols used by clients (e.g.. the encryption protocols employed in commercial network or web browser software)
- clients e.g. the encryption protocols employed in commercial network or web browser software
- no secured communication at all can be established between the client computer and the company web server, because the company web server and the client computer/web browser do not share any sufficiently-compatible and otherwise-acceptable encryption protocol.
- Each of the client computer and the company web server must be capable of executing the same (or a compatible) encryption/decryption standard simultaneously during a communications session.
- a client From the end user/client side, provision can be made for a client to choose to download a new encryption program in conjunction with downloading a new network or web browser program incorporating such encryption, for example. It is also possible for the client to update the encryption module of his web browser as required, by going to a download site on the internet and choosing to download a new encryption module having the desired strength or other characteristics, without downloading an entire new web browser version (a process that may take a great deal of time, particularly over low-bandwidth communication lines).
- company web servers may ensure that desired specific encryption standards are applied to all communications of sensitive information with clients by, most obviously, simply rejecting connection with clients whose computers/web browsers do not support the desired variety or strength of encryption standard.
- This solution while it prevents unauthorized dissemination of sensitive information by precluding the sensitive communication in the first place, is far from wholly satisfactory, as companies that supply online financial services typically desire to ensure maximal availability of those services anywhere in the world, so as to take full advantage of the internet's and WWW's promise of random and universal access to company web services over public networks while maintaining appropriate security.
- the invention herein disclosed is a method and system for enabling a web server to establish data communication of a desired level and strength of encryption between the web server and an end user or client, even in the case in which the client does not (at the initiation of the communication session) possess appropriate encryption modules, without requiring any active downloading or installation of additional encryption software by the client.
- the invention works by transmitting, from the web server, software objects that are supported by the client computer and web browser software.
- the client computer i.e., its web browser
- the client computer may then automatically execute these software objects, which will contain encrypting and decrypting instructions in accordance with the particular encryption standard desired by the web server proprietor for encryption of the client— web server sensitive transaction, which is thus re-established on a fully secure basis.
- a desired level of encryption may be imposed by a network server/web server for some portion, or all, of a communication with a client, in a manner transparent to the end user and not dependent on end user request or "pulling" of information.
- the encryption standard pushed or automatically downloaded to the client in transparent fashion may be updated or adjusted in accordance with network server requirements as often as desired.
- FIG. 1 there is shown a block diagram of a data transmission connection established over a public network (such as the internet or WWW) between a web server (10) that sponsors or supplies transactions to be provided to an end user/client computer system (20).
- a public network such as the internet or WWW
- a web server 10 that sponsors or supplies transactions to be provided to an end user/client computer system (20).
- client computer system comprising a computer processor such as an Intel Pentium processor, and implementing a communications module such as a common web browser such as Internet Explorer or Netscape), linked by a WWW connection (18) to a commercial website (10), for purposes of illustration.
- client computer system may be any apparatus comprising a processor and communications module capable of executing downloaded software objects or applets, the system being used for data transmission with a server as to which security and authentication are important issues.
- client computer systems may include processors that are elements of, for example, cellular phone systems, cable television decoders, automatic teller terminals, and the like
- the web server (10) has (as constituents of its memory) an unsecured area (8) and a secured area (6) containing protected information belonging to either the web server provider or to various of its clients.
- Web server (10) has a memory (14), computer processor (16), and contains a suite (12) of downloadable encryption modules ((12a), (12b), (12c), etc.).
- Encryption modules in encryption suite (12) comprise software objects or applets.
- Software objects are known in the art as effective means for distributing, in "pre-packaged” or modular form, executable software programs from a web server, over a network, for eventual execution by one or more client computers (specifically, by the web browsers of such clients) that are connected to the web server over the network.
- Objects or applets are written as software programs in such formats as JAVA or ActiveX, which in turn may be readily implemented (i.e., executed) by a wide variety of commonly used client-side communications programs (usually, web browsers).
- client-side communications programs usually, web browsers.
- Advantages of software objects or applets include their cross-platform adaptability to multiple varieties of client side computers (because they are written for compatibility with cross-platform-compatible web browsers), as well as their ability to self-execute immediately upon downloading, which allows the client user to enjoy the benefits of automatic object program execution without any initiation by the user. In this sense, objects perform transparently to the client/user, as their functions are either invisible to him, or appear to be seamlessly integrated with the user- initiated functions of the web browser without requiring any additional actions or choices by the client/user.
- U.S. Patent No. 5,974,441 provides an exemplary discussion of the use of JAVA software objects to provide desired executable functions to a client over the WWW by sending the objects over the internet/WWW connection from the server to the client for eventual execution by the client machine to obtain desired functionality on the client end.
- JAVA software objects In connection with software objects generally, and with the software objects of the instant invention as well, it is important to ensure that the client user is not employing a type of "firewall" in his security system that will reject or otherwise hinder the downloading and execution of executable materials, such as objects.
- Data communication line (18) connects the web server computer (10) with the client or end user computer (20).
- Client computer (20) comprises a memory (24) and computer processor (28) as well as web browser (32), which operates in conjunction with both memory (24) and processor (28).
- Web browser (32) contains encryption module area (40).
- Application of the invention begins when client computer (20) initiates a communication session with web server (10) by sending a session start request over data communications line (18), which is, for instance, an arbitrarily-determined WWW connection passing through multiple nodes of the internet.
- Line (18) may initially be provided with some level of encryption (perhaps a relatively weak level such as 56 bit encryption), supplied for instance by an encryption module contained in encryption module area (40) of client web browser (32).
- the initial communication over line (18) may be completely unencrypted, as for instance if client web browser (32) does not contain any encryption modules in encryption module area (40) (or if such modules are not operative).
- Web server (10) contains (in memory (14)) settings provided by the web server proprietor that specify the specific strength and type of encryption that web server ( 10) must impose upon particular classes of sensitive communications with client computers (20).
- web server processor (16) Upon initiation of a communication session in which sensitive data may be transmitted, web server processor (16) immediately analyzes the session start request transmitted by the client computer (20) to determine the type of encryption initially employed by client computer (20). If the encryption standard used by the client computer (20) (via client web browser (32)) in its session start request matches with the type of encryption previously specified by the web server proprietor for sessions of the given variety that the client seeks to initiate, then communications of substantive sensitive information between the web server (10) and client computer (20) over line (18) may commence immediately.
- web server (10) determines that the encryption standard used by client computer (20) in its session start request does not match the encryption standard or standards previously specified by the web server proprietor (because, for instance, the client computer (20) is initially employing a weak encryption standard, or a standard not compatible with those supported by web server (10)), then web server processor (16) will initiate an automatic object download procedure.
- web server processor (16) and memory (14) determine the desired optimal encryption standard to be imposed upon the highly sensitive portions of the communications session with client computer (20). Once the desired optimal encryption standard is determined, web server (10) selects a corresponding encryption module object ((12a), (12b), (12c), etc.) from the encryption module suite (12).
- the encryption module suite (12) contains a pre-selected set of software modules in appropriate object/applet language (e.g.. JAVA, ActiveX), each of which modules (upon execution) is capable of performing encryption/decryption in accordance with a particular encryption standard, and each of which is readily transmissible in "capsule" form over an internet communications line.
- object/applet language e.g. JAVA, ActiveX
- Strong encryption standards that may advantageously be chosen for inclusion in encryption module suite (12) include such standards as 128 bit 3DES or 128 bit SSL MD5 RC4 (although the module objects of module suite (12) may be encryption modules for any desired encryption standard capable of being executed by a software object or applet, such as super-strong 448 bit encryption standards). In essence, any desired off-the-shelf (or custom) encryption standard may be used in conjunction with this invention.
- Web server (10) is supplied with corresponding software encryption modules (15a), (15b), (15c), etc. (stored in memory (14)) for each of the selected encryption standards associated with modules (12a), (12b),. (12c), etc.
- Encryption modules (12a), (12b), (12c) and (15a), (15b), (15c) may be updated on demand by the proprietor of web server (10) or of the company providing such proprietor with the technology of the instant invention, such that the web server and client computers may continually be provided with the most up-to-date strong encryption.
- the appropriate encryption module object (12a), (12b), (12c), etc. is then transmitted over line (18) (with the standard of encryption originally applied by the client computer (20)) and received by client computer (20), which routes the transmitted encryption module object (12a), (12b), (12c), etc.
- encryption module object (12a), (12b), (12c), etc. self-executes.
- such module automatically applies the web-server- specified standard of encryption (and decryption) to all subsequent communications of sensitive data to and from web browser (32) to the web server (10).
- the corresponding appropriate web server encryption module object (15a), (15b), (15c), etc. simultaneously applies the same selected encryption standard to communications inbound to and outbound from the secured area (6) of the web server (10).
- the encryption module object (12a), (12b), (12c), etc. may be viewed as a filter. That is, the encryption module object serves to filter a received page of the website transmitted by web server (10). Such a received page will be formatted in appropriate internet-compatible fashion, e ⁇ ., in Hypertext Mark-Up Language ("html"), to display user-selectable links or fields corresponding both to secure areas (6) and non-secure areas (8) of the web server (10).
- the encryption module object transforms links or fields corresponding to secured areas (6) of the web server (10) into calls to the encryption module object (12a), (12b), (12c), etc. which will transmit the user selection of a secure area link or field to the web server (10) (or display the web server's (10) corresponding response) only after passing the data stream through the selected encryption/decryption protocol of the encryption module object.
- the encryption module object or applet may be viewed as replacing or emulating the browser for communications with web server (10) (and secured area (6)). While in the above-described embodiment, encryption module object (12a), (12b), (12c), etc.
- web server (10) may be provided with secured area user interface (46), which is a user interface program (preferably in graphic form) allowing for ready configuration of various aspects of the present invention as implemented on the web server (10) (for instance, the desired level or type of encryption for various categories of transactions, the desired messages (if any) to be downloaded with encryption module object (12a), (12b), (12c) for display on client computer (20), etc.).
- secured area user interface is a user interface program (preferably in graphic form) allowing for ready configuration of various aspects of the present invention as implemented on the web server (10) (for instance, the desired level or type of encryption for various categories of transactions, the desired messages (if any) to be downloaded with encryption module object (12a), (12b), (12c) for display on client computer (20), etc.).
- the user interface (46) may also display to users of web server (10) various parameters regarding operation of the present invention, e.g., number of current clients/users attached to web server (10), security status for client attachments, available encryption formats, etc.
- Web server (10) may further be connected to a remote encryption module object update site (70) by data line (72).
- Encryption module object update site (70) may be a server (or web server) maintained as an archive and distribution center for new or updated encryption module objects (12a), (12b), (12c) and (15a), (15b), (15c), so that web server (10) may be supplied (on demand, or on a regular schedule) with the most updated range of strong security modules.
- Encryption module object update site (70) may be maintained by a third-party vendor or security consulting company, so that the proprietor of web server (10) need not affirmatively research or choose amongst the various encryption formats or standards but rather may be automatically supplied with such formats by encryption module object update site (70)
- Data line (72) may comprise any suitable connection for electronic communications, such as a dedicated line or an internet data connection.
- FIG. 2 illustrates such an alternative embodiment for establishing strongly-secured communications.
- Web server (10) and client computer (20) are represented as before, except that encryption module suite (12) is no longer actively called upon by web server (10) and web server (10) is now provided with an additional communications object (17).
- encryption server (50) (which may be located at any desired location accessible by public data network/internet connections) contains memory (52), processor (54), and encryption module suite (56).
- Encryption module suite (56) serves the same function as encryption module suite (12) served in connection with the embodiment of Fig. 1 ; viz.. it contains encryption module objects (56a), (56b), (56c), etc.
- client computer (20) initiates communication with web server (10), as before, sending a session start request over line (18) with a client-determined standard of encryption, and, as before, web server (10) analyzes such session start request to determine whether client computer (20) is using a standard of encryption acceptable to the web server proprietor. If so, communications may continue over line (18) with no further modifications. If not, though, processor (16) of web server (10) sends back to client computer (20) an html document instructing the client computer to obtain, and execute, two software objects.
- the first software object is a communications object (17) contained on web server (10).
- the second object is an encryption module object, specifically, one of encryption module object (56a), (56b), (56c), etc. contained in encryption suite (56) on encryption server (50).
- Client computer (20) immediately obtains such objects (over, respectively, line (18) to web server (10) and weakly-encrypted communications line (60) connecting client computer (20) to encryption server (50)).
- Communications object (17) then auto-executes on client computer (20), using the encryption supplied by simultaneously-self-executing encryption module object (56a), (56b), (56c), etc. to establish a new connection over line (18) between web server (10) and client computer (20), which connection possesses the web-server-specified standard of encryption.
- the advantage of the embodiment described in connection with Fig. 2 is that it permits judicious locating of the web server (10) and encryption server (50). If, for example, a web server proprietor and its databases were located in the United States, and certain client computers (20) were located in Europe, but the United States government prohibited export of certain strong encryption standards to Europe, encryption server (50) could be located in a country having favorable export control laws as to strong encryption (as, for example, Australia), so that a strongly-encrypted communication line could be established between U.S. web server (10) and Europe- based clients (20) without ever exporting strong encryption standards from the U.S. to Europe.
- the instant invention also comprehends a computer system for such secured data transmissions, in which the system may impose a level of encryption desired by a network server upon communications over a network by causing to be downloaded to a client computer (in transparent fashion) an encryption algorithm (e.g., encryption module object ((12a), (12b), (12c)).
- the system includes web server (10) (which is linkable to a client computer (20) over data line (18)) and associated hardware and software components, for instance encryption suite (12) and memory (14) and processor (16).
- Such an apparatus has the capability of establishing secured transactions by implementing, and managing (for instance, by use of secured area interface (46)) the download of automatically-executing encryption module objects to client computer (20) and the subsequent encrypted transmission of data associated with secured area (6).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU14085/01A AU1408501A (en) | 1999-12-22 | 2000-11-09 | Enhanced computer network encryption using downloaded software objects |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US47046699A | 1999-12-22 | 1999-12-22 | |
US09/470,466 | 1999-12-22 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001047205A2 true WO2001047205A2 (fr) | 2001-06-28 |
WO2001047205A3 WO2001047205A3 (fr) | 2002-07-11 |
Family
ID=23867736
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2000/001765 WO2001047205A2 (fr) | 1999-12-22 | 2000-11-09 | Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU1408501A (fr) |
WO (1) | WO2001047205A2 (fr) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2411554A (en) * | 2004-02-24 | 2005-08-31 | Toshiba Res Europ Ltd | Selecting encryption methods for secure transmission |
WO2010029559A1 (fr) | 2008-09-15 | 2010-03-18 | Vaultive Ltd. | Procédé et système d'utilisation sécurisée de services par des fournisseurs de stockage non-sécurisés |
WO2011080745A2 (fr) | 2009-12-31 | 2011-07-07 | Vaultive Ltd. | Système, appareil et procédé de cryptage et de décryptage de données transmises sur un réseau |
US8738683B2 (en) | 2008-09-15 | 2014-05-27 | Vaultive Ltd. | System, apparatus and method for encryption and decryption of data transmitted over a network |
KR101538305B1 (ko) * | 2010-11-04 | 2015-07-21 | 맥아피 인코퍼레이티드 | 특정 데이터 조합 보호 방법 및 장치 |
US10313371B2 (en) | 2010-05-21 | 2019-06-04 | Cyberark Software Ltd. | System and method for controlling and monitoring access to data processing applications |
US10367786B2 (en) | 2008-08-12 | 2019-07-30 | Mcafee, Llc | Configuration management for a capture/registration system |
CN116846689A (zh) * | 2023-09-01 | 2023-10-03 | 建信金融科技有限责任公司 | 金融业务数据传输方法、装置、计算机设备和存储介质 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8548170B2 (en) | 2003-12-10 | 2013-10-01 | Mcafee, Inc. | Document de-registration |
US8473442B1 (en) | 2009-02-25 | 2013-06-25 | Mcafee, Inc. | System and method for intelligent state management |
US8447722B1 (en) | 2009-03-25 | 2013-05-21 | Mcafee, Inc. | System and method for data mining and security policy management |
US8700561B2 (en) | 2011-12-27 | 2014-04-15 | Mcafee, Inc. | System and method for providing data protection workflows in a network environment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5657390A (en) * | 1995-08-25 | 1997-08-12 | Netscape Communications Corporation | Secure socket layer application program apparatus and method |
EP0862301A2 (fr) * | 1996-11-28 | 1998-09-02 | Fujitsu Limited | Un système de communication de chiffrage utilisant un agent et un moyen de stockage pour stocker tel agent |
EP0917320A2 (fr) * | 1997-10-14 | 1999-05-19 | Lucent Technologies Inc. | Système de routage optimisé |
-
2000
- 2000-11-09 WO PCT/IB2000/001765 patent/WO2001047205A2/fr active Application Filing
- 2000-11-09 AU AU14085/01A patent/AU1408501A/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5657390A (en) * | 1995-08-25 | 1997-08-12 | Netscape Communications Corporation | Secure socket layer application program apparatus and method |
EP0862301A2 (fr) * | 1996-11-28 | 1998-09-02 | Fujitsu Limited | Un système de communication de chiffrage utilisant un agent et un moyen de stockage pour stocker tel agent |
EP0917320A2 (fr) * | 1997-10-14 | 1999-05-19 | Lucent Technologies Inc. | Système de routage optimisé |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2411554A (en) * | 2004-02-24 | 2005-08-31 | Toshiba Res Europ Ltd | Selecting encryption methods for secure transmission |
GB2411554B (en) * | 2004-02-24 | 2006-01-18 | Toshiba Res Europ Ltd | Multi-rate security |
US10367786B2 (en) | 2008-08-12 | 2019-07-30 | Mcafee, Llc | Configuration management for a capture/registration system |
US8738683B2 (en) | 2008-09-15 | 2014-05-27 | Vaultive Ltd. | System, apparatus and method for encryption and decryption of data transmitted over a network |
US9002976B2 (en) | 2008-09-15 | 2015-04-07 | Vaultive Ltd | System, apparatus and method for encryption and decryption of data transmitted over a network |
WO2010029559A1 (fr) | 2008-09-15 | 2010-03-18 | Vaultive Ltd. | Procédé et système d'utilisation sécurisée de services par des fournisseurs de stockage non-sécurisés |
US9338139B2 (en) | 2008-09-15 | 2016-05-10 | Vaultive Ltd. | System, apparatus and method for encryption and decryption of data transmitted over a network |
US9444793B2 (en) | 2008-09-15 | 2016-09-13 | Vaultive Ltd. | System, apparatus and method for encryption and decryption of data transmitted over a network |
WO2011080745A2 (fr) | 2009-12-31 | 2011-07-07 | Vaultive Ltd. | Système, appareil et procédé de cryptage et de décryptage de données transmises sur un réseau |
US10313371B2 (en) | 2010-05-21 | 2019-06-04 | Cyberark Software Ltd. | System and method for controlling and monitoring access to data processing applications |
US9794254B2 (en) | 2010-11-04 | 2017-10-17 | Mcafee, Inc. | System and method for protecting specified data combinations |
US10313337B2 (en) | 2010-11-04 | 2019-06-04 | Mcafee, Llc | System and method for protecting specified data combinations |
KR101538305B1 (ko) * | 2010-11-04 | 2015-07-21 | 맥아피 인코퍼레이티드 | 특정 데이터 조합 보호 방법 및 장치 |
US10666646B2 (en) | 2010-11-04 | 2020-05-26 | Mcafee, Llc | System and method for protecting specified data combinations |
US11316848B2 (en) | 2010-11-04 | 2022-04-26 | Mcafee, Llc | System and method for protecting specified data combinations |
CN116846689A (zh) * | 2023-09-01 | 2023-10-03 | 建信金融科技有限责任公司 | 金融业务数据传输方法、装置、计算机设备和存储介质 |
CN116846689B (zh) * | 2023-09-01 | 2023-12-26 | 建信金融科技有限责任公司 | 金融业务数据传输方法、装置、计算机设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
AU1408501A (en) | 2001-07-03 |
WO2001047205A3 (fr) | 2002-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022206349A1 (fr) | Procédé de vérification d'informations, appareil associé, dispositif, et support de stockage | |
US9832183B2 (en) | Key management using quasi out of band authentication architecture | |
CA2341213C (fr) | Systeme et procede permettant l'acces securise a des services dans un reseau informatique | |
US7373517B1 (en) | System and method for encrypting and decrypting files | |
US7287271B1 (en) | System and method for enabling secure access to services in a computer network | |
US6986040B1 (en) | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel | |
US6694431B1 (en) | Piggy-backed key exchange protocol for providing secure, low-overhead browser connections when a server will not use a message encoding scheme proposed by a client | |
US8769784B2 (en) | Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones | |
US7903822B1 (en) | Method and system for establishing a trusted and decentralized peer-to-peer network | |
KR100431567B1 (ko) | 프록시의 보안 통신에 관여하게 하는 방법, 암호화시스템, 컴퓨터 프로그램 제품 | |
US7853782B1 (en) | Secure intermediation system and method | |
US20030229786A1 (en) | System and Method for Application-Level Virtual Private Network | |
JP2015528149A (ja) | 企業トリガ式2chk関連付けの起動 | |
JP2015526784A (ja) | 問い合わせ型トランザクションによる強化された2chk認証セキュリティ | |
JP2003502983A (ja) | コンピュータネットワーク上における安全が保証された取引方法及びシステム | |
US9069869B1 (en) | Storing on a client device data provided by a user to an online application | |
US6751731B1 (en) | Piggy-backed key exchange protocol for providing secure, low-overhead browser connections to a server with which a client shares a message encoding scheme | |
AU2002235149A1 (en) | System and method for securing a non-secure communication channel | |
TW200307439A (en) | Mechanism for supporting wired and wireless methods for client and server side authentication | |
WO2001047205A2 (fr) | Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges | |
US20240146767A1 (en) | Secure electronic transactions using transport layer security (setutls) | |
AU2009295193A1 (en) | Method and system for user authentication | |
US9172679B1 (en) | Secure intermediation system and method | |
KR20010017849A (ko) | 월드와이드웹에서의 보안 기능 지원을 위한 데이터 송수신 방법 | |
CN114244569A (zh) | Ssl vpn远程访问方法、系统和计算机设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
122 | Ep: pct application non-entry in european phase |