WO2001047205A2 - Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges - Google Patents

Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges Download PDF

Info

Publication number
WO2001047205A2
WO2001047205A2 PCT/IB2000/001765 IB0001765W WO0147205A2 WO 2001047205 A2 WO2001047205 A2 WO 2001047205A2 IB 0001765 W IB0001765 W IB 0001765W WO 0147205 A2 WO0147205 A2 WO 0147205A2
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
data
client computer
network
computer
Prior art date
Application number
PCT/IB2000/001765
Other languages
English (en)
Other versions
WO2001047205A3 (fr
Inventor
David Allouch
Original Assignee
Tashilon Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tashilon Ltd. filed Critical Tashilon Ltd.
Priority to AU14085/01A priority Critical patent/AU1408501A/en
Publication of WO2001047205A2 publication Critical patent/WO2001047205A2/fr
Publication of WO2001047205A3 publication Critical patent/WO2001047205A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention relates to data communications systems and in particular to methods and systems for providing encryption and decryption of data messages transmitted over insecure or dubiously-secure networks, such as the internet.
  • This capability allows businesses additional, and potentially profitable, options for communicating and transacting business both on a retail level and in business-to-business dealings with other companies, vendors, customers, or other transactional counterparts. Businesses need not create entire purpose-built private networks to ensure communications with each of their transactional counterparts, but rather can avail of the public , worldwide network infrastructure provided by the internet, thus achieving more efficient communication.
  • Neither the company nor the end user can control or monitor comprehensively the path taken by a communication between the company fi.e., as generated by the company's server computer) and the end user (as received by the end user's client computer) (or vice versa). Rather, the communication may pass through any number of network nodes, each of which may be potentially vulnerable to monitoring or interception of communication by a variety of means, and by a variety of unauthorized parties.
  • phrases such as "applying encryption” and “imposing encryption standards” as used herein comprehend the steps of both (a) encrypting data outbound from a computer for transmission over non-secure or dubiously-secure data lines, and (b) decrypting such data when it is inbound at the destination computer for use by that computer's processor and memory, which typically may locally process data and make it available to a user (e.g., by display or output) in unencrypted form.
  • the security concerns addressed in by the instant invention are found only during communications over public data networks, and not when data is processed locally upon either a client computer or network server, so that data can and should be provided for such local processing in unencrypted form.
  • the most common prior art encryption systems are those denoted by the Secure Socket Layer (SSL) and IPSEC protocols.
  • SSL Secure Socket Layer
  • IPSEC IPSEC protocols.
  • non-reciprocal systems such as described in U.S. Patent 4,218,582
  • a first party to a communication generates a numerical sequence and uses that sequence to generate non-reciprocal and different encrypting and decrypting keys.
  • the encrypting key is then transferred to a second party in a non-secure communication.
  • the second party uses the encrypting key (called a public key because it is no longer secure) to encrypt a message that can only be decrypted by the decrypting key retained by the first party.
  • the key generation algorithm is arranged such that the decrypting key cannot be derived from the public encrypting key. Similar methods are known for using non-reciprocal keys for authentication of a transmission.
  • the non-secure "public” key is used to decrypt a message that has been encrypted using a secure "private” key known only to the originating party. In this method the receiving party has assurance that the origination of the message is the party who has supplied the "public" decrypting key.
  • U.S. Patent No. 5,978,918 describes a method for supplementing security protocols in conjunction with SSL/DES encryption, using public key encryption, and employing a dedicated communication line for non-internet communication of private data.
  • U.S. Patent No. 5,781,632 discloses a method and apparatus for securing transmission of data using standard encryption in conjunction with data switches.
  • a variety of often-disparate standards for encryption and decryption have evolved. Implementations of these standards are generally readily available in off-the-shelf form. Some of these standards are considered “strong” or high-security encryption standards, and others are considered “weaker” or lower-security.
  • the "strength" of an encryption algorithm correlates with the complexity of the encrypting process.
  • Each level of encryption standard may have utility for certain applications, and for a certain duration of time. No one encryption standard may be regarded as a panacea for all types of online transactions, and no standard may be considered permanent. This is so for a variety of reasons.
  • the sensitivity of data transmitted over networks may vary. A client who transmits a request to a company website to view a particular, non-confidential, portion of that website, probably is not concerned (nor is the company) with maintaining absolute secrecy of his request for that page. Therefore, both the client communication to the company server, and the server's responsive transmission of the non-confidential page, may likely be satisfactorily conducted over a communication channel that is not encrypted, or that is encrypted with a weaker encryption method.
  • Encryption standards have a tendency to be obsolescent; that is, they have decidedly finite useful lifetimes.
  • Computer processing power is continually increasing, and the ready availability of more and more powerful computer processors, coupled with the ingenuity of criminals and other "hackers” who apply this processing power to the "cracking" or decryption of standard encryption methods, dictates that an encryption standard that is deemed sufficiently strong at a given point in time may, within a short while, become unacceptably vulnerable to widespread penetration by hackers.
  • 5 bit encryption which has been used as a standard encryption method in certain network browser software (i.e., web browsers), can no longer be regarded as a strong encryption method, and many online financial transaction businesses will not provide their services to end users/clients unless it is possible to ensure that the transactions between the business and the end user/client will be protected (in both directions) by 128 bit (or higher) encryption standards. Even 128 bit encryption standards may soon be deemed compromised for the most sensitive transactions (for instance, those involving electronic funds transfers or other transactions by large security-conscious banking institutions), so that still-stronger encryption standards (e.g., 448 bit) may in time become de rigeur for the most security-intensive online transactions.
  • 128 bit encryption standards may soon be deemed compromised for the most sensitive transactions (for instance, those involving electronic funds transfers or other transactions by large security-conscious banking institutions), so that still-stronger encryption standards (e.g., 448 bit) may in time become de rigeur for the most security-intensive online transactions.
  • company server e.g., a web server
  • client computer e.g., a web server
  • company web servers typically are configured to be compatible with a number of different encryption protocols used by clients (e.g.. the encryption protocols employed in commercial network or web browser software)
  • clients e.g. the encryption protocols employed in commercial network or web browser software
  • no secured communication at all can be established between the client computer and the company web server, because the company web server and the client computer/web browser do not share any sufficiently-compatible and otherwise-acceptable encryption protocol.
  • Each of the client computer and the company web server must be capable of executing the same (or a compatible) encryption/decryption standard simultaneously during a communications session.
  • a client From the end user/client side, provision can be made for a client to choose to download a new encryption program in conjunction with downloading a new network or web browser program incorporating such encryption, for example. It is also possible for the client to update the encryption module of his web browser as required, by going to a download site on the internet and choosing to download a new encryption module having the desired strength or other characteristics, without downloading an entire new web browser version (a process that may take a great deal of time, particularly over low-bandwidth communication lines).
  • company web servers may ensure that desired specific encryption standards are applied to all communications of sensitive information with clients by, most obviously, simply rejecting connection with clients whose computers/web browsers do not support the desired variety or strength of encryption standard.
  • This solution while it prevents unauthorized dissemination of sensitive information by precluding the sensitive communication in the first place, is far from wholly satisfactory, as companies that supply online financial services typically desire to ensure maximal availability of those services anywhere in the world, so as to take full advantage of the internet's and WWW's promise of random and universal access to company web services over public networks while maintaining appropriate security.
  • the invention herein disclosed is a method and system for enabling a web server to establish data communication of a desired level and strength of encryption between the web server and an end user or client, even in the case in which the client does not (at the initiation of the communication session) possess appropriate encryption modules, without requiring any active downloading or installation of additional encryption software by the client.
  • the invention works by transmitting, from the web server, software objects that are supported by the client computer and web browser software.
  • the client computer i.e., its web browser
  • the client computer may then automatically execute these software objects, which will contain encrypting and decrypting instructions in accordance with the particular encryption standard desired by the web server proprietor for encryption of the client— web server sensitive transaction, which is thus re-established on a fully secure basis.
  • a desired level of encryption may be imposed by a network server/web server for some portion, or all, of a communication with a client, in a manner transparent to the end user and not dependent on end user request or "pulling" of information.
  • the encryption standard pushed or automatically downloaded to the client in transparent fashion may be updated or adjusted in accordance with network server requirements as often as desired.
  • FIG. 1 there is shown a block diagram of a data transmission connection established over a public network (such as the internet or WWW) between a web server (10) that sponsors or supplies transactions to be provided to an end user/client computer system (20).
  • a public network such as the internet or WWW
  • a web server 10 that sponsors or supplies transactions to be provided to an end user/client computer system (20).
  • client computer system comprising a computer processor such as an Intel Pentium processor, and implementing a communications module such as a common web browser such as Internet Explorer or Netscape), linked by a WWW connection (18) to a commercial website (10), for purposes of illustration.
  • client computer system may be any apparatus comprising a processor and communications module capable of executing downloaded software objects or applets, the system being used for data transmission with a server as to which security and authentication are important issues.
  • client computer systems may include processors that are elements of, for example, cellular phone systems, cable television decoders, automatic teller terminals, and the like
  • the web server (10) has (as constituents of its memory) an unsecured area (8) and a secured area (6) containing protected information belonging to either the web server provider or to various of its clients.
  • Web server (10) has a memory (14), computer processor (16), and contains a suite (12) of downloadable encryption modules ((12a), (12b), (12c), etc.).
  • Encryption modules in encryption suite (12) comprise software objects or applets.
  • Software objects are known in the art as effective means for distributing, in "pre-packaged” or modular form, executable software programs from a web server, over a network, for eventual execution by one or more client computers (specifically, by the web browsers of such clients) that are connected to the web server over the network.
  • Objects or applets are written as software programs in such formats as JAVA or ActiveX, which in turn may be readily implemented (i.e., executed) by a wide variety of commonly used client-side communications programs (usually, web browsers).
  • client-side communications programs usually, web browsers.
  • Advantages of software objects or applets include their cross-platform adaptability to multiple varieties of client side computers (because they are written for compatibility with cross-platform-compatible web browsers), as well as their ability to self-execute immediately upon downloading, which allows the client user to enjoy the benefits of automatic object program execution without any initiation by the user. In this sense, objects perform transparently to the client/user, as their functions are either invisible to him, or appear to be seamlessly integrated with the user- initiated functions of the web browser without requiring any additional actions or choices by the client/user.
  • U.S. Patent No. 5,974,441 provides an exemplary discussion of the use of JAVA software objects to provide desired executable functions to a client over the WWW by sending the objects over the internet/WWW connection from the server to the client for eventual execution by the client machine to obtain desired functionality on the client end.
  • JAVA software objects In connection with software objects generally, and with the software objects of the instant invention as well, it is important to ensure that the client user is not employing a type of "firewall" in his security system that will reject or otherwise hinder the downloading and execution of executable materials, such as objects.
  • Data communication line (18) connects the web server computer (10) with the client or end user computer (20).
  • Client computer (20) comprises a memory (24) and computer processor (28) as well as web browser (32), which operates in conjunction with both memory (24) and processor (28).
  • Web browser (32) contains encryption module area (40).
  • Application of the invention begins when client computer (20) initiates a communication session with web server (10) by sending a session start request over data communications line (18), which is, for instance, an arbitrarily-determined WWW connection passing through multiple nodes of the internet.
  • Line (18) may initially be provided with some level of encryption (perhaps a relatively weak level such as 56 bit encryption), supplied for instance by an encryption module contained in encryption module area (40) of client web browser (32).
  • the initial communication over line (18) may be completely unencrypted, as for instance if client web browser (32) does not contain any encryption modules in encryption module area (40) (or if such modules are not operative).
  • Web server (10) contains (in memory (14)) settings provided by the web server proprietor that specify the specific strength and type of encryption that web server ( 10) must impose upon particular classes of sensitive communications with client computers (20).
  • web server processor (16) Upon initiation of a communication session in which sensitive data may be transmitted, web server processor (16) immediately analyzes the session start request transmitted by the client computer (20) to determine the type of encryption initially employed by client computer (20). If the encryption standard used by the client computer (20) (via client web browser (32)) in its session start request matches with the type of encryption previously specified by the web server proprietor for sessions of the given variety that the client seeks to initiate, then communications of substantive sensitive information between the web server (10) and client computer (20) over line (18) may commence immediately.
  • web server (10) determines that the encryption standard used by client computer (20) in its session start request does not match the encryption standard or standards previously specified by the web server proprietor (because, for instance, the client computer (20) is initially employing a weak encryption standard, or a standard not compatible with those supported by web server (10)), then web server processor (16) will initiate an automatic object download procedure.
  • web server processor (16) and memory (14) determine the desired optimal encryption standard to be imposed upon the highly sensitive portions of the communications session with client computer (20). Once the desired optimal encryption standard is determined, web server (10) selects a corresponding encryption module object ((12a), (12b), (12c), etc.) from the encryption module suite (12).
  • the encryption module suite (12) contains a pre-selected set of software modules in appropriate object/applet language (e.g.. JAVA, ActiveX), each of which modules (upon execution) is capable of performing encryption/decryption in accordance with a particular encryption standard, and each of which is readily transmissible in "capsule" form over an internet communications line.
  • object/applet language e.g. JAVA, ActiveX
  • Strong encryption standards that may advantageously be chosen for inclusion in encryption module suite (12) include such standards as 128 bit 3DES or 128 bit SSL MD5 RC4 (although the module objects of module suite (12) may be encryption modules for any desired encryption standard capable of being executed by a software object or applet, such as super-strong 448 bit encryption standards). In essence, any desired off-the-shelf (or custom) encryption standard may be used in conjunction with this invention.
  • Web server (10) is supplied with corresponding software encryption modules (15a), (15b), (15c), etc. (stored in memory (14)) for each of the selected encryption standards associated with modules (12a), (12b),. (12c), etc.
  • Encryption modules (12a), (12b), (12c) and (15a), (15b), (15c) may be updated on demand by the proprietor of web server (10) or of the company providing such proprietor with the technology of the instant invention, such that the web server and client computers may continually be provided with the most up-to-date strong encryption.
  • the appropriate encryption module object (12a), (12b), (12c), etc. is then transmitted over line (18) (with the standard of encryption originally applied by the client computer (20)) and received by client computer (20), which routes the transmitted encryption module object (12a), (12b), (12c), etc.
  • encryption module object (12a), (12b), (12c), etc. self-executes.
  • such module automatically applies the web-server- specified standard of encryption (and decryption) to all subsequent communications of sensitive data to and from web browser (32) to the web server (10).
  • the corresponding appropriate web server encryption module object (15a), (15b), (15c), etc. simultaneously applies the same selected encryption standard to communications inbound to and outbound from the secured area (6) of the web server (10).
  • the encryption module object (12a), (12b), (12c), etc. may be viewed as a filter. That is, the encryption module object serves to filter a received page of the website transmitted by web server (10). Such a received page will be formatted in appropriate internet-compatible fashion, e ⁇ ., in Hypertext Mark-Up Language ("html"), to display user-selectable links or fields corresponding both to secure areas (6) and non-secure areas (8) of the web server (10).
  • the encryption module object transforms links or fields corresponding to secured areas (6) of the web server (10) into calls to the encryption module object (12a), (12b), (12c), etc. which will transmit the user selection of a secure area link or field to the web server (10) (or display the web server's (10) corresponding response) only after passing the data stream through the selected encryption/decryption protocol of the encryption module object.
  • the encryption module object or applet may be viewed as replacing or emulating the browser for communications with web server (10) (and secured area (6)). While in the above-described embodiment, encryption module object (12a), (12b), (12c), etc.
  • web server (10) may be provided with secured area user interface (46), which is a user interface program (preferably in graphic form) allowing for ready configuration of various aspects of the present invention as implemented on the web server (10) (for instance, the desired level or type of encryption for various categories of transactions, the desired messages (if any) to be downloaded with encryption module object (12a), (12b), (12c) for display on client computer (20), etc.).
  • secured area user interface is a user interface program (preferably in graphic form) allowing for ready configuration of various aspects of the present invention as implemented on the web server (10) (for instance, the desired level or type of encryption for various categories of transactions, the desired messages (if any) to be downloaded with encryption module object (12a), (12b), (12c) for display on client computer (20), etc.).
  • the user interface (46) may also display to users of web server (10) various parameters regarding operation of the present invention, e.g., number of current clients/users attached to web server (10), security status for client attachments, available encryption formats, etc.
  • Web server (10) may further be connected to a remote encryption module object update site (70) by data line (72).
  • Encryption module object update site (70) may be a server (or web server) maintained as an archive and distribution center for new or updated encryption module objects (12a), (12b), (12c) and (15a), (15b), (15c), so that web server (10) may be supplied (on demand, or on a regular schedule) with the most updated range of strong security modules.
  • Encryption module object update site (70) may be maintained by a third-party vendor or security consulting company, so that the proprietor of web server (10) need not affirmatively research or choose amongst the various encryption formats or standards but rather may be automatically supplied with such formats by encryption module object update site (70)
  • Data line (72) may comprise any suitable connection for electronic communications, such as a dedicated line or an internet data connection.
  • FIG. 2 illustrates such an alternative embodiment for establishing strongly-secured communications.
  • Web server (10) and client computer (20) are represented as before, except that encryption module suite (12) is no longer actively called upon by web server (10) and web server (10) is now provided with an additional communications object (17).
  • encryption server (50) (which may be located at any desired location accessible by public data network/internet connections) contains memory (52), processor (54), and encryption module suite (56).
  • Encryption module suite (56) serves the same function as encryption module suite (12) served in connection with the embodiment of Fig. 1 ; viz.. it contains encryption module objects (56a), (56b), (56c), etc.
  • client computer (20) initiates communication with web server (10), as before, sending a session start request over line (18) with a client-determined standard of encryption, and, as before, web server (10) analyzes such session start request to determine whether client computer (20) is using a standard of encryption acceptable to the web server proprietor. If so, communications may continue over line (18) with no further modifications. If not, though, processor (16) of web server (10) sends back to client computer (20) an html document instructing the client computer to obtain, and execute, two software objects.
  • the first software object is a communications object (17) contained on web server (10).
  • the second object is an encryption module object, specifically, one of encryption module object (56a), (56b), (56c), etc. contained in encryption suite (56) on encryption server (50).
  • Client computer (20) immediately obtains such objects (over, respectively, line (18) to web server (10) and weakly-encrypted communications line (60) connecting client computer (20) to encryption server (50)).
  • Communications object (17) then auto-executes on client computer (20), using the encryption supplied by simultaneously-self-executing encryption module object (56a), (56b), (56c), etc. to establish a new connection over line (18) between web server (10) and client computer (20), which connection possesses the web-server-specified standard of encryption.
  • the advantage of the embodiment described in connection with Fig. 2 is that it permits judicious locating of the web server (10) and encryption server (50). If, for example, a web server proprietor and its databases were located in the United States, and certain client computers (20) were located in Europe, but the United States government prohibited export of certain strong encryption standards to Europe, encryption server (50) could be located in a country having favorable export control laws as to strong encryption (as, for example, Australia), so that a strongly-encrypted communication line could be established between U.S. web server (10) and Europe- based clients (20) without ever exporting strong encryption standards from the U.S. to Europe.
  • the instant invention also comprehends a computer system for such secured data transmissions, in which the system may impose a level of encryption desired by a network server upon communications over a network by causing to be downloaded to a client computer (in transparent fashion) an encryption algorithm (e.g., encryption module object ((12a), (12b), (12c)).
  • the system includes web server (10) (which is linkable to a client computer (20) over data line (18)) and associated hardware and software components, for instance encryption suite (12) and memory (14) and processor (16).
  • Such an apparatus has the capability of establishing secured transactions by implementing, and managing (for instance, by use of secured area interface (46)) the download of automatically-executing encryption module objects to client computer (20) and the subsequent encrypted transmission of data associated with secured area (6).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé et un système destinés à sécuriser certaines données financières hautement sensibles et d'autres données contenues dans des transmissions sur un réseau public, tel que le World Wide Web, reliant un ordinateur de serveur web à un ordinateur de client distant. Par détermination d'un standard spécifique recherché (habituellement puissant) de cryptage, pour toutes les communications sensibles entre un serveur web et un client, en poussant la possibilité de cryptage à un tel standard pour le client par téléchargement automatique chez le client, à partir du serveur web, et en faisant exécuter par le navigateur web du client des objets logiciels destinés à réaliser des tâches de cryptage/décryptage conformément au standard choisi, il est aisément possible d'assurer un cryptage standard même si le client n'a pas, au départ, de telles possibilités de cryptage puissant. On peut aussi configurer le système en conformité optimale avec les lois d'exportation concernant le cryptage puissant.
PCT/IB2000/001765 1999-12-22 2000-11-09 Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges WO2001047205A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU14085/01A AU1408501A (en) 1999-12-22 2000-11-09 Enhanced computer network encryption using downloaded software objects

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US47046699A 1999-12-22 1999-12-22
US09/470,466 1999-12-22

Publications (2)

Publication Number Publication Date
WO2001047205A2 true WO2001047205A2 (fr) 2001-06-28
WO2001047205A3 WO2001047205A3 (fr) 2002-07-11

Family

ID=23867736

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2000/001765 WO2001047205A2 (fr) 1999-12-22 2000-11-09 Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges

Country Status (2)

Country Link
AU (1) AU1408501A (fr)
WO (1) WO2001047205A2 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2411554A (en) * 2004-02-24 2005-08-31 Toshiba Res Europ Ltd Selecting encryption methods for secure transmission
WO2010029559A1 (fr) 2008-09-15 2010-03-18 Vaultive Ltd. Procédé et système d'utilisation sécurisée de services par des fournisseurs de stockage non-sécurisés
WO2011080745A2 (fr) 2009-12-31 2011-07-07 Vaultive Ltd. Système, appareil et procédé de cryptage et de décryptage de données transmises sur un réseau
US8738683B2 (en) 2008-09-15 2014-05-27 Vaultive Ltd. System, apparatus and method for encryption and decryption of data transmitted over a network
KR101538305B1 (ko) * 2010-11-04 2015-07-21 맥아피 인코퍼레이티드 특정 데이터 조합 보호 방법 및 장치
US10313371B2 (en) 2010-05-21 2019-06-04 Cyberark Software Ltd. System and method for controlling and monitoring access to data processing applications
US10367786B2 (en) 2008-08-12 2019-07-30 Mcafee, Llc Configuration management for a capture/registration system
CN116846689A (zh) * 2023-09-01 2023-10-03 建信金融科技有限责任公司 金融业务数据传输方法、装置、计算机设备和存储介质

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8548170B2 (en) 2003-12-10 2013-10-01 Mcafee, Inc. Document de-registration
US8473442B1 (en) 2009-02-25 2013-06-25 Mcafee, Inc. System and method for intelligent state management
US8447722B1 (en) 2009-03-25 2013-05-21 Mcafee, Inc. System and method for data mining and security policy management
US8700561B2 (en) 2011-12-27 2014-04-15 Mcafee, Inc. System and method for providing data protection workflows in a network environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5657390A (en) * 1995-08-25 1997-08-12 Netscape Communications Corporation Secure socket layer application program apparatus and method
EP0862301A2 (fr) * 1996-11-28 1998-09-02 Fujitsu Limited Un système de communication de chiffrage utilisant un agent et un moyen de stockage pour stocker tel agent
EP0917320A2 (fr) * 1997-10-14 1999-05-19 Lucent Technologies Inc. Système de routage optimisé

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5657390A (en) * 1995-08-25 1997-08-12 Netscape Communications Corporation Secure socket layer application program apparatus and method
EP0862301A2 (fr) * 1996-11-28 1998-09-02 Fujitsu Limited Un système de communication de chiffrage utilisant un agent et un moyen de stockage pour stocker tel agent
EP0917320A2 (fr) * 1997-10-14 1999-05-19 Lucent Technologies Inc. Système de routage optimisé

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2411554A (en) * 2004-02-24 2005-08-31 Toshiba Res Europ Ltd Selecting encryption methods for secure transmission
GB2411554B (en) * 2004-02-24 2006-01-18 Toshiba Res Europ Ltd Multi-rate security
US10367786B2 (en) 2008-08-12 2019-07-30 Mcafee, Llc Configuration management for a capture/registration system
US8738683B2 (en) 2008-09-15 2014-05-27 Vaultive Ltd. System, apparatus and method for encryption and decryption of data transmitted over a network
US9002976B2 (en) 2008-09-15 2015-04-07 Vaultive Ltd System, apparatus and method for encryption and decryption of data transmitted over a network
WO2010029559A1 (fr) 2008-09-15 2010-03-18 Vaultive Ltd. Procédé et système d'utilisation sécurisée de services par des fournisseurs de stockage non-sécurisés
US9338139B2 (en) 2008-09-15 2016-05-10 Vaultive Ltd. System, apparatus and method for encryption and decryption of data transmitted over a network
US9444793B2 (en) 2008-09-15 2016-09-13 Vaultive Ltd. System, apparatus and method for encryption and decryption of data transmitted over a network
WO2011080745A2 (fr) 2009-12-31 2011-07-07 Vaultive Ltd. Système, appareil et procédé de cryptage et de décryptage de données transmises sur un réseau
US10313371B2 (en) 2010-05-21 2019-06-04 Cyberark Software Ltd. System and method for controlling and monitoring access to data processing applications
US9794254B2 (en) 2010-11-04 2017-10-17 Mcafee, Inc. System and method for protecting specified data combinations
US10313337B2 (en) 2010-11-04 2019-06-04 Mcafee, Llc System and method for protecting specified data combinations
KR101538305B1 (ko) * 2010-11-04 2015-07-21 맥아피 인코퍼레이티드 특정 데이터 조합 보호 방법 및 장치
US10666646B2 (en) 2010-11-04 2020-05-26 Mcafee, Llc System and method for protecting specified data combinations
US11316848B2 (en) 2010-11-04 2022-04-26 Mcafee, Llc System and method for protecting specified data combinations
CN116846689A (zh) * 2023-09-01 2023-10-03 建信金融科技有限责任公司 金融业务数据传输方法、装置、计算机设备和存储介质
CN116846689B (zh) * 2023-09-01 2023-12-26 建信金融科技有限责任公司 金融业务数据传输方法、装置、计算机设备和存储介质

Also Published As

Publication number Publication date
AU1408501A (en) 2001-07-03
WO2001047205A3 (fr) 2002-07-11

Similar Documents

Publication Publication Date Title
WO2022206349A1 (fr) Procédé de vérification d'informations, appareil associé, dispositif, et support de stockage
US9832183B2 (en) Key management using quasi out of band authentication architecture
CA2341213C (fr) Systeme et procede permettant l'acces securise a des services dans un reseau informatique
US7373517B1 (en) System and method for encrypting and decrypting files
US7287271B1 (en) System and method for enabling secure access to services in a computer network
US6986040B1 (en) System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
US6694431B1 (en) Piggy-backed key exchange protocol for providing secure, low-overhead browser connections when a server will not use a message encoding scheme proposed by a client
US8769784B2 (en) Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones
US7903822B1 (en) Method and system for establishing a trusted and decentralized peer-to-peer network
KR100431567B1 (ko) 프록시의 보안 통신에 관여하게 하는 방법, 암호화시스템, 컴퓨터 프로그램 제품
US7853782B1 (en) Secure intermediation system and method
US20030229786A1 (en) System and Method for Application-Level Virtual Private Network
JP2015528149A (ja) 企業トリガ式2chk関連付けの起動
JP2015526784A (ja) 問い合わせ型トランザクションによる強化された2chk認証セキュリティ
JP2003502983A (ja) コンピュータネットワーク上における安全が保証された取引方法及びシステム
US9069869B1 (en) Storing on a client device data provided by a user to an online application
US6751731B1 (en) Piggy-backed key exchange protocol for providing secure, low-overhead browser connections to a server with which a client shares a message encoding scheme
AU2002235149A1 (en) System and method for securing a non-secure communication channel
TW200307439A (en) Mechanism for supporting wired and wireless methods for client and server side authentication
WO2001047205A2 (fr) Cryptage ameliore de reseau d'ordinateurs utilisant des objets logiciels telecharges
US20240146767A1 (en) Secure electronic transactions using transport layer security (setutls)
AU2009295193A1 (en) Method and system for user authentication
US9172679B1 (en) Secure intermediation system and method
KR20010017849A (ko) 월드와이드웹에서의 보안 기능 지원을 위한 데이터 송수신 방법
CN114244569A (zh) Ssl vpn远程访问方法、系统和计算机设备

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase