METHOD AND SYSTEM FOR DYNAMIC ENCRYPTION OF A WEB-PAGE
The present invention relates to the transmission of web-pages over the Internet, and in particular to the dynamic encryption of at least part of a web-page prior to transmission over the Internet by a web-server, and the subsequent dynamic decryption of the encrypted page content once the page has been received back from a remote user.
Operation of the Internet, and in particular that part of the Internet known as the World Wide Web is well known in the art. In particular, in order for a remote user to access a World Wide Web-page over the Internet, the user must use application software known as a browser, which generates a page request which is transmitted over the Internet to a web server upon which a web site, being page source code in a mark up language such as, for example, HTML or XML, is stored. The web server processes the page request, retrieves the requested page from the stored web site, and transmits the page source code back over the Internet to the user's browser whereupon the information contained in the source code can be interpreted in the browser and graphically displayed on a screen. Various mark up languages are known in the art which can be used to describe a web-page content, several of the more commonly known being, hypertext mark up language (HTML), extensible mark up language (XML), and wireless mark up language (WML). Mark up language code usually comprises a series of "tags" which operate in pairs, web-page content being expressed between two pairs of tags. The particular tag-pair instructs the browser as to how the content between the two tags is to be displayed.
XML is of particular interest as it allows two or more users to define tags to describe custom operations to be performed on the web-page content between a pair of tags. When a user defined tag-pair is encountered in a web-page source code, the browser can execute an executable script which may operate on the web-page content located between the pair of tags in the source code. Usually, the meaning of the user defined tag will have had to have been agreed between two or more users in advance, in order for their respective browsers to be able to interpret the tag correctly. XML allows user defined tags to be defined which can allow almost any operation to be performed on the data between the start tag and the end tag.
The continued growth in Internet usage has also meant that the World Wide Web is increasingly being used for business transactions, and in
particular for banking, insurance and other financial services transactions, as well as in other industries. In order to process such business transactions it is frequently required that a record of the 'state' of a particular user transaction must be kept. The present invention improves upon the above by providing for the storage of other system data variables in addition to a state indicator on a web page to be transmitted to the user. In particular, within the present invention in order to allow for further online transaction processing (OLTP) operations, other data relating to the state of the back-end computer system which is managing the transaction or relating to other system specific information is also stored on the web page. Examples of such data are for example, an application session ID, a user transaction ID, usernames and passwords, etc. Unfortunately, if the user has free access to such data when displayed in a web browser or viewed as source code then it may be possible for the user to change the values of the system data variables and corrupt the back-end system processing. Therefore, in order to prevent this the present invention provides for the dynamic encryption of such system variables within the web-page source code upon transmission of the page to a user, and for decryption of the variables upon receipt of a page containing such variables back from the user.
In some cases it may be necessary for the remote user to review the encrypted content. The present invention adapts to this condition by decrypting variables upon receipt of a page from the web server. In order to prevent data being made available to unknown sources over the internet, the present invention provides for dynamic encryption of system variables within the web-page source code upon transmission of the page to the web server, and for decryption of the variables upon receipt of a page containing such variables back from the user.
In view of the above, from a first aspect the present invention provides a method of storing system variables on a web-page to be transmitted to a remote user, the method comprising the steps of:- inserting one or more system variables into a web-page at one-or more locations in the page; and encrypting the inserted system variables to thereby render the one or more variables indecipherable to the remote user.
In a preferred embodiment, the inserting step further includes the steps of inserting a first pre-determined marker in front of each inserted system variable or consecutive group of variables; and inserting a second
predetermined marker after each inserted system variable or consecutive group of variables.
In the preferred embodiment, the encryption step further comprises the steps of:- detecting the first predetermined marker in front of each system variable or consecutive group of variables; detecting the second predetermined marker behind each system variable or consecutive group of variables; and encrypting said web-page content between said first predetermined marker and said second predetermined marker.
In the preferred embodiment, said first and second predetermined markers are XML tags.
The encryption of the one or more system variables may be performed using a fixed pre-determined encryption key which is changed only infrequently, if at all, or by a varying key which changes over time. Where a varying key is used, the key made br changed on a per page transmitted basis, on a time-variant basis, or on any other basis.
In addition, from a second aspect, the present invention also provides a method of retrieving system variables stored on a web-page received from a remote user, the method comprising the steps of:- detecting one or more encrypted system variables stored on a received web-page at one-or more locations in the page; and decrypting the detected system variables to thereby render the one or more variables decipherable. In a preferred embodiment, the encryption and decryption may be carried out at the user end by the web browser if possible.
In a preferred embodiment, the decrypting step preferably comprises the steps of: detecting a predetermined marker located at the start of the encrypted content; detecting a second predetermined marker located at the end of the encrypted content; and decrypting the content between the first predetermined marker and the second predetermined marker.
Furthermore, from yet another aspect the present invention also provides a system for encryption and decryption of at least part of a web-page, the system comprising: means for inserting one or more system variables into a web-page to be transmitted at one-or more locations in the page;
means for detecting one or more encrypted system variables stored on a received web-page at one-or more locations in the page; key storage means arranged to store one or more keys to be used for encryption and decryption; and encryption and decryption means arranged to encrypt or decrypt respectively the system variables as appropriate with at least one of the keys stored in the key storage means.
Preferably, the key storage means contains a plurality of keys, and a different key is used for each transmitted web-page. Alternatively, the key storage means is arranged to generate a key which is used for encryption or decryption which may change on a time variant basis.
Further features and advantages of the present invention will become apparent from the following description of a preferred embodiment thereof, presented by way of example only, and with reference to the accompanying drawings, wherein:
Figure 1 is a system architecture block diagram illustrating the operation of the present invention;
. Figure 2 is a system architecture block diagram illustrating a further possible operation of the present invention; Figure 3 is a system block diagram of the system of the present invention;
Figure 4 is a flow diagram illustrating the method and operation of the system of the present invention.
An embodiment of the present invention will now be described with reference to Figures 1, 2, 3 and 4
Referring first to Figure 1, here a user is provided with a browser application program 102 which is arranged to request pages of a website 106 from a web server 104 over the Internet 100. The user browser 102 is a conventional web browser application which is not modified in any way, and which is arranged to request and receive web-pages from the Internet 100 for display to the user.
The web server 104 is provided to service user requests for web- pages stored in the form of XML code on a website storage means 106. The web server is provided with one or more computer readable storage mediums (not shown)on which are stored the web server's operating system program files, system data, and all other executable and non-executable program and data files for controlling the operation of the web server. Such a one or more storage mediums may take the form of any known storage medium, and in
particular optical discs, magnetic discs, and magneto-optical discs. The web server 104 is also provided with an encryption and decryption module 120 which is arranged to receive web-pages from the web-site storage means and process them prior to transmission onto the Internet 100, and a key store 122 arranged to store encryption and decryption keys. The encryption and decryption module 120 is further arranged to decrypt the relevant parts of received pages prior to storage on the website 106.
The operation of the system of the present invention as depicted in Figure 1 can be summarised as follows. Suppose the user wishes to request a web-page from the website 106, then the user browser 110 generates a page request which is transmitted by the Internet 100 to the web server 104, which accesses the website 106 to retrieve the web-page. In order to allow for state storage for the purposes of on-line transaction processing by the back-end system, or for other back-end system house-keeping functions, the web server 104 is arranged to insert system variables relating to the OLTP state, or to any other back-end system function or for any other purpose, into the web-page in a convenient place, and the web page containing the system variable is passed to the encryption and decryption module 120.
The encryption and decryption module receives the web-page containing the system variables and accesses the key store to retrieve the appropriate encryption key, which is then used to encrypt the system variable information stored on the web page. The web page containing the encrypted system variable information is then transmitted to the user web browser 102 over the Internet 100. Upon receipt of the web-page containing the encrypted data at the user web browser 102, the web browser displays that part of the web-page source code which is in clear-text, but is unable to display the encrypted part containing the system variables. In addition, if the user attempts to view the web-page source code, then although the user will be able to view the clear-text source code in the normal manner, that part of the source code containing the system variables which have been encrypted will appear to the user as random or garbled symbols.
It is a frequent occurrence (and in particular during OLTP procedures) that the user will enter information onto the web page for processing by the back-end system, and the user browser 102 transmits the entire page with the user-entered information back to the web server 104. Upon receipt of the page at the web-server 104 the received page is first passed to the encryption and decryption module 120, which operates to scan the page to
determine the presence of any encrypted system variables, and to subsequently decrypted any detected encrypted system variables using the appropriate decryption key to the encryption key which was used to encrypt the page. The decrypted system variables can then be used by logic in the web server and/or back-end system to perform any required tasks. Envisaged tasks are, for example, house-keeping or performance tracking tasks performed by the webserver, recordal of transaction state for use in any back-end system, security purposes, etc.
It should be noted that the system variables may be inserted almost anywhere in the web-page, but should be inserted in such a place and manner that the user web browser is able to display the page to the user. Furthermore, preferably the browser should be able to display the page without the presence of the encrypted system variables being apparent to the user. In order to effect this, it is envisaged that the system variables would be in stored in any one of or a combination of: an HTML comment (or equivalent in any other mark-up language); an HTML hidden field (or equivalent in any other mark-up language); or as an encrypted value in a cookie. Furthermore it will be appreciated by the man skilled in the art that the system variables could also be stored in other places on the page or in associated files, all of which variants are also intended to be encompassed within the present invention.
Turning now to the actual encryption and decryption of the system variables, the same identical encryption and decryption keys can be used all the time for transmission of web-pages to any and every user.
Alternatively, however, where the web-site is such that a user must register in advance with the site in order to access the site, preferably a different encryption key is stored in the key store 122 in the web server for each user registered with the website. In a first embodiment, the same key can be used for every transmission to and from the web server from and to a particular user, and this has the advantage that implementation complexity is reduced.
In another alternative embodiment to the above, a rolling key is envisaged, such that a different encryption key is used to encrypt and decrypt the web-page content over time. In particular, the encryption key used to encrypt or decrypt the content may be time variant, in that a particular ' encryption and decryption key is only valid for a certain time frame on a certain date, such as, for example, for instance 15 minutes at a time. Here, the key store in the web server must have a means of synchronising to which key is valid at any particular time, in order for the web server to be able to encrypt
and decrypt the pages successfully.
Here, a relatively simple solution will be to use to keys which index into the system clock of the computer running the web server applications. Provided that the time frame in which the keys are valid is long enough, then few problems should arise. Where a page is received back from a user after a particular time frame has expired (i.e. such that the page was encrypted using the last key, rather than the present key), the key store can be arranged to allow the last key to be used for decryption purposes (but not encryption) for a sellable amount of time after a key change has taken place, in order to allow such pages to be decrypted.
As another alternative embodiment, the encrypted and decrypted key may be changed on a per page basis, to provide a system commonly known as a "one time pad". Here, a large number of keys are stored in the key-store, and the web server uses one of the prearranged keys per web-page transmitted to the user. In order to operate such a "one time pad" system successfully, the web server must keep a respective count of the number of pages transmitted and received respectively in order to know which one time pad is the current pad for a current page.
An alternative system is now described with reference to Figure 2. This alternative system is used when encryption and decryption is necessary at the user end.
Figure 2 is similar to Figure 1 except for a few different properties of the user browser 102. The user browser 102 comprises a conventional browser function 110, and is further provided with an encryption and decryption module 120, and an encryption and decryption key store 122. The encryption and decryption module 120 is arranged to receive web-pages from the internet 100 and to process them prior to passing the received pages to the standard browser 110.
Further details of the encryption and decryption module will now be described with reference to Figure 3. These details are applicable to the system architectures shown in Figure 1 and Figure 2.
In Figure 3, the encryption or decryption module 120 preferably comprises an input parser 240 arranged to receive web-page source code over the Internet 100 from the user, and to analyse the received source code to determine the existence and subsequent location of any encrypted system variables which have been inserted into the web-page source code by the webserver prior to transmission of the page to the user. A decryption module 210 is further provided which is arranged to receive output from the input parser
240, and to receive a decryption key from the key store 122. The decryption module 210 decrypts that web-page content which has been determined by the input parser 240 to be encrypted and outputs the decrypted content from the encryption and decryption module 120. , Similarly, an output parser 230 is also provided which is arranged to receive web-page source code to be transmitted, and to analyse the source code to determine the existence and subsequent location of any inserted system variables. Any located system variables are then passed to an encryption module 220 which is further arranged to access the encrypted key from the key store 122. The encryption module 220 then encrypts the content to be encrypted using the key received from the key store 122 and outputs the encrypted content from the encryption and decryption module 120.
Both the input parser 240 and the output parser 230 are further arranged simply to output that web-page source code which does not contain any inserted system variables, that is that source code which does not require encryption or decryption respectively.
The operation of a further embodiment of the present invention will now be described with respect to Figure 4. The further embodiment incorporates all of the previously described elements, but differs in how the system variables are inserted into the web page.
In the further embodiment, instead of merely inserting the system variables into the web page, the web server inserts the variables into the page delimited at the start and end by a pair of predefined mark-up language tags, such as <encrypt_start>, to indicate the start of the variables, and <encrypt_erιd>, to indicate the end of the variables. The encryption and decryption module 120 provided in the web server 104 detects the predetermined tags, to determine the location of the inserted system variables, and accesses an appropriate encryption key from the key store 122. The encryption key is then used to encrypt ' the data between the <encrypt_start> and <encrypt_end> tags and then the web-page containing the encrypted data is the transmitted over the Internet 100.
The operation of the encryption and decryption module as described above will now be described in detail with respect to Figure 4. The operation is applicable to the system architectures shown in Figure 1 and Figure 2.
Figure 4 is a flow diagram illustrating how the system variables inserted into the web-page may be encrypted. It will be apparent to the intended reader skilled in the art that the same process flow can be used to
control both the encryption and decryption operation. However, for the sake of clarity the following description will concentrate on encrypting at least part of the web-page, such as would be performed by the web server when transmitting a page on the Internet. It will be apparent to the intended reader how the following operation can also be applied to the subsequent decryption of the page.
Assume that the web server 104 has received a page request from the browser 102, and has accessed the requested page from the website 106, and inserted the system variables into the page where required and delimited by <encrypt_start> and <encrypt_end> tags . Therefore, at step
301 the web server 104 passes the web-page source code containing the system variables delimited by the tags to the encryption and decryption module 120. At step 302, a counter n which is used to keep a count of the lines of the web- page source code is initialised to a value 1, in order to allow processing to start at the top line of the web-page source code. Therefore, at this stage, the output parser 230 has received the web-page source code and begins to process from the first line n. At step 303, therefore, line n is analysed to determine the content thereof, and an evaluation is performed at step 304 to determine if line n is an <encrypt_start> tag. If it is determined that line n is not an <encrypt_start> tag then the output parser 230 outputs line n at step 305 from the encryption and decryption module for transmission of the line onto the Internet. An evaluation is then performed at step 306 to determine whether the end of the web-page source code has been reached, and if not the line counter n is incremented at step 307, and processing returns to the parsing step 303. If it is determined at step 304 that line n is an
<encrypt_start> tag, then processing proceeds to step 308, wherein encrypt module 320 retrieves the encryption key from the key store 122 at step 308. The line counter n is incremented by 1 at step 309, and the output parser 230 analyses line n to determine the content thereof at step 310. An evaluation is then performed at step 311 to evaluate whether the determined content is an <encrypt_end> tag and if not line n (which will contain one or more system variables) is passed to the encryption module 220 for encryption using the encryption key retrieved from the key store at step 313. The encrypted line n is then output from the encryption module 220 at step 314. Following output of the encrypted line n, an evaluation is made to determine whether the end of the web-page . source code file has been reached at step 215, and if not then processing returns to step 309 wherein the line counter n is incremented and steps 310, 311, 313, 314 and 315 are repeated in turn until either the end of the
web-page source code is reached, in which case processing ends, or until the <encrypt_end> tag is reached at step 311. If it is determined that line n is an <encrypt_end> tag, then the line counter n is incremented at step 312, and an end of file evaluation is performed at step 316. If the end of file evaluation is positive then processing ends, and if not processing returns to step 303. From step 303 processing continues in the same loop manner as described above until all of the web-page source code has been processed.
From the above-described operation it should be apparent that a web-page source code may contain one or more pairs of <encrypt_s tart> and <encrypt_end> tags such that the web-page may contain more than one portion of encrypted source code interlaced with clear text source code.
As mentioned previously, the above-described operation as shown in Figure 3 is almost identical for a decryption operation, with the change that at step 313 instead of an encryption operation being performed, a decryption operation is instead performed on the encrypted line. In this respect, the line n analysis performed at steps 303 and 310 is performed in the decryption mode by the input parser 240, and the decryption at step 313 performed by the decryption module 210.
Instead of providing separate input and output parsers 230 and 240 respectively, as shown in Figure 2, it will be appreciated that a common parser could be used to analyse both the received source code, and the source code to be transmitted.
In any of the above described embodiments it will be appreciated that the actual encryption and decryption algorithms to be used by encryption and decryption modules 220 and 210 respectively may be any known encryption and decryption algorithms known in the art which will provide an adequate level of protection. In the further embodiment described with respect to Figure 3 it will be appreciated that the <encrypt_start> and <encrypt_end> tags are used to initiate the execution of the encryption and decryption algorithms which are stored in script form in the user browser and the web server.
In the further embodiment, in order to allow the user to define the- <encrypt_start> and <encrypt_end> tags the web-page source code is preferably written in extensible mark-up language (XML).