AU2005202842A1 - Application level Client-side Encryption in Web browsers - Google Patents
Application level Client-side Encryption in Web browsers Download PDFInfo
- Publication number
- AU2005202842A1 AU2005202842A1 AU2005202842A AU2005202842A AU2005202842A1 AU 2005202842 A1 AU2005202842 A1 AU 2005202842A1 AU 2005202842 A AU2005202842 A AU 2005202842A AU 2005202842 A AU2005202842 A AU 2005202842A AU 2005202842 A1 AU2005202842 A1 AU 2005202842A1
- Authority
- AU
- Australia
- Prior art keywords
- web
- web browser
- applet
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Description
Standard Patent Application Standard Patent Application Paul Cheffers
O
Cl 46 McIntosh Circle Murrumbateman NSW 2582 June 26th 2005 00
(N
Application Level Client-side Encryption in Web r Browsers.
SField of Invention The invention relates to encryption in web browsers, particularly in application level client-side encryption in web browsers.
A glossary of terms related to the description is found at the back of the application.
Background of the Invention Encryption on the World Wide Web is usually necessary in order to achieve ecommerce secure email facilities the secure transport of passwords There are various well known methods of encryption on the web such as Encryption Method ISO level Use PGP Application level email S/MIME Presentation level email TLS/SSL Transport level web use IPSEC Network level internet traffic PGP is used to encrypt and decrypt email before the email client sends it onto the Internet. PGP is a C computer program and is used in conjunction with email clients. A privately written program, it has become a defacto Internet standard.
S/MIME is an Internet standard that allows encryption of I of21 Standard Patent Application email in conjunction with X105 public key certificates. It is a capability that email client programs have to encipher with or to decipher with, and is not currently used widely due to the need to have X105 public key certificates. It is a O presentation level standard.
SSL secure socket layer or its variant TLS Transport Layer Secure is a transport layer service and is the service used by HTTPS (secure web) and SMTP/TLS (secure email). It is part of the browser and is most often used on secure ecommerce sites to securely pass credit N, card information between the client and the server. SSL 00 requires a secure HTTP server in order to operate. This is C1 a stumbling block to ecommerce as use of storage space on secure HTTPS servers is charged highly and beyond the V) reach of cottage ecommerce players.
N, IPSEC is a network layer service that comprehensively encrypts all Internet traffic emanating from the workstation or router that runs the service. IPSEC must be installed by computer professionals and involves quite a bit of configuration as well as being a pricy way to achieve secure passage of packets on the Internet.
Most of these services use a combination of public key cryptography (such as RSA) and traditional symmetric ciphers such as DES or IDEA. The exchange of symmetric one time session keys is achieved with public key cryptography and then, for the bulk of data exchange, traditional cipher encryption and decryption methods are used.
Present Possibilitiesfor Encryption on the World Wide Web.
With IBM PC clock speeds now running at 800mhz to 1.2 ghz for run of the mill PCs, the average PC on the Internet is now capable of quick encryption/decryption using even expensive and slow ciphers such as RSA.
More exactly, the application level and client-side computer languages Java and Javascript, with current PCs, are now capable of achieving 1024 bit public key encryption and decryption of 2 to 4 kilobytes of data in small segments of time, such as 2 to 4 seconds, on machines with the speed mentioned above.
As such, it is now possible for application level and client-side computer languages to achieve the same levels of security, on small amounts of data (less than 4000 bytes), that SSL/TLS and IPSEC previously provided.
2 of21 Standard Patent Application Economic Uses for Java applets and Javascript functions encrypting data provided by the Web Page.
t The use of Java applets and/or Javascript functions to 0 encrypt data on a typical web page has the following N economic uses: 1. passwords on login subscription pages can be encrypted with up to 1024 bit public key encryption techniques. As such they can be sent on insecure media, such as the HTTP web service, safely without CN interlopers, or anyone using passive means of I interception, being able to read what the passwords are.
S2. an easy means of secure web mail can be achieved with N a web page using a textarea to contain a plaintext ascii O message that is encrypted client-side and then sent, encrypted, in a form submittal, to a server web site that stores the mail, encrypted, in a text file. Some time later the recipient of the mail accesses the encrypted version of the mail message and decrypts the message using application level client-side methods (such as a Java applet and/or Javascript functions) on his own machine, with private keys being accessed as Javascript variables which are first initialized by an ActiveX control contained within the web page. The ActiveX control, using a Microsoft programming technique, is marked 'Safe For Scripting'. Once this is done, the routines in the ActiveX control can be accessed and executed by calls inside the Javascript in a web page. The ActiveX control stores and accesses the private cryptography keys in the Windows registry.
(This method is limited to windows PCs).
3. a way to securely encrypt the contents of a form, using a combination of Javascript and/or Java applets, to provide 1024 bit public key encryption of an ecommerce order form, so that it is encrypted before being sent onto the Internet without the use of SSL/TLS, and so the encrypted message can be emailed by a server cgi-bin script to the ecommerce merchant. The ecommerce merchant, as above, decrypts the message by accessing a decryption URL and by copying and pasting the email into the decryption URL, and decrypting it.
An advantage to these methods is that the Internet server provider, where the ecommerce information or the secure email is sent by the web form submittal does not know the information contained within the encrypted form.
Summary on the Invention 3 of 21 Standard Patent Application In a broad form, the invention is an ecommerce system on the Internet which uses application level encryption n methods, ie., java applets and javascript functions O cooperating with each other (these are components of the web page), to strongly encrypt the contents ofa HTML form submittal. This encrypted string will then be sent via HTTP or HTTPS form submittal, across the Internet, to an Ecommerce vendor, who will then email the encrypted order to an ecommerce merchant. The ecommerce merchant will cut and paste this encrypted order into a HTTPS decryption URL provided by the ecommerce vendor across the Internet. The private cryptographic keys 00 necessary to decrypt the encrypted order message will be N, held, in one aspect of the invention, in the Windows c Operating System Registry and accessed by an ActiveX Scontrol. The ecommerce merchant will have a sign on procedure with the ecommerce vendor whereby he C, downloads the ActiveX control, creates a private and public RSA key, stores the private RSA key in the Windows Registry by the ActiveX control, and publishes the public key with the ecommerce vendor.
In another aspect of the present invention, a local web server, a WWW web server that only provides web pages to the local computer it is on, also serves as a private key server and a proxy POP3 email reading server. The local web server provides email reading, email sending, email encryption, email decryption, and public key generation methods web pages to a web browser. These web pages have a encryption/decryption/key generation/key accessing/key storing applet that communicates with the local web server through a local socket. A proxy POP3 applet also echoes POP3 email reading commands from the web pages to the local web server, which communicates with POP3 email sending servers on the Internet. The proxy POP3 applet receives commands to read email, ferries these to the local web server, and also ferries the read email (read by the local web server) up to the javascript functions of the email reading web pages.
Both aspects of the present invention use a double polling method, described below, to communicate data and commands between the web browser script language functions and the web browser applet program.
The ecommerce method, in order to achieve a universal method of ordering through the web browser, will encrypt the order form with a web browser applet program cooperating with web browser script language functions, but will drop back to do the encryption solely with different web browser script language functions if no web 4of21 Standard Patent Application browser applet language is supported on the web browser.
Brief Description of Drawings An illustrative embodiment of the present invention will be described with reference to the accompanying figures, in which 1. Figure 1 shows the Ecommerce system.
2. Figure 2 shows the key generation methods of the Ecommerce system and also the local web email reading/sending/encryption/decryption system.
3. Figure 3 shows the web page email 00 reading/sending/encryption/decryption system Description The present invention may be implemented in a variety of 1 ways. The embodiments illustrated are only illustrative constructions.
Advantages using Java Applets and Javascript functions encrypting web data The Java computer language, which is a standard in the applets used in web pages and which is supported by a majority of web browsers, has strong features that make it a fine language to do encryption in. The BigInteger class, a standard class in all Java implemenations, has all that is required to accomplish 1024 bit (industrial strength) public key encryption, decryption, and key generation.
Although Javascript is interpreted and meant for creating HTML code, it has all the language features necessary to build industrial strength public key functions in. Using algorithms for extended precision arithmetic shown in Chapter 20.6 of "Numerical Recipes in 2nd Edition by Press et al (1996), the present invention has extended precision arithmetic functions (multiplication, division, exponentiation mod a modulus) in the Javascript language that successfully raise a message of up to 100 characters to the 23 rd power mod a 1024 RSA modulus on a 800mhz PC in 3 seconds, and makes up about 650 lines of Javascript code.
The Javascript extended precision arithmetic functions first make an inverse of the modulus (ifm is the modulus, 1/m is the inverse). This is always of course a fraction less than one. When one multiplies a number, A, greater than the modulus by the inverse of the modulus, one gets the number of times the modulus divides the number A without remainder. Multiplying this number by the modulus and of 21 Standard Patent Application then subtracting this new number from the number A shows the remainder of number A mod the modulus.
0 The inverse number is created just once at the beginning of 0the calculation since it is the same for each 100 character N block message to be encrypted. The inverse is the most Sintensive calculation of the whole modular exponentiation.
The inverse is created via Newton's algorithm for discovering inverses. Set U 1 to a guess of the inverse and calculate the following equation until Ui+1 Ui(2 (modulus)Ui) 00 The equation will proceed quadratically to the inverse.
C When enough precision is created, the equation is stopped.
Ni3 SThe modular exponeniation is done by the traditional CN, Russian Peasant algorithm where there is one modular multiplication for each bit in the exponent Base 2 string, and another modular multiplication for each 1 bit in the exponent string. The modular exponentiation takes log2(n) operation where n is the number of bits in the exponent.
Difficulties with Java applets and Javascript functions encrypting web data: invoking Java applet methods from Javascript.
The main difficulty, which the present invention means to overcome, is the universality of the encryption mechanism due to different web browsers in use and different options in use on them.
The data must be gathered from web form fields by Javascript functions invoked by the ONCLICK method or the ONSUBMIT method, or in the action field of a web form. This data should, ideally, be then transferred to a Java applet for encryption or decryption, since the BigInteger class of the Java language is a professional implementation quite capable of industrial strength encryption/decryption of small to medium amounts of data.
This is where the first hurdle presents itself There are two main Java "Virtual Machines" in use on web browsers in 2005, the Microsoft VM and the Sun Java VM. The Sun Java VM fully supports Javascript to Java communication and also Javascript invocation of Java applet methods, as Javascript reference manuals describe. But the Microsoft VM, used in the dominant browsers (Internet Explorer and Internet Explorer V6), DOES NOT SUPPORT JAVASCRIPT INVOCATION OF JAVA APPLET METHODS IN A USABLE SENSE. That is, no reliable use of Javascript to Java communication can be used in 6 of 21 Standard Patent Application web pages on Internet Explorer.
To overcome this hurdle, a more complicated Java to Javascript communication method must be used that is Sdescribed next: The Java applet polls every second certain Javascript variables. Microsoft Internet Explorer does support Java to Javascript communication if the MAYSCRIPT attribute is placed on the applet tag in the web page.
When a certain Javascript variable, ie., RSACMD, is found to become a valid command (by a Javascript function 00 changing it), then another agreed Javascript variable, ie., 0RSAITEM, is read by the Java applet. This value will be a valid Javascript variable or the value of a variable in the document object model, ie., the web page. The Java applet 0 will then read the Javascript variable or the object on the web page and encrypt or decrypt the value of it or perform public key generation. It will then write this encrypted data in ascii hexidecimal format back to the Javascript variable.
A third Javascript variable is then set, ie., RSARESULT, to "FINISH". This will eventually come to the attention of a Javascript function that has been invoked earlier that is set to run once a second using the SetTimeout() javascript function. Once RSARESULT is read as "FINISH" by the Javascript timer function, then the data in the Javascript variable is transfered to its final destination: to an element in a web form, or as a parameter value in a CGI-BIN invocation.
Javascript functionality Java functionality RSAITEM=document. form.element.value;
RSARESULT="START";
RSACMD="ENCRYPT";
settimeout ("cmdsetelement Java applet polls Javascript RSAITEM every second.
when it reads the variable as "ENCRYPT" it reads RSAITEM, and then reads the object held as a value in RSAITEM, ie., document.form.element.value.
It then encrypts or decrypts this data and places the ascii hexidecimal token of the encryption or decryption back in RSAITEM.
The Java applet then sets RSARESULT to "FINISH".
function cmdsetelement() if(RSARESULT "FINISH") settimeout("cmdsetelement()",1000); else document.form.element.value RSAITEM; The Javascript function, which runs once a second detects that RSARESULT is now FINISH 7 of 21 Standard Patent Application so it sets the object in the web page to the value of the RSAITEM javascript variable, which has been set by the Java applet.
In this way Internet Explorer can be made to interface with Sa Java applet to perform 1024 bit public key encryption on N Javascript variables or objects in the web page (elements of Sforms or all the elements of a form).
Difficulties with Java applets and Javascript functions encrypting web data: Java is now not a standard option in many Web Browsers.
(N
Java is now not a standard option in Netscape 7.1 or 0C Mozilla, two browsers which make up 12 to 13 percent of 0the 2005 browser usage. Java is a standard option in Internet Explorer, although Javascript to Java Scommunication requires the procotol described above to 0 operate.
Since Javascript is a standard in all moder browsers, then if Java is not enabled or available, the public key encryption needs to be done by Javascript extended precision arithmetic functions.
A component of the present invention is the creation of viable Javascript extended precision arithmetic functions that can public key encrypt (with 1024 bit numbers) up to 100 characters in 3 to 4 seconds on a 800mhz IBM PC.
Most of the algorithms used in these routines are described in Press' "Numerical Recipies", a standard computational mathematical book.
Upon instantiation of the web page, Javascript code runs that determines if Java is enabled on the browser. If it is, then the Javascript invokes HTML code that pulls in the applet and the Javascript methods described above. If Java is not enabled, then a Javascript file containing extended arithmetic functions is pulled in. The applet is around 8,000 bytes with around 2,000 bytes of accompanying Javascript, while the Javascript alone file is approximately 15,000 bytes long.
As of the date of the filing of this application, there are other Javascript implementation of BigIntegers, as they are called (modular arithmetic on 1024 bit numbers). But none of them combines the applet's ability to generate RSA keys and perform RSA decryption because they do not have the method of applet and javascript communication outlined above. Without the ability to communicate between javascript code and java applets (in Internet Explorer), the tri functions of RSA key generation, RSA encryption and RSA decryption cannot be combined in a single web page, 8 of 21 Standard Patent Application since key generation and decryption on 1024 bit numbers is currently impractible in Javascript.
In this way a universal encryption mechanism is made Savailable. Encryption using the RSA public key algorithm is usually much quicker than decryption, because the Sencrypting public key is very small and the decrypting public key is quite large. In the present invention, the _o modulus is either a 512 bit or a 1024 bit number, but the public enciphering key is always only 23. The private deciphering key is almost as big as the large modulus, and 1 is approximately 100 times more expensive to decipher 0 than to encipher. As such, the Javascript routines will never CN be used for decipherment, only the Java applet or various C programs are fast enough to do that.
SPersistance for Web Pages Persistance in a web page, for purposes of the current invention, is when the web page can remember the private keys (of a public key cryptographic scheme) of a person using the PC without going to a server to retrieve them.
These keys will be held in the merchant's private PC and not anywhere else.
The easiest way to achieve persistance in this manner is to use cookies, which are character strings (identified by key names) that are attached to each URL that a web browser has visited. Javascript in the web page can create cookies which can be retreived the next time that the web page is recalled. This is not very secure since the cookies are shared across the Internet with the web server everytime the web page is invoked.
There are two methods by which persistance is achieved in the ecommerce/secure email method described in this paper: by an ActiveX control accessing the registry and by means of a personal web server that operates on the person's PC.
The ActiveX control is the method used in the Ecommerce method. The ActiveX control is marked 'Safe For Scripting', a Microsoft technique that allows it to be called by Javascript. The ActiveX control, a program, an OCX file (a type of Dynamic Link Library or DLL), transfers the private keys back and forth from a Windows registry location. It essentially functions as an object in the Javascript. It saves all of the private keys (as well as the public keys) as one character string (like a cookie) but saves it to the Windows registry instead of to the cookie file of the browser.
9 of 21 Standard Patent Application Since ActiveX controls are only available to Internet Explorer this effectively means that the merchant web In pages for decryption and key generation of the Ecommerce method can only take place on Internet Explorer. The ActiveX control, to explain, is referenced on the HTML web page by a web tag and is downloaded over the Internet, once, when it is first used. The web user is prompted to accept or reject the ActiveX control.
Accepting it will install the ActiveX control on the client's PC. He will not have to download it again.
1 ActiveX controls need to be digitially signed by a trusted oO source before they can be downloaded on many PCs.
(N
SThe second method to achieve persistance is a personal Sweb server (NOT the Microsoft Personal Web Server) Swhich is described visually in diagram 3. A program Sthat is a web server, which takes requests on port 80 and returns web files to a browser, is invoked on the client's PC. As well as web requests, this souped up web server can retreive and add to a private key file held on the client's
PC.
This private key file is encrypted with the triple DES (3DES) algorithm so that only the client using the secure email web system can retreive or add to the keys.
The secure email web system on the client's browser (these pages have been retreived from the personal web server) contains an applet which has a nonprivileged local socket connection with the personal web server. The souped up personal web server listens on the nonprivileged local socket for key requests. It retreives keys or adds keys to the file. Applets are allowed to open socket connections with IP addresses that their container web pages have come from. Since the web pages come from the local PC, the applet can open a socket to the local PC's little web server program and achieve the key transfer.
The little web server also listens on another local socket for pop3 email retreiving commands. It echoes these commands to the outside Internet, where an actual email server resides. The little web server receives emails back from the outside email server and echoes the email information back up the local socket connection to a POP3 email reading applet. The little web server is, in effect, also, a proxy POP3 server.
Description of Events in Diagram Diagram 1 explains, visually, the method proposed to do ecommerce or to do secure mail. The merchant hosts his of21 Standard Patent Application web pages on a normal web server (100) not HTTPS) but references a Javascript source file from the ecommerce vendor (300). This Javascript file contains the public RSA 0 key and modulus of the merchant, and also includes other 0 Javascript code that interfaces with the Java applet. The N merchant also includes in his web pages an encryption Java applet, provided by the ecommerce vendor, but which the merchant hosts with his web pages. (This needs to be done _for web browser permission reasons).
The Javascript source file from the ecommerce host CN includes the merchant's modulus and public key (always ,1 23), and if necessary (if Java is not enabled at the client's browser) Javascript extended precision arithmetic functions to achieve encryption. The client (200) orders with the web t pages of the merchant. Instead of submitting the order 0 form to a HTTPS site, a Javascript routine is called that gathers the contents of the elements in the form to be one ASCII character string. This ASCII character string is then raised to the 23rd power mod the modulus (this is either a 512 bit number or a 1024 bit number so encryption is strong). The Javascript function then invokes a HTTPS CGI-BIN script on the ecommerce vendor (300) with the already encrypted web form data included as a parameter in ASCII hexidecimal notation.
The ASCII portion of the combined web form is split into 100 character items and each is encrypted. The encrypted ASCII hexidecimal number is then appended to the others by a upper case and one string is formed. This is sent to the ecommerce vendor (300) via a HTTPS call in the Javascript function called by the merchant's web page.
The ASCII hexidecimal encrypted order is immediately emailed to the merchant (500). This email will normally go to a mail server (400), often at an ISP. The private key, necessary to decrypt this message is known only to the PC of the merchant himself (500).
The email includes a link to a decryption URL (600) which the merchant brings up on his web browser from the ecommerce vendor (300). He then selects, copies, and pastes the email into a textarea of the decryption URL. He selects the private decryption key from his private key ring, which is provided to him by the persistant key ring activex control (700), and which accesses the Windows Operating System Registry (800) to retreive that actual private keys.
The ActiveX (700) control is referenced in the decyption URL (600). He then hits the decrypt button in the web page. The web page then invokes the Java to Javascript communication method described above and decrypts the 11 of 21 Standard Patent Application hexidecimal message into a text message again. The message might be a simple text message or it might be the combined result of an ecommerce HTML form, so it might a be an email message or a web ecommerce order form.
CN Description of Events in Diagram 2 SDiagram 2 explains Client Side public and private key 0 generation. This is part of the merchant's web page suite available from the ecommerce vendor (100). The merchant (200) creates a 1024 bit public cryptographic key pair (actually an RSA key pair). The ActiveX control (400), referenced in the key generation web page (300) saves the 0 private key in the Windows registry (500) while the public key is transfered by a CGI-BIN to the ecommerce vendor (N (100) where it is stored in ajavascript file. A web browser applet language, aka Java, must be supported by the web Sbrowser (200) for this system to run.
Description of Events in Diagram 3 Diagram 3 describes a second way to achieve encrypted email, which can fit on a floppy disk, and which is easily transportable to different computers. A local web server (500), currently incarnated as a program, is invoked on the client's PC. This web server only receives connections from the local machine. It can 1. receive web requests from web browsers (200) on the local machine. It has a cache of web pages (700) that achieve 1. the reading of emails via POP3 with POP3 email servers on the web (100) 2. the sending of emails via a CGI-BIN request with the ecommerce vendor (800) 3. the generation of 1024 bit RSA key pairs 4. the RSA encryption of emails with the public keys of the recipients the RSA digital signing of emails to be sent with one of the private RSA keys held in the private key file (600).
6. the RSA decryption of emails that have been read via POP3 with the person's own private RSA keys.
7. the publishing to the ecommerce vendor (800) of any public keys from locally generated RSA key pairs.
8. the retreival of RSA public keys of others from the ecommerce vendor (800) 2. retreive and update RSA private and public keys with the web pages from an applet (300), through a local socket connection. The actual file that holds the 12 of 21 Standard Patent Application private keys (600) is 3DES (triply DES) encrypted.
3. serve as a POP3 proxy for the web pages. POP3 commands come through a local socket connection O from a POP3 proxy applet (400). These commands are Sechoed up to a POP3 mail server (100) on the actual Internet. Email that comes back from the Internet is echoed back to the applet (400) holding the local socket connection which sends it back to the web pages on the browser (200).
A client brings up the local web server (500) and then, in a C browser (200), calls the web page email system (700) from the local machine. Actually, he hits a button on the local c, web server (500) that brings up a browser (200) with the right web page (700).
O This web page asks for a password to decrypt the private key file (600), which is 3DES encrypted. If the decryption does not reveal ascii text, the password is wrong.
From here the user at the web browser (200) can encrypt and decrypt messages, create RSA key pairs, publish public keys to the ecommerce vendor, retreive public keys of others from the ecommerce vendor (800). He can also read email through the proxy POP3 service, and he can send off email through a CGI-BIN with the ecommerce vendor.
He can, using this system, do most encrypted email functions from a web page from a web server that exists on his local machine.
Advantages with this method of ecommerce or web mail The main advantage to the Ecommerce method described above is that the merchant does not need to site his ecommerce order web pages on a secure HTTP (HTTPS) web server. He need only reference his ecommerce vendor Javascript file (containing his public keys and modulus) download onto his web site the encryption Java applet provided by the ecommerce vendor invoke one of the ecommerce vendor's Javascript functions on his order web form action field instead of calling an actual Internet web URL.
A second advantage is that all order information is encrypted before it leaves the client's machine and is only 13 of 21 Standard Patent Application decrypted when it reaches the merchant's machine. With SSL/TLS on HTTPS web browsers, the web server will decrypt the information and the computer holding the 0 server will have plaintext access to the order or email 0 information.
A third advantage is increased encipherment on the communication lines. Since the URL that the ecommerce server uses to transfer information to its disk files is often secure (HTTPS), a double decipherment is then made. Any fault in the HTTPS implementation of the browser (that it C1 is 'International standard', or 40 bit encryption, or hacked) is overcome by the initial encryption by the Javascript CN and/or Java applet of the ecommerce vendor. 1024 bit RSA 0 encryption is the method currently used; this is considered N to be strong encryption. Components of the web page can O now strongly encrypt web data, not just the browsers Sthemselves.
A fourth advantage is that extended precision Javascript routines exist that can in real time encrypt with 1024 bit numbers several hundred characters of text. These routines are invoked if Java is not present on the client's ordering machine. The Javascript machines would work on all current day browsers, but the Java implementation is faster, is a standard on 80 percent of all existing browsers, so that method is used first. But with the Javascript routines a universal ordering scheme is created.
An advantage to the local web server email service is that the entire system is transportable on a floppy disk and can be taken, currently, to any windows machine. It will run there and can, conceivably, be taken by company officers on business trips and safely used even in Internet cafes.
Thus, using Javascript extended precision functions and/or Java applets using the BigInteger class, secure ecommerce and/or secure web mail can be achieved by this use of Application level client-side encryption techniques.
14 of 21 Standard Patent Application Glossary of Terms t The Application level is the highest level in the seven stage ISO module of telecommunications. To say that C encryption is going on at the Application level is to say that the level closest to the user is achieving the encryption. In this case it is the data fed to the web browser Javascript functions and/or Java applets that, working together, achieve the encryption.
To say that the encryption is going on client-side is to say that the client's PC is doing the encryption, without help oO 0C from the web server where the web page has originally 0come from. This is advantageous since the packet to be 1 encrypted (in this case a web form) is totally transformed before it appears on the communication link.
A web browser script language is an interpreted language that the web browser can invoke in a <script> section. This language is usually a strong character processing language and is used to dynamically create HTML code. Javascript is an example of a web browser script language.
A web browser applet language is a language that creates applets. Applets are downloaded from web sites and run as program within the web browser, often specializing in canvas drawing or maintaining socket connections over the web. An applet can open a socket connection with the web site it was downloaded from. Java is a web browser applet language.
Extended precision arithmetic is arithmetic such as multiplication, division, addition, subtraction, and exponeniation over a very large modulus, usually 1000 bits or more.
Public Key Cryptography refers to crytographic ciphers that use one key to encrypt a message, and another key to decrypt with. The keys have a secret relationship that is usually in relation to the discrete logarithm problem or to the factoring problem.
Strong Cryptography in the sense of public key cryptography usually means the use of 1000 bit modulus numbers that are formed in a proper manner so that they are hard to factor.
A low exponent in public key cryptography is often used as the public key. A low exponent is usually below 1000.
RSA is the public key cryptographic system where a of21 Standard Patent Application message is risen to the public key mod a modulus that is the product of two large prime numbers. The decryption Smechanism is raising the ciphertext to the private key mod a modulus. The public key encrypts, the private key Sdecrypts. The public key is often low, sometimes as low as the number 3. In the present invention it is the number 23.
RSA is used in the HTTPS protocol to transport a symmetric encryption key between a web browser and a web server. RSA is the most widely adopted public cryptographic method. RSA was patented in 1982 in the USA and came out of patent in 2003.
"POP3 is a communication protocol used on the Intemrnet to c-i read email from email servers. A TCP connection is made between the email client and server on port 110. Simple c-i t text commands achieve authentication and transfer of email.
DES The Data Encryption Standard was the approved symmetric cipher for commercial and government use from the 1970s to late 1990s. A very robust well researched cipher, there are no effective known attacks on it except brute force. Because of the 56 bit key brute force attacks on the cipher are now possible.
3DES Triple DES. Three rounds of DES, usually encryption, decryption and encryption with three 8 character keys, giving a key space of 156 bits. 3DES is still considered strong cryptography.
symmetric cipher. A cipher that uses the same key for encryption and decryption, thereby needing for the key to be kept secret. Asymmetric ciphers were discovered in the 1970s leading to a scheme whereby only the private key need be kept secret; the public key could be known by anyone wishing to send a message.
ISP. Internet Service Provider. A company offering dialin access to the Internet to local customers with a phone.
Ecommerce Vendor. The company offering the ecommerce service to merchants.
Ecommerce merchant The merchant who has web pages he would like to take orders on the Internet for his goods.
Ecommerce client An individual ordering on the web goods from an ecommerce merchant who is signed up to the ecommerce vendor's ecommerce scheme.
16 of 21
Claims (6)
1. a web browser script language command variable is set to a value specifying a command to the web browser applet program that polls this said variable and then initiates a sequence of actions C which when finished ,1 2. cause the web browser applet to place the 00 processed value into a web browser script 0language item variable N,
3. and to change another web browser script language state variable to hold a value signifying a Scompleted applet action.
4. whereas, a web browser script function has been running periodically, since the web browser script command language variable was set to the command state, to poll the web browser script language state variable for its completed status, as set by the web browser applet whereupon this completed applet state being detected by the web browser script periodic function, the value of the web browser script language item variable holding the processed data is placed within a web HTML object such as a form input field or as the value ofa INNERhtml field of a web page. 2. a double web browser application level client-side encryption method so that 1. if the applet program language is supported on the web browser, a web browser applet program using a public cryptographic method encrypts a string of information held in a web browser script variable, with data and commands exchanged between a web browser script program and the web browser applet program according to the method outlined in claim 1 or 2. if no web browser applet language is supported on the web browser, a web browser script set of functions, using a public cryptographic method, strongly encrypts a string of information, held in a web browser script variable, using an extended precision arithmetic modular power algorithm. 3. an ecommerce system whereby the sender on a web browser on a computer uses web browser script language functions and web browser applet programs using the method of communication in claim 1 and a 17 of21 Standard Patent Application method of public key encryption outlined in claim 2 to strongly encrypt a web form, or a portion of a web form, to send by HTTP or HTTPS form submittal to an ecommerce vendor who immediately emails off the already encrypted portion to the ecommerce merchant or receiver of the message, who then copies and pastes the encrypted text into the decrypting URL obtained by HTTP or HTTPS protocols over the Internet from the ecommerce vendor, of which the URL uses web browser script language functions and web browser applet programs to decrypt the message, with the private keys for decryption coming from an ActiveX 00 control accessing parts of the Windows operating N, systems registry, and which also uses the communication method of claim 1 to exchange t commands and data between the web browser script Sfunctions and the web browser applet language c- programs. 4. an email system, using web pages on a web browser for the sole user interface, for sending email, receiving email, encrypting email messages, decrypting email messages, and generating public cryptographic keys including the steps of I. a local web server on a computer providing a web browser, on the local computer, web pages 2. the said web pages having commands for receiving email, sending email, encrypting messages, decrypting messages, digitally signing messages and providing a password for decryption of a password file encrypted with a strong symmetric cipher 3. the said web pages communicating with the local web server through two applets, one handing encryption, decryption, key generation, and retreiving and storing of private cryptographic keys, and the other serving as a POP3 email reading proxy 4. the said applets communicating with the local web server through local sockets the said local web server providing 1. web pages upon HTTP requests 2. private cryptographic keys upon requests by the said encryption applet from a private cryptographic key file encrypted by strong symmetric ciphers 3. and email read from POP3 email servers on the Internet
6. the said web pages sending email through an email vendor on the Internet via CGI-BIN web requests
7. the said web pages receiving public cryptographic keys of other email addresses through an email 18 of21 Standard Patent Application vendor via CGI-BIN web requests
8. the said web pages using the communication method of claim 1 to exchange data and commands between web browser script language Sfunctions and web browser applets to have the local web server read email and to have the encryption applet perform strong public key encryption 5. a method for encrypting a password on a HTML web form, using web browser language script functions and web browser applet programs to do perform encryption according to claim 2, using the method of 00 communication to exchange data and commands CI between web browser script language functions and Sweb browser applet programs outlined in claim 1. 19 of21
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2005202842A AU2005202842A1 (en) | 2004-06-30 | 2005-06-29 | Application level Client-side Encryption in Web browsers |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004903546A AU2004903546A0 (en) | 2004-06-30 | Application Level Client-side Encryption on the World Wide Web | |
| AU2004903546 | 2004-06-30 | ||
| AU2005202842A AU2005202842A1 (en) | 2004-06-30 | 2005-06-29 | Application level Client-side Encryption in Web browsers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2005202842A1 true AU2005202842A1 (en) | 2006-01-19 |
Family
ID=35884088
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2005202842A Abandoned AU2005202842A1 (en) | 2004-06-30 | 2005-06-29 | Application level Client-side Encryption in Web browsers |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2005202842A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10515227B2 (en) | 2014-10-23 | 2019-12-24 | Pageproof.Com Limited | Encrypted collaboration system and method |
| US20220129541A1 (en) * | 2020-10-23 | 2022-04-28 | Red Hat, Inc. | Containers system auditing through system call emulation |
| CN115062317A (en) * | 2022-03-19 | 2022-09-16 | 万达信息股份有限公司 | Method for encrypting webpage content under heterogeneous CPU system |
-
2005
- 2005-06-29 AU AU2005202842A patent/AU2005202842A1/en not_active Abandoned
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10515227B2 (en) | 2014-10-23 | 2019-12-24 | Pageproof.Com Limited | Encrypted collaboration system and method |
| US20220129541A1 (en) * | 2020-10-23 | 2022-04-28 | Red Hat, Inc. | Containers system auditing through system call emulation |
| CN115062317A (en) * | 2022-03-19 | 2022-09-16 | 万达信息股份有限公司 | Method for encrypting webpage content under heterogeneous CPU system |
| CN115062317B (en) * | 2022-03-19 | 2024-03-26 | 万达信息股份有限公司 | Method for encrypting webpage content under heterogeneous CPU system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6292895B1 (en) | Public key cryptosystem with roaming user capability | |
| US8321669B2 (en) | Electronic data communication system | |
| JP2020502896A (en) | Secure distribution of sensitive data over content distribution networks | |
| JP2020502668A (en) | Secure acquisition of sensitive data over a network | |
| JP2020502644A (en) | Secure data egress of sensitive data over the network | |
| US20060031670A1 (en) | Apparatus and method for facilitating encryption and decryption operations over an email server using an unsupported protocol | |
| US20040019780A1 (en) | System, method and computer product for delivery and receipt of S/MIME encrypted data | |
| AU2004313091A1 (en) | Secure file transfer for web service | |
| EP3614292A1 (en) | File transfer system comprising an upload, storage and download device | |
| WO2000018078A1 (en) | Secure message exchange method using intermediaries | |
| EP3216163B1 (en) | Providing forward secrecy in a terminating ssl/tls connection proxy using ephemeral diffie-hellman key exchange | |
| AU2005202842A1 (en) | Application level Client-side Encryption in Web browsers | |
| US20090157823A1 (en) | Apparatus and method for facilitating secure email services using multiple protocols | |
| WO2015104567A1 (en) | Secure communication between a server and a client web browser | |
| Hlaing et al. | Secure One Time Password OTP Generation for user Authentication in Cloud Environment | |
| EP3644572B1 (en) | Secure communication of payload data | |
| Huo et al. | A Secure Web Email System Based on IBC | |
| JP6167598B2 (en) | Information processing apparatus, information processing method, and computer program | |
| Alhibshi | Encryption algorithms for data security in Local Area Network | |
| JP2018107625A (en) | Data distribution system, data generation device, mediation device, data distribution method, and program | |
| Alsmadi et al. | Information Assurance/Encryption | |
| EP3742661A1 (en) | Encrypted data communication and gateway device for encrypted data communication | |
| Semwaal et al. | User Managed End to End Encrypted One to One and Group Channels With Hybrid Encryption | |
| Heins | Cryptographic Toolkit | |
| Hayoz et al. | Introducing SSL The Secure Sockets Layer Protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MK4 | Application lapsed section 142(2)(d) - no continuation fee paid for the application |