WO2001040908A2 - Secure content embedding into personalized web pages - Google Patents

Secure content embedding into personalized web pages Download PDF

Info

Publication number
WO2001040908A2
WO2001040908A2 PCT/EP2000/011790 EP0011790W WO0140908A2 WO 2001040908 A2 WO2001040908 A2 WO 2001040908A2 EP 0011790 W EP0011790 W EP 0011790W WO 0140908 A2 WO0140908 A2 WO 0140908A2
Authority
WO
WIPO (PCT)
Prior art keywords
portal
requestor
browser
applet
document
Prior art date
Application number
PCT/EP2000/011790
Other languages
French (fr)
Other versions
WO2001040908A3 (en
Inventor
Ingo Elfering
Julian Reschke
Original Assignee
Medical Data Services Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to GB9928208A priority Critical patent/GB9928208D0/en
Priority to GB9928208.9 priority
Application filed by Medical Data Services Gmbh filed Critical Medical Data Services Gmbh
Publication of WO2001040908A2 publication Critical patent/WO2001040908A2/en
Publication of WO2001040908A3 publication Critical patent/WO2001040908A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Abstract

The present invention relates to systems, methods and computer program products for embedding sensitive data in a secure fashion in an otherwise unsecure document downloaded from internet. In the preferred embodiment, the invention describes a method of merging sensitive information (e.g. medical data) to a personalized portal page without having to give the data to the portal. The sensitive data is securely transmitted from a content provider directly to the user and transparently embedded into the personalized page.

Description

Secure Content Embedding Area of the Invention

The present invention relates to computer-based secure display of sensitive content from one data source in a second, potentially unsecure document. In particular, the present invention relates to systems, methods and computer program products for embedding sensitive data m a secure fashion in an otherwise unsecure document on a computer. The present invention finds particular, but not exclusive, application to the healthcare industry. It can be used in any application where sensitive or confidential data in a source file is to be made available through second access provider where the second access provider may not be secure. Internet-based systems particular benefit from the application of this invention.

As an example, a problem encountered in healthcare systems is that medical information needs to be easily accessible to a patient. Notifications about lab results, prescription renewals, etc. can both reduce cost m health care and increase health of a person when delivered in a timely manner. By way of example of the challenge, a possible way of providing this information would be that of placing on the front page of a newspaper which the patient is known to read every day. This would however violate patient privacy concerns since the same newspaper may be delivered to millions of other persons as well. One solution, m this newspaper example, would be to pπnt a personalized version of the newspaper which would only be delivered to that person. This is what portal sites like

Netscape, Yahoo and America OnLme on the Internet excel at. They deliver an up-to-the- minute, personal version of a newspaper digitally on a person's computer. However m order to place personal medical information on these pages, a content provider would have to transmit this information to the portal site first. The portal site would embed this into their page and transmit the page to the user. This is basically how Netscape's "Rich Site Summary" works.

The present invention descπbes a method of embedding information into a portal page without having to give the data to the portal. The data is securely transmitted between the patient and the medical content provider. No information is disclosed to a third party

Summary of the Invention

In a first aspect this invention relates to a method for creating secure access to data m a first secure file by way of an insecure portal in a distributed computing environment, the process comprising: accessing an insecure portal provider by a requestor using a browser, creating, by the requestor, a document unique to the requestor on that insecure portal, embedding, by said portal in said document, a reference to a java applet which can open a connection to the first secure file, causing the requestor's browser, while loading the insecure document, to see the java applet and request it from the secure file, transferring the requested java applet to the requestor's browser which starts it, thereby opening a connection to the secure file, causing the secure file to generate code which is transmitted to the requestor's browser, causing the applet on the requestor's browser to receive said code and insert it into the portal's document.

In a second aspect, this invention provides a means for accessing a secure file through an insecure portal on a distπbuted computing system, the process comprising activating a java applet embedded m the insecure portal document wherein the java applet which provides secure access to the secure file, wherein the embedded applet is created by: accessing an insecure portal provider by a requestor using a browser, creating, by the requestor, a document unique to the requestor on that insecure portal, embedding, by said portal in said document, a reference to a java applet which can open a connection to the first secure file, causing the requestor's browser, while loading the insecure document, to see the java applet and request it from the secure file, transferring the requested java applet to the requestor's browser which starts it, thereby opening a connection to the secure file, causing the secure file to generate code which is transmitted to the requestor's browser, causing the applet on the requestor's browser to receive said code and insert it into the portal's document.

Descπption of the Figures

Figure 1 is a block diagram of content embedding in a web portal Figure 2 is a block diagram of content embedding with license Description of the Invention

The present invention i ses facilities in HTML, Java and Javascript to enable the content delivery. The present invention does not require any special software to be installed on the user's machine other than a HTML browser like Internet Explorer or Netscape Communicator. It can be run on any personal computer and server. In the description the fictitious names are used for better readability:

• User - Susan

• Portal - www.portal.com, knows Susan as "John Doe" • Content Provider - www.medrec.com, knows Susan as "User 1772"

The scenario is started by Susan's logging on to the portal and asking it to generate a personal web page for her. The portal has ways and means to determine that the request comes from a "John Doe" source, which is how it characterizes Susan's request. Prior to logging on to the personal web page generating portal, Susan has configured another portal to show her information from www.medrec.com. The portal generates "John Doe's" page and leaves space for the content from "www.medrec.com", a medical records provider on the web. In this space, the portal includes a reference to ajava applet of "www.medrec.com". Susan's browser, while loading the HTML page, sees the reference to the java applet and requests it from www.medrec.com. The applet is transferred and Susan's browser starts it. The applet opens a connection to www.medrec.com. Medrec uses a method (described below) to determine that the request came on behalf of "User 1772". medrec generates a piece of HTML code fragment, which is to be displayed on the browser. The applet receives the HTML code fragment and inserts it into the portal's page. Now Susan's browser shows a page where the information from www.medrec.com is listed integrated among the other news from www.portal.com. Details of the implementation of this are provided. A sequence diagram is given in Figure 1.

It is not relevant to the present invention how the portal leams that Susan's request is for "John Doe". However the content provider needs a way to identify that information is to be generated for User 1772 - the identity under which Susan is known to the content provider.

The easiest method is to use the HTML cookie scheme. Susan is required to login once to www.medrec.com for "Userl772" with her password. Medrec then stores a cookie in Susan's browser. This cookie is later transmitted with the applets request and allows medrec to generate information for User 1772. The cookie scheme does not provide optimal security. Several browser's default configuration allow foreign sites to read Medrec 's cookie. Thus, other sites can "steal" the cookie and use them for their own request. This would give such a site access to Susan's information. The stolen cookie can carry a timestamp, so that it expires after a certain time. Assuming this time to be 7 days, this would require Susan to login at least every week to www.medrec.com. The advantage is that a stolen cookie could only be used m this time window. This is an improved security A preferred security scheme is descπbed below. Note however, that the basic scheme is of interest to content providers with less confidential information, who nevertheless do not want to disclose it too easily to portals.

Secure Content Embedding

In order to secure the method of "Basic Content Merging" it is preferred that the employs more secure technology like a certificate (x.509) which was issued by a trusted party (like VeπSign) or the vendor, www.medrec.com, itself. The certificate of the user "Userl772" is known by Medrec. This can be done when the user signs up

When the applet sends its request, this is done over an SSLv3/TLS connection. This is one example of a secure connectton used in e-commerce. The content provider asks for client certification and Susan's browser proves to the server that it is a valid owner of the certificate (e.g. that it has the pπvate key). Thus, www.medrec.com can make sure that-

• the request is coming on behalf of Userl 772, e.g. Susan.

• the data is transmitted in a secure fashion via SSL/TLS.

Furthermore, www.medrec.com can require that the applet is loaded m a secure connection. This will prevent anyone from faking or tampeπng with the Java applet which is running on Susan's browser.

Note that the cookie validation as descπbed above can be used together with the certificate. Security would be enhanced in such a way that certificate theft can only be exploited for a number of days.

Secure Content Embedding with Licensing

The last addition to content merging introduces a method which allows the content provider to license the use of content merging to portals. This is important to veπfy that content is only merged to pages which are authoπzed by the content provider. This can be important m order to enforce and protect commercial agreements (exclusive πghts, etc ) The Java applet carries a list of licensed portal sites. When it is transferred and started on Susan's browser it finds the URL of the document where it should place the content. This would be "www.portal.com" herein. It then checks to see if this URL is in its list of licensees. If the URL is not listed it aborts execution with an error message. A sequence diagram for Content Embedding with Licensing is given in Figure 2.

Implementation Details

The code in the portal's HTML page will contain the following fragment:

<div id="medrec" name="medrec">

<APPLET code="Portal.class" height=0 name="Applet" codebase- 'https ://www.medrec .com/" width=0 VTEWASTEXT MAYSCRIPT id=Applet> <PARAM NAME=" foreground" VALUE="FFFFFF"> <PARAM NAME="background" VALUE="008000">

</APPLET>

All this will be replaced.<br> </div>

For browsers which support DHTML, the following Javascript function is added to the page:

<script language="javascript"> function replaceO { var app = document.applets[" Applet"]; feld.innerHTML = app.getHTML();

} </script>

For browsers without DHTML, the following function is added to the page:

<script language="javascript"> applet = document.applets["Applet2"]; s = applet.getHTML(); document, writeln(s) ; </script> The applet initiates the connection to www.medrec.com when the method "getHTML" is called. It returns the HTML fragment in a string, which is then made part of the document from the portal.

As for the licensing method, the applet can use the method "getDocumentBase" of the standard java applet class . This method returns the URL of the document, which can be used for confirmation of the license status.

Claims

What is claimed is:
1. A method for creating secure access to data m a first secure file by way of an insecure portal in a distπbuted computing environment, the process compπsmg: accessing an insecure portal provider by a requestor using a browser, creating, by the requestor, a document unique to the requestor on that insecure portal, embedding, by said portal in said document, a reference to ajava applet which can open a connection to the first secure file, causing the requestor's browser, while loading the insecure document, to see the java applet and request it from the secure file, transferring the requested java applet to the requestor's browser which starts it, thereby opening a connection to the secure file, causing the secure file to generate code which is transmitted to the requestor's browser, causing the applet on the requestor's browser to receive said code and insert it into the portal's document.
2. A means for accessing a secure file through an insecure portal on a distπbuted computing system, the process compπsing: activating ajava applet embedded m the insecure portal document wherein the java applet which provides secure access to the secure file, wherein the embedded applet is created by: accessing an insecure portal provider by a requestor using a browser, creating, by the requestor, a document unique to the requestor on that insecure portal, embedding, by said portal m said document, a reference to ajava applet which can open a connection to the first secure file, causing the requestor's browser, while loading the insecure document, to see the java applet and request it from the secure file, transferring the requested java applet to the requestor's browser which starts it, thereby opening a connection to the secure file, causing the secure file to generate code which is transmitted to the requestor's browser, causing the applet on the requestor's browser to receive said code and insert it into the portal's document.
3. A means for providing secure access via the internet to a secure file via an insecure portal, as described herein.
PCT/EP2000/011790 1999-11-29 2000-11-24 Secure content embedding into personalized web pages WO2001040908A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB9928208A GB9928208D0 (en) 1999-11-29 1999-11-29 Method
GB9928208.9 1999-11-29

Publications (2)

Publication Number Publication Date
WO2001040908A2 true WO2001040908A2 (en) 2001-06-07
WO2001040908A3 WO2001040908A3 (en) 2002-05-02

Family

ID=10865372

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/011790 WO2001040908A2 (en) 1999-11-29 2000-11-24 Secure content embedding into personalized web pages

Country Status (2)

Country Link
GB (1) GB9928208D0 (en)
WO (1) WO2001040908A2 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1293857A1 (en) * 2001-09-17 2003-03-19 Caplin Systems Limited Server access control
US7653602B2 (en) 2003-11-06 2010-01-26 Visa U.S.A. Inc. Centralized electronic commerce card transactions
US7725369B2 (en) 2003-05-02 2010-05-25 Visa U.S.A. Inc. Method and server for management of electronic receipts
WO2010122678A1 (en) * 2009-04-23 2010-10-28 Hitachi,Ltd. Online storage service system and its data control method
US7857215B2 (en) 2003-09-12 2010-12-28 Visa U.S.A. Inc. Method and system including phone with rewards image
US8005763B2 (en) 2003-09-30 2011-08-23 Visa U.S.A. Inc. Method and system for providing a distributed adaptive rules based dynamic pricing system
US8010405B1 (en) 2002-07-26 2011-08-30 Visa Usa Inc. Multi-application smart card device software solution for smart cardholder reward selection and redemption
US8015060B2 (en) 2002-09-13 2011-09-06 Visa Usa, Inc. Method and system for managing limited use coupon and coupon prioritization
US8407083B2 (en) 2003-09-30 2013-03-26 Visa U.S.A., Inc. Method and system for managing reward reversal after posting
US8429048B2 (en) 2009-12-28 2013-04-23 Visa International Service Association System and method for processing payment transaction receipts
US8554610B1 (en) 2003-08-29 2013-10-08 Visa U.S.A. Inc. Method and system for providing reward status
US8626577B2 (en) 2002-09-13 2014-01-07 Visa U.S.A Network centric loyalty system
US9852437B2 (en) 2002-09-13 2017-12-26 Visa U.S.A. Inc. Opt-in/opt-out in loyalty system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0848338A1 (en) * 1996-12-12 1998-06-17 SONY DEUTSCHLAND GmbH Server providing documents according to user profiles
US5870544A (en) * 1997-10-20 1999-02-09 International Business Machines Corporation Method and apparatus for creating a secure connection between a java applet and a web server
WO1999016003A1 (en) * 1997-09-22 1999-04-01 Belarc, Inc. System and method for providing client side personalization of content of web pages and the like

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0848338A1 (en) * 1996-12-12 1998-06-17 SONY DEUTSCHLAND GmbH Server providing documents according to user profiles
WO1999016003A1 (en) * 1997-09-22 1999-04-01 Belarc, Inc. System and method for providing client side personalization of content of web pages and the like
US5870544A (en) * 1997-10-20 1999-02-09 International Business Machines Corporation Method and apparatus for creating a secure connection between a java applet and a web server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KOHDA Y ET AL: "UBIQUITOUS ADVERTISING ON THE WWW: MERGING ADVERTISEMENT ON THE BROWSER" COMPUTER NETWORKS AND ISDN SYSTEMS,NL,NORTH HOLLAND PUBLISHING. AMSTERDAM, vol. 28, 1 May 1996 (1996-05-01), pages 1493-1499, XP002037594 ISSN: 0169-7552 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003025717A1 (en) * 2001-09-17 2003-03-27 Caplin Systems Limited Server access control
EP1293857A1 (en) * 2001-09-17 2003-03-19 Caplin Systems Limited Server access control
US8010405B1 (en) 2002-07-26 2011-08-30 Visa Usa Inc. Multi-application smart card device software solution for smart cardholder reward selection and redemption
US8626577B2 (en) 2002-09-13 2014-01-07 Visa U.S.A Network centric loyalty system
US8015060B2 (en) 2002-09-13 2011-09-06 Visa Usa, Inc. Method and system for managing limited use coupon and coupon prioritization
US8239261B2 (en) 2002-09-13 2012-08-07 Liane Redford Method and system for managing limited use coupon and coupon prioritization
US9852437B2 (en) 2002-09-13 2017-12-26 Visa U.S.A. Inc. Opt-in/opt-out in loyalty system
US7987120B2 (en) 2003-05-02 2011-07-26 Visa U.S.A. Inc. Method and portable device for management of electronic receipts
US9087426B2 (en) 2003-05-02 2015-07-21 Visa U.S.A. Inc. Method and administration system for management of electronic receipts
US7827077B2 (en) 2003-05-02 2010-11-02 Visa U.S.A. Inc. Method and apparatus for management of electronic receipts on portable devices
US7725369B2 (en) 2003-05-02 2010-05-25 Visa U.S.A. Inc. Method and server for management of electronic receipts
US8386343B2 (en) 2003-05-02 2013-02-26 Visa U.S.A. Inc. Method and user device for management of electronic receipts
US8554610B1 (en) 2003-08-29 2013-10-08 Visa U.S.A. Inc. Method and system for providing reward status
US8793156B2 (en) 2003-08-29 2014-07-29 Visa U.S.A. Inc. Method and system for providing reward status
US7857216B2 (en) 2003-09-12 2010-12-28 Visa U.S.A. Inc. Method and system for providing interactive cardholder rewards image replacement
US7857215B2 (en) 2003-09-12 2010-12-28 Visa U.S.A. Inc. Method and system including phone with rewards image
US8244648B2 (en) 2003-09-30 2012-08-14 Visa U.S.A. Inc. Method and system for providing a distributed adaptive rules based dynamic pricing system
US8005763B2 (en) 2003-09-30 2011-08-23 Visa U.S.A. Inc. Method and system for providing a distributed adaptive rules based dynamic pricing system
US9141967B2 (en) 2003-09-30 2015-09-22 Visa U.S.A. Inc. Method and system for managing reward reversal after posting
US8407083B2 (en) 2003-09-30 2013-03-26 Visa U.S.A., Inc. Method and system for managing reward reversal after posting
US9710811B2 (en) 2003-11-06 2017-07-18 Visa U.S.A. Inc. Centralized electronic commerce card transactions
US7653602B2 (en) 2003-11-06 2010-01-26 Visa U.S.A. Inc. Centralized electronic commerce card transactions
WO2010122678A1 (en) * 2009-04-23 2010-10-28 Hitachi,Ltd. Online storage service system and its data control method
US8429048B2 (en) 2009-12-28 2013-04-23 Visa International Service Association System and method for processing payment transaction receipts

Also Published As

Publication number Publication date
WO2001040908A3 (en) 2002-05-02
GB9928208D0 (en) 2000-01-26

Similar Documents

Publication Publication Date Title
EP1389752B1 (en) System and method for privilege delegation and control
US6105131A (en) Secure server and method of operation for a distributed information system
US9602547B1 (en) User-portable device and method of use in a user-centric identity management system
US6738901B1 (en) Smart card controlled internet access
US8095658B2 (en) Method and system for externalizing session management using a reverse proxy server
US6510516B1 (en) System and method for authenticating peer components
JP5329859B2 (en) Method of detecting fraudulent ssl certificate · dns redirection used in pharming, phishing attacks
KR101486613B1 (en) Transferable restricted security tokens
US6049877A (en) Systems, methods and computer program products for authorizing common gateway interface application requests
JP4067985B2 (en) Application authentication system and apparatus
JP6207697B2 (en) Safety mobile framework
US7143437B2 (en) System and user interface for managing user access to network compatible applications
JP4310063B2 (en) The client side of the digital content loading method
US6510513B1 (en) Security services and policy enforcement for electronic data
US8141138B2 (en) Auditing correlated events using a secure web single sign-on login
US6732277B1 (en) Method and apparatus for dynamically accessing security credentials and related information
US7526485B2 (en) Privacy and security method and system for a world-wide-web site
US7237114B1 (en) Method and system for signing and authenticating electronic documents
KR101430792B1 (en) Information processing apparatus, control method therefor, and computer-readable storage medium
US6314425B1 (en) Apparatus and methods for use of access tokens in an internet document management system
US20020144108A1 (en) Method and system for public-key-based secure authentication to distributed legacy applications
US8347371B2 (en) Providing selective access to a web site
US20020095584A1 (en) System and user interface supporting concurrent application initiation and interoperability
US20010045451A1 (en) Method and system for token-based authentication
US9143502B2 (en) Method and system for secure binding register name identifier profile

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase