"SYSTEM AND METHOD FOR TRANSMITTING AND STORING SENSITIVE
DATA "
FIELD OF THE INVENTION
The present invention relates to a system and method for transmitting and storing data - particularly sensitive data - transmitted over communications networks, particularly, although not exclusively, public networks such as the Internet.
BACKGROUND ART
With the advent of improved data communication, computers are able to transmit and receive information between each other over long distances - commonly over networks, and often publicly accessible networks such as the Internet.
The Internet is a publicly accessible network to which millions of computers are connected. Typically, a user with a terminal, such as a Personal Computer, connects, via the Internet, to a server provided by his Internet Service Provider (ISP), and from there to one of many servers provided by a variety of companies, organisations, or individuals, to access, and sometimes download, information. A common application on the Internet is the provision of electronic retailing, wherein retailers provide information on products, which a user, or client can access, and then, very often, purchase directly. As with many applications of the Internet, it is desirable that any one user, with a computer, may access a server system that is operated by a retailer. For these applications, it is necessary for the server system to supply information - on request - to any computer coupled to the network, and to receive information from other computers. For example, an electronic retailer will need to supply product information to a potential client and, if the client wishes to purchase products offered, to receive information back from the client. The product information may be extensive and involve large amounts of text, images or sound. The information supplied by the client may contain sensitive information such as names, addresses and credit card numbers.
Since the server system needs to be accessed by any terminal on the public network, it needs to be open to the whole network and experience has shown that it is not possible to make such an open system entirely secure from intrusion - where unauthorised persons gain access to sensitive information. Systems involved in electronic commerce have been particularly vulnerable to attacks in which intruders are searching for credit card numbers. Loss of credit card numbers is just one example of a situation where an organization operating a server may be vulnerable to large damage claims if an intruder successfully obtains data, which can be used for fraudulent purposes.
The provision of credit card numbers during an on-line transaction is not the only situation where sensitive information is transmitted over the Internet. Service providers, such as taxation advisers and medical practitioners may receive confidential financial, medical or other personal information over the Internet. Thus, there is a general need for a system that offers a secure system for storing such information.
DISCLOSURE OF THE INVENTION
Throughout the specification, unless the context requires otherwise, the word "comprise" or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated integer or group of integers but not the exclusion of any other integer or group of integers.
According to the present invention, there is provided a system for transmitting and storing data received from a terminal, the system comprising:
a data handling means arranged to receive data from the terminal;
and a data storage means coupled to the data handling means by at least one one-way communications channel arranged to transmit data in one direction from the data handling means to the data storage system;
the data handling means being operable to forward the received data to the data storage means via the at least one communications channel, the data storage means being operable to receive the data from the data handling means for storage in the storage means.
Preferably, the data handling means is operable to transmit the data to the data storage means within a data packet, the data storage means being operable to transmit, in response to a received data packet, an acknowledgement packet to the data handling means along the one-way communications channel, said acknowledgement packet being arranged not to contain the data.
Preferably, the data storage means is operable to generate an acknowledgement package containing a one-way hash function to verify the integrity of the received data packet.
Preferably, the data storage means is coupled to the data handling means by multiple one-way communications channels.
Preferably, the system further comprises multiple data storage means, each being coupled to the data handling means by one or more one-way communications channels.
Preferably, the data handling means includes encryption means operable to encrypt data prior to transmission along the one-way communication channel, and the data storage includes decryption means operable to decrypt the received encrypted data.
Preferably, the data is encrypted using public key encryption, and the data is decrypted using a private key held in the decryption means.
Preferably, the data handling means is operable to transmit the data along the at least one one-way communication channel interleaved with randomly generated data.
Preferably, the data handling means is operable to transmit the data along the at least one one-way communication channel embedded within a series of data packets,
Preferably, the system includes multiple one-way communication channels, wherein the data handling means is operable to transmit the data sequentially along the communications channels
Preferably, the data handling means is operable to transmit the data along randomly selected communications channels.
Preferably, the data handling means is operable to transmit the data along all communications channels, with only portions of the data on any single channel,
Preferably, the data handling means is operable to transmit the data along all communications channels, with one channel transmitting the actual data, the others bogus data.
Preferably, the data handling means is operable to transmit encrypted data directly to the data storage means, the data storage means including decryption means operable to decrypt the encrypted data, the data storage means being further operable to transmit, in response to the received data, an acknowledgment packet to the data handling means along the one-way communications channel, the acknowledgment packet being arranged not to contain the data.
Preferably, the acknowledgement packet contains flags indicating whether the encrypted data was valid.
According to another aspect of the present invention, there is provided a method for transmitting and storing data received from a terminal by a data handling means, said method comprising the steps of: providing a data storage means; providing at least one one-way communications channel between the data handling means and the data storage means arranged to permit transmission of data in one way only from the data handling means to the data storage means;
the data handling means transmitting the received data to the data storage means for storage therein via the at least one one-way communication channel.
Preferably, the data is transmitted within a data packet, and an acknowledgement packet is sent, from the data storage means to the data handling means, along the one-way communications channel, in response to a received data packet, the acknowledgement packet being arranged not to contain the data.
Preferably, the acknowledgement package contains a one-way hash function to verify the integrity of the received data packet.
Preferably, the data is encrypted prior to transmission along the one-way communication channel, and is decrypted upon receipt by the data storage means.
Preferably, the data is encrypted using public key encryption, and the data is decrypted using a private key.
Preferably, the data is transmitted along the at least one one-way communication channel interleaved with randomly generated data.
Preferably, the data is transmitted along the at least one one-way communication channel embedded within a series of data packets.
Preferably, the method includes the step of providing multiple one-way communication channels, wherein the one-way communication channel along which a data packet is to be transmitted is sequentially selected.
Preferably the method includes the step of providing multiple one-way communications channels, wherein the one-way communication channel along which a data packet is to be transmitted is randomly selected.
Preferably the method includes the step of providing multiple one-way communications channels, wherein the data is transmitted along all communications channels, with only portions of the data on any single
The invention has the advantage that sensitive information transmitted over an insecure network to a data handling system - such as a server for an Internet site - is stored remotely in a data storage system coupled to the data handling system by means of a communications channel that allows the sensitive data to be transmitted in only one direction - namely from the data handling system to the data storage system - and not the other direction, so that the data is stored out of reach of a potential fraudulent user.
In addition, the use of one or more means of transmitting the data from the data handling means to the data storage means further increases the security of the system, and makes it even less likely that someone would be able to gain access to the sensitive information.
With the system of the present invention, even if a fraudulent user were to gain access to the data handling system, he would have to:
• first determine that a remote data storage system was coupled to the data handling system
• then determine which communications channel or channels are being used for communication to the data storage system
• then devise a method for observing the data packets being transmitted on those channels
• if cryptography is used, obtain the private key used for decrypting transactions (if public key cryptography is used, this is stored on the data storage systems, and one must rely on trial and error - with a very low probability of success - to find the correct key)
• if multiple channels are being used, determine either which channel is being used for valid transactions, or
• when transactions are detected and decrypted on multiple channels, determine which of these transactions are bogus transactions and which contain useful data
• when data is split among different packets of data, determine which parts of these packets comprise the real data; and
• assuming that an intruder were able to succeed in all of these steps and successfully obtain one set of sensitive data, then, since the data handling system does not need to use the same method or channels for the next transaction, the intruder would have to run through the whole procedure again. This will make it impractical for an intruder to insert automatic snooping tools into the server to collect useful information (as distinct from randomly generated bogus data).
As mentioned above, the data handling means may be arranged to transmit encrypted data directly to the data storage means, where this is decrypted. In this case, the acknowledgement packet may contain flags indicating whether the encrypted data was valid. This arrangement is particularly advantageous where the remote terminal encrypts the data prior to transmission to the data handling system, such as by using public key cryptography. The data handling means will then never need to decrypt the data received from the remote terminal.
In this case, the sensitive data is never available on the data handling system i.e. the part vulnerable to external attack, in decrypted or plain text form.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be described, by way of example only, with reference to the accompanying drawings, of which:
Figure 1 is a schematic illustration of a first embodiment of the invention;
Figure 2 is a schematic illustration of a second embodiment of the invention;
Figure 3 is a schematic illustration of a third embodiment of the invention; and
Figures 4a and 4b are schematic illustrations of a data packet and acknowledgement packet respectively.
BEST MODE(S) FOR CARRYING OUT THE INVENTION
A communications and information storage system 1 comprises a data handling system, such as a server 2 which may be connected to a public communications network 3, such as the Internet, via a publicly accessible communications channel 4. The server 2 includes a processor 6 and memory 7 for storing information, for example, in a database.
Remote terminals 5, operated by users, are also connected to the public communications network 3. The remote terminals 5 can send information to, and receive information from, the server 2 over the public communications network 3.
The operation and construction of such networks is well known to persons skilled in the art, and, in so far as it is not relevant to the present invention, need not be described in any further detail herein.
The communications and information storage system also includes a data storage system 8 connected to the server 2 by means of a one-way communications channel 9.
For the avoidance of doubt, the term "one-way", as used with regard to the communication channels discussed herein, refers to the fact that it is the data which can only flow in one direction - namely from the server 2 to the data storage system 8, and not in the other direction. The data storage system 8 is also a server that also includes a processor 19, and a memory 18 for storing data transmitted along the one-way communications channel 9. The data is received from a remote terminal 5 by the processor 6, and is transmitted under control of the processor 6, to the data storage system 8, but cannot be transmitted back to the server 2 from the data storage system 8. This is achieved by means of
protocol management software in the data storage system 8 that permits communication only in one direction along the one-way channel, namely from the server 2 to the data storage system 8, and not in the other direction.
The data storage system 8, and the server 2 can be any suitable server configured to operate in accordance with the invention. As such, and in so far as it is not relevant to the present invention, the servers and their operation need not be described in any further detail herein.
The server 2 may be operated, for example, by an electronic retailer and contain databases of product information which is supplied to potential clients who access the server 2 via a remote terminal 5, using a web browser - again, as is well known to persons skilled in the art. At some point - for example, when purchasing an item, the client may need to send sensitive information to the server 2, which is sent, via the public network 3, to the server 2. This sensitive information could include confidential details, which the client does not want to be made publicly available. Rather than retain the sensitive information in its own databases in the memory 7, the server 2 transmits the sensitive information immediately to the data storage system 8 using the one-way communication channel 9.
Because the data storage system 8 is not connected to the public network, remote users of the public network 3 are unable to gain access to it, to, for example, to subvert the protocol management software, which prevents sensitive data from being transmitted from the data storage system 8 back to the server 2.
In a second embodiment of the invention, two one-way communications channels 9, 10 are used to link the server 2 and the data storage system 8. Both channels 9, 10 only transmit data in one direction - namely from the server 2 to the data storage system 8.
In a third embodiment, the server 2 is connected to a first and second data storage systems 11 ,12 - each data storage system 11 , 12 being linked by their own respective one-way communications channel 13, 14.
As a further alternative, more than two one-way channels could be used, with either a single data storage system, or there could be provided a data storage system for each one-way channel - or combinations thereof.
The communications protocol between the server 2 and the data storage system 8 consists of data packets 21 - such as the one illustrated in fig 4a - and acknowledgement packets 15 only - such as the one illustrated in fig 4b.
A typical data packet 21 may include a transaction identifier 21a, information on the credit card holder's name 21 b, credit card number 21c, expiry date 21d, and amount 21 e, and 32-bit portion of check/identification data 21 f.
A typical acknowledgement packet 15 consists of a transaction identifier 15a and message digest 15b that verifies the integrity of the data packet 21 , by advising the server 2 that the data packet 21 is complete and that all constituent parts are correct.
The communications software on server 2 transmits data packets and reads acknowledgement packets. The communications software on data storage system 8 receives data packets and transmits acknowledgement packets. When the sensitive data reaches the information data storage system 8 it may be stored in files or databases or other conventional means. The sensitive data may then be accessed using a terminal that is connected directly to the data storage system 8 and not to any public network, or connected via a secure private network.
The process by which sensitive data is handled by the server 2 and the data storage system 8 is as follows:
I. the server 2 sends some information (eg specifications of some product) to a remote terminal, in response to a request from the remote terminal 5;
I. the remote terminal 5 responds by sending data - including sensitive information - back to the server 2 (eg name, address and credit card number for a potential purchase). Normally the message containing the sensitive information will be
encrypted using commonly known techniques as it is transmitted through the public network. This data - including the sensitive information - is temporarily stored in the memory 7 until it is transmitted to the data storage system 8;
III. immediately upon receiving the sensitive information, the server 2 decides which one-way channel (or channels) 9, 10, 13, 14 to use, decrypts the information to check it for completeness, then immediately encrypts the sensitive portions of the information again, and transmits the data along with a transaction identifier 21a - in the form of a data packet 15 - to the data storage system 8;
IV. the data storage system 8 then sends a short acknowledgement packet 15 containing the transaction identifier 15a back to the server 2 in response to the received data. The message digest 15b is a one-way hash function. One-way hash functions digest the contents of a specific message without providing a way to reconstruct the message from the digest. Any suitable hash function could be used, for example, the Secure Hash Standard algorithm as disclosed in the publication: National Institute of Standards and Technology, NIST FIPS PUB 180, "Secure Hash Standard", U.S. Department of Commerce, May 1993. The term "digest", "message digest", and "one-way hash function" are synonymous.
V. the server 2 waits for the acknowledgement from 15 the data storage system 8 and then erases the sensitive data from its memory 7 and transmits an acknowledgement to the remote terminal 5.
Thus the sensitive data is available on the server 2 in unencrypted form for the minimum possible time - that is the time in step (III) when the data is being checked for completeness.
In a variation of this procedure, encrypted data that is received from the remote terminal 5 can immediately be sent to the selected data storage system 8 without decryption. The data storage system 8 can then decrypt it, check it for completeness, and send an acknowledgement. This acknowledgement will contain only flags indicating whether the sensitive data was complete or not. With
this variation, the sensitive data is never available on the server 2 (the one vulnerable to intruder attack) in decrypted or plain text form.
In any of the embodiments described above, any or all of the following techniques can be used - at various times - to increase the security of the transmitted data:
(a) data is encrypted before transmission from the server 2 using an encryption means 17 - and is then decrypted upon receipt by the data storage system 8 using decryption means 16;
(b) if public key encryption - for example as defined by the RSA system, US Patent 4405829, 20th September, 1983, R L Rivest, A Shamir and L M Adleman - is used, then the private key is only held in the decryption means 16 on the data storage system 8 and thus not available within the server 2;
(c) actual data is interleaved with packets of dummy data containing randomly generated data which an intruder could mistake for genuine data;
(d) data may also be inserted into a number of full data packets in which most of the data is randomly generated bogus data used to make each transaction appear complete. A cryptographic technique could be applied to this task, known as "Secret Splitting", which creates N mutually independent random data packets, such that the original data packet can only be recovered by combining all N packets - see Bruce Schneier, "Applied Cryptography", Wiley and Assoc, 1996, Section 3.6, Page 70. An eavesdropper who obtained an incomplete set would be unable to recover any of the original data.
Where two or more one-way communication channels are used:
(e) the channel to be used to transmit a data packet is chosen sequentially. For example, one channel is chosen for the first data packet, and the second channel for the second data packet and so on. Where there are two one-way communications channels, then alternate channels could be used;
(f) the channel to be used to transmit a data packet is chosen randomly;
(g) where two channels are used, both channels are used with only parts of the sensitive data being sent on any single channel;
(h) a channel not used for sending actual data transmits suitably corrupted versions of the actual data.
Different combinations of some or all of techniques (a)-(h) can be used at various times. For example, one transaction is sent over one channel accompanied by dummy data on another channel and the next transaction is transmitted using two channels.
Where there are multiple one-way channels linking the server 2 and the one or more data storage systems 8, 11 , 12, in step (iii) above, the server 2 can divide the data to be transmitted among the channels 9, 10, 13, 14. This need not be all of the available channels.
When the data is split between channels 9, 10, 13, 14, it may be sent as a number of short data packets, which are assembled at the respective data storage system 8, 11 , 12 to recreate the full information.
The channels chosen for any step may vary from transaction to transaction.
In parallel with step of transmitting data to the data storage system 8, bogus data, randomly generated to look like a real transaction, could be sent along unused channels.
It will be understood to persons skilled in the art, that variations are possible within the scope of the present invention.