WO2002099688A1 - System for certifying web site and method therefor - Google Patents

System for certifying web site and method therefor Download PDF

Info

Publication number
WO2002099688A1
WO2002099688A1 PCT/KR2002/000399 KR0200399W WO02099688A1 WO 2002099688 A1 WO2002099688 A1 WO 2002099688A1 KR 0200399 W KR0200399 W KR 0200399W WO 02099688 A1 WO02099688 A1 WO 02099688A1
Authority
WO
WIPO (PCT)
Prior art keywords
web site
authority
certification
certifying
information
Prior art date
Application number
PCT/KR2002/000399
Other languages
French (fr)
Inventor
An Na Choi
Jae Myung Jang
Original Assignee
An Na Choi
Jae Myung Jang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by An Na Choi, Jae Myung Jang filed Critical An Na Choi
Publication of WO2002099688A1 publication Critical patent/WO2002099688A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Definitions

  • the information on the web site includes a web site name, and an industrial classification
  • the information on the certification includes a certification request date, a validity of the certification, a reliability classification, and a security classification.
  • the step of issuing a certifying code for an authority for managing certificate preferably includes the steps of the certifying server receiving the request for registration /amendment/withdrawal for an authority for managing certificate from the authority for managing certificate, generating a certifying code for an authority for managing certificate based on the received information on the authority for managing certificate, renewing the certification data base with the information on the authority for managing certificate, and providing a result of processing for the request for registration/amendment /withdrawal for an authority for managing certificate inclusive of the certifying code for an authority for managing certificate to the authority for managing certificate.
  • FIG. 3 illustrates a flow chart showing embodiments of methods of registration
  • the Internet 20 includes a variety of servers 10, certification managing servers
  • the server 10 includes web servers 11 for providing various information, main servers 12 for transmission/reception of e-mail through the Internet 20, FTP servers
  • the web site can inform certification to Internet users.
  • contents of the certification can be displayed by means of a client program which displays the certification code by an appropriate method.
  • the Internet users know reliability of the web site based on the certifying code.
  • the method in which an authority for managing certificate receives a certifying code for an authority for managing certificate includes the steps of requesting registration /amendment/withdrawal of the authority for managing certificate (S210), making confirmation of information on the authority for managing certificate (S220), determining request for withdrawal (S230), canceling the authority for managing certificate (S260), generating a certifying code for an authority for managing certificate (S240), registering /amending an authority for managing certificate (S250), and transmitting resulting information (S270).
  • the step of providing resulting information is a process for providing a result of processing of the request for registration/amendment/cancellation of certification to the certification managing server 30.
  • the result of processing may be, for an example, a result of processing for a case the request for registration/amendment/cancellation of certification is determined to be not effective in the step of examining effectiveness of request for registration/amendment/cancellation of certification (S330) (for an example, unidentified certifying code, unregistered certifying code, no existence of the web site, no way of communication, or the like).
  • the result of processing may be web site information registered or amended on the certification data base 42 in the step of registering/amending web site certification
  • the system and method for certifying a web site of the present invention has the following advantages.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A system and method for certifying a web site is disclosed. The method comprises a step for issuing a certified code for a certification management organization by a certification server on the basis of information about a certification management organization if a registration, a revision, and a deletion of a certification are requested from the certification management organization which performs a certification for a web site; and a step for issuing a certified code for a web site by the certification server on the basis of information about both the certification management organization and the certification web site if a registration, a revision, and a deletion of a certification for a web site are requested from the certification management organization.

Description

SYSTEM FOR CERTIFYING WEB SITE AND METHOD THEREFOR Technical Field
The present invention relates to system and method for certifying a web site, and more particularly, to system and method for certifying a web site, in which an authority for managing certificate evaluates various web sites, for registration, revision, or deletion of a web site certification. Background Art
Though Internet users visit to various web sites in surfing Internet, there have been no objective evaluation of different information provided in the web sites. Moreover, there has been lack of information on the entities that operate the web sites, for example, whether the entities are listed, or registered on the NASDAQ, or the KOSDAQ. There has also been lack of information on attached services the web sites provide, for example, if digital cash can be used, how to settle an account, whether a mileage of other web site is acceptable, or an ID of other web site can be used, .and the like. Furthermore, though input/output of different important information is required in e-trade, Internet users are not sure if the information is not known to others. That is, since there have been no objective evaluations of the web sites and the operation entities of the web sites, the Internet users wanders different web sites for obtaining required information, resulting to waste time and money. Moreover, uncertainty on the e-trade has not been resolved.
In order to solve these problems, a method is partly used, in which a certifying authority provides certifying logos to web sites. That is, in this method, the certifying logo is displayed on a location of the web site. However, since the certifying logo is a simple graphic image, the logo can be used by others improperly, and the Internet user may not know what the logo implies precisely. Moreover, since the Internet user can see the logo only when the Internet user actually makes access to the web site, certification of the web site can not be known before the access is made.
Disclosure of Invention
An object of the present invention lies on providing system .and method for certifying a web site, in which an organization having public confidence evaluates web sites on the Internet, for giving a certifying code having various information, changing a certification class, or delete the certification.
Another object of the present invention lies on providing system and method for certifying a web site, in which a certifying code is provided to a web site, that has a definite form, and is standardized enough to prevent improper use of the certifying code, and permit Internet users to know information on web site certification, easily and precisely.
Objects of the present invention can be achieved by providing a method for certifying a web site, including the steps of a certifying server receiving a request for registration /amendment/cancellation for an authority for managing certificate which certifies web sites, and issuing a certifying code for an authority for managing certificate based on information on the authority for managing certificate, and the certifying server receiving a request for registration/amendment/cancellation of certification of a particular web site from an authority for managing certificate which holds a certifying code for an authority for managing certificate, and issuing a certifying code for a web site based on information on the authority for managing certificate and the web site which requests certification. The certifying code for a web site preferably includes information on the authority for managing certificate which manages the certification managing server having a certifying code requested thereto, information on the web site, and information on certification, and is patterned in a fixed form. The certifying code for a web site more preferably includes a form of coded text.
Preferably, the information on the web site includes a web site name, and an industrial classification, and the information on the certification includes a certification request date, a validity of the certification, a reliability classification, and a security classification.
The step for issuing a certifying code for the web site preferably includes the steps of receiving a request for registration/amendment/cancellation of certification of the web site from the certification managing server, determining effectiveness of the request for registration/amendment/cancellation of the certification of the web site based on the information on the authority for managing certificate and the information on the web site having the certification requested thereto, generating a certifying code for the web site based on the information on the authority for managing certificate and the information on the web site having the certification requested thereto, if the request for registration/amendment /cancellation of certification is effective, renewing certification data base with the generated certifying code for the web site, and providing information on a result of processing inclusive of the certifying code for the web site to the authority for managing certificate.
The step of issuing a certifying code for an authority for managing certificate preferably includes the steps of the certifying server receiving the request for registration /amendment/withdrawal for an authority for managing certificate from the authority for managing certificate, generating a certifying code for an authority for managing certificate based on the received information on the authority for managing certificate, renewing the certification data base with the information on the authority for managing certificate, and providing a result of processing for the request for registration/amendment /withdrawal for an authority for managing certificate inclusive of the certifying code for an authority for managing certificate to the authority for managing certificate.
In another aspect of the present invention, there is provided a system for certifying a web site including means for issuing a certifying code for an authority for managing certificate for receiving a request for registration/amendment/cancellation for an authority for managing certificate which certifies web sites, and issuing the certifying code for an authority for managing certificate based on information on the authority for managing certificate, and means for issuing a certifying code for web site for receiving a request for registration/amendment/cancellation of certification of a particular web site from an authority for managing certificate which holds a certifying code for an authority for managing certificate, and issuing the certifying code for a web site based on information on the authority for managing certificate and the web site which requests certification. The certifying code for a web site preferably includes information on the authority for managing certificate which manages the certification managing server having a certifying code requested thereto, information on the web site, and information on certification, and is patterned in a fixed form. The certifying code for a web site more preferably includes a form of coded text. Thus, the present invention permits Internet users to know information on certification of a web site with easy accurately because an organization having a public confidence issues a certifying code to a web site which has a fixed pattern of form, is standardized and difficult to use improperly. Brief Description of Drawings
FIG. 1 illustrates a system for certifying a web site in accordance with a preferred embodiment of the present invention;
FIG. 2 illustrates a flow chart showing an overall operation of a method for certifying a web site in accordance with a preferred embodiment of the present invention;
FIG. 3 illustrates a flow chart showing embodiments of methods of registration
/revision/deletion by an authority for managing certificate in a method for certifying a web site in accordance with a preferred embodiment of the present invention;
FIG. 4 illustrates a flow chart showing embodiments of methods of registration /revision/deletion of a web site by a certification server in a method for certifying a web site in accordance with a preferred embodiment of the present invention;
FIG. 5 illustrates contents of a file when a certifying code is an independent file; and
FIG. 6 illustrates contents of a file when a certifying code is at a particular location of a particular file.
Best Mode for Carrying Out the Invention
System and method for certifying a web site in accordance with a preferred embodiment of the present invention will be explained in detail, with reference to the attached drawings. The system for certifying a web site in accordance with a preferred embodiment of the present invention will be explained, with reference to FIG. 1. The Internet 20 includes a variety of servers 10, certification managing servers
30, and a certifying server 41.
The server 10 includes web servers 11 for providing various information, main servers 12 for transmission/reception of e-mail through the Internet 20, FTP servers
(File Transfer Protocol Server) 13 for supporting file transmission service through
Internet, and the like.
The certification managing servers 30 include servers of authorities for managing certificates having public confidence, such as servers 31 of government and public institutions, servers 32 of societies/associations and research institutes, and servers 33 of enterprises. That is, upon reception of requests for certifying web sites from different servers 10, the certification managing servers 30 analyzes and diagnoses the web site in overall. As a result, if it is determined that certification of the web site is appropriate, the certification managing servers 30 requests a certification center 40 to issue a certifying code.
The certification center 40 includes a certifying server 41 for producing and providing an encoded certifying code to the web site requested by the certification managing server 30, and a certification data base 42 for registration and storage of the certifying code produced at the certifying server 41 and information related thereto. The request for issuing the certifying code from the authority for managing certificate 30 to the certification center 40, and the issuance of the certifying code from the certification center 40 to the authority for managing certificate may be made on-line or off-line, the on-line is preferable.
The certifying code issued from the certifying server 41 will be explained in detail. The certifying code includes information on the authority for managing certificate, information on web sites, information on certification, and the like. That is, the certifying code includes all information on the authority for managing certificate, date of request for certification, validity of the certificate, industrial classification of the web site, name of the web site, web site information, contents of the certificate, and the like. Basically, the contents of the certificate may include reliability classification, security classification, safety classification, and the like, and quality of the contents, and others, such as information on attached services. The contents of the certifying code is not limited above, but may includes information on the country related to the web site, the certification center, and the authority for managing certificate, and other information useful for the Internet user.
Moreover, when the web site contents are not centralized, information on hierarchal structure, such as web sites, directory, and individual link may be included. Of course, the certifying code has patterned or standardized forms.
For coding the certifying code, all coding algorithm, hash, and all techniques related to coding are employed. It is preferable that a plurality of coding keys and a plurality of coding algorithms are employed for prevention of fabrication of the certifying code, thereby preventing improper change of an uncertified site to a certified site. The certified code may be an independent file, or at a particular position of a particular film, for an example, at a header part of an html file. For an example, if the certified code is the independent film (identity.txt), the certified code may have a system as shown in FIG. 5, and if the certified code is a part of a particular file, the certified code may have a system as shown in FIG. 6. An outline of a method for certifying a web site in accordance with a preferred embodiment of the present invention will be explained, with reference to FIGS. 1 and 2. An overall flow of the method for certifying an web site in accordance with a preferred embodiment of the present invention includes the steps of requesting certification /adjustment of a web site (SI 00), determining web site certification/adjustment (S200), and generating/transmitting a certifying code (S300).
The step of requesting certification/adjustment of a web site (SI 00) is a process for requesting a certification managing server 30 to certify a web site provided from one of a variety of servers 10 on the Internet 20, or requesting the certification managing server 30 to upgrade a classification of the web site which is certified already, or to certify the web site which is certified already, additionally.
In the step of determining web site certification/adjustment (S200), the certification managing server 30 inspects and verifies the web site of which certification is requested in the step (SI 00), and examines whether certifying the web site is appropriate. If the certification managing server 30 determines that certification of the web site is appropriate, the certification managing server 30 requests to certifying server 41 to certify the web site, and, if the certification managing server 30 determines that certification of the web site is not appropriate, certification of the web site is refused. That is, the certification managing server 30 requests the certifying server 41 to certify a particular web site, i.e., requests the certifying server 41 to issue a certifying code for the web site.
The step of generating/transmitting a certifying code (S300) is a step for generating the certifying code for the web site certification of which is requested as it is determined that certification of the web site is appropriate in the step S200, and transmitting the certifying code to the certification managing server 30. That is, if the certification managing server 30 requests the certifying server 41 to issue a certifying code to the particular web site, the certifying server 41 generates the certifying code based on information from the certification managing server 30. As explained, the certifying code includes information on the authority for managing certificate which manages the certification managing server having the issuance of the certifying code requested thereto, industrial classification of the web site, name of the web site, date of request for the certification, validity of the certification, reliability and security classifications, and the like. Preferably, the certifying code further includes information on the web site, or an entity that manages the web site, for an example, existence of chains, business classification, existence of affiliated stores, and the like. The certifying code may also include information on an IP address of the web site, kind of a web server, and the like. Information the certifying code may include is not limited to above, and other information may be included thereto. Once the certifying code is generated, the certifying code is registered on a certification data base 42, and transmitted to the certification managing server 30. Then, the certification managing server 30 transmits the certifying code to the particular web site having the certifying code requested therefrom through the Internet 20.
When the particular web site receives the web site certifying code through the foregoing process, the web site can inform certification to Internet users. For an example, contents of the certification can be displayed by means of a client program which displays the certification code by an appropriate method. Thus, the Internet users know reliability of the web site based on the certifying code.
Methods for registration/amendment/withdrawal of the authority for managing certificate in accordance with a preferred embodiment of the present invention, with reference to FIGS. 1 - 3.
As explained, there can be many authorities for managing certificate. However, it is preferable that organizations which meet necessary conditions are made to be the authorities for managing certificate in view of reliability because certification of web site is determined by the authorities for managing certificate, actually.
The method in which an authority for managing certificate receives a certifying code for an authority for managing certificate includes the steps of requesting registration /amendment/withdrawal of the authority for managing certificate (S210), making confirmation of information on the authority for managing certificate (S220), determining request for withdrawal (S230), canceling the authority for managing certificate (S260), generating a certifying code for an authority for managing certificate (S240), registering /amending an authority for managing certificate (S250), and transmitting resulting information (S270). The step of requesting registration/amendment/withdrawal of the authority for managing certificate (S210) is a process in which the authority for managing certificate 30 requests the certification center 40 which manages the certifying server 41 to register/amend/withdraw the authority for managing certificate 30 as the authority for managing certificate 30 authorized by the certification center 40. Though the request for registration/amendment/withdrawal as the authority for managing certificate can be made to the certification center 40 in on line, or off line, it is preferable that the request is made in on line.
The step of making confirmation of information on the authority for managing certificate (S220) is a process in which the certification center 40 makes confirmation of information on the authority for managing certificate of an organization name, an industrial classification, a type of the organization, detailed information on the organization, and the like. The detailed information includes an address, a person in charge, a type of business, an address, and the like. Of course, in the case of requesting amendment of the authority for managing certificate, a process for identifying an already issued certifying code is also included.
The step of determining request for withdrawal (S230) is a process in which it is determined whether the authority for managing certificate requests for withdrawal or not. The step of canceling the authority for managing certificate (S260) is a process in which information on the authority for managing certificate is erased from the certification data base 42 in a case the authority for managing certificate requests for the withdrawal in the step of determining request for withdrawal (S230).
The step of generating a certifying code for an authority for managing certificate (S240) is a process in which, determining the step being a new registration or amendment of information of the authority for managing certificate in a case the authority for managing certificate makes no request for withdrawal in the step of determining request for withdrawal (S230), the certifying server 41 generates a coded certifying code for an authority for managing certificate based on information on the authority for managing certificate 30 the certifying server 41 received.
The step of registering/amending an authority for managing certificate (S250) is a process in which information on the authority for managing certificate newly registered or amended in the step of generating a certifying code for an authority for managing certificate (S240) is renewed on the certification data base 42. The step of transmitting resulting information (S270) is a process for transmitting a work done by the certifying server 41, i.e., a result of registration/amendment/canceling of the authority for managing certificate to the authority for managing certificate. In a case the authority for managing certificate is canceled, information on processing the withdrawal of the canceled authority for managing certificate, and the like is transmitted to the authority for managing certificate, and in a case of registration amendment of the authority for managing certificate, information on new registration or amendment of the authority for managing certificate is transmitted to the authority for managing certificate. In is preferable that the information on new registration or amendment is transmitted in a form of the certifying code of the authority for managing certificate.
A method for registering/amending/canceling certification of a web site will be explained, with reference to FIGS. 1, 2, and 4.
The method for registering/amending/canceling certification of a web site includes the steps of requesting registration/amendment/cancellation of certification (S310), grasping information (S320), examining effectiveness of request for registration amendment /cancellation of certification (S330), determining request for cancellation (340), generating a certifying code for a web site (S350), registering/amending web site certification (S360), canceling web site certification (S370), providing resulting information (S380), and providing resulting information to the web site (S390).
The step of requesting registration/amendment/cancellation of certification (S310) is a process in which the authority for managing certificate 30 requests the certifying server 41 to certify or to cancel certification of a web site, inclusive, of course, of amendment of certification of a web site. The step of grasping information (S320) is a process in which the certifying server 41 grasps information on the certification managing server 30 which requests to issue a certifying code to a particular web site, and on the particular web site. That is, the information on the certification managing server 30 may be a certifying code of the authority for managing certificate which requests certification in the step of requesting registration /amendment/cancellation of certification (S310), and the information on the web site may be, as explained, information on the web site, for an example, information on industrial classification, name of the web site, reliability classification, security classification, and the like.
The step of examining effectiveness of request for registration/amendment /cancellation of certification (S330) is a process in which effectiveness of the request for registration/amendment /cancellation of certification is determined based on the information grasped in the step of grasping information (S320). This step is a step for determining effectiveness of the authority for managing certificate and the requested web site. For an example, if the received certifying code for an authority for managing certificate is a certifying code which can not be identified, or unregistered, it is determined that the request for certifying/cancellation is not effective. Moreover, in a case there is no web site certification of the web site is requested, even if the authority for managing certificate is effective, it is determined that the request for registration/amendment/cancellation of certification is not effective.
The step of determining request for cancellation (340) is a process in which it is determined that whether the authority for managing certificate requests canceling a particular web site from the certification data base 42 of the certifying server 41 or not, in a case the request for registration/amendment/cancellation of certification is effective. The step of generating a certifying code for a web site (S350) is a process in which, determining that the authority for managing certificate requests for certification or amendment of the certification in a case the authority for managing certificate requests no cancellation of a web site in the step of determining request for cancellation
(340), the certifying server 41 generates an appropriate certifying code. That is, the certifying server 41 generates a certifying code for a web site based on information on the authority for managing certificate and the web site received from the authority for managing certificate. The step of registering/amending web site certification (S360) is a process for renewing the certification data base 42 on information on the web site having a certifying code received in the step of generating a certifying code for a web site (S350).
The step of canceling web site certification (S370) is a process for canceling information on the web site from the certification data base 42 in a case the authority for managing certificate requests cancellation of the web site in the step of determining request for cancellation (340), and the request for cancellation is effective.
The step of providing resulting information (S380) is a process for providing a result of processing of the request for registration/amendment/cancellation of certification to the certification managing server 30. The result of processing may be, for an example, a result of processing for a case the request for registration/amendment/cancellation of certification is determined to be not effective in the step of examining effectiveness of request for registration/amendment/cancellation of certification (S330) (for an example, unidentified certifying code, unregistered certifying code, no existence of the web site, no way of communication, or the like). Or, the result of processing may be web site information registered or amended on the certification data base 42 in the step of registering/amending web site certification
(S360). Or, the result of processing may be web site information canceled from the certification data base 42 in the step of canceling web site certification (S370). As explained, though the information on a result of processing may be transmitted from the certifying center 40 to the authority for managing certificate 30 in off line, or on line, transmission on line is preferable.
The step of providing resulting information to the web site (S390) is a process in which the certification managing server 30 transmits resulting information received from the certifying center 40, for an example, resulting information on the certifying code, finishing registration of certificate, or cancellation of the certification, to the web site.
The foregoing embodiment has described that a web site requests an authority for managing certificate to register/amend/cancel certification. However, the present invention is not limited thereto, and may be described that the authority for managing certificate monitors the web site periodically, and amends the certificate for the web site, automatically.
Moreover, it is preferable that there are a plurality of authorities for managing certificate, for making an actual examination of certification of a particular web site, and the certifying center issues a certifying code for the web site upon reception of a request from the authority for managing certificate. However, it is also possible that the web site directly request the certifying center to issue the certifying code for the web site.
It will be apparent to those skilled in the art that various modifications and variations can be made in the system and method for certifying a web site of the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.
As has been explained, the system and method for certifying a web site of the present invention has the following advantages.
First, the evaluation and certification of various web sites on Internet by authorities having public confidence permits the Internet users to determine reliability and the like of the web sites based on the certification. Moreover, the use of a fixed pattern of web site certifying code regardless of the authorities for managing certificate permits the Internet users to know information on certification of a particular web site based on the certifying code. According to this, the Internet users can obtain more reliable information from the web sites, and the worry of information leakage can be reduced, thereby allowing safe e-trade.
Second, use of Internet can be made more convenient by adding information on the web site to the certifying code, such as whether the web site uses One-ID, digital cash, mileage, whether the entity operating the web site is listed, or registered on the
NASDAQ, or the KOSDAQ so that Internet users can obtain such information from the certifying code, at once.
Third, the authorities for managing certificate are made to contribute to develop the industry by inducing the authorities to make more close, and advanced approach, such as suggestion of developmental policy and confirmation of trend, to the industry, as the authorities become to require new man power and systems for supervision of the certified web sites, and evaluation and management of the web sites which request certification, newly.
Industrial Applicability
As has been explained, the present invention permits Internet users to use the
Internet with higher reliability, and safety, as the use of a fixed pattern of web site certifying code regardless of the authorities for managing certificate permits the Internet users to know information on certification of a particular web site based on the certifying code.

Claims

What is Claimed is:
1. A method for certifying a web site, comprising the steps of: a certifying server receiving a request for registration/amendment/cancellation for an authority for managing certificate which certifies web sites, and issuing a certifying code for an authority for managing certificate based on information on the authority for managing certificate; and the certifying server receiving a request for registration/amendment/cancellation of certification of a particular web site from an authority for managing certificate which holds a certifying code for an authority for managing certificate, and issuing a certifying code for a web site based on information on the authority for managing certificate and the web site which requests certification.
2. A method as claimed in claim 1, wherein the certifying code for a web site includes information on the authority for managing certificate which manages the certification managing server having a certifying code requested thereto, information on the web site, and information on certification, and is patterned in a fixed form.
3. A method as claimed in claim 2, wherein the certifying code for a web site includes a form of coded text.
4. A method as claimed in claim 2, wherein the information on the web site includes a web site name, and an industrial classification, and the information on the certification includes a certification request date, a validity of the certification, a reliability classification, and a security classification.
5. A method as claimed in claim 1, wherein the step for issuing a certifying code for the web site includes the steps of; receiving a request for registration amendment/cancellation of certification of the web site from the certification managing server, determining effectiveness of the request for registration/amendment/cancellation of the certification of the web site based on the information on the authority for managing certificate and the information on the web site having the certification requested thereto, generating a certifying code for the web site based on the information on the authority for managing certificate and the information on the web site having the certification requested thereto, if the request for registration/amendment/cancellation of certification is effective, renewing certification data base with the generated certifying code for the web site, and providing information on a result of processing inclusive of the certifying code for the web site to the authority for managing certificate.
6. A method as claimed in claim 1, wherein the step of issuing a certifying code for an authority for managing certificate includes the steps of; the certifying server receiving the request for registration/amendment/withdrawal for an authority for managing certificate from the authority for managing certificate, generating a certifying code for an authority for managing certificate based on the received information on the authority for managing certificate, renewing the certification data base with the information on the authority for managing certificate, and providing a result of processing for the request for registration/amendment /withdrawal for an authority for managing certificate inclusive of the certifying code for an authority for managing certificate to the authority for managing certificate.
7. A system for certifying a web site comprising: means for issuing a certifying code for an authority for managing certificate for receiving a request for registration amendment/ cancellation for an authority for managing certificate which certifies web sites, and issuing the certifying code for an authority for managing certificate based on information on the authority for managing certificate; and means for issuing a certifying code for web site for receiving a request for registration/amendment/cancellation of certification of a particular web site from an authority for managing certificate which holds a certifying code for an authority for managing certificate, and issuing the certifying code for a web site based on information on the authority for managing certificate and the web site which requests certification.
8. A system as claimed in claim 7, wherein the certifying code for a web site includes information on the authority for managing certificate which manages the certification managing server having a certifying code requested thereto, information on the web site, and information on certification, and is patterned in a fixed form.
9. A system as claimed in claim 8, wherein the certifying code for a web site includes a form of coded text.
PCT/KR2002/000399 2001-06-07 2002-03-07 System for certifying web site and method therefor WO2002099688A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR2001/31620 2001-06-07
KR20010031620 2001-06-07
KR20010035682 2001-06-22
KR2001/35682 2001-06-22

Publications (1)

Publication Number Publication Date
WO2002099688A1 true WO2002099688A1 (en) 2002-12-12

Family

ID=26639126

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/KR2002/000399 WO2002099688A1 (en) 2001-06-07 2002-03-07 System for certifying web site and method therefor
PCT/KR2002/000400 WO2002099689A1 (en) 2001-06-07 2002-03-07 System for checking certification of website and method therefor

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/000400 WO2002099689A1 (en) 2001-06-07 2002-03-07 System for checking certification of website and method therefor

Country Status (1)

Country Link
WO (2) WO2002099688A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882703A (en) * 2012-08-31 2013-01-16 赛尔网络有限公司 Hyper text transfer protocol (HTTP)-analysis-based uniform resource locator (URL) automatically classifying and grading system and method
CN113987079A (en) * 2021-12-27 2022-01-28 四川旷谷信息工程有限公司 Data synchronization method for urban rail transit security system

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003293501A1 (en) 2002-12-13 2004-07-09 Wholesecurity, Inc. Method, system, and computer program product for security within a global computer network
US8353028B2 (en) 2004-06-21 2013-01-08 Ebay Inc. Render engine, and method of using the same, to verify data for access and/or publication via a computer system
US7971245B2 (en) 2004-06-21 2011-06-28 Ebay Inc. Method and system to detect externally-referenced malicious data for access and/or publication via a computer system
DK2511824T3 (en) * 2004-06-21 2016-05-09 Paypal Inc Publikations data-verification
US7526810B2 (en) 2004-06-21 2009-04-28 Ebay Inc. Method and system to verify data received, at a server system, for access and/or publication via the server system
US7743254B2 (en) 2005-03-23 2010-06-22 Microsoft Corporation Visualization of trust in an address bar
US7725930B2 (en) 2005-03-30 2010-05-25 Microsoft Corporation Validating the origin of web content
US8060916B2 (en) * 2006-11-06 2011-11-15 Symantec Corporation System and method for website authentication using a shared secret

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000024204A (en) * 2000-01-28 2000-05-06 박남일 Maintenance system for website homepage
KR20000054798A (en) * 2000-06-24 2000-09-05 유인오 Service Method for Comparing and Evaluating Web-Based Contents over the Internet Using the Intent and Satisfaction indices of Users
KR20010000760A (en) * 2000-10-18 2001-01-05 박봉규 method of renting Internet service solution programs by using an authentication button
KR20010035256A (en) * 2001-01-29 2001-05-07 이귀영 Method for appraisal of technology value by using internet web appraisal model

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4357011B2 (en) * 1997-12-26 2009-11-04 株式会社日本デジタル研究所 Service request terminal automatic authentication method, electronic data mail order system, service request terminal, service processing apparatus, and computer-readable recording medium recording program
KR20000072272A (en) * 2000-04-24 2000-12-05 김창섭 Research method for internet site evaluation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000024204A (en) * 2000-01-28 2000-05-06 박남일 Maintenance system for website homepage
KR20000054798A (en) * 2000-06-24 2000-09-05 유인오 Service Method for Comparing and Evaluating Web-Based Contents over the Internet Using the Intent and Satisfaction indices of Users
KR20010000760A (en) * 2000-10-18 2001-01-05 박봉규 method of renting Internet service solution programs by using an authentication button
KR20010035256A (en) * 2001-01-29 2001-05-07 이귀영 Method for appraisal of technology value by using internet web appraisal model

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882703A (en) * 2012-08-31 2013-01-16 赛尔网络有限公司 Hyper text transfer protocol (HTTP)-analysis-based uniform resource locator (URL) automatically classifying and grading system and method
CN113987079A (en) * 2021-12-27 2022-01-28 四川旷谷信息工程有限公司 Data synchronization method for urban rail transit security system
CN113987079B (en) * 2021-12-27 2022-04-19 四川旷谷信息工程有限公司 Data synchronization method for urban rail transit security system

Also Published As

Publication number Publication date
WO2002099689A1 (en) 2002-12-12

Similar Documents

Publication Publication Date Title
AU2002251480B2 (en) Terminal communication system
US20020083008A1 (en) Method and system for identity verification for e-transactions
US20070204325A1 (en) Personal identification information schemas
KR20050035062A (en) Method and apparatus for accelerating verification of public key certificate
WO2002099688A1 (en) System for certifying web site and method therefor
US20070107065A1 (en) Data communications system and data communications method
RU2397543C2 (en) Electronic ticket
JP2003150735A (en) Digital certificate system
JP2007018304A (en) Taxi ticket generation system, taxi ticket processing system and taxi ticket generation method
EP1574978A1 (en) Personal information control system, mediation system, and terminal unit
KR20030078485A (en) Publication and settlement of account for an electronic check
CN1922815B (en) Sign-efficient real time credentials for ocsp and distributed ocsp
JP2004362189A (en) User information circulation system
JP2004023406A (en) Electronic signature attaching method
KR101360843B1 (en) Next Generation Financial System
JP2009031849A (en) Certificate issuing system for electronic application, electronic application reception system, and method and program therefor
CN114039731A (en) Storage medium, relay device, and communication method
JP2004345760A (en) Product delivery method, deliverer device, and customer device
KR20020075325A (en) Certified copy issue system for wireless internet
EP1205888A2 (en) Certificate issuing method, system and computer readable storage medium
JP2000163375A (en) Method for managing right of access between plural edi systems
EP3830782A1 (en) Privacy-preserving assertion system and method
JP2004110480A (en) Export management system of content
KR20030001224A (en) System for Providing Certificate of Web Sites and Methed therefor
Gladney Safe deals between strangers

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION PURSUANT TO RULE 69(1) EPC (EPO FORM 1205A DATED 17-03-04)

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP