WO2004045187A1 - Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message - Google Patents

Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message Download PDF

Info

Publication number
WO2004045187A1
WO2004045187A1 PCT/PL2002/000086 PL0200086W WO2004045187A1 WO 2004045187 A1 WO2004045187 A1 WO 2004045187A1 PL 0200086 W PL0200086 W PL 0200086W WO 2004045187 A1 WO2004045187 A1 WO 2004045187A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
private
transaction
private data
message
Prior art date
Application number
PCT/PL2002/000086
Other languages
French (fr)
Inventor
Pawel Stepniewski
Hubert Golec
Marek Chimiel
Original Assignee
Motorola, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola, Inc. filed Critical Motorola, Inc.
Priority to PCT/PL2002/000086 priority Critical patent/WO2004045187A1/en
Priority to AU2002368350A priority patent/AU2002368350A1/en
Publication of WO2004045187A1 publication Critical patent/WO2004045187A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Abstract

In accordance with the present invention, there is thus provided a method for processing messages transmitted in a communication and/or data network. The method contains the following steps: taking transaction data (101) from an application layer, identification (103) in said transaction data a private data and a non-private data. Following these steps said private data are encrypted (105) and said non-private data are formatted (107). After the step of encrypting and formatting both private and non-private data are transferred (109) to a transport layer.

Description

METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROCESSING ESSAGES TO ENSURE CONFIDENTIALITY BY ENCRYPTING THE PRIVATE DATA OF THE ESSAGE
5 Technical Field
The present invention relates to a method and a computer program product for processing messages in communication and/or data networks, which provide third party access to data transmitted over a communication 10 network without violating privacy of transmitted data. In particular the invention is applicable to internet transactions .
Background
15 With the advent of internet and other means for communication and data exchange a problem of security of data exchange has appeared. This problem is especially visible in case of fast growing electronic commerce (e- commerce) . Millions of electronic transactions, worth
20 billions of dollars, sensitive information exchanged over the network between parties make this problem vital for all stakeholders .
The problem of security of data exchanged and 25 accessible via the network can be discussed on different layers. The layers are determined by different kinds of risk.
One of the risks is that party that is trying to 30 access the data is not the party it says it is. This problem is known as authentication.
Other requirement providing safety of the data is known as authorization. If the party meets this requirement 35 it means that the party is sanctioned for particular function. Confidentiality of data is assured by privacy requirement. Fulfilling this requirement protects the data against eavesdropping or observation by third party.
Another risk related to e-commerce, and in general data exchange, is risk that third party could alter the data. Requirement for this case is known as data integrity.
There are several methods of ensuring safety of electronic transaction known in the art. These methods deal with different aspects of safety of electronic transactions mentioned before.
One of the protocols that was developed to provide security over the internet is known as Secure Socket Layer (SSL) . SSL supports server and client authentication as well as privacy of transmitted data. This protocol is application independent and allows protecting Hypertext Transfer Protocol (HTTP) , File Transmission Protocol (FTP) , Lightweight Directory Access Protocol (LDAP) and other protocols. The SSL protocol is designed to provide security to any Transmission Control Protocol / Internet Protocol TCP/IP application. It runs on the top of Transmission Control Protocol/Internet Protocol and below higher level protocols, like HTTP, LDAP. SSL allows server that is able to use SSL protocol to authenticate itself to a client that is also able to use SSL protocol, allows the client to authenticate itself to the server and finally allows to establish an encrypted connection between the client and the server. The SSL protocol addresses the following security issues: privacy, data integrity and authentication.
The tools used for encryption of data, authentication of parties of the transactions are known and widely used. In many cases they are independent on the protocol they work.
Since the known methods of transmitting data in communication and / or data networks, when providing privacy of data, do not allow access to any part of the message it is not possible to share some of the transaction data with third party without loosing confidentiality. One result of such approach is that internet service providers cannot adjust the quality of service to the value of the transaction. Another disadvantage of the method of secure transmission of messages known in the art is that they do not allow third parties, namely Internet Service Providers (ISP) , charging for transaction value since all the data are encrypted.
Summary of the Invention
There is a need for a method for transmitting messages in communication networks and a computer program product which alleviate or overcome the disadvantages of the prior art.
In accordance with the present invention, there is thus provided a method for processing messages transmitted in a communication and/or data network between a sender and a receiver. The invention provides a method of processing data to make possible third party access to part of the data transmitted in the network. The method contains the following steps: taking transaction data from an application layer, identification in said transaction data a private data and a non-private data. Following these steps said private data are encrypted and said non-private data are formatted. After the step of encrypting and formatting both private and non-private data are transferred to a transport layer.
When message is processed according to such method only the non-private data is accessible for third party.
The non-private data can be reflected in Quality Of Service (QOS) field. This solution may make the quality of service provided by ISP dependent on value of the transaction done over the network. This also allows charging for the service and depending on the value of the transaction and quality provided.
In accordance with another aspect of the present invention the non-private data may be encrypted using a second encryption method. In this case the third party, which could be for example the ISP, is able to decrypt only the non-private part and the sender and the receiver are able to decrypt both private and non-private data.
In accordance with yet another aspect of the present invention there is thus provided a computer program product stored on a computer usable medium, comprising computer readable program means for causing a computer to perform all the steps in accordance with the invention described herein.
In accordance with yet another aspect of the present invention there is thus provided a method for billing for transactions transmitted over a communication and / or data network. The method is based on transaction value wherein said transaction value is retrieved from a non-private part of a message transmitted between a receiver and a transmitter, wherein said message is processed according to a method which is described above. In accordance with yet another aspect of the present invention there is thus provided an apparatus being adapted to operate in accordance with the method of the present invention.
Brief description of the drawings
The present invention will be understood and appreciated more fully from the following detailed description taken in conjunction with the drawings in which:
Fig. 1 is a flowchart illustrating the method for processing messages in communication and/or data networks in accordance with an embodiment of the invention;
Fig. 2 is a schematic diagram illustrating communication and/or data network in accordance with an embodiment of the invention;
Fig. 3 is a message sequence chart showing a sequence of operations performed in accordance with an embodiment of the invention;
Fig. 4 is a diagram illustrating protocol stack at the User's side in accordance with an embodiment of the invention;
Fig. 5 is a diagram illustrating protocol stack at the ISP's side, in accordance with an embodiment of the invention;
Fig. 6 is a diagram illustrating the format of non- private data packet used in the method of the embodiment of the present invention shown in Fig. 1. Detailed description of the preferred embodiment
The preferred embodiment of the present invention is described below as an application of the invention for electronic transactions, in particular for billing for transaction between a user and a web based shop.
With reference to Fig. 2, 3 and 4 a user's web client 201 sends HTTPS request 301 to the shop web server 205, which contains the address (URL) of the page sought - here as an example https://www.exampleshop.com.pl/shop.cgi. The HTTPS request 301 means that HTTP request message 403 is passed through an SSL layer 405, and then it is passed to the transport layer (here TCP) 409.
The shop web server 205 accepts client's HTTP request 301 with said page address, finds 303 in its shop web pages repository 207 a file (here as an example shop.cgi), which is the web page script. It contains scripts to access shop database and generates the page with content (e.g. list of goods for sale and their price) . Additionally, it includes reference to a Java applet 401, which will gather transaction details.
The shop web server 205 executes 305 all scripts according to the source web page content and after having completed all preparation steps, sends an HTML page 307 to the user's web client 201.
The user's web client 201 receives the HTML page and sends series of HTTPS requests 309 to the server, to load all page objects (e.g. graphics, pictures, applets) - including said Java applet 401.
After having received 311 all page objects, the user's web client 201 displays the page. Transaction form, which is a part of said display content, is managed by said Java applet 401.
User enters transaction details in the form, e.g. quantity of each good to purchase, his/her mail address, payment details, etc. At the end the user presses SEND button, which means "Complete the transaction".
With reference to Fig. 1 and 4 an application layer in the present embodiment contains said Java applet 401. Said Java applet 401 takes 101 transaction data to generate the message that contains a private and a non-private data, as it controls the SEND button and all transaction details. Then said Java applet 410 identifies 103 said private data and said non-private data and creates a first data packet and a second data packet. Said first data packet contains both said private and said non-private data. Said first data packet is encrypted 105 and after transferring 109 to the transport layer 409 transmitted 317 to the shop web server 205. In the step of encryption 105 one of the known in the art method of encryption may be used (DES, RSA, IDEA) . Said second data packet contains said non-private data only and after formatting 107 said second data packet is sent separately 319 without encryption to the shop web server 205. Said non-private data are predefined and contain at least one of the following: object of said transaction, value of said transaction, location of said sender and said receiver, identification of the parties involved.
Encryption of said first data packet is achieved by transmitting it through said SSL layer 405 to said transport layer 409. With reference to Fig. 4 and 6 said second data packet is transmitted through formatting layer 407 to said transport layer 409. Data in said second packet are not encrypted but the packet itself is formatted as to make it readable for said ISP 203. One of possible examples of such formatting of data packet is depicted on fig. 6 where: 601 is the protocol identifier (to identify said formatting layer 407 data from other data) , 603 is the protocol version (to distinguish different possible specifications of said formatting layer 407), 605 is the data offset (to indicate relative address of the information elements 611 from the entire frame start) , 607 is the count of information elements 611 contained in the entire frame) , 609 is the idetifier of optional encryption method known to all interested parties used to encrypt information elements 611) , 611 is information element (one or many - as many as indicated by 607) which is the actual non-private field name and data. An example information element may be composed from the following fields: 613 is the information element identifier - used to identify a common field category, 615 is said field name size (in octects) , 617 is the offset of the next information element relative from the start of the current information element (or in other words the size of current information element) , 619 is the field name, and 621 is said field content.
Packets of both encrypted and non-encrypted data are being sent through the network back to the shop web server 205. Said first data packet is simply forwarded 321 by ISP 203 equipment to its destination, which is the shop web server 205. Said second data packet is processed 323 by said ISP 203 equipment and after this operation it is forwarded to the shop web server 205. During said processing 323 said non-private data are read by said ISP 203 equipment. When said first data packet (which in fact is HTTPS packet) reaches 317 said shop web server 205, said shop web server 205 executes 325 the transaction with the shop database 209. When said second data packet reaches 319 the shop web server 205, it checks if said first and second data packets contain coherent transaction data. After this operation said transaction is legally and financially completed.
In another embodiment, if additionally the ISP 203 wants to confirm that it has found a valid transaction passing through its system, said ISP 203 sends an confirmation request 327 to the shop web server, with the transaction details read from the non-private data packet. If the data are correct, the shop web server 205 confirms the transaction 329.
In yet another embodiment said non-private data are encrypted using a second encryption method.
It will be understood that the invention tends to provide the following advantages singly or in any combinatio :
- reliable charging for provided services (content based billing) ;
- no need of additional agreements between parties involved (existing agreements are enough) ;
- quality of service may be made dependent on the value of transaction.

Claims

Claims
1. A method for processing messages transmitted in a communication and/or data network between a sender and a receiver using a network protocol and an encryption, characterized in that said method contains the following steps:
(a) taking (101) transaction data from an application layer,
(b) identification (103) in said transaction data a private data and a non-private data,
(c) encrypting (105) said private data,
(d) formatting (107) said non-private data,
(e) transferring (109) said private data and said non-private data to a transport layer .
The method according to claim 1 wherein said non- private data is additionally inserted to a stream containing said encrypted private data (105) .
The method according to claim 1 wherein said formatting (107) is an additional layer in a protocol stack.
4. The method according to claim 1 wherein said non- private part is transmitted as a separate data stream.
5. The method according to claim 1 wherein said non- private part is encrypted using a second encryption method.
6. The method according to claim 1 wherein said non- private part is predefined and contains at least one of the following data: (a) object of said transaction;
(b) value of said transaction; (c) location of said sender and said receiver;
(d) identification of the parties involved.
7. A computer program product stored on a computer usable medium, comprising computer readable program means for causing a computer to perform all the steps of the method according to any one of the preceding claims 1 to 6.
8. An apparatus being adapted to operate in accordance with the method of any of claims 1 - 6.
9. A method for billing for transactions transmitted in a communication and / or data network said method being based on transaction value wherein said transaction value is retrieved from a non-private part of a message transmitted between a receiver and a transmitter, wherein said message is processed according to a method defined in claims 1 - 6.
10. The method according to claim 9 wherein said transaction value is reflected as range of value in Quality Of Service field.
PCT/PL2002/000086 2002-11-12 2002-11-12 Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message WO2004045187A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/PL2002/000086 WO2004045187A1 (en) 2002-11-12 2002-11-12 Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message
AU2002368350A AU2002368350A1 (en) 2002-11-12 2002-11-12 Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/PL2002/000086 WO2004045187A1 (en) 2002-11-12 2002-11-12 Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message

Publications (1)

Publication Number Publication Date
WO2004045187A1 true WO2004045187A1 (en) 2004-05-27

Family

ID=32310954

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2002/000086 WO2004045187A1 (en) 2002-11-12 2002-11-12 Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message

Country Status (2)

Country Link
AU (1) AU2002368350A1 (en)
WO (1) WO2004045187A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5768391A (en) * 1995-12-22 1998-06-16 Mci Corporation System and method for ensuring user privacy in network communications
EP1111559A2 (en) * 1999-12-23 2001-06-27 CheckFree Services Corporation Securing electronic transactions over public networks
GB2370475A (en) * 2000-12-22 2002-06-26 Hewlett Packard Co Secure online transaction where a buyer sends some information direct to a bank and some via a vendor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5768391A (en) * 1995-12-22 1998-06-16 Mci Corporation System and method for ensuring user privacy in network communications
EP1111559A2 (en) * 1999-12-23 2001-06-27 CheckFree Services Corporation Securing electronic transactions over public networks
GB2370475A (en) * 2000-12-22 2002-06-26 Hewlett Packard Co Secure online transaction where a buyer sends some information direct to a bank and some via a vendor

Also Published As

Publication number Publication date
AU2002368350A1 (en) 2004-06-03

Similar Documents

Publication Publication Date Title
EP1593100B1 (en) Method for ensuring privacy in electronic transactions with session key blocks
US8316429B2 (en) Methods and systems for obtaining URL filtering information
JP5208920B2 (en) Safe transmission system and method
JP3251917B2 (en) Electronic bidding system and electronic bidding method
US8443014B2 (en) Computer systems and data processing methods for using a web service
US20050188020A1 (en) E-mail certification service
EP0940960A1 (en) Authentication between servers
US20020091927A1 (en) System and method for processing digital documents utilizing secure communications over a network
JP2005517348A (en) A secure electronic messaging system that requires a key search to derive a decryption key
US20040236962A1 (en) Method and apparatus for secure browser-based information service
JP2008529136A (en) Method and system for performing data exchange on financial transactions over public networks
KR20060055314A (en) Stateless methods for resource hiding and access control support based on uri encryption
JP2003502983A (en) Transaction method and system with guaranteed security on computer network
US8520840B2 (en) System, method and computer product for PKI (public key infrastructure) enabled data transactions in wireless devices connected to the internet
TW545021B (en) A method for prohibiting transacting parties from subsequently repudiating an executed transaction with trusted third party
WO2001025883A2 (en) A method for preventing repudiation of an executed transaction without a trusted third party
US20080134346A1 (en) Transactions Certification Method And System To Protect Privacy On Details Of Electronic Transactions
KR20030005986A (en) Method for the process of certification using mobile communication devices with the function of wireless certification(digital signature)
WO2004045187A1 (en) Method, apparatus and computer program product for processing messages to ensure confidentiality by encrypting the private data of the message
WO2021008768A1 (en) Method for signing contracts
JP4167137B2 (en) Signature generation method and data exchange system
FI109741B (en) Method and apparatus for controlling data transmission in a data network
FI110899B (en) Procedures and systems for data transmission
US11973881B2 (en) Method for signing contracts
JP2002183491A (en) Electronic document distributing system and electronic document intermediary device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP