Security system and method for financial institution server and client web browser

US 6,105,012 A
Filed: 04/22/1997
Issued: 08/15/2000
Est. Priority Date: 04/22/1997
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method for transmitting transactions between at least one client computer and at least one server computer interconnected by a communications link, the method comprising the steps of:

(a) receiving one or more HTML documents at the client computer from the server computer, a subset of the documents including a header record and also including one or more HTML FORM tags, the one or more HTML FORM tags being distinct from the header record, a first subset of the HTML FORM tags having an outformat field indicating a specified outgoing transmission cryptographic protocol;

(b) receiving at the client computer input form data corresponding to the HTML FORM tag;

(c) generating secure form data by applying the specified outgoing transmission security cryptographic protocol of the HTML FORM tag to the input form data; and

(d) transmitting a return message including the secure form data to the server computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The financial transaction processing system includes at least one financial server connected through a public network to a number of users associated with client computers. Each user accesses the financial server through a web browser. The web browser is provided with the capabilities to generate encryption keys, to encrypt and decrypt HTML forms, and to digitally sign and timestamp HTML forms. The financial server transfers web pages including HTML forms representing financial transactions. The HTML forms contain extensions that specify the format of an incoming format and the format of a returned form. An HTML form can be transmitted in an encrypted format, in a format including a user'"'"'s digital signature and timestamp, and in an encrypted format that contains the user'"'"'s digital signature and timestamp. The financial server tracks each processed transaction through an audit trail including the user'"'"'s account, the user'"'"'s digital signature, the timestamp of the transaction, and the text of the transaction.

428 Citations

31 Claims

1. A computer-implemented method for transmitting transactions between at least one client computer and at least one server computer interconnected by a communications link, the method comprising the steps of:
- (a) receiving one or more HTML documents at the client computer from the server computer, a subset of the documents including a header record and also including one or more HTML FORM tags, the one or more HTML FORM tags being distinct from the header record, a first subset of the HTML FORM tags having an outformat field indicating a specified outgoing transmission cryptographic protocol;
  
  (b) receiving at the client computer input form data corresponding to the HTML FORM tag;
  
  (c) generating secure form data by applying the specified outgoing transmission security cryptographic protocol of the HTML FORM tag to the input form data; and
  
  (d) transmitting a return message including the secure form data to the server computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 29, 30, 31)
- - 2. The method of claim 1,wherein the specified outgoing transmission cryptographic protocol of the outformat field of the HTML FORM tag is selected from a set consisting of an encrypt protocol, a sign protocol including a digital signature and a timestamp, and an ensign protocol including encryption with a digital signature and a timestamp.
  - 3. The method of claim 1, in accordance with the cryptographic protocol of the HTML FORM tag,said step (c) further including the steps of:
    - (1) generating a first encryption key;
      
      (2) encrypting the input form data, including any inserted user related information, with the first encryption key;
      
      (3) affixing the first encryption key to the return message; and
      
      (4) encrypting the first encryption key with a second encryption key.
  - 4. The method of claim 3,step (c)(1) further including the step of utilizing a random key sequence generator to generate the first encryption key.
  - 5. The method of claim 3, wherein a third subset of the HTML FORM tags includes a key field;
    - andsaid step (c)(4) further including the step of obtaining the second encryption key from the server computer using the key field.
  - 6. The method of claim 3,said step (c)(1) further including the step of:
    - prior to the generating step, storing a digital signature associated with a specified user in the return message in accordance with the cryptographic protocol specified in the HTML FORM tag.
  - 7. The method of claim 6,step (c) further including the steps of:
    - generating a digital signature and a digital signature verifier; and
      
      providing the server computer with the digital signature verifier.
  - 8. The method of claim 1,step (c) further including the step of storing a timestamp in the return message, in accordance with the cryptographic protocol specified in the HTML FORM tag.
  - 29. The method of claim 1 wherein a third subset of the HTML FORM tags have a request field indicating the type of form.
  - 30. The method of claim 29 wherein the request field indicates that a registration HTML form is being sent to the client, the registration form for transmitting a client public key from the client to the server.
  - 31. The method of claim 1 wherein a fourth subset of the HTML FORM tags have a key field that is used to indicate a public key associated with the server.

9. A web browser system for accessing data within a computer system including at least one client computer connected through a communications link with at least one server computer, the web browser system comprising:
- a memory for storing a plurality of HTML documents, one or more of the HTML documents including a header record and also having one or more HTML FORM tags, the one or more HTML FORM tags being distinct from the header record, a first subset of the HTML FORM tags having an outformat field indicating a specified outgoing transmission cryptographic protocol for use in returning form data;
  
  a browsing mechanism for retrieving various ones of the HTML documents from the server and for inserting user related information in the form data which is included in a return message,the browsing mechanism including a cryptographic processing mechanism for generating secure form data by applying the specified outgoing transmission cryptographic protocol from the HTML FORM tag to the form data,the browsing mechanism for transmitting a return message including the secure form data from the client computer to the server computer to provide secure transmission of the return message transmitted to the server computer.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The web browser system of claim 9, whereinthe cryptographic processing mechanism includes an encryption processing mechanism for encrypting the return message and decrypting HTML documents in accordance with the specified cryptographic protocol format of the HTML FORM tag.
  - 11. The web browser system of claim 9, whereinthe cryptographic processing mechanism includes a digital signature processing mechanism for signing the return message and authenticating HTML documents when the specified outgoing transmission cryptographic protocol is a sign format.
  - 12. The web browser system of claim 11, whereinthe digital signature processing mechanism includes a timestamp processing mechanism responsive to the cryptographic protocol of the HTML FORM tag.
  - 13. The web browser system of claim 9, whereinthe cryptographic processing mechanism includes an encryption key generation mechanism for creating one or more encryption keys.
  - 14. The web browser system of claim 13, whereinthe encryption key generation mechanism includes a random key generation mechanism for creating one or more random session keys.

15. A computer program product for secure data transmission between a server computer and a client computer, the computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a web browser that receives one or more HTML documents from the server computer, a subset of the HTML documents including a header record and also including one or more HTML FORM tags, the one or more HTML FORM tags being distinct from the header record, a first subset of the HTML FORM tags having an outformat field indicating a specified outgoing transmission cryptographic protocol,the web browser including a cryptographic processing mechanism for generating secure form data by applying the specified outgoing transmission security format from the HTML FORM tag to the form data,the web browser transmitting a return message including the secure form data from the client computer to the server computer.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, whereinthe cryptographic processing mechanism includes an encryption processing mechanism for decrypting HTML documents and encrypting the return message in accordance with the specified cryptographic protocol of the HTML FORM tag.
  - 17. The computer program product of claim 15,the cryptographic processing mechanism includes a digital signature processing mechanism for signing the return message and authenticating the HTML documents in accordance with the specified outgoing transmission cryptographic protocol of the HTML FORM tag.
  - 18. The computer program product of claim 17, whereinthe digital signature processing mechanism includes a timestamp processing mechanism for use in conjunction with the specified outgoing transmission cryptographic protocol of the HTML FORM tag.
  - 19. The computer program product of claim 15, whereinthe cryptographic processing mechanism including an encryption key generation mechanism for creating one or more encryption keys.
  - 20. The computer program product of claim 19, whereinthe encryption key generation mechanism including a random key generation mechanism for creating one or more random session keys.

21. A computer network for financial transaction processing, the network comprising:
- a plurality of client computers, each client computer associated with one or more users;
  
  at least one financial server comprising;
  
  a memory for storing a plurality of HTML documents representing financial transactions, each HTML document including form data, a subset of the HTML documents including a header record and also including one or more HTML FORM tags, the one or more HTML FORM tags being distinct from the header record, a first subset of the HTML FORM tags having an outformat field indicating a specified outgoing transmission cryptographic protocol, for use in exchanging financial transactions between the client computers and the server computer;
  
  one or more cryptographic processing mechanisms for use in encoding form data and decoding each received HTML document; and
  
  a server mechanism for managing communications from the client computers, a subset of the communications including a return message including the form data, the server mechanism including instructions to interpret the HTML FORM tags that include the cryptographic protocol associated with each received return message and to process each received return message in accordance with one or more corresponding cryptographic protocol mechanisms.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The network of claim 21,the cryptographic processing mechanism including:
    - an encryption processing mechanism for encrypting the form data and decrypting the HTML documents;
      
      a user information database that includes user public key information associated with each user registered to exchange confidential information with the financial server;
      
      a digital signature verification mechanism for verifying a digital signature in each digitally signed communication received from a client computer in accordance with the corresponding digital signature, if any, stored in the user information database; and
      
      an audit trail for storing records of digitally signed communications received from client computers sufficient to prove that such each received communication was digitally signed by a respective user registered to exchange confidential information with the financial server.
  - 23. The network of claim 22,the cryptographic protocol selected from the set consisting of encryption, digital signature and timestamp, and encryption with digital signature and timestamp.
  - 24. The network of claim 22,each client computer including a web browser for accessing HTML documents from the financial server.
  - 25. The network of claim 24,the web browser including a cryptographic processing mechanism for encrypting form data and decrypting the accessed HTML documents in accordance with the specified cryptographic protocol format of the HTML FORM tag.
  - 26. The network of claim 24,the web browser including a digital signature processing mechanism for signing the return message and authenticating HTML documents when the specified outgoing transmission cryptographic protocol is a sign format.
  - 27. The network of claim 26,the digital signature processing mechanism further including a timestamp processing mechanism responsive to the cryptographic protocol of the HTML FORM tag.
  - 28. The network of claim 24,the web browser including an encryption key generation mechanism for creating one or more encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Marks, Stuart, Chang, Sheueling
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Retta, Yehdega

Application Number

US08/841,430
Time in Patent Office

1,211 Days
Field of Search

395/200, 380/23, 380/24, 380/25, 380/21, 380/4, 380/49, 705/1, 705/4, 707/101, 707/109, 707/201, 707/1, 707/3, 707/10, 707/5, 707/501, 707/523, 707/202, 709/206, 709/203
US Class Current

705/64
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/389   Keeping log of transactions...

Security system and method for financial institution server and client web browser

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

428 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Security system and method for financial institution server and client web browser

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

428 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links