Method and system for transmitting sensitive information over a network

US 7,142,672 B2
Filed: 06/13/2002
Issued: 11/28/2006
Est. Priority Date: 10/31/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of transmitting sensitive information over a network including the steps of:

splitting sensitive information into a plurality of basic elements;

generating control information indicative of how to use the basic elements for reconstructing the sensitive information;

sending each basic element and the control information from a source computer to at least one corresponding interface computer through an insecure network,forwarding each basic element and the control information from the corresponding at least one interface computer to a target computer through a secure network, andreconstructing the sensitive information in the target computer using the basic elements according to the control information;

generating a masked block of information for a basic element of the plurality of basic elements, wherein the step of generating a masked block includes the step of assigning the basic element to a position within a corresponding data frame;

inserting noise into the data frame except for the basic element, the noise inserted according to a predetermined algorithm; and

inserting the masked block of information and the control information into a corresponding transmission structure for sending the corresponding transmission structure through the insecure network and the secure network, the control information being further indicative of how to extract the basic element from the corresponding masked block of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method (300) and system for transmitting sensitive information from a client computer to a service provider operating in the INTERNET. The sensitive information (for example a credit card number for carrying out an e-commerce transaction) is split (318) into several chunks, which are meaningless when taken alone. Each chuck is inserted (339) into a corresponding data frame, adding noise information. Information about how to extract each chunk from the corresponding data frame and how to use the chunks to reconstruct the original sensitive information is inserted (336) into a control frame. The data and control frames are distributed (354, 363) to different interface computers of the INTERNET; the frames are then forwarded (366) to the server computer, which is not connected to the INTERNET directly but communicates through a secure private network with the interface computers. The server computer extracts (369–384) the chunks from the data frames and recombines them into the original information according to the content of the control frame.

12 Citations

View as Search Results

20 Claims

1. A method of transmitting sensitive information over a network including the steps of:
- splitting sensitive information into a plurality of basic elements;
  
  generating control information indicative of how to use the basic elements for reconstructing the sensitive information;
  
  sending each basic element and the control information from a source computer to at least one corresponding interface computer through an insecure network,forwarding each basic element and the control information from the corresponding at least one interface computer to a target computer through a secure network, andreconstructing the sensitive information in the target computer using the basic elements according to the control information;
  
  generating a masked block of information for a basic element of the plurality of basic elements, wherein the step of generating a masked block includes the step of assigning the basic element to a position within a corresponding data frame;
  
  inserting noise into the data frame except for the basic element, the noise inserted according to a predetermined algorithm; and
  
  inserting the masked block of information and the control information into a corresponding transmission structure for sending the corresponding transmission structure through the insecure network and the secure network, the control information being further indicative of how to extract the basic element from the corresponding masked block of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 12, 13, 14, 15, 17, 18, 19, 20)
- - 2. The method according to claim 1, further including the steps of:
    - generating a masked block of information for each basic element by masking the sensitive information with noise except for each basic element, the control information being further indicative of how to extract each basic element from the corresponding masked block of information, andinserting each masked block of information and the control information into a corresponding transmission structure for sending through the insecure network and the secure network.
  - 3. The method according to claim 2, wherein each transmission structure includes a frame identifier, the method further including the steps of:
    - randomly generating frame identifiers for each masked block of information, andinserting an indication of a list of the frame identifiers associated with the masked blocks of information into the control information, the list ordering the transmission structures associated with the masked blocks of information according to a position of the corresponding unmasked basic elements in the sensitive information.
  - 4. The method according to claim 3, wherein each transmission structure includes an identical transaction identifier, the method further including the step of calculating a frame identifier associated with the control information from a transaction identifier according to a pre-set formula.
  - 5. The method according to claim 4, wherein the step of calculating a frame identifier associated with the control information includes setting the frame identifier associated with the control information based on a ratio between the transaction identifier and a maximum value possible for the frame identifier plus one.
  - 6. The method according to claim 1, further including the step of randomly selecting the at least one interface computer corresponding to each basic element and to the control information from a set of available interface computers.
  - 7. The method according to claim 1, wherein the at least one interface computer corresponding to each basic element and to the control information consists of a plurality of interface computers.
  - 8. The method according to claim 1, further including the step of returning an acknowledgement message from the at least one interface computer to the source computer for confirming receipt of the corresponding basic element, the control information being sent from the source computer to the at least one corresponding interface computer in response to at least one acknowledgement message for all the basic elements.
  - 12. The method according to claim 1 further comprising the step of encrypting the plurality of basic elements prior to the step of sending each basic element of the plurality of basic elements through the insecure network to the target computer.
  - 13. The method according to claim 1 wherein the step of reconstructing the sensitive information in the target computer includes the step of decrypting each basic element by the target computer.
  - 14. The method according to claim 8, further including the step of resending the corresponding basic element to another interface computer in response to the source computer not receiving the acknowledgement message from the at least one corresponding interface computer.
  - 15. The method according to claim 1 wherein the step of inserting noise within the data frame except for the basic element includes the step of operating the predetermined algorithm based on the position of the basic element within the corresponding data frame.
  - 17. The method according to claim 2, wherein each transmission structure includes a frame identifier, the method further including the steps of:
    - generating the frame identifier of each data fame associated with each masked block of information, andinserting an indication of a list of the data frame identifiers associated with the masked blocks of information into the control information, the list ordering the transmission structures associated with the masked blocks of information according to a position of the corresponding unmasked basic elements in the sensitive information.
  - 18. The method according to claim 17, wherein each transmission structure includes an identical transaction identifier, the method further including the step of calculating a frame identifier associated with the control information from a transaction identifier according to a pre-set formula.
  - 19. The method according to claim 18, wherein the step of calculating a frame identifier associated with the control information includes setting the frame identifier associated with the control information based on a ratio between the transaction identifier and a maximum value possible for the frame identifier plus one.
  - 20. The method according to claim 1, further including the step of selecting the at least one interface computer corresponding to each basic element and to the control information from a set of available interface computers.

9. A computer program application embodied in a computer readable medium directly loadable into a working memory of data processing system for performing a method of transmitting sensitive information over a network when the program application is run on the data processing system, the method including the steps of:
- splitting the sensitive information into a plurality of basics elements,generating control information indicative of how to use the basic elements for reconstructing the sensitive information,sending each basic element and the control information from a source computer to at least one corresponding interface computer through an insecure network,forwarding each basic element and the control information from the corresponding at least one interface computer to a target computer through a secure network, andreconstructing the sensitive information in the target computer using the basic elements according to the control information;
  
  generating a masked block of information for a basic element of plurality of basic elements, wherein the step of generating a masked block includes the step of assigning the basic element to position within a corresponding data frame;
  
  inserting noise into the data frame except for the basic element, the noise inserted according to a predetermined algorithm; and
  
  inserting the masked block of information and the control information into a corresponding transmission structure for sending the corresponding transmission structure through the insecure network and the secure network, the control information being further indicative of how to extract the basic element from the corresponding masked block of information.

10. A data processing system for transmitting sensitive information over a network including means for splitting the sensitive information into a plurality of basic elements comprising:
- means for generating control information indicative of how to use the basic elements for reconstructing the sensitive information, means for sending each basic element and the control information from a source computer to a at least one corresponding interface computer through an insecure network, means for forwarding each basic element and the control information from the corresponding at least one interface computer to a target computer through a secure network, and means for reconstructing the sensitive information in the target computer using the basic elements according to the control information;
  
  generating a masked block of information for a basic element of the plurality of basic elements, wherein the step of generating a masked block includes the step of assigning the basic element to a position within a corresponding data frame;
  
  inserting noise into the data frame except for the basic element, the noise inserted according to a predetermined algorithm; and
  
  inserting the masked block of information and the control information into a corresponding transmission structure for sending the corresponding transmission structure through the insecure network and the secure network, the control information being further indicative of how to extract the basic element from the corresponding masked block of information.

11. A data processing system for transmitting sensitive information over a network comprising:
- a software module for splitting the sensitive information into a plurality of basic elements and for generating control information indicative of how to use the basic elements for reconstructing the sensitive information, a software module for sending each basic element and the control information from a source computer to at least one corresponding interface computer through an insecure network, a software module for forwarding each basic element and the control information from the corresponding at least one interface computer to a target computer through a secure network, and a software module for reconstructing the sensitive information in the target computer using the basic elements according to the control information;
  
  generating a masked block of information for a basic element of the plurality of basic elements, wherein the step of generating a masked block includes the step of assigning the basic element to a position within a corresponding data frame;
  
  inserting noise into the data frame except for the basic element, the noise inserted according to a predetermined algorithm; and
  
  inserting the masked block of information and the control information into a corresponding transmission structure for sending the corresponding transmission structure through the insecure network and the secure network, the control information being further indicative of how to extract the basic element from the corresponding masked block of information.

16. A method of transmitting sensitive information over multiple computer networks including the steps of:
- splitting sensitive information into a plurality of basic elements;
  
  encrypting the plurality of basic elements;
  
  generating control information indicative of how to use the plurality of basic elements for reconstructing the sensitive information;
  
  sending the plurality of basic elements, in encrypted form, and the control information, through an insecure network from a source computer to a plurality of interface computers disposed within the insecure network;
  
  forwarding the plurality of basic elements and the corresponding control information from the plurality of interface computers in the insecure network through a secure network to a target computer disposed within the secure network; and
  
  reconstructing the sensitive information in the target computer using the plurality of basic elements according to the control information;
  
  generating a masked block of information for a basic element of the plurality of basic elements, wherein the step of generating a masked block includes the step of assigning the basic element to a position within a corresponding data frame;
  
  inserting noise into the data frame except for the basic element, the noise inserted according to a predetermined algorithm; and
  
  inserting the masked block of information and the control information into a corresponding transmission structure for sending the corresponding transmission structure through the insecure network and the secure network, the control information being further indicative of how to extract the basic element from the corresponding masked block of information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines SA (International Business Machines Corporation)
Inventors
Loppini, Fabrizio, Bianchini, Paolo
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Lanier, Benjamin E.

Application Number

US10/171,843
Publication Number

US 20030101339A1
Time in Patent Office

1,629 Days
Field of Search

380/33
US Class Current

380/33
CPC Class Codes

G06Q 20/382 insuring higher security of...

H04L 63/0428 wherein the data content is...

Method and system for transmitting sensitive information over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transmitting sensitive information over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links