System, method and computer program product for guaranteeing electronic transactions

US 7,853,795 B2
Filed: 10/28/2004
Issued: 12/14/2010
Est. Priority Date: 02/25/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

deploying a recorder on a boundary between an external network and an internal network to detect an initiation of an encrypted data transaction between at least a server and a client across the boundary, the data transaction comprising a plurality of data packets transmitted between the server and the client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;

capturing a copy of the data transaction by copying the data packets using the recorder as the data packets are transmitted through the network between the server and the client, wherein the copied data packets are hashed as hash-time pairs;

associating, utilizing the recorder, at least one identifier with the data transaction;

generating timestamps for the copied data packets utilizing the recorder, wherein each timestamp includes information therein identifying at least a portion of the at least one identifiers, wherein each timestamp includes a digital signature, wherein the generating of timestamps adapts to a plurality of loads, wherein during a first of the loads, each hash-time pair is signed with a digital signature, wherein during a second of the loads a plurality of hash-time pairs are signed with a single digital signature, the second of the loads being heavier than the first of the loads;

storing the captured copy of the data transaction, the at least one identifier and the timestamps in one or more data stores coupled to the recorder;

mapping the at least one identifier associated with the stored captured copy of the data transaction to an entry in an index to permit retrieval of the stored copy of the data transaction and the timestamps from the data store via the index;

receiving from the client, a dispute concerning the contents of the data transaction;

authenticating the client;

if the client is authenticated, retrieving the captured copy of the data transaction from the data store utilizing the entry;

submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret;

decrypting the captured copy of the data transaction utilizing the obtained session secret; and

comparing data received by at least one of the server and the client during the data transaction with data contained in the decrypted captured copy of the data transaction to determine if the received data matches the captured data to thereby resolve the dispute concerning the contents of the data transaction.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for guaranteeing a data transaction over a network are disclosed. When a data transaction between at least a server and a client is detected on a network, data transmitted via the network between the server and client during the data transaction is captured. At least one identifier is associated with the captured data. A timestamp is also generated for the captured data. The timestamp includes information therein identifying at least a portion of the identifier(s). The captured data, the identifier(s) and the timestamp are stored in one or more data stores. The identifier(s) associated with the stored captured data is also mapped to an entry in an index to permit retrieval of the stored data from the data store via the index.

Citations

14 Claims

1. A method, comprising:
- deploying a recorder on a boundary between an external network and an internal network to detect an initiation of an encrypted data transaction between at least a server and a client across the boundary, the data transaction comprising a plurality of data packets transmitted between the server and the client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;
  
  capturing a copy of the data transaction by copying the data packets using the recorder as the data packets are transmitted through the network between the server and the client, wherein the copied data packets are hashed as hash-time pairs;
  
  associating, utilizing the recorder, at least one identifier with the data transaction;
  
  generating timestamps for the copied data packets utilizing the recorder, wherein each timestamp includes information therein identifying at least a portion of the at least one identifiers, wherein each timestamp includes a digital signature, wherein the generating of timestamps adapts to a plurality of loads, wherein during a first of the loads, each hash-time pair is signed with a digital signature, wherein during a second of the loads a plurality of hash-time pairs are signed with a single digital signature, the second of the loads being heavier than the first of the loads;
  
  storing the captured copy of the data transaction, the at least one identifier and the timestamps in one or more data stores coupled to the recorder;
  
  mapping the at least one identifier associated with the stored captured copy of the data transaction to an entry in an index to permit retrieval of the stored copy of the data transaction and the timestamps from the data store via the index;
  
  receiving from the client, a dispute concerning the contents of the data transaction;
  
  authenticating the client;
  
  if the client is authenticated, retrieving the captured copy of the data transaction from the data store utilizing the entry;
  
  submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret;
  
  decrypting the captured copy of the data transaction utilizing the obtained session secret; and
  
  comparing data received by at least one of the server and the client during the data transaction with data contained in the decrypted captured copy of the data transaction to determine if the received data matches the captured data to thereby resolve the dispute concerning the contents of the data transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the captured copy of the data transaction and the at least one identifier are stored in a first data store and the timestamps are stored in a second data store.
  - 3. The method of claim 1, wherein the external network includes a wireless network.
  - 4. The method of claim 1, wherein the data transmitted during the data transaction is encrypted by the server and client utilizing at least one of a secure sockets layer protocol and a transport layer security protocol.
  - 5. The method of claim 1, wherein the timestamps are generated utilizing a remote time source coupled to the recorder.
  - 6. The method of claim 1, wherein the recorder has a sniffing engine to capture the copy of the data transaction and associates the at least one identifier to the captured copy of the data transaction, wherein the recorder has a time-stamping engine to generate the timestamps for the captured copy of the data transaction.
  - 7. The method of claim 1, wherein the hashes of the copied data packets are stored instead of the captured copy of the data transaction.
  - 8. The method of claim 7, wherein the hashes are compared to hashes of versions of the data packets for the same data transaction captured at another location between the server and client to verify at least one of:
    - the authenticity of the captured copy of the data transaction and the integrity of the captured copy of the data transaction.

9. A system, comprising:
- a recorder for detecting on a boundary between an external network and an internal network an initiation of an encrypted data transaction between at least a server and a client across the boundary, the data transaction comprising a plurality of data packets transmitted between the server and the client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;
  
  the recorder having a sniffing engine for capturing a copy of the data transaction by copying the data packets as the data packets are transmitted through the network between the server and the client, wherein the copied data packets are hashed as hash-time pairs;
  
  the recorder having logic for associating at least one identifier with the data transaction;
  
  the recorder having a time-stamping engine for generating timestamps for the copied data packets, wherein each timestamp includes information therein identifying at least a portion of the at least one identifiers, wherein each timestamp includes a digital signature, wherein the generating of timestamps adapts to a plurality of loads, wherein during a first of the loads, each hash-time pair is signed with a digital signature, wherein during a second of the loads a plurality of hash-time pairs are signed with a single digital signature, the second of the loads being heavier than the first of the loads;
  
  one or more data stores coupled to the recorder for storing therein the captured copy of the data transaction, the at least one identifier and the timestamps;
  
  the sniffing engine mapping the at least one identifier associated with the stored captured copy of the data transaction to an entry in an index to permit retrieval of the stored copy of the data transaction and the timestamps from the data store via the index;
  
  a player in communication with the recorder for obtaining the captured copy of the data transaction from the one or more data stores utilizing the entry, submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret, and decrypting the captured copy of the data transaction utilizing the obtained session secret.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the captured copy of the data transaction and the at least one identifier are stored in a first data store and the timestamps are stored in a second data store.
  - 11. The system of claim 9, wherein the data transmitted during the data transaction is encrypted by the server and client utilizing at least one of a secure sockets layer protocol and a transport layer security protocol.
  - 12. The system of claim 9, wherein each timestamp includes a digital signature.
  - 13. The method of claim 9, wherein the copied data packets are hashed, and wherein the hashes of the copied data packets are stored instead of the captured copy of the data transaction.
  - 14. The method of claim 13, wherein the hashes are compared to hashes of versions of the data packets for the same data transaction captured at another location between the server and client to verify at least one of the authenticity of the captured copy of the data transaction and the integrity of the captured copy of the data transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chemtron Research LLC (Intellectual Ventures LLC)
Original Assignee
Network Resonance Incorporated
Inventors
Rescorla, Eric Kenneth, Dick, Kevin Stewart
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tran; Tongoc

Application Number

US10/977,399
Publication Number

US 20050091540A1
Time in Patent Office

2,238 Days
Field of Search

726/14, 726/13, 726/23, 713/155, 713/178, 713/176, 713/160, 380/229, 380/278, 380/286, 380/37, 707/10, 709/229
US Class Current

713/178
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 2463/062   applying encryption of the ...

H04L 2463/102   applying security measure f...

H04L 2463/121   Timestamp

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/166   at the transport layer

H04L 67/14   Session management for real...

H04L 67/561   Adding application-function...

H04L 67/564   Enhancement of application ...

H04L 69/329   in the application layer [O...

H04L 9/3297   involving time stamps, e.g....

System, method and computer program product for guaranteeing electronic transactions

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for guaranteeing electronic transactions

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links