CA2161983A1 - Confidential information transmission bypassing the internet - Google Patents
Confidential information transmission bypassing the internetInfo
- Publication number
- CA2161983A1 CA2161983A1 CA002161983A CA2161983A CA2161983A1 CA 2161983 A1 CA2161983 A1 CA 2161983A1 CA 002161983 A CA002161983 A CA 002161983A CA 2161983 A CA2161983 A CA 2161983A CA 2161983 A1 CA2161983 A1 CA 2161983A1
- Authority
- CA
- Canada
- Prior art keywords
- confidential information
- internet
- information
- session
- bypassing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000005540 biological transmission Effects 0.000 title abstract description 3
- 238000000034 method Methods 0.000 claims abstract description 16
- 238000010079 rubber tapping Methods 0.000 abstract 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
In computer networks, particularly the Internet, the problem of carrying on transactions that involve confidential information, such as credit card information, stems from the fact that such information can be intercepted by unauthorized persons connected to the same network. Typical solutions to this problem involve various encryption methods where two systems communicate confidential information only in encrypted form. In thisinvention, which applies to an internetworking environment, such as the World Wide Web, another communications channel, using a direct telephone call, is established temporarily between the client and the server to transmit the confidential information, bypassing the Internet. The two methods presented here make it impossible to intercept the transmission without actually wire tapping the vendor or purchaser phone lines.
Description
Specification This invention relates to the transmission of confidential information (like payment information) between two Internet applications. For example, these applications could be a Web browser and a Web server.
It is increasingly common in the Web environment for a client to wish to make a purchase while browsing a Web page residing on a Web server. A transaction involving such a configuration can be a target for unauthorized access. Current solutions involve the use of secure browsers and servers that employ cryptographic methods to encrypt confidential information. This requires conformance to a particular encryption method by the two systems, and changes made to one system may have to be reflected in the other in order to continue to communicate. In addition, such solutions still allow unauthorized persons to gain access to the encrypted information, since it is still being transmitted using the network. Although it can be difficult to do so, it has been repeatedly demonstrated that it is possible to break encryption and gain access to the confidential information itself.
I have found that this problem may be avoided altogether by suspending the browsing session briefly to pass confidential infol~nation in a session between browser and server, or between browser and a payment processing system, using the telephone network. One of the most important advantages of this method is that it does not require modification to existing server technology, making its adoption dependent only on distributing an inexpensive browser program. The following methods follow the above principle toelimin~te the risk of an unauthorized third party gaining access to the confidential information:
Method I
1. Upon establishing a connection with a browser, the server passes a phone number to the browser.
It is increasingly common in the Web environment for a client to wish to make a purchase while browsing a Web page residing on a Web server. A transaction involving such a configuration can be a target for unauthorized access. Current solutions involve the use of secure browsers and servers that employ cryptographic methods to encrypt confidential information. This requires conformance to a particular encryption method by the two systems, and changes made to one system may have to be reflected in the other in order to continue to communicate. In addition, such solutions still allow unauthorized persons to gain access to the encrypted information, since it is still being transmitted using the network. Although it can be difficult to do so, it has been repeatedly demonstrated that it is possible to break encryption and gain access to the confidential information itself.
I have found that this problem may be avoided altogether by suspending the browsing session briefly to pass confidential infol~nation in a session between browser and server, or between browser and a payment processing system, using the telephone network. One of the most important advantages of this method is that it does not require modification to existing server technology, making its adoption dependent only on distributing an inexpensive browser program. The following methods follow the above principle toelimin~te the risk of an unauthorized third party gaining access to the confidential information:
Method I
1. Upon establishing a connection with a browser, the server passes a phone number to the browser.
2. When the client wants to send confidential (e.g. payment) inforrnation to the server, the browser program captures and stores the information locally.
~, ~
21619$3 -3. The browser program saves all information required to restore the current network session and disconnects from it.
~, ~
21619$3 -3. The browser program saves all information required to restore the current network session and disconnects from it.
4. Using the phone number passed by the server, the browser calls the server or another payment processing system over the telephone network, and transmits the confidential information.
5. The server processes the confidential information and disconnects.
6. The browser uses the saved status information (in step 3) to restore the original network session.
Additional steps and tests, including encryption, can be introduced for added security.
Method 2 The second method requires the credit card company, or a company authorized to process credit card payments, to accept transactions from a client system:
1. When the client wants to make a purchase, the server passes the vendor identification code for the credit card of the user's choice, and the amount to be credited to the vendor's account.
2. The browser program collects payment information from the client.
3. The browser program saves all infofmation required to restore the current network session and disconnects from it.
4. The browser program calls the credit card company's system, passes payment information and the vendor's account and disconnects.
5. The browser uses the saved status information to restore the original network session.
Both procedures work equally well in situations where the browser program is connected to the Internet through a gateway on a local area network, but require that a modem on the network be accessible to the browser program.
Additional steps and tests, including encryption, can be introduced for added security.
Method 2 The second method requires the credit card company, or a company authorized to process credit card payments, to accept transactions from a client system:
1. When the client wants to make a purchase, the server passes the vendor identification code for the credit card of the user's choice, and the amount to be credited to the vendor's account.
2. The browser program collects payment information from the client.
3. The browser program saves all infofmation required to restore the current network session and disconnects from it.
4. The browser program calls the credit card company's system, passes payment information and the vendor's account and disconnects.
5. The browser uses the saved status information to restore the original network session.
Both procedures work equally well in situations where the browser program is connected to the Internet through a gateway on a local area network, but require that a modem on the network be accessible to the browser program.
Claims (4)
- The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:
A process of communicating confidential information between two internetworking programs, where one of them disconnects from the internetworking session, establishes a separate session with a system over the telephone network to exchange confidential information, and re-establishes the original session once the exchange is completed. - 2 A process where a World Wide Web browser program disconnects from an Internet session, establishes a separate session with a system over the telephone network to exchange confidential information, and re-establishes the original session once the exchange is completed.
- 3 Method 1 above of transmitting confidential information from an Internet application by bypassing the Internet.
- 4 Method 2 above of transmitting confidential information from an Internet application by bypassing the Internet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002161983A CA2161983A1 (en) | 1995-11-02 | 1995-11-02 | Confidential information transmission bypassing the internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002161983A CA2161983A1 (en) | 1995-11-02 | 1995-11-02 | Confidential information transmission bypassing the internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2161983A1 true CA2161983A1 (en) | 1997-05-03 |
Family
ID=4156898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002161983A Abandoned CA2161983A1 (en) | 1995-11-02 | 1995-11-02 | Confidential information transmission bypassing the internet |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2161983A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1999001990A3 (en) * | 1997-06-30 | 1999-03-25 | Sonera Oy | Procedure for setting up a secure service connection in a telecommunication system |
| WO2000018088A1 (en) * | 1998-09-18 | 2000-03-30 | Dial A Payment, Inc. | Telephonic transaction system |
| WO2000025477A1 (en) * | 1998-10-27 | 2000-05-04 | Sonera Oyj | Procedure and system for identifying and billing a subscriber associated with a service in a telecommunication system |
-
1995
- 1995-11-02 CA CA002161983A patent/CA2161983A1/en not_active Abandoned
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1999001990A3 (en) * | 1997-06-30 | 1999-03-25 | Sonera Oy | Procedure for setting up a secure service connection in a telecommunication system |
| US6237093B1 (en) | 1997-06-30 | 2001-05-22 | Sonera Oyj | Procedure for setting up a secure service connection in a telecommunication system |
| AU739814B2 (en) * | 1997-06-30 | 2001-10-18 | Sonera Smarttrust Oy | Procedure for setting up a secure service connection in a telecommunication system |
| WO2000018088A1 (en) * | 1998-09-18 | 2000-03-30 | Dial A Payment, Inc. | Telephonic transaction system |
| WO2000025477A1 (en) * | 1998-10-27 | 2000-05-04 | Sonera Oyj | Procedure and system for identifying and billing a subscriber associated with a service in a telecommunication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0940960A1 (en) | Authentication between servers | |
| US6711679B1 (en) | Public key infrastructure delegation | |
| KR100308321B1 (en) | A method for coordinating actions among a group of servers | |
| US20050050317A1 (en) | A system and method of exploiting the security of a secure communication channel to secure a non-secure communication channel | |
| US20010039535A1 (en) | Methods and systems for making secure electronic payments | |
| EP1111559A2 (en) | Securing electronic transactions over public networks | |
| JP2003502983A (en) | Transaction method and system with guaranteed security on computer network | |
| EP2027692B1 (en) | Secure internet transaction method and apparatus | |
| JPS62120564A (en) | Terminal checking system | |
| JP2003508838A (en) | Method and apparatus for conducting electronic transactions | |
| CN102006271A (en) | IP address secure multi-channel authentication for online transactions | |
| WO2000001108A3 (en) | Bi-directional, anonymous electronic transactions | |
| US7735121B2 (en) | Virtual pad | |
| KR20000012391A (en) | Method and system for electronic payment via internet | |
| Bhiogade | Secure socket layer | |
| US20080022085A1 (en) | Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system | |
| EP0829991B1 (en) | Methods and apparatus for sending electronic data signals | |
| CA2161983A1 (en) | Confidential information transmission bypassing the internet | |
| EP0932956B1 (en) | Transfer of signed and encrypted information | |
| WO2004104725A3 (en) | Method of disposable command encoding (dce) for security protection | |
| CA2343805C (en) | Method of improving security in electronic transactions | |
| WO1999021319A2 (en) | Method and apparatus for certificate management in support of non-repudiation | |
| AU2003274257A1 (en) | Method and system for the secure transmission of a confidential code through a telecommunication network | |
| JPH10322325A (en) | Encryption authentication system | |
| CN100356760C (en) | Method for accessing company inside data from network using mobile phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |
Effective date: 19981102 |