[go: up one dir, main page]

WO2002078259A1 - Certification dynamique d'un contenu - Google Patents

Certification dynamique d'un contenu Download PDF

Info

Publication number
WO2002078259A1
WO2002078259A1 PCT/US2001/009581 US0109581W WO02078259A1 WO 2002078259 A1 WO2002078259 A1 WO 2002078259A1 US 0109581 W US0109581 W US 0109581W WO 02078259 A1 WO02078259 A1 WO 02078259A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
certification
information
rules
alternatives
Prior art date
Application number
PCT/US2001/009581
Other languages
English (en)
Inventor
Christopher M. Coulthard
Scott C. Mcleod
Peter D. Norman
Kevin Willoughby
Original Assignee
Geo Trust, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Geo Trust, Inc. filed Critical Geo Trust, Inc.
Priority to PCT/US2001/009581 priority Critical patent/WO2002078259A1/fr
Publication of WO2002078259A1 publication Critical patent/WO2002078259A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • the present invention is related to certifying computer-generated content, such as Web pages.
  • U.S. Patent Application No. 09/248,370 describes a certification system that incorporates digital signatures into Web pages, and that maintains a record associating each Web page with a corresponding digital signature. To certify a Web page, the system compares the digital signature of a displayed Web page to that maintained in the record. If the two match, the Web page is certified; otherwise it is not.
  • Java JAR is example of a certification system that uses lists and digital signatures. Briefly, Java JAR is directed to ensuring the integrity of information in
  • composite files that is, files which contain multiple components, each of which has its own guarantee of integrity.
  • An example of composite is Web page 1 of Figure 1 which may include image element 2 , image element 4 , and image element 5.
  • the Java JAR system confirms that the content is intact by comparing the content with a hash code generated therefrom by the sender and encrypted with a key to guarantee its authenticity.
  • a dynamic Web page is comprised of static and, possibly, dynamic elements.
  • the Web page is dynamic if at least some of the static elements can be substituted for one another.
  • a common example of a dynamic Web page is a page that "builds" an automobile in response to user selection of features such as model, year, color, etc., and that displays an image of the resulting automobile together with its price. In this example, different alternatives may be displayed on the same page depending on the user's selection of features.
  • the invention is a system that certifies dynamically-generated content such as interactive Web pages.
  • the invention stores a set of rules containing alternatives as to what information may be included in the content.
  • the alternatives contained in the set of rules may correspond to models that are available from a particular manufacturer.
  • the alternatives may indicate that information corresponding to those models (e.g, their images) may be included in the Web page.
  • the invention determines whether each element of information for which certification is required obeys the rules specified for it, and what the certification result for the element is.
  • the certification result for content such as a Web page, is then determined based on additional rules involving the certification results of the elements and the context of the page. All rules can take into consideration information from their context. This context includes the identity, authorization and location of the user, the date, parameters which may have been set by the user or by an authorized person or process on the server, or any other information that can be exposed programmatically as property.
  • the certification process can be recursive. That is, the individual elements may have groups of rules for themselves and any of their subsidiary elements. This increases the utility of the system by allowing complex structures to be built.
  • Plural (e.g., two or more) levels of certification are provided in preferred embodiments of the invention.
  • different levels of certification may be provided for different alternatives, e.g., "high” indicating a high degree of reliability, “medium” indicating a relatively lower degree of reliability, and “low” indicating a low degree of reliability.
  • the level of certification of particular content depends on which alternatives match the elements of information contained therein.
  • the invention is preferably implemented using a client-server architecture. Specifically, the client requests content (e.g., a Web page), and the server assembles information contained in the requested content and processes the information in the manner described above to determine whether or not to certify the content.
  • content e.g., a Web page
  • server assembles information contained in the requested content and processes the information in the manner described above to determine whether or not to certify the content.
  • the present invention is a system for certifying computer-generated content.
  • the system includes a client which outputs information corresponding to the content .
  • a server stores a set of rules that contains alternatives for information that may be included in the content, and determines whether the information from the content corresponds to at least one of the alternatives contained in the set of rules.
  • the server issues a certification confirming the validity of the content in a case that the information corresponds to at least one alternative.
  • the invention incorporates one or more of the following features/functions:
  • the client requests content with dynamic components or engages in a dynamic interaction such as a form response or query.
  • the determining performed by the server determines whether the result obeys its certification requirements.
  • the determining performed by the server determines whether the plural elements of information correspond to the alternatives.
  • the client includes a user interface, and the content is generated on the client in accordance with information input via the user interface.
  • the content comprises a Web page.
  • the alternatives in the set of rules apply to programs that may be executed via the content .
  • the alternatives in the set of rules apply to individual objects such as images which may be incorporated into the content .
  • the client (i) displays the content, and (ii) displays a certification along with the content, the certification indicating that the content has been certified.
  • the content is not certified in a case that the information therein does not correspond to at least one alternative.
  • the server outputs the message to the client and the client displays the message to the user or, if the server is working cooperatively with an assembly engine, it may output the message to the assembly engine.
  • the client may display the content together with the message.
  • Certification results may correspond to a plurality of certification levels and the issuing performed by the server certifies the information in the content at one of the plurality of certification levels based on a result of execution of rules for the content.
  • the plurality of certification levels include “high” indicating a high degree of reliability, “medium” indicating a relatively lower degree of reliability, and “low” indicating a low degree of reliability.
  • the client displays the content, and the determining performed by the server can be performed either before, during or after the content is assembled.
  • Figure 1 shows a composite Web page.
  • Figure 2 shows a network system on which the certification process may be implemented.
  • Figure 3 shows the graphical user interface of a Web browser that may be used with the certification process.
  • Figure 4 shows a dynamic Web page that can be certified by the certification process.
  • Figure 5 shows process steps for certifying a dynamic Web page.
  • Figure 6 shows an example of a manifest used by the certification process to certify a dynamic Web page.
  • Figure 7 shows a Web page that can be used to initiate certification of individual static elements of a dynamic Web page.
  • Figure 8 shows the process of certifying individual static elements of a dynamic Web page.
  • Figure 9 shows a client retrieving a dynamic Web page from a Web server.
  • Figure 10 shows providing user input to a Web server.
  • Figure 11 shows requesting certification of a dynamic Web page.
  • Figure 12 shows process steps for certifying the content of dynamic Web pages and other dynamically-generated content .
  • Figure 13 shows issuing a certification message relating to a certification of a dynamic Web page.
  • Figure 14 shows a certificate that may be issued for certified Web pages.
  • Figure 15 shows process steps for organizing Web pages (or other content) into zones.
  • Figure 16 shows an example of a manifest used to organize content into zones.
  • Figure 17 is an abstract view of Web pages on a Web site organized into zones.
  • the present invention is preferably implemented using a client-server architecture, such as that shown in Figure 2.
  • This architecture includes client 6, certification server 7, and Web server 9 connected via network 10.
  • Network 10 may comprise any type of network or communications medium, including, but not limited to, one or more of the following: the Internet, a local area network ("LAN”), a wide area network (“WAN”), a wireless (e.g., ATM) network, a logical network within a single computer, some other form of programmatic communication such as interprocess communications or dynamic link libraries, or any combination thereof.
  • Client 6 is preferably a personal computer (“PC”) or similar data processing device.
  • Client 6 includes network interface 11 for interfacing to network 10, display screen 12 for displaying information to a user, keyboard 14 for inputting text and user commands, mouse 15 for positioning a cursor on display screen 12 and for inputting user commands, disk drive 16 for reading from and writing to floppy disks installed therein, and CD-ROM drive 17 for accessing data stored on CD-ROM.
  • Close-up view 18 shows the internal structure of client 6.
  • Client 6 includes memory 19 which is a computer- readable medium, such as a computer hard disk, for storing information.
  • memory 19 stores operating system 20, applications 21, and data 22.
  • MicrosoftTM Windows98TM is a one operating system that may be used with the invention; however, the invention is not limited to use therewith.
  • Applications 21 include Web browser 24, among others .
  • An example of a Web browser that may be used with the invention is NetscapeTM NavigatorTM.
  • Web browser 24 displays a graphical user interface ("GUI") to a user, through which the user may access information via the GUI.
  • GUI graphical user interface
  • Client 6 also includes display interface 26, keyboard interface 27, mouse interface 29, disk drive interface 30, CD-ROM drive interface 31, computer bus 32,
  • Processor 35 preferably comprises a microprocessor or the like for executing applications, such as those noted above, out of RAM 34.
  • applications including browser 24, may be stored in memory 19 as noted above or, alternatively, on a floppy disk in disk drive 16 or CD-ROM in CD-ROM drive 17.
  • processor 35 accesses applications and data stored on floppy disk via disk drive interface 30 and accesses applications and data stored on CD-ROM via CD-ROM interface 31.
  • Web server 9 may comprise a computer having features similar to client 6 for providing remote access to the Web site of an organization.
  • Web server 9 is connected to other computers (not shown) in the organization via LAN 36 (or network 10) .
  • Web server 9 is also connected to certification server 7 via network 10 or other medium.
  • Web server likewise includes a processor 23 and a memory 28, among other things, as shown in close-up view 13.
  • Assembly engine 25 Stored in this memory is assembly engine 25 and Web page elements 33.
  • Assembly engine 25 is a program that is executed by processor 23 to assemble Web pages. More specifically, a single Web page may be composed of a plurality of static and dynamic elements, such as images, applets, text, sound, other Web pages, etc.
  • assembly engine 25 retrieves those elements (e.g., from memory 28) and combines them in a predetermined manner so as to form the Web page .
  • Representative examples of commercially-available assembly engines that may be used in connection with the present invention include ATG Dynamo, Servlets, JSP and ASP
  • Certification server 7 likewise preferably comprises a computer having features similar to client 6. As shown in close-up view 38, certification server 7 includes, among other things, memory 39 for storing both applications and certification information 48 which includes the manifests described below. Memory 39 may include one or more memory devices, such as a computer hard disk, redundant array of inexpensive disks (“RAID”), optical disk drive, and the like. Processor 40 is also included on certification server 7 so as to execute applications stored in memory 39 and to provide the resulting output to the network.
  • RAID redundant array of inexpensive disks
  • Certification engine 41 comprises computer-executable code that runs on certification server 7 to certify Web.pages and other dynamic pages based on their content and/or certification information stored in their elements. Certification engine 41 also organizes sets of Web pages into plural zones based on their levels of certification, the type of information contained therein, or the like, as described in more detail below.
  • certification server 7 and Web server 9 may be one in the same; however, since this is not a requirement, the more general case of separate Web and certification servers is depicted in Figure 2.
  • the invention may also be implemented, in its entirety, on a single computer. That is, the functions of client 6, certification server 7 and Web server 9 (or its equivalent) may be implemented on a single computer.
  • Figures 4 to 14 depict the operation of certification engine 41 in the context of certifying dynamically-generated (or simply "dynamic") Web pages.
  • this embodiment of the invention is described with respect to Web pages, the invention is not limited to use with Web pages and can be used to certify any computer-generated content.
  • a Web page is dynamic if any of its contents is specified generically or generated programmatically or by query or in any other situation where the content is not specified uniquely and immutably a priori. That is, many Web pages are composites, meaning that they are composed of plural elements such as images, applets, text, sound, etc.
  • Each individual element may be static if all of its components are specified uniquely and immutably a priori; however, the Web page itself is still dynamic if the specification of the elements within the page are not so specified. It is also possible for the elements themselves to be dynamic because of their components or because they are programs or queries. The resolution of these dynamic objects to static objects generally occurs in the assembly engine, but it is also possible for this process to occur in the browser (e.g., with JavaScript) . In this regard, there is no reason, in principle, why some or all of the functions of the certification server could not take place in the client given the necessary integration with the browser.
  • Figure 4 shows a hypothetical Web page 42 displayed by browser 24.
  • Web page 42 "builds" an automobile based on user-selected features such as model, year, color, stereo, etc. That is, Web server 9 stores, in a manifest for Web page 42, plural alternatives for text element 43 and image elements 44 and 45.
  • a user selects which features 46 are to be included in the automobile, and a program or applet resident on Web page 43 determines which of the text and images stored on Web server 9 should be displayed as elements 43, 44 and 45 based on the selected features.
  • Browser 24 then transmits this information to Web server 9, where assembly engine 25 retrieves the appropriate text and images from memory 28 (or, more generally, any database on which they reside) and assembles them into Web page 42.
  • Figure 5 shows process steps for certifying a dynamic Web page. Though the process steps of Figure 5 are directed to certification of a Web page, once armed with the disclosure herein, one of ordinary skill in the art could easily use these steps to certify any type of computer- generated dynamic content .
  • the process of Figure 5 begins in step S501 by defining a manifest for the Web page.
  • the manifest is generally defined by the administrator of the Web site on which the Web page resides and provided to certification server 7 where it is indexed to the URL of the Web page and stored in memory.
  • the manifest includes a set of rules that specify information to be included on the Web page.
  • the set of rules includes alternatives for information that may be included on the Web page, though they may specify required information as well.
  • manifest 47 includes a rule 49 requiring display of an automobile image, which defines alternatives 54 (e.g., an image of a convertible, an image of a 4-wheel drive vehicle, etc.). It also includes a rule 55 requiring validation of the certification results. This may be done in accordance with a program or applet on the Web page .
  • step S502 (which may be performed before or after step S501) . That is, step S502 confirms that each alternative element (e.g., image, applet, etc.) that could be included on the Web page is certified. For Web page 42, this means confirming that each image element 44 and 45, and any other information that Web page 42 may include, is certified.
  • the certification of static elements in step S502 is performed by certification engine 41 in accordance with the process described in U.S. Patent Application No. 09/248,370. A brief description of this process is as follows.
  • FIG. 7 shows a password protected Web page 57 for requesting certification of an element.
  • an element such as an image
  • the certification control that receives the element prepares and transmits a certification request to certification server 7 specifying the content of the element and the certification desired.
  • a certification request 61 includes content 62 of the element submitted for certification, together with other information 64 such as the certification desired (e.g., site-wide certification, legal department certification, etc.), the author (s) of the element, and a uniform resource locator ("URL") that specifies a Web page on which the element is to be located.
  • Request 61 may also include information such as an element revision number, content keywords, title, etc.
  • Certification server 7 processes the received certification requests by distributing content 62 to those in an organization that could potentially provide approval for certification. For example, certification server 7 may distribute the content to all members of the organization's legal department when a request is made for legal department certification. Workflow software, E-mail daemons, and other techniques, executing on computers other than the certification server, can alternatively be used to distribute the content for certification.
  • Certification message 66 can include the content and the other information included in the certification request. This message can also include information 67 that describes the individual transmitting the certification message, the type of certification granted (e.g., an individual may have the capacity to certify content for both the marketing and legal departments of the organization), and a level of approval (e.g., "for internal use only” or "for publication on the Internet") . Additionally, the certification message may include a digital signature 68 belonging to the individual submitting the certification message and information to confirm the digital signature (e.g., X.509), or it may include information used by other authentication techniques.
  • a digital signature 68 belonging to the individual submitting the certification message and information to confirm the digital signature (e.g., X.509), or it may include information used by other authentication techniques.
  • Certification engine 41 processes received certification messages in accordance with certifying instructions. These instructions may be embedded in certification engine 41 or retrieved thereby. In one embodiment of the invention, these certifying instructions authenticate a certification message to ensure that an individual claiming to have approved the submitted content was, in fact, the one who produced certification message 66. After authentication, the certifying instructions can determine whether certification message 66 satisfies the criteria for the certification requested. For example, the certifying instructions can determine whether certification message 66, alone or in combination with previously-received certification messages, is sufficient to obtain legal department certification.
  • the certifying instructions can store the received certification and await further certification messages.
  • the process may store a hash for submitted content awaiting further certification to ensure that subsequent certification is for the same content as the certification already received.
  • the process can also attempt to certify any links or other objects referenced by the content.
  • the certifying instructions determine verification information from the certified content or other information provided.
  • verification information includes data that identifies the certified content such as a URL, compressed or uncompressed portions of the content, and/or an assigned identification number.
  • the verification information may also include one or more hash keys (e.g., an MD5 hash and an SHA hash) .
  • a hash key is produced by a one-way function and typically requires little storage space (e.g., 160-bits) , and is nearly guaranteed to be unique for given content .
  • the certifying instructions can produce a digital signature (e.g., a W3C DSig (Digital Signature Group) compliant signature) for content 62.
  • This digital signature can include computed hash, the content's URL, or any other verification or certification information (not shown) .
  • the certifying instructions determine whether content 62 can be dynamically modified to include the digital signature. For example, HTML and XML permit dynamic insertion of digital signatures into the content (e.g., as header information or as a newly defined tag) . Inclusion of the digital signature in content 62 ensures that the digital signature travels with the content. Thereafter, certified content 69, including the digital signature, is transmitted back to Web server 9, as shown in Figure 8.
  • step S503 any page, even an initial page, may be subject to the certification process of the present invention.
  • steps S503 and S504 are not necessary, since any attempt to retrieve a page may start at step S505. Nevertheless, for illustration's sake, steps S503 and S504 are included in the process.
  • a user logs onto client 6, executes browser 24, and requests a Web page from Web server 9.
  • Web server 9 transmits a Web page, such as that shown in Figure 4, to client 6. There, the Web page is displayed.
  • This process is depicted graphically in Figure 9.
  • the invention does not require a user to have an initial page into which to put initial information. Any interaction with the user supplies at least authentication information and perhaps information from "cookies".
  • step S504 the user inputs information into the Web page.
  • the user may select options for building an automobile.
  • Browser 24 transmits these user-selected options (i.e., the user input) to Web server 9, as shown in Figure 10.
  • assembly engine 25 determines which elements (e.g., images, text, applets, sound, etc.) are to be included on the Web page.
  • Assembly engine 25 then retrieves the appropriate elements from memory 28 (or any other database on which they reside) , and assembles the Web page therefrom.
  • Certification of the Web page may take place before, during or after this process.
  • each element on the Web page may be certified prior to assembly, as described above with respect to Figure 8 and in U.S. Patent Application No.
  • each element may be certified as part of the Web page on an ad hoc basis, i.e., during assembly.
  • certification may take place following assembly of the Web page.
  • pre-assembly rules 90 control certification prior to assembly
  • during-assembly rules 91 control certification during assembly
  • post-assembly rules 92 control certification post assembly.
  • each of these includes prologue rules, body rules, and epilogue rules, which can specify an order of execution for the rules.
  • step S506 assembly engine 25 extracts identification and certification information from each element of the Web page. For example, it extracts the URL of the Web page, the digital signature and/or content of each element (e.g., elements 43, 44 and 45 in Figure 4) in the Web page, an identification number of each element, etc.
  • assembly engine 25 issues a request to certification server 7. This is depicted graphically in Figure 11.
  • the request can be encrypted for security purposes, and includes the information extracted in step S506, together with a request for certification of the Web page .
  • step S508 determines whether the Web page is certified, meaning that the information contained therein is valid.
  • the certification process is performed in certification server 7 by certification engine 41.
  • the Web server and certification server functions may be implemented on the same computer, in which case the certification process would take place on that single computer.
  • FIG 12 depicts the certification process.
  • certification server 7 receives the request for certification from assembly engine 25 on Web server 9. Based on this request, and the information contained therein, certification engine 41 determines whether the information in the Web page complies with the set of rules stored therefor. To this end, certification engine 41 determines whether each of the elements that make up the Web page corresponds to at least one of the alternatives contained in the manifest for that Web page. This is done in step S1202, e.g., by comparing an assigned identification number or hash for each element to those contained in the manifest.
  • step S1203 certification engine 41 also determines whether that element is certified. This is done, e.g., by comparing one or more of the digital signature, content, etc. for that element to corresponding verification information therefor. If there is a match, then that individual element is considered certified. Alternatively, certification information can be included in the manifest, in which case the manifest can be consulted to determine whether each element is certified.
  • step S1204 certification engine 41 also determines whether that element is certified.
  • Each such element includes a manifest, and a requisite rule or rules are executed for that element. The results of these executions are certified by subsequent rules to see what form of certification is required for the entire Web page. This process is similar to that described above .
  • the certification of the entire page depends upon the epilogue rules working on the certification results of the prologue and the body. In the absence of any explicit global certification rules, rules from a zone or site manifest (described below) may be used.
  • the invention provides for several different levels of certification. For example, three such levels may be provided, including “high” (or “platinum”) indicating that the information is highly reliable, “medium” (or “gold”) indicating a relatively lower degree of reliability, and “low” (“silver” or “bronze”) indicating a still lower degree of reliability. Though only three levels of certification are described here, the invention is not limited to three. Rather, any number of certification levels may be used.
  • the level of certification for each alternative in a Web page manifest is preferably stored in the rule for that alternative. Accordingly, returning to Figure 5, if the Web page is certified in step S508, in step S509 certification engine 41 may extract a level of certification (not shown) for each element in the Web page using the manifest.
  • a level of certification for the entire Web page can be determined.
  • the level of certification of the entire Web page will correspond to the lowest level of certification of an element on that Web page.
  • other methods of determining the certification level of the entire Web page may also be used with the invention.
  • step S510 certification engine 41 issues a message 74 to assembly engine 25.
  • the message indicates that the Web page has been certified.
  • the message may also include a certificate that is transmitted to the user and displayed along with the Web page, as shown in Figure 13.
  • An example of such a certificate 78 is shown in Figure 14. Where more than one level of certification is provided, the message and/or certificate may also indicate the level of certification for the Web page.
  • step S508 in a case that the Web page has not been certified, message 74 is still output by certification engine 41 in step S511. This time, however, the message indicates that the Web page has not been certified.
  • the message may then be transmitted from Web server 9 to client 6 and/or to the Web site administrator. In a case that the message is provided to the site administrator, it may include instructions indicating exactly which portions of the Web page were not certified and why.
  • this message indicating that the Web page is not certified may be transmitted to the client, where it is displayed.
  • the Web site content may or may not be transmitted and displayed therewith, depending upon how the system is configured.
  • the certification process ends.
  • partial certification of a Web page may be provided. More specifically, to certify the contents of a Web page in accordance with the process shown in Figure 5, each element thereof must correspond to one alternative in the Web page manifest. If one element is not found on the manifest, the Web page will not be certified. In alternative embodiments, however, partial certification of a Web page may be provided if at least one element on the Web page corresponds to at least one alternative in the manifest for that Web page. In the case of partial certification, the output message and/or certificate would be changed accordingly.
  • certification engine 41 organizes individual Web pages on a Web site into zones. Which zone a particular Web page is in depends upon the rules stored in a manifest for that zone. For example, which zone a Web page is located in may depend upon a level of certification of that Web page. In this example, the level of certification of dynamic Web pages may be determined in the manner described above. However, since this aspect is not limited to use with dynamic Web pages, certification can be achieved using any method.
  • Figure 15 shows process steps for implementing this aspect of the system. These process steps may be executed to define a single zone. Other zones may be defined in the same manner.
  • the process of Figure 15 may be implemented on certification server 7 in certification engine 41 or, alternatively, on a similar program executing on Web server 9.
  • Step S1501 begins the process. More specifically, step S1501 stores a manifest containing one or more rules that define which pages may be included in the zone. As above, these rules may be defined and input by the administrator of a Web site. The rules may include a variety of factors.
  • the rules may define a specific level of certification required for Web pages in the zone, a "type" of Web page that may be included in the zone (e.g., products as defined by a URL such as "www.NovaSoft.com/products” or other means), and the like. Additional rules may also be provided to further differentiate the zones. For example, if a zone specifies "products for sale", a rule may be included in the manifest to specify that only products having a release date "less than or equal to today" may be included in the zone.
  • Figure 16 depicts an example of a "products for sale” manifest that may be used by the present invention to define such a zone.
  • certification engine 41 examines the content of Web pages in the Web site in order to determine which of those Web pages belong in the current zone.
  • a single Web page may be included in more than one zone; however, for the sake of clarity, the present description will assume that each Web page is included in only one zone.
  • Step S1502 thus selects each Web page, e.g., by its URL, and then step S1503 determines whether that page complies with the rules set forth in the zone manifest.
  • step S1503 may determine the certification level of the Web page by examining its certification information, as well as any other information required for the zone. That is, step S1503 may determine whether the Web page is related to a product by examining the page's URL, and whether the product has been released as of "today" by examining the content of the Web page. Other information may also need to be examined depending upon the number and type of rules specified in the zone manifest.
  • step S1504 concludes that the Web page belongs in the current zone. Accordingly, processing proceeds to step S1504.
  • Step S1504 associates each complying page with the current zone. This can be done in a number of ways. For example, step S1504 may incorporate, into a manifest of each complying Web page, a rule indicating that the Web page is part of the current zone. Instead of, or in addition to, incorporating a rule into the Web page's manifest, step S1504 may incorporate into the zone manifest one or more rules indicating which Web pages are part of the zone. For example, the URLs of Web pages included in a zone may be included in that zone's manifest.
  • Step S1505 determines whether any unexamined Web pages remain in the site. If there are such pages, processing returns to step S1502, whereafter steps S1503 to S1505 are repeated for the remaining images. Otherwise, processing for the current zone ends.
  • Figure 17 shows an abstract view of a Web site that has been divided into three zones -- a "products for sale” zone 80, an "unsupported tools” zone 81, and a "personal opinions” zone 82. In this example, all Web pages 84 in the "products for sale” zone have a "high" certification level
  • Web pages in a particular zone may contain visible certification (or other "type") indicators. Accordingly, a user can determine in which zone a Web page is located simply by looking at the indicator. In cases where the Web server and certi ication server are one in the same, certification engine 41 may simply incorporate the appropriate certification indicators into the appropriate Web pages. Where the two servers are different, certification server 7 may provide the certification indicators to Web server 9, which may then incorporate them into the Web pages for the site. In preferred embodiments, the invention also maintains a record of movement between zones. That is, each time a user enters a new URL via browser 24, there is the potential of movement to a different zone. Each time the user enters a new zone, Web server 9 and/or certification server 7 may issue a message to the user to that effect.
  • One or both of these servers may maintain a record of URLs and corresponding zones visited by the user during a predetermined period of time.
  • the present invention also can be used to define a manifest for an entire Web site.
  • the manifest for a Web site would be similar to that shown in Figure 16 for a zone. Accordingly, a detailed description thereof is omitted here for the sake of brevity. Suffice it to say, that rules for a site manifest may be based on certification, as described above, or any other relevant information. Only Web pages and zones that comply with the site manifest may be included in that site. Moreover, a site-wide certification, similar to that described above for zones can be provided for sites.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention porte sur un système de serveur de client permettant de certifier un contenu (62) produit par un ordinateur tel que des pages du web. A cet effet, le client (6) produit le contenu (62) puis transmet au serveur les information (64) correspondantes. Le serveur, qui a en mémoire un ensemble de règles contenant des alternatives (54) aux informations (64) comprises dans le contenu (62), détermine si lesdites informations (62) correspondent ou non à au moins l'une des alternatives (54) comprise dans l'ensemble de règles. Si l'information (64) correspond à au moins une alternative (54), le serveur produit une certification confirmant la validité du contenu (62).
PCT/US2001/009581 2001-03-26 2001-03-26 Certification dynamique d'un contenu WO2002078259A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2001/009581 WO2002078259A1 (fr) 2001-03-26 2001-03-26 Certification dynamique d'un contenu

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2001/009581 WO2002078259A1 (fr) 2001-03-26 2001-03-26 Certification dynamique d'un contenu

Publications (1)

Publication Number Publication Date
WO2002078259A1 true WO2002078259A1 (fr) 2002-10-03

Family

ID=21742439

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/009581 WO2002078259A1 (fr) 2001-03-26 2001-03-26 Certification dynamique d'un contenu

Country Status (1)

Country Link
WO (1) WO2002078259A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5894554A (en) * 1996-04-23 1999-04-13 Infospinner, Inc. System for managing dynamic web page generation requests by intercepting request at web server and routing to page server thereby releasing web server to process other requests
US6018801A (en) * 1998-02-23 2000-01-25 Palage; Michael D. Method for authenticating electronic documents on a computer network
US6131162A (en) * 1997-06-05 2000-10-10 Hitachi Ltd. Digital data authentication method
US6236978B1 (en) * 1997-11-14 2001-05-22 New York University System and method for dynamic profiling of users in one-to-one applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5894554A (en) * 1996-04-23 1999-04-13 Infospinner, Inc. System for managing dynamic web page generation requests by intercepting request at web server and routing to page server thereby releasing web server to process other requests
US6131162A (en) * 1997-06-05 2000-10-10 Hitachi Ltd. Digital data authentication method
US6236978B1 (en) * 1997-11-14 2001-05-22 New York University System and method for dynamic profiling of users in one-to-one applications
US6018801A (en) * 1998-02-23 2000-01-25 Palage; Michael D. Method for authenticating electronic documents on a computer network

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7114177B2 (en) 2001-03-28 2006-09-26 Geotrust, Inc. Web site identity assurance
US7552466B2 (en) 2001-03-28 2009-06-23 Geotrust, Inc. Web site identity assurance
US7003661B2 (en) 2001-10-12 2006-02-21 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7120929B2 (en) 2001-10-12 2006-10-10 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7562212B2 (en) 2001-10-12 2009-07-14 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US8028162B2 (en) 2001-10-12 2011-09-27 Geotrust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7694135B2 (en) 2004-07-16 2010-04-06 Geotrust, Inc. Security systems and services to provide identity and uniform resource identifier verification

Similar Documents

Publication Publication Date Title
KR100851710B1 (ko) 측면 검색
US5864871A (en) Information delivery system and method including on-line entitlements
JP3771822B2 (ja) データ検索の方法、システム、およびプログラム
US20020059364A1 (en) Content certification
US5802518A (en) Information delivery system and method
JP4738708B2 (ja) 証拠ベースのセキュリティポリシーマネージャ
AU2010201642B2 (en) Remote module incorporation into a container document
US6151624A (en) Navigating network resources based on metadata
GB2331169A (en) Company information delivery system and method including restriction processing
US20040117376A1 (en) Method for distributed acquisition of data from computer-based network data sources
US20120117171A1 (en) Delivering electronic content
US20010054153A1 (en) System and method for determining user identity fraud using similarity searching
US20020059369A1 (en) Method and apparatus for creating and distributing non-sensitized information summaries to users
US7502774B2 (en) Ring method, apparatus, and computer program product for managing federated search results in a heterogeneous environment
AU2007203146A1 (en) Use of extensible markup language in a system and method for influencing a position on a search result list generated by a computer network search engine
US8050980B2 (en) Secure downloading of a file from a network system and method
JP2006512693A (ja) 法律事務所用の知識管理システム
EP1240578A4 (fr) Systeme informatique a contenu cible
EP1159683A1 (fr) Certification de contenu
US20020165940A1 (en) Computer system, a method and a program for providing a Web page appropriate to a user
US8095873B2 (en) Promoting content from one content management system to another content management system
CN111770086A (zh) 钓鱼用户模拟收集方法、装置、系统与计算机可读存储介质
EP1804180A1 (fr) Méthode d'affinage basé sur le contenu de journal
WO2004066057A2 (fr) Amelioration de serveurs web
WO2002077793A1 (fr) Ddefinition de zones de contenu

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP