WO2001054342A1 - Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components - Google Patents

Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components Download PDF

Info

Publication number
WO2001054342A1
WO2001054342A1 PCT/US2000/042179 US0042179W WO0154342A1 WO 2001054342 A1 WO2001054342 A1 WO 2001054342A1 US 0042179 W US0042179 W US 0042179W WO 0154342 A1 WO0154342 A1 WO 0154342A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
user
key
data
component
Prior art date
Application number
PCT/US2000/042179
Other languages
French (fr)
Inventor
Christoph Kern
Original Assignee
Yodlee.Com. Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yodlee.Com. Inc. filed Critical Yodlee.Com. Inc.
Priority to AU2001245065A priority Critical patent/AU2001245065A1/en
Publication of WO2001054342A1 publication Critical patent/WO2001054342A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • a system for storing and managing data comprising a server connected on a network and having a data repository; a user station connected on the network; and an encryption/decryption program requiring a key, and executable on the server.
  • a first component of the key is stored at the server
  • a second component of the key is stored at the user station
  • the server retrieves the second component and combines it with the first component to form the key each time encrypted data storage or retrieval is required.
  • the second component is created by the server and sent to the user station after initial log-in by the user, and then eliminated at the server. Where the server requires one or both of a user name and password for log-on, the second component may be created from one or both of the user's name and password.
  • the system comprises server 21 and data store 19, and is hosted in Internet 11.
  • Server 21 is enhanced, in this embodiment, with an encryption/decryption software (SW) 33 that has a capability of symmetrical encryption using retrieved components in combination to produce a singular key that is specific to one user's data and not to any other user's data.
  • SW 33 encryption/decryption software
  • the exact encryption/decryption program SW 33 uses is not particularly relevant to the present invention, except for any software modifications that might be required for SW 33 to work with distributed keys.

Abstract

A system is provided for managing data at an Internet server, using an encryption/decryption program (33) requiring a key. Separate components of the key are created and stored at distributed locations, such as at client user stations (15). Each time encryption or decryption of data at the server is required the separate components are accessed and combined to form the key for use with the program (33). In some cases keys components are derived from one or both of a client's username and password, and passed back and forth as portions of a navigation cookie.

Description

Method and Apparatus for Secure Storage of Personal Data in WEB-based Applications using Symmetric Encryption and Distributed Key Components
Field of the Invention
The present invention is in the field of Internet-based services and applications, and pertains more particularly to methods and apparatus for storing client data in a secure fashion at the site of a WEB-based service.
Background of the Invention
The information network known as the world-wide-web (WWW), which is a subset of the well-known Internet, is arguably the most complete source of publicly accessible information available. Anyone with a suitable Internet appliance such as a personal computer with a standard Internet connection may access (go on-line) and navigate to information pages (termed web pages) stored on Internet-connected servers for the purpose of garnering information and initiating transactions with hosts of such servers and pages.
Many companies offer various subscription services accessible via the Internet. For example, many people now do their banking, stock trading, shopping, and so forth from the comfort of their own homes via Internet access. Typically, a user, through subscription, has access to personalized and secure WEB pages for such functions. By typing in a user name and a password or other personal identification code, a user may obtain information, initiate transactions, buy stock, and accomplish a myriad of other tasks. Clients who subscribe to WEB services offered on the Internet network typically have at least some personal information held in data storage on their behalf by companies hosting such services. For example, account information, credit card numbers, financial records, social security numbers, bank account information, etc., may be stored in a secure database by services which provide some WEB-based service to a client.
There are many methods known in the art for providing certain measures of security for stored data belonging to patrons of on-line services. Of these methods, data encryption is the most popular. Data encryption involves changing a clear-text chunk of data into a form such that the original text cannot be recovered by unauthorized parties. This is an important distinction. There are algorithms which turn clear text into a non-human-readable form, but the clear text can be recovered efficiently. Examples are transfer encodings and data compression schemes. A cryptographically strong encryption scheme has a property that there does not exist an efficient algorithm to recover the clear text without knowledge of the key or keys.
Encryption typically works according to a set of rules and a key. An algorithm is sometimes used to create an encryption/decryption key that may be used to encrypt or decrypt data, or a key may be selected from any combination of numbers or letters, for example. If a WEB service stores encrypted data on behalf of a user, a decryption key is generally held at the service and available to one or more entities of the service for the purpose of decrypting and manipulating such data on behalf of users. One problem with this approach is that a user is required to trust the service with his or her sensitive data.
In some cases data stored at a WEB service on behalf of a user is encrypted with a key which is then given (transmitted) to a user who is authorized to retrieve and decrypt the data, and the key is then erased at the service. In this case, a user must store his or her own key and encryption/decryption program locally at his or her own workstation. This presents a security problem in that an un-authorized person may gain access to the key, stored somewhere on the user's system, for deciphering the encrypted data. Anyone who frequently works with encryption and decryption processes will be aware of the fact that much improvement related to enhancing security in such circumstances is desirable. What is clearly needed is a method and apparatus for storing encrypted data at
WEB services on behalf of clients such that no other entity, including those hosting the client's data, may obtain all components necessary for encrypting or decrypting client data without direct cooperation from the client.
Summary of the Invention
In a preferred embodiment of the present invention a method for secure management, at a server connected on a network, of data associated with a user station remote from the server and connected on the network is provided, comprising steps of (a) keeping a first component of the key at the server; (b) keeping a second component of the key at the user's station connected to the network; and (c) encrypting and decrypting a user's data to and from storage at the server by an encryption/decryption program requiring a key formed from the first and second components.
In some embodiments the second component is created by the server and sent to the user station after initial log-in by the user, and then eliminated at the server. Where the server requires one or both of a user name and password for log-on, the second component may be created from one or both of the user's name and password. Sometimes the second component is sent to the user station as a component of a navigation cookie, and is stored by the user station in a cookie cache. In preferred embodiments the second component is returned to the server as a navigation cookie each time the user accesses the service through the user station. The server may form the key from the first and second components by applying an algorithm to combine the two components. In some cases there are three or more locations on the network involved, and separate components for a single key are distributed to the three or more locations. The network in many embodiments is the well-known Internet.
In another aspect of the invention a method for managing data at a server connected on a network is provided, comprising steps of (a) storing separate components for an encryption/decryption key at distributed locations connected on the network; (b) retrieving the distributed components each time a data encryption or decryption is to be done; and (c) combining the components at the server to form the encryption/decryption key. There may be a further step for using the key formed of the components with an encryption/decryption program to encrypt or decrypt data. The network may be the Internet.
In yet another aspect of the invention a system for storing and managing data is provided, comprising a server connected on a network and having a data repository; a user station connected on the network; and an encryption/decryption program requiring a key, and executable on the server. In this system a first component of the key is stored at the server, a second component of the key is stored at the user station, and the server retrieves the second component and combines it with the first component to form the key each time encrypted data storage or retrieval is required. In some embodiments of the system the second component is created by the server and sent to the user station after initial log-in by the user, and then eliminated at the server. Where the server requires one or both of a user name and password for log-on, the second component may be created from one or both of the user's name and password.
In some embodiments the second component is sent to the user station as a component of a navigation cookie, and is stored by the user station in a cookie cache. The second component is returned to the server as a navigation cookie each time the user accesses the service through the user station. The key, once components are available to the server, is formed from the first and second components by applying an algorithm to combine the two components. The system may also store a third component at a third location, and the key is then formed by combining the three components. The network may be the Internet.
In yet another aspect a system for managing data is provided, comprising a server connected to a network; and an encryption/decryption program executing on the server and requiring a key for encryption and decryption.. This system is characterized in that separate components of the key are stored at distributed locations on the network and retrieved and combined to form the key each time encryption or decryption are required. The system then uses the key formed of the components with the encryption/decryption program to encrypt or decrypt data. The network may be the Internet. In embodiments of the present invention described in enabling detail below, for the first time a system and method using distributed keys is provided to ensure secure data storage and maintenance.
Brief Description of the Drawing Figures
Fig. 1 is a general overview of a WEB-based service storing data for and communicating with clients according to a prior art encryption/decryption and transmission scheme.
Fig. 2 is a general overview of the WEB-based service of Fig. 1 storing data for and communicating with clients according to an embodiment of the present invention.
Fig. 3 is a process flow chart illustrating the encryption/decryption process interaction using distributed components according to an embodiment of the present invention.
Description of the Preferred Embodiments
Fig. 1 is a general overview of a WEB-based service storing data for and communicating with clients 15 and 17 according to a prior art data encryption/decryption and transmission scheme. Data encryption/decryption as practiced over a data-packet network (DPN) does not provide full security for clients that have data stored in encrypted form on an on-line server. Such is the case in this example of prior art.
The system of fig. 1 may be any WEB-based service set-up to do business with clients hereinafter termed users 15 and 17. For example, the system may comprise a banking institution, a mortgage company, a portal service, an Investment Company, and so on. This system is a WEB-based service and is hosted in a DPN 11, which in this example is the well-known internet network and is hereinafter referred to as Internet 11. Internet 11 may be a DPN other than the Internet, such as a corporate or private wide-area-network (WAN). The Internet is used as an example in this prior-art implementation as well as in a preferred embodiment of the present invention because of its public accessibility characteristic. The system of Fig. 1 comprises a WEB server (WS) 21 and an appropriate data store 19. WS 21 is adapted as an Internet file server having access to data stored in data store 19 and having a capability of serving Hyper-Text Mark-ups (HTMs) generally known as electronic WEB pages in the art. Server 21 performs all of the functions required to deliver a stated service to clients 15 and 17 according to enterprise rules set up by a company hosting server 21.
Data store 19 is, in this example, an on-line storage facility wherein all user data including any user profile information is stored. Such data may include account information, contact information, financial information, credit card information, user profile information, and any other data associated with users that may be obtained by the service and stored in data store 19. User Data (a) and User Data (b) in Fig. 1 simply represents the fact that data is stored for individual users, identified to the users.
Server 21 is illustrated as being connected to an Internet backbone 23, which represents all of the lines and connection points making up the global Internet network as is known in the art. Data store 19 is connected to server 21 via a data link as is generally known in the art. In alternative embodiments the data storage may be a part of server 21, or may be a separate facility accessed over Internet backbone 23, or accessible in another manner.
Users 15 and 17 are illustrated as connected to an exemplary Internet-Service Provider (ISP) server 27 by way of Internet access lines 31 (user 15) and 29 (user 17). ISP server 27 is implemented in this example in a public-switched-telephony-network (PSTN) illustrated herein by cloud 13, and is accessible from anywhere in PSTN 13. PSTN 13 may instead be a private or corporate telephony network.
Internet access lines 31 and 29 may be plain-old-telephone-service (POTS) lines, integrated digital services network (ISDN) lines, digital-services-links (DSL) or any other type of Internet-access medium including cable/modem connection and wireless satellite linking. In this example, it is assumed that users 15 and 17 are using dial-up modem connections over lines 31 and 29 to access ISP 27 for Internet services as is common in the art.
ISP server 27 is illustrated as having an Internet connection to backbone 23 in Internet 11 by virtue of a digital-network-connection (DNC) 25, which represents a normal Internet connectivity between server 27 and, in this example, server 21. ISP server 27 is adapted to provide normal Internet access services as are known in the art including establishing connections to server 21 or any other connected Internet server or node. Users 15 and 17 are assumed to be active subscribers to the services offered through server 21. Therefore, it is assumed for this example that both users 15 and 17 have sensitive data (labeled user data) in each of two illustrated sections of data store 19, and managed by server 21. As previously described, such data may include credit card information and other sensitive information that must be protected from theft. In this example, all data stored in data-store 19 is in encrypted form. A software encryption/decryption program (SW) 20 is executed in server 21 for encrypting user data for storage and decrypting user data upon retrieval from storage, before transmittal to a requesting user. SW 20, in this example, may be any known encryption/decryption program. Encrypting user data stored in data store 19 provides a security to users 15 and 17 in that an outside hacker would have considerable difficulty deciphering any encrypted data stored in data store 19. In this prior art example, an encryption/decryption key illustrated as an underlined K is kept in server 21 and used to encrypt user data for storage in data store 19, or for decrypting user data retrieved from storage. It is assumed in this example that users 15 and 17 connect to sever 21 using a secure socket layer (SSL) connection when uploading or downloading sensitive data. In this way, data is encrypted during transport to and from server 21 allowing for a measure of protection from any outside attempts to intercept and decipher user data in transit. SSL techniques are well known in the art and use an encryption method (for transmitting secure data) separate from that of server 21. According to this prior art architecture, user 15 would log-on to server 21 through ISP 27 as illustrated and supply server 21 with typically a user-name and password pair. After authentication by server 21, user 15 may request a download of sensitive data stored in data store 19. Alternatively, user 15 may request to upload sensitive data to data store 19. In the first instance, server 21 would retrieve the requested and encrypted data from store 19. Then server 21 would employ K to decrypt the data before sending it over a SSL connection to user 15. The requested data would appear as clear-text data in the browser window interface employed by user 15. In the second instance, user 15, after authentication, would request to upload data. User 15 would then send the target data to server 21 over a SSL connection opened for the purpose. Server 21 would then encrypt the data using K and send it to data store 19 where it is stored in encrypted form.
A problem with this prior art implementation is that the key (K) used for encrypting and decrypting user data is stored in server 21. This allows certain otherwise trusted entities associated with the service access to user data in clear text format. Such individuals may, if motivated to do so, decrypt and steal user information stored in data store 19. Even if a strong key is chosen and implemented in this case, the scheme is still vulnerable, because the same key is used for all users, which allows an attacker to decrypt all user's data if the attacker can in some way obtain the key.
If, in this prior art example, K is individual to each client, meaning that server 21 would keep a plurality of keys equaling the number of subscribers having sensitive data stored in data store 19, the security would be somewhat enhanced. However, keys stored at the service site may still be obtained and used to decrypt and steal information. If users were charged with encrypting and decrypting their own data, their individual workstations become vulnerable by virtue of the fact that encryption/decryption software and an accompanying key would reside at such stations. Furthermore, such a configuration is often undesirable for web-based applications, whose strength precisely lies in the fact that they do not require any client-side software components (other than a standard web-browser) and/or storage of persistent (across sessions) state information or data. According to a preferred embodiment of the present invention, the inventor provides a method for encrypting and decrypting client data stored on a secure server at any WEB-based service that is security-enhanced by virtue of distributed components used in forming a key for encrypting or decrypting the data. The method and apparatus of the present invention is described in enabling detail below. Fig. 2 is a general overview of a WEB-based system storing data for and communicating with clients 15 and 17 according to an embodiment of the present invention. The architecture and physical components of this preferred embodiment are essentially the same as in Fig. 1. However, the method of encryption/decryption and communication protocols between server 21 and users 15 and 17 are markedly different and unique over current art.
For the purpose of simplicity in describing the present invention, physical elements such as hardware and connection means described in Fig. 1 retain their original element numbers provided that they have not been altered or modified to practice the present invention. All elements pertaining uniquely to the present invention are newly introduced and assigned new element numbers.
The system comprises server 21 and data store 19, and is hosted in Internet 11. Server 21 is enhanced, in this embodiment, with an encryption/decryption software (SW) 33 that has a capability of symmetrical encryption using retrieved components in combination to produce a singular key that is specific to one user's data and not to any other user's data. The exact encryption/decryption program SW 33 uses is not particularly relevant to the present invention, except for any software modifications that might be required for SW 33 to work with distributed keys.
A symmetrical encryption/decryption scheme having an encryption function C and a decryption function D may be described as follows: a) Cipher text c = C (t, K) wherein t = clear text and K = an encryption key. b) Given knowledge of K, t may be efficiently computed from c as t = D (C (t, K), K). c) Without knowledge of K, it is computationally difficult (not practical and extremely time intensive) to derive t from c.
The above language serves to illustrate a symmetrical relationship in an encryption/decryption scheme in a background sense. There are many ways to illustrate such a relationship. Moreover, the use of such a scheme in this example assumes that a secure connection protocol such as SSL is used between server 21 and users 15 and 17. A one way function is a function f (x) where function f is applied to value x to obtain value y = f(x). It is extremely difficult and time intensive to, given y, determine the value x even if f is known. One way functions are commonly used and suitable implementations thereof may be found in specification MD5 [RFC 1321] among other publications. SW 33 is a symmetrical encryption/decryption program adapted to use one way transmission functions to enhance security. However, the novel portion of the present invention presents itself in how keys are made from separate components, the components are distributed, and then retrieved for encryption/decryption purposes. For example, user 15, also labeled user A in this example, has a distributed key component labeled Ka illustrated as residing in a client-side cookie cache 16. User 17, also labeled user B in this example, has a distributed key component labeled Kb residing in a cookie cache 18. Components Ka and Kb represent parts or components of each user's encryption/decryption key ultimately used by SW 33 at server 21 for encrypting and decrypting user data. Ka and Kb in this embodiment are originally generated at server 21 on behalf of users A and B respectively, and value-added to WEB cookies using one way functions. Each WEB cookie is sent to the appropriate recipient, Ka to user 15 and Kb to user 17 the first time that either one has authenticated him or herself to server 21 (service initiation). After sending Ka and Kb to users 15 and 17 respectively, server 21 destroys all knowledge of them. Therefore, components Ka and Kb represent components only known to users A and B. In actual practice, users cannot decipher the value of their received cookie components. Moreover, server 21 does not retain knowledge of the cookie components once they are sent. Server 21 may, however, retain an encrypted (one way function) version of a user's user-name and password on file either at the server or in a connected database for authentication purposes only. This value is not the same as the one-way function value of Ka or Kb and cannot be used as a key component for encrypting or decrypting data. It is not required, however, that the service do so. An alternative authentication mechanism may be used that doesn't rely on stored, encrypted passwords, such as, for example, one-time authentication tokens. Data store 19, referring to Fig. 2, has user data for a user (a) and a user (b), as also illustrated in Fig. 1, representing the fact that encrypted data is stored for plural users. A second distributed key component for each user is also stored at or associated with data store 19, and the second distributed key component specific and unique to each user is shown in Fig. 2 as Sa and Sb. Therefore S represents a private key component generated at server 21 and in this case, stored associated with each user's data. That is to say that each user has a private S key component attributed to him or her that is known only to server 21. Alternatively, in some embodiments, S may represent a private key component, which is generic to all users but known only to server 21. S cannot be used as a complete key for encrypting or decrypting data. S may be a randomly generated line code in one embodiment. In another embodiment, S may be derived from a user's user name or select access phrase such that there is a different S for each user as described above.
The combination of Sa and Ka from user A produces Ksa illustrated at server 21. Ksa is a complete encryption and decryption key that may be used by server 21 to encrypt or decrypt any data specific to user A. Similarly, Ksb, illustrated at server 21, is a complete encryption/decryption key comprising components Sb and Kb specific to user B.
In considering practice of the present invention consider an example wherein user B has already subscribed to service 9 and has received cookie Kb illustrated in cookie cache 18. Kb, as previously described, is a one way function of user B's password and has been value-added to a cookie resulting in Kb (Kb=f(Pb)). Sb, the server's private key component, is generated and stored in data store 19, or other useful storage, as was previously described. The value of S may be a randomly generated number tagged to each specific user, or may be a single value for all users. Where S comes from is not material, just that S is not known to anyone other than the service provider and is not guessable.
Assume that the very next log- in to server 21 accomplished by user B will be for the purpose of submitting sensitive data for storage in data store 19. As no data may be encrypted and stored without Kb, Kb is sent to server 21 in a cookie after authentication. User B, after authentication and cookie exchange, uploads target data to server 21 over a SSL connection. After receiving the data to be encrypted, server 21 running SW 33 retrieves Sb from data store 19 as illustrated by a directional arrow labeled Sa, Sb and combines Sb with a Kb to produce Ksb, which is a complete encryption/decryption key only usable on data associated with user B. Server 21 running SW 33 then encrypts user data received from user B and stores the data associated with user B in data store 19.
After encrypting data sent to server 21 from user B, server 21 destroys all knowledge of Ksb and Kb. Therefore, SW 33 may not be activated to encrypt or decrypt data without participation and direction from user B. An intruder penetrating either user B's computer or server 21 cannot decrypt data belonging to B. In this way security is enhanced for user B. A tradeoff exists in that server 21 may not perform any on-line or off-line services that involve encryption and decryption of such data on behalf of user B without user B logging into server 21, passing authentication, and initiating a request, although the data may be transferred in its encrypted form.
However, many users, already skeptical of on-line services will readily welcome the added security enhancement provided by distributed key components.
Each time user B logs onto server 21, initiating a new session, Kb is generated and provided to user B, then Kb is provided back to server 21 each time a request is made during that same session. This avoids the situation where the user may, between sessions, install a new browser software (new cookie cache) or use a new computer (same result). After a new session is initiated, user B sends a request for specific data; server 21 receives the request and Kb, and retrieves the requested data from data store 19 and a copy of Sb. The encrypted data is then decrypted using key Ksb, which is a result of the combination of Kb and Sb. The decrypted data is then sent to user B over a SSL connection. SSL encryption and decryption methods are part of that service and routine for data transmission. After sending data to user B, server 21 destroys all knowledge of Ksb , and Kb. An example using User A would be the same as those described with user B.
It will be apparent to one with skill in the art that values Sa and Sb may be stored in a location other than in data store 19 without departing from the spirit and scope of the present invention as long as association for such values may be equated to the appropriate users. The Sa and Sb components may also be encrypted at server 21 and kept in a manner that makes it difficult for an intruder to find and decipher the real values. It will also be apparent to one with skill in the art that decrypted data need not be rendered as clear text in server 21 at least to the extent that it may be viewed by an entity administering server 21. For example, a software routine (not shown) may be created that provides a seamless interface between SW 33 and encryption/decryption software used by a SSL service such that data decrypted by SW 33 is immediately rendered in the encryption format used by SSL services without providing an opportunity for a clear-text display. Similarly, SW 33 may immediately encrypt data decrypted by SSL software at server 21 such that there is no opportunity for any display of clear-text data. Under these circumstances it would be virtually impossible for an intruder to view clear-text data during the processing of an application within server 21 , especially if a program prohibits writing or copying such data to any output or peripheral devices.
The method and apparatus of the present invention provides several security improvements over prior-art methods. For example, if an individual associated with server 21 were to obtain all components available such as a copy of the user-data database, private key components Sa and Sb, and user names and passwords, it would be computationally difficult for that individual to decipher any encrypted data as it would be impossible for that individual to obtain the values associated with Ka and Kb without normal routine and interface with users A and B.
An outside attack using cryptoanalytic techniques or key-space searches (known hacker techniques) to obtain keys or decrypted data could only be performed on one user at a time as each user's data is encrypted with a user-specific key. Still, such an attempt would be extremely time intensive and therefore impractical.
Using an encryption decryption key such as Ksa comprising a component only known to server 21 and a component only known to user A, in this case, provides an additional measure of security for users who choose short or easily- guessed passwords. Additionally, the use of a one-way function for combining a user's password and the service's secret key increases the difficulty of using cryptoanalytic techniques in a case where one of the components is known to an attacker. Fig. 3 is a process flow chart illustrating the encryption/decryption process interaction using distributed components according to an embodiment of the present invention. At step 35 a user logs into the server and enters user name and password P. At step 37 the server authenticates the user. At step 39 the system computes the user component key, K=f(P), and returns this component to the user, where it is stored in the user's cookie cache, associated with the user's browser program. The server then immediately discards any knowledge of K.
From this point, during a continuing session, each time the user initiates a transaction with the server, the user's key component K is sent to the server with the request. At step 40 the user initiates a transaction, and K is supplied with the request. At step 41 the server combines K with server key component S to obtain Ks= g(S,K). The server then uses the Ks key at step 41 to access the user's data an perform the requested service, after which both Ks and K are discarded at step 44.
If at step 45 the user terminates the session, K is removed from the user's cookie cache at step 47. Then, when and if the user initiates a new session, the process begins again at step 35. If at step 45 the user does not terminate, the system waits for a new request (control returns to step 40).
It has been described thus far that the server, operating according to an embodiment of the present invention, combines the distributed key components to form the key. The combination may be by any one of a variety of methods, such as simple addition, multiplication, one-way functions in two arguments, and many more. It will be apparent to one with skill in the art that the process order of steps and exact description of steps may be altered somewhat depending on embodiment without departing from the spirit and scope of the present invention. For example, if private keys are held separately from user data then a step may be added for retrieving the key from a different location.
In one embodiment of the present invention, decrypted data from storage may be sent to third parties on be-half of users over SSL connections if such services are available. In this case, a user would not receive data and could log-off after making a specific request to pull data and send it to a specified location on the network. It will also be apparent to one with skill in the art that the method of the present invention may be practiced over the Internet, over a WAN (private or corporate), over a LAN (private or corporate) or over any other DPN that may be adapted to support the required communication protocols.
It should further be apparent to one with skill in the art that a encryption/decryption key according to an embodiment of the present invention may comprise more than two key components without departing from the spirit and scope of the present invention. For example, if a user desires to send encrypted data to a third party, then each party may have one component of a complete key for data decryption. In this case, the third party would be a participant with the service in that a key component would have been previously sent to it and therefore retrievable by the service for decryption services. In this same embodiment, data sent to the service from the third party on be-half of the user may be encrypted at the service by first sending notification to the user to log on for the purpose of providing the missing component (cookie) required to complete encryption. There are many possible embodiments for practice of the present invention.
Therefore, the method and apparatus of the present invention should be afforded the broadest scope possible. The spirit and scope of the present invention should be limited only by the claims that follow.

Claims

What is claimed is:
1. A method for secure management, at a server connected on a network, of data associated with a user station remote from the server and connected on the network, comprising steps of:
(a) keeping a first component of the key at the server;
(b) keeping a second component of the key at the user's station connected to the network; and
(c) encrypting and decrypting a user's data to and from storage at the server by an encryption/decryption program requiring a key formed from the first and second components.
2. The method of claim 1 wherein the second component is created by the server and sent to the user station after initial log-in by the user, and then eliminated at the server.
3. The method of claim 2 wherein the server requires one or both of a user name and password for log-on, and the second component is created from one or both of the user's name and password.
4. The method of claim 2 wherein the second component is sent to the user station as a component of a navigation cookie, and is stored by the user station in a cookie cache.
5. The method of claim 4 wherein the second component is returned to the server as a navigation cookie each time the user accesses the service through the user station.
6. The method of claim 1 wherein, in step (c) the server forms the key from the first and second components by applying an algorithm to combine the two components.
7. The method of claim 1 further comprising a step for storing a third component at a third location, wherein, in step (c) the key is formed by combining the three components.
8. The method of claim 1 wherein the network is the Internet.
9. A method of managing data at a server connected on a network, comprising steps of:
(a) storing separate components for an encryption/decryption key at distributed locations connected on the network;
(b) retrieving the distributed components each time a data encryption or decryption is to be done; and
(c) combining the components at the server to form the encryption/decryption key.
10. The method of claim 9 further comprising a step (d) for using the key formed of the components with an encryption/decryption program to encrypt or decrypt data.
11. The method of claim 9 wherein the network is the Internet.
12. A system for storing and managing data comprising: a server connected on a network and having a data repository; a user station connected on the network; and an encryption/decryption program requiring a key, and executable on the server; wherein a first component of the key is stored at the server, a second component of the key is stored at the user station, and the server retrieves the second component and combines it with the first component to form the key each time encrypted data storage or retrieval is required.
13. The system of claim 12 wherein the second component is created by the server and sent to the user station after initial log-in by the user, and then eliminated at the server.
14. The system of claim 13 wherein the server requires one or both of a user name and password for log-on, and the second component is created from one or both of the user's name and password.
15. The system of claim 13 wherein the second component is sent to the user station as a component of a navigation cookie, and is stored by the user station in a cookie cache.
16. The system of claim 15 wherein the second component is returned to the server as a navigation cookie each time the user accesses the service through the user station.
17. The system of claim 12 wherein, the server forms the key from the first and second components by applying an algorithm to combine the two components.
18. The system of claim 12 further comprising a third component at a third location, wherein the key is formed by combining the three components.
19. The system of claim 12 wherein the network is the Internet.
20. A system for managing data comprising: a server connected to a network; and an encryption/decryption program executing on the server and requiring a key for encryption and decryption.; characterized in that separate components of the key are stored at distributed locations on the network and retrieved and combined to form the key each time encryption or decryption are required.
21. The system of claim 20 further wherein the server uses the key formed of the components with the encryption/decryption program to encrypt or decrypt data.
22. The system of claim 20 wherein the network is the Internet.
PCT/US2000/042179 2000-01-18 2000-11-14 Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components WO2001054342A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001245065A AU2001245065A1 (en) 2000-01-18 2000-11-14 Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US48449600A 2000-01-18 2000-01-18
US09/484,496 2000-01-18

Publications (1)

Publication Number Publication Date
WO2001054342A1 true WO2001054342A1 (en) 2001-07-26

Family

ID=23924394

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/042179 WO2001054342A1 (en) 2000-01-18 2000-11-14 Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components

Country Status (2)

Country Link
AU (1) AU2001245065A1 (en)
WO (1) WO2001054342A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2832575A1 (en) * 2001-11-19 2003-05-23 Nupha Method for carrying out secure transactions over a network, especially using a mobile phone, whereby an audio, video or document file is encrypted with a purchase issued a corresponding encryption key
US7461262B1 (en) * 2002-03-19 2008-12-02 Cisco Technology, Inc. Methods and apparatus for providing security in a caching device
WO2011135529A3 (en) * 2010-04-27 2012-01-19 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for providing secure access to cloud computing for mobile users
WO2013087459A1 (en) * 2011-12-13 2013-06-20 Telefonica, S.A. Method and system to perform secure data storage of information
US9008610B2 (en) 2010-12-17 2015-04-14 Microsoft Corporation Operating system supporting cost aware applications
US9801074B2 (en) 2010-12-09 2017-10-24 Microsoft Technology Licensing, Llc Cognitive use of multiple regulatory domains
US9813466B2 (en) 2010-12-14 2017-11-07 Microsoft Technology Licensing, Llc Direct connection with side channel control
US9870028B2 (en) 2010-12-06 2018-01-16 Microsoft Technology Licensing, Llc Universal dock for context sensitive computing device
US9998522B2 (en) 2010-12-16 2018-06-12 Microsoft Technology Licensing, Llc Fast join of peer to peer group with power saving mode
CN110391900A (en) * 2019-07-04 2019-10-29 晋商博创(北京)科技有限公司 Private key processing method, terminal and cipher key center based on SM2 algorithm
US10575174B2 (en) 2010-12-16 2020-02-25 Microsoft Technology Licensing, Llc Secure protocol for peer-to-peer network
WO2022146377A1 (en) * 2020-12-30 2022-07-07 M.B.I.S Bilgisayar Otomasyon Danismanlik Ve Egitim Hizmetleri Sanayi Ticaret Anonim Sirketi A system for encrypting and tracking personal data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963915A (en) * 1996-02-21 1999-10-05 Infoseek Corporation Secure, convenient and efficient system and method of performing trans-internet purchase transactions
US5966441A (en) * 1996-11-18 1999-10-12 Apple Computer, Inc. Method and apparatus for creating a secure autonomous network entity of a network component system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963915A (en) * 1996-02-21 1999-10-05 Infoseek Corporation Secure, convenient and efficient system and method of performing trans-internet purchase transactions
US5966441A (en) * 1996-11-18 1999-10-12 Apple Computer, Inc. Method and apparatus for creating a secure autonomous network entity of a network component system

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2832575A1 (en) * 2001-11-19 2003-05-23 Nupha Method for carrying out secure transactions over a network, especially using a mobile phone, whereby an audio, video or document file is encrypted with a purchase issued a corresponding encryption key
US7461262B1 (en) * 2002-03-19 2008-12-02 Cisco Technology, Inc. Methods and apparatus for providing security in a caching device
WO2011135529A3 (en) * 2010-04-27 2012-01-19 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for providing secure access to cloud computing for mobile users
US9870028B2 (en) 2010-12-06 2018-01-16 Microsoft Technology Licensing, Llc Universal dock for context sensitive computing device
US9801074B2 (en) 2010-12-09 2017-10-24 Microsoft Technology Licensing, Llc Cognitive use of multiple regulatory domains
US9813466B2 (en) 2010-12-14 2017-11-07 Microsoft Technology Licensing, Llc Direct connection with side channel control
US9998522B2 (en) 2010-12-16 2018-06-12 Microsoft Technology Licensing, Llc Fast join of peer to peer group with power saving mode
US10575174B2 (en) 2010-12-16 2020-02-25 Microsoft Technology Licensing, Llc Secure protocol for peer-to-peer network
US10044515B2 (en) 2010-12-17 2018-08-07 Microsoft Technology Licensing, Llc Operating system supporting cost aware applications
US9008610B2 (en) 2010-12-17 2015-04-14 Microsoft Corporation Operating system supporting cost aware applications
WO2013087459A1 (en) * 2011-12-13 2013-06-20 Telefonica, S.A. Method and system to perform secure data storage of information
CN110391900A (en) * 2019-07-04 2019-10-29 晋商博创(北京)科技有限公司 Private key processing method, terminal and cipher key center based on SM2 algorithm
CN110391900B (en) * 2019-07-04 2022-03-01 晋商博创(北京)科技有限公司 Private key processing method based on SM2 algorithm, terminal and key center
WO2022146377A1 (en) * 2020-12-30 2022-07-07 M.B.I.S Bilgisayar Otomasyon Danismanlik Ve Egitim Hizmetleri Sanayi Ticaret Anonim Sirketi A system for encrypting and tracking personal data

Also Published As

Publication number Publication date
AU2001245065A1 (en) 2001-07-31

Similar Documents

Publication Publication Date Title
US9619632B2 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
US6374359B1 (en) Dynamic use and validation of HTTP cookies for authentication
KR100800339B1 (en) Method and system for user-determined authentication and single-sign-on in a federated environment
US6601169B2 (en) Key-based secure network user states
AU2002315013B9 (en) Authentication of a user across communication sessions
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
US7197568B2 (en) Secure cache of web session information using web browser cookies
CN1701295B (en) Method and system for a single-sign-on access to a computer grid
US20030163691A1 (en) System and method for authenticating sessions and other transactions
EP1449347B1 (en) Key management protocol and authentication system for secure internet protocol rights management architecture
US20160149873A1 (en) Electronic commerce with cryptographic authentication
US6941454B1 (en) System and method of sending and receiving secure data with a shared key
US20030079143A1 (en) One pass security
JP2001511982A (en) Method for executing confidential remote instructions
US20030188201A1 (en) Method and system for securing access to passwords in a computing network environment
JP2003501715A (en) Exchange of sensitive data between data processing systems
AU1261595A (en) Method for providing mutual authentication of a user and a server on a network
CN107872455A (en) A kind of cross-domain single login system and its method
WO2001054342A1 (en) Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components
EP1243097A1 (en) Method and apparatus for a revolving encrypting and decrypting process
JPH10154977A (en) User certification system and method therefor
CA2312967C (en) System and method of sending and receiving secure data with a shared key
WO2002095545A2 (en) System and method for secure and private communication
Luo et al. A common password method for protection of multiple accounts
JP2001268067A (en) Key recovery method and key management system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase