`(12) Patent Application Publication (10) Pub. No.: US 2002/0112167 A1
`
`Boneh et al.
`(43) Pub. Date:
`Aug. 15, 2002
`
`US 20020112167A1
`
`(54) METHOD AND APPARATUS FOR
`TRANSPARENT ENCRYPTION
`
`Publication Classification
`
`(76)
`
`Inventors: Dan Boneh, Palo Alto, CA (US);
`Rajeev Chana, Union City, CA (US);
`Alan Frindell, Mountain View, CA
`
`(US); Eu-Jin Goh, San Carlos, CA
`(US); Nagendra Modadugu, Menlo
`Park, CA (US); Panagiotis Tsirigotis,
`Mountain View, CA (US)
`
`Correspondence Address:
`PERKINS COIE LLP
`PO. BOX 2168
`MENLO PARK, CA 94026 (US)
`
`(21) Appl. NO"
`(22)
`Filed:
`
`10/038’169
`Jan. 2’ 2002
`
`Related US, Application Data
`
`(60) Provisional application No. 60/259,754, filed on Jan.
`4, 2001. Provisional application No. 60/259,786, filed
`on Jan. 4, 2001.
`
`Int. C].7 ....................................................... H04K 1/00
`(51)
`(52) U.S.Cl.
`.............................................................. 713/182
`
`(57)
`
`ABSTRACT
`
`A method and apparatus are provided for protecting sensi-
`tive information within server or other computing environ-
`ments. Numerous electronic requests addressed to a server
`system are received over network couplings and evaluated.
`The evaluation scans for sensitive information including
`credit card information and private user information. Upon
`detecting sensitive data, cryptographic operations
`are
`applied to the sensitive data. When the sensitive data is being
`transferred to the server system, the cryptographic opera-
`tions encrypt the sensitive data prior to transfer among
`components of the server system. When sensitive data is
`being transferred from the server system, the cryptographic
`operations decrypt the sensitive data prior to transfer among
`the network couplings. 'l'he cryptographic operations also
`include hash, and keyed hash operations.
`
`40%
`
`
`
`
`SERVER
`SYSTEM <—> APPLIANCE
`<———>
`104
`
`
`KEYS m
`
`5.01
`BACKEND
`SITE
`
`NETWORK
`406
`
`m
`
`BACK-END
`SITE
`
`
`APPLIANCE <———>
`
`
`KEYS M
`
`S106
`CLIENT
`BROWSER
`
`NETWORK
`L95—
`
`
`
`
`CLIENT
`BROWSER
`
`I06
`
`1
`
`GOOGLE 1014
`
`GOOGLE 1014
`
`1
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 1 0f 6
`
`US 2002/0112167 A1
`
`
`
`mezommmgmw2:Hzmm<mmz<~=
`
`
`
`‘325.5%
`
`«5—
`
`Emzo
`
`«333m
`
`NS
`
`o._
`
`mo<n_~_m._.2_mm“:
`
`oo—
`
`#293
`
`«museum
`
`cc—
`
`2
`
`
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 2 0f 6
`
`US 2002/0112167 A1
`
`55352
`
`weal.
`
`mm
`
`mczSEnEm...
`
`§
`
`325.5%m...
`
`NU:
`
`$5339:
`
`o_N
`
`mmm<m<h<o
`
`o.
`
`
`
`55>”mm>mmm
`
`08
`
`3
`
`
`
`
`
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 3 0f 6
`
`US 2002/0112167 A1
`
`RECEIVE REQUEST INCLUDING SENSITIVE DATA
`
`302
`
`EVALUATE REQUEST
`
`304
`
`306
`
`308
`
`310
`
`ENCRYPT DETECTED SENSITIVE DATA
`
`TRANSFER ENCRYPTED SENSITIVE DATA
`T0 SERVER ENVIRONMENT
`
`RECEIVE REQUEST FOR SENSITIVE DATA
`
`DECRYPT SENSITIVE DATA
`
`312
`
`PROVIDE DECRYPTED SENSITIVE DATA
`
`T0 REQUESTING THIRD-PARTY
`
`
`
`314
`
`
`
`
`
`Hg. 5
`
`4
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 4 0f 6
`
`US 2002/0112167 A1
`
`co—
`
`EEG
`
`«3,30%
`
`eo—
`
`Hzmzo
`
`amazomm
`
`xmozm2
`
`wal—
`
`325:“?A|V
`
`a
`
`$3.3
`
`2955
`
`wola
`
`E.
`
`mozSEAE
`
`xmozcmz
`
`wfi
`
`§
`
`$23.35
`
`Ea
`
`wv:
`
`flowM3.8
`00¢azm.v_o<m
`
`5
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 5 0f 6
`
`US 2002/0112167 A1
`
`RECEIVE REQUEST INCLUDING CREDIT CARD NUMBER
`
`502
`
`
`
`IDENTIFY SENSITIVE INFORMATION TAGS
`
`
`
`504
`
`
`
`ENCRYPT CREDIT CARD NUMBER USING PUBLIC KEY
`
`
`
`SEND ENCRYPTED NUMBER TO ISSUER
`
`
`
`
`
`506
`
`
`
`508
`
`
`
`
`
`
`DECRYPT ENCRYPTED NUMBER
`
`510
`
`Fig. 5
`
`6
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 6 0f 6
`
`US 2002/0112167 A1
`
`
`
`
`
`RECEIVE REQUEST INCLUDING PASSWORD
`
`
`
`DETECT USER PASSWORD FIELD
`
`
`
`REPLACE PASSWORD WITH KEYED HASH FUNCTION
`
`602
`
`
`
`604
`
`
`
`606
`
`
`
`
`
`
`STORE KEYED HASH FUNCTION
`
`608
`
`
`
`
`
`Fla. 6
`
`7
`
`
`
`US 2002/0112167 A1
`
`Aug. 15, 2002
`
`METHOD AND APPARATUS FOR TRANSPARENT
`ENCRYPTION
`
`[0010] FIG. 3 is a flow diagram of transparent encryption
`used in the embodiments.
`
`RELATED APPLICATIONS
`
`[0001] This application claims the benefit of US. Patent
`Application Nos. 60/259,754 and 60/259,786 filed Jan. 4,
`2001, Ser. Nos. 09/877,302 and 09/877,655 filed Jun. 8,
`2001, and Ser. No. 09/901,350 filed Jul. 9, 2001, all of which
`are currently pending.
`
`TECHNICAL FIELD
`
`[0002] The claimed invention relates to the field of data
`security. In particular, the claimed invention relates to secur-
`ing sensitive user data in a server system.
`
`BACKGROUND
`
`[0003] World Wide Web sites, or web sites, dealing with
`secure content use various mechanisms to protect this con-
`tent. For example, electronic commerce, or e-commerce,
`web sites use a variety of mechanisms to protect user credit
`card numbers and user passwords. Most often, these sites
`use the Secure Socket Layer (SSL) protocol to protect all
`sensitive data while it is in transit on the Internet among
`customer computers and browsers and the web site.
`
`[0004] The SSL is a typical security protocol used on the
`web. The SSL protects data while it is in the network by
`encrypting it using a session-key known only to the web
`server and the client computer. The data is decrypted as soon
`as it reaches the web server. The web server processes the
`data (e.g., validating the credit card number) and then often
`stores it in a server database.
`
`[0005] Unfortunately, however, many web servers store
`sensitive data in the clear, or in an unencrypted state, in an
`associated server database. As a result, this database is a
`prime target for hackers. Hackers have broken into web
`server databases, thereby compromising many credit card
`numbers and privatc uscr/customcr information. These com-
`promises are expensive for both electronic retailers and their
`customers.
`
`[0006] While SSL protects transitory data in the network,
`it does not protect data once it reaches a web site and while
`it resides on the associated web servers. A different archi-
`
`tecture is needed to protect data at the server site. Indeed,
`web sites should ensure that sensitive data stored in their
`
`database is always encrypted. However, any such system
`must permit efficient communication and not create bottle-
`necks that will annoy or discourage users of the network. If
`a security system does create bottlenecks, it could discour-
`age or divert customers from the web site.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`[0011] FIG. 4 is a block diagram of a system architecture
`400 including one TE Appliance 102 on a site front-end, and
`one TE Appliance on the site back-end, under an alternate
`embodiment.
`
`[0012] FIG. 5 is a flow diagram of transparent encryption
`under an alternative embodiment using a public key.
`
`[0013] FIG. 6 is a flow diagram of transparent encryption
`under an alternative embodiment that protects user pass-
`words against dictionary attacks.
`
`In the drawings, the same reference numbers iden-
`[0014]
`tify identical or substantially similar elements or acts. To
`easily identify the discussion of any particular clcmcnt or
`act, the most significant digit or digits in a reference number
`refer to the Figure number in which that element is first
`introduced (e.g., element 108 is first introduced and dis-
`cussed with respect to FIG. 1).
`
`[0015] Any headings used herein are for convenience only
`and do not affect
`the scope or meaning of the claimed
`invention.
`
`DETAILED DESCRIPTION OF THE
`ILLUSTRATED EMBODIMENTS
`
`[0016] A method and apparatus are provided for transpar-
`ently protecting sensitive data within a server system or
`environment. Data entering and leaving a server site are
`evaluated for sensitive data. The sensitive data includes, e. g.,
`credit card numbers and information, account numbers and
`information, and any other personal information of a cus-
`tomer or user that is of a sensitive nature, including birth
`date, social security number, and information related to user
`passwords. Upon detection of sensitive data, cryptographic
`operations are applied to the data. Cryptographic operations
`include encrypting sensitive data transferred to the server
`system. Cryptographic operations also include decrypting
`encrypted sensitive data transferred from the server system
`en-route to a third party system. Further, cryptographic
`operations include hashing and keyed hashing of password
`data received at the server system. Moreover, cryptographic
`operations provide integrity for cookies.
`
`[0017] The transparent protection is provided in an appli-
`ance of an embodiment that is separate from the server
`equipment. This appliance is coupled to the server systems
`and the data networks so that the server systems require no
`modification. In this manner, web site operators can install
`the appliances between their servers and the associated
`network connections without installing new hardware or
`software or modifying existing hardware or software on
`their servers.
`
`[0007] The accompanying figures illustrate embodiments
`of the claimed invention. In the figures:
`
`[0008] FIG. 1 is a block diagram of a system architecture
`including a Transparent Encryption Appliance, under one
`embodiment.
`
`[0009] FIG. 2 is a block diagram of a system architecture
`including Transparent Encryption Appliances, under an
`alternate embodiment.
`
`In the description herein, numerous specific details
`[0018]
`are included to provide a thorough understanding of, and
`enabling description for, embodiments of the invention. One
`skilled in the relevant art, however, will recognize that the
`invention can be practiced without one or more of the
`specific details, or with other fields, cxprcssions, mcthods,
`etc. In other instances, well-known structures or operations
`are not shown, or are not described in detail,
`to avoid
`obscuring aspects of the invention.
`
`8
`
`
`
`US 2002/0112167 A1
`
`Aug. 15, 2002
`
`[0019] Unless described otherwise below, the construction
`and operation of the various blocks shown in FIGS. 1 and
`2 are of conventional design. As a result, such blocks need
`not be described in further detail herein, because they will be
`understood by those skilled in the relevant art. Such further
`detail is omitted for brevity and so as not to obscure the
`detailed description of the invention. Any modifications
`necessary to these blocks, or other embodiments, can be
`readily made by one skilled in the relevant art based on the
`detailed description provided herein.
`
`[0020] Each of the blocks depicted in the flowchart herein
`is of a type well known in the art, and can itself include a
`sequence of operations that need not be described herein.
`Indeed, unless described otherwise herein,
`the blocks
`depicted in the Figures are well known or described in detail
`in the above-noted and cross-referenced patent applications.
`Indeed, much of the detailed description provided herein is
`explicitly disclosed in the provisional patent applications;
`most or all of the additional material of aspects of the
`invention will be recognized by those skilled in the relevant
`art as being inherent in the detailed description provided in
`such provisional patent applications, or well known to those
`skilled in the relevant art. Those skilled in the relevant art
`
`can implement aspects of the invention based on the flow-
`chart of FIG. 3 and the detailed description provided in the
`patent applications. For example, those skilled in the rel—
`evant art can create source code, microcode, program logic
`arrays or otherwise implement aspects of the invention
`based on these flowchart and the detailed description pro-
`vided herein. Any routines may be stored in non-volatile
`memory (not shown) that forms part of an associated pro-
`cessor, or can be stored in removable media, such as disks,
`or hardwired or preprogrammed in chips, such as EEPROM
`or flash semiconductor memory chips.
`
`[0021] Those skilled in the relevant art will appreciate that
`the routines and other functions and methods described
`
`herein can be performed by or distributed among any of the
`components described herein. While many of the embodi-
`ments are shown and described as being implemented in
`hardware (e.g., one or more integrated circuits designed
`specifically for a task), such embodiments could equally be
`implemented in software and be performed by one or more
`processors. Such software can be stored on any suitable
`computer-readable medium, such as microcode stored in a
`semiconductor chip, on a computer-readable disk, or down-
`loaded from a server and stored locally at a client.
`
`[0022] The Secure Socket Layer (“SSL”) is a protocol that
`uses a significant amount of host server computing power.
`Many web sites use a security appliance or specially
`designed hardware device to manage the SSL traffic in order
`to offload some SSL work from the web servers. The
`
`security appliance is used coupled between the web server
`and the network connections, and handles the computations
`that support SSL connections.
`
`[0023] A Transparent Encryption Appliance (“TE Appli-
`ance”) is provided that provides backend database security
`at a web site, thereby protecting sensitive customer data
`stored and managed by the host web site systems and
`servers. The TE Appliance provides enhanced functionality
`in the form of transparent encryption to a security appliance.
`
`[0024] FIG. 1 is a block diagram of a system architecture
`100 including a TE Appliance 102, under one embodiment.
`
`The TE Appliance 102 is coupled to a host web site or server
`system 104, and to numerous client computers and browsers
`106 via at least one network 108. The network 108 includes
`
`the Internet as well as other wired, wireless, and hybrid
`network types, and may include independent networks,
`proprietary networks, or back plane networks, but is not so
`limited. Data transferred between the client computers 106
`and the server system 104 passes through the TE Appliance
`102. This includes both cleartext transactions, or Hypertext
`Transfer Protocol (“HTTP”) transactions, and encrypted
`(SSL) transactions, as explained below. The TE Appliance
`may include a user interface 110. Also, the TE Appliance
`may include keys 120 of differing types.
`[0025] FIG. 2 is a block diagram of a system architecture
`200 including Transparent Encryption Appliances 202 and
`204, under an alternate embodiment. A first TE Appliance
`202 is coupled to receive data transferred from numerous
`client computers and browsers (not shown) via the network
`108. The received data is encrypted or hashed by the first TE
`Appliance 202, as appropriate to the type of data received,
`and the encrypted or hashed data is provided to the server
`system 104. As such, only encrypted or hashed data is
`available within the server system, in particular, in server
`system databases 210.
`[0026] A second TE Appliance 204 is coupled to receive
`data transferred from the server system 104 to third party or
`other electronic systems (not shown) via the network 108.
`The data requested by the third party system is decrypted by
`the second TE Appliance 204.
`[0027] The functionality provided by the TE Appliances of
`both embodiments can be hosted on dedicated network
`appliances as shown in FIGS. 1 and 2, but is not so limited.
`The transparent encryption functions can also be performed
`by, or distributed among any combination of, the host web
`site server systems 104 and 208, numerous client processing
`devices and browsers 106 coupled to the network, and any
`of the associated network components.
`[0028] The TE Appliance of an embodiment can reside at
`the same physical location as the server systems that it
`supports or at different physical locations. Further, a TE
`Appliance may be configured to provide support to multiple
`server systems. It is also possible that the functions provided
`by the TE Appliance of an embodiment are distributed
`among numerous processing devices at numerous physical
`locations.
`
`[0029] FIG. 3 is a flow diagram of transparent encryption
`of both embodiments.
`In operation,
`the TE Appliance
`receives electronic transaction queries from client browsers
`and other electronic systems in block 302. The TE Appli-
`ance, in block 304, evaluates the requests entering the site.
`The evaluating or scanning functionality works with typical
`web encodings
`including Uniform Resource Identifier
`(“URI”)
`encoding and Extensible Markup Language
`(“XML”) encoding, but is not so limited. When the TE
`Appliance identifies tags indicating that the associated data
`is sensitive, it applies an appropriate cryptographic opera-
`tion to the data within these tags, in block 306. For example,
`incoming sensitive data is encrypted using knoan encryp-
`tion algorithms such as know public key infrastructure
`(“PKI”) encryption algorithms or the Data Encryption Stan-
`dard (“DES”). The resulting data is then, in block 308,
`routed to the appropriate component of the backend system
`or network.
`
`9
`
`
`
`US 2002/0112167 A1
`
`Aug. 15, 2002
`
`[0030] The server environment, and the corresponding TE
`Appliances, also receive electronic information requests for
`sensitive data from third-party systems, in block 310, via
`network couplings with the
`third-party systems. For
`example,
`in the case of a purchase transaction, sensitive
`information including credit card information would have to
`be cleared with a financial institution before approving the
`purchase transaction. Upon receiving the request, encrypted
`sensitive data is retrieved and decrypted, in block 312. Once
`decrypted,
`the sensitive information is provided to the
`requesting third party in block 314, generally over a secure
`connection.
`
`In an embodiment of the transparent encryption
`[0031]
`architecture, regular expressions are used to identify fields
`containing sensitive user information. For example,
`the
`regular expression “"7.*” is used to match any string that
`begins with “7”, such as7password. Other forms of
`identifying sensitive fields, however, are also possible.
`
`[0032] Transparent encryption can be applied to various
`messages in the HTTP protocol including, but not limited to,
`POST messages, GET messages, and HTML responses. The
`examples described herein illustrate the application of trans-
`parent encryption to HTML-encoded data. The same mecha-
`nism can be applied to other encodings, such as XML—
`encoded data, or data encoded in other formats, such as in
`other mark-up language formats.
`
`[0033] An example application of transparent encryption
`includes POST ENCRYPT operations, wherein a POST
`body is received from a client of the form
`
`“&7password=mysecretpassword&7
`[0034]
`password_op=ENCRYPT&7password_key=
`bank_key&7password_rewrite=pwd”,
`
`but is not so limited. The “7password” field
`[0035]
`portion supplies the user password The
`’portion
`indicates that
`this field is to be processed by the TE
`Appliance. The field portion including‘7‘password_op=
`ENCRYPT” indicates that the data in the “7password”
`fields is to be encrypted. The field portion including
`“7password_key=bank_key” provides the key name for
`use in encrypting the password. The field portion including
`“7password_rewrite=pwd” indicates that after transparent
`encryption processing,
`the
`field name changes
`from
`“7password” to “pwd”. Following transparent encryption
`processing the POST request body of an embodiment has the
`form "pwd=A124FFC9B306B1234AE”.
`
`[0036] An example application of transparent encryption
`further includes POST DECRYPT operations, wherein a
`POST body is received from a client of the form
`
`“&7password=
`[0037]
`A124FFC9B306B 1234AE&7p assword_op=DE-
`CRYPT&7p assword_rewrite =pwd”,
`
`but is not so limited The “7password” field
`[0038]
`portion supplies the user password. The‘
`’portion
`indicates that
`this field is to be processed by the TE
`Appliance. The field portion including‘‘7password_op=
`DECRYPT” indicates that the data in the“7password”
`fields is to be decrypted. The field portion including
`“7password_rewrite=pwd” indicates that after transparent
`encryption processing,
`the
`field name changes
`from
`“7password” to “pwd”. Following transparent encryption
`
`processing the POST body of an embodiment is of the form
`“vad=mysecretpassword”. It is noted that there is no need
`for a “7password_key” field since the cyphertext gener-
`ated during the POST ENCRYPT operation identifies the
`key used to create the cyphertext.
`
`[0039] An example application of transparent encryption
`also includes GET operations, wherein an original request is
`of the form
`
`“GET/foo.html?7password=mysecretpass-
`[0040]
`word&7p assword_op =ENCRYPT&7pass-
`word_key=b ank_key&7p assword_rewrite=pass-
`word”,
`but is not so limited. The “7password” field
`[0041]
`portion supplies the user password. The “7” portion
`indicates that
`this field is to be processed by the TE
`Appliance. The field portion including “7password_op=
`ENCRYPT” indicates that the data in the “7password”
`fields
`is to be encrypted. The field portion including
`"7password_key=bank_key” provides the key name for
`use in encrypting the password. The field portion including
`“7password_rewrite=pwd” indicates that after transparent
`encryption processing,
`the
`field name changes
`from
`“
`password” to “pwd”. Following transparent encryption
`processing the GET request body of an embodiment has the
`form
`“GET/foo.html?password=
`A124FFC9B306B1234AE”.
`
`[0042] An example application of transparent encryption
`includes HTML responses, wherein a string similar to the
`POST request body is inserted inside an IITML comment.
`The original response from a web server is of the form “<b>
`credit
`card:
`</b>
`< ! --&7creditcard=
`A1CDF986FBC15456&7creditcard_op=DE-
`CRYPT&7crediteard_key=bank_key -->”. It is noted that
`specification of an encryption key in this original response
`example is not required as the cyphertext of an embodiment
`may include encoded key identifiers. Following transparent
`encryption processing, the HTML response is of the form
`“<b>credit card:</b> 1234 4567 1234 4567”, but is not so
`limited.
`
`[0043] The HTML files can be rather large files, so pro-
`cessing of these files may slow the TE Appliance. As such,
`the TE Appliance allows the administrator to restrict the
`URLs to which HTML response filtering is applied. There—
`fore, the administrator provides a list of regular expressions,
`and any URL matching any of these regular expressions that
`will be processed by the TE Appliance, such as the “7
`expressions noted above.
`
`the administrator can specify that
`[0044] Furthermore,
`transparent encryption processing should only be applied to
`a particular number, X, of bytes of the HTML file. The
`number X is generally on the order of 128 bytes indicating
`that all fields to which TE processing should be applied
`reside in the first 128 bytes of the HTML file, but
`the
`embodiment is not so limited. This value can be set at a large
`number indicating the entire HTML file is to be searched.
`
`[0045] With reference to FIG. 1, the TE Appliance 102 of
`an embodiment includes a user interface 110, but is not so
`limited. The user interface 110 enables the loading of
`symmetric encryption/decryption keys 120 onto the TE
`Appliance 102. It also enables the loading of public keys 120
`onto the TE Appliance 102. Each key 120 is identified by a
`key-name.
`
`10
`
`10
`
`
`
`US 2002/0112167 A1
`
`Aug. 15, 2002
`
`[0046] The user interface also displays a fingerprint (hash)
`of all transparent encryption keys currently installed on the
`TE appliance. This enables a third party to apply the same
`hash function to the keys installed on the TE appliance,
`compare the hash result to previously computed and stored
`hash values for the stored key and verify that the correct
`keys are installed.
`
`the user interface enables a user or
`[0047] Moreover,
`administrator to specify the list of fields to be processed by
`the TE Appliance. This is a list of regular expressions that
`identify Transparent Encryption fields. For example, setting
`“A
`.*” as a delimiter implies that any field matching the
`regular expression “"75” is a Transparent Encryption
`field. For example, “ipassword” and “icrcditcard” will
`be processed.
`
`[0048] The user interface also allows an administrator to
`specify access controls to various keys installed on the
`module. For example, with reference to FIG. 2, the admin-
`istrator is able to specify that on TE Appliance 202 the key
`bank-key can only be used for encryption, while on TE
`Appliance 204 the bank-key can only be used for decryption.
`Thus, sites using two TE Appliances can specify that one TE
`Appliance is used for encryption, while the other is used for
`decryption.
`
`[0049] Transparent encryption on a TE Appliance or web
`security appliance has many important applications. These
`applications include, but are not limited to, protecting credit
`card numbers/information, protecting sensitive user infor-
`mation, protecting passwords, providing integrity for cook-
`ies, and functioning as a key server.
`information, such as
`[0050] Protecting sensitive user
`credit card numbers/information and bank account numbers/
`information,
`is a most natural application for transparent
`encryption. FIG. 4 is a block diagram of a system architec-
`ture 400 including one TE Appliance 102 on a site front-end,
`and one TE Appliance on the site back-end, under an
`alternate embodiment.
`
`[0051] The front-end TE Appliance 102 of an embodiment
`is configured to inspect all requests entering the site via the
`network 108 and the client browsers 106. When a user
`request contains sensitive user data, the TE Appliance 102 is
`configured to encrypt the data using one of the installed keys
`402. The server system 104 receives only the encrypted data.
`This encrypted data is stored in at
`least one database
`associated with the host web site 104.
`
`[0052] The backend systems 404 connected to the server
`system 104 often need access to the sensitive user data. For
`example, with credit card numbers, the server system 104, or
`web site, often has to send the numbers to a financial
`clearing house 404 during the course of a transaction.
`Therefore, the server system 104 uses another TE Appliance
`204 at the back-end. The back-end TE Appliance 204 of an
`embodiment is configured to use the installed keys 402 to
`decrypt all sensitive data passing through it cnroutc to the
`network 406 and back-end systems 404. This way, the credit
`card number is decrypted immediately before it is sent to the
`clearing house 404. Again, none of the host web site internal
`systems 104 see the unencrypted credit card number. The
`network 406 can be a proprietary network, or can be the
`same type as network 108.
`[0053] FIG. 5 is a flow diagram of transparent encryption
`of an alternative embodiment using a public key. The TE
`
`Appliance of the alternative embodiment receives a request
`including a credit card number, at block 502. The TE
`Appliance identifies the sensitive information tags associ-
`ated with the credit card number, at block 504, and encrypts
`the credit card number using an issuer’s, or acquirer’s,
`public key, under block 506. The web site sends the
`encrypted credit card number to the issuer, at block 508, and
`the issuer decrypts the number, at block 510. The issuer
`clears the transaction using the decrypted number. In this
`transaction, the web site never sees credit card numbers in
`the clear. This eliminates the risk of hackers breaking into
`the site and exposing customer credit card numbers.
`
`[0054] FIG. 6 is a flow diagram of transparent encryption
`of an alternative embodiment that protects user passwords
`against dictionary attacks. This function is realized when a
`front—end TE Appliance is configured to receive, under block
`602, and inspect all user requests. When the TE Appliance
`detects a user password field, at block 604, it replaces the
`actual password “pwd” with a keyed hash function of the
`password Hkfiywd), under block 606. Any of a number of
`standard keyed hash functions (also known as message
`authentication code (“MAC”) functions) can be used, for
`example HMAC-SHAl. The keyed hash function is stored
`in the server system, under block 608.
`
`[0055] Referring to FIG. 1, the hashing key 120 is pre-
`installed on the TE Appliance 102, but is not so limited. The
`hashed password is stored in the host web site 104 database.
`When a user logs in, the user provides the password as part
`of the user’s request. The TE Appliance 102 detects the
`password and again applies the keyed hash function to the
`received password. The web site 104 then compares the
`hashed password to the value stored in the database, and
`authorizes the login if the two hashcs match.
`
`[0056] As a result of using this scheme, hackers that
`successfully break into the database only recover hashed
`passwords. Hashed passwords do not assist the hacker in
`logging into the site. Furthermore, the hacker is not able to
`mount an offline dictionary attack on the hashed passwords
`because the hacker does not have the key or keys used by the
`TE Appliance to hash the passwords. Hence, the TE Appli-
`ance prevents dictionary attacks on user passwords.
`
`[0057] The TE Appliance of an embodiment also provides
`integrity for HTTP cookies. Typically, the HTTP cookies are
`used to store state on a user’s web browser. The web site can
`send a cookie to the user and then retrieve the cookie from
`the user at a later time. Unfortunately, there is no mechanism
`for ensuring that users do not maliciously modify cookies
`while they reside on the user’s machine. The TE Appliance
`can be used to overcome this problem.
`
`[0058] When a web site sends a cookie to the user the TE
`Appliance appends a checksum or MAC to the cookie.
`When the user sends the cookie back to the site the TE
`Appliance can verify the checksum/MAC. If the checksum/
`MAC is not verified, the TE Appliance rejects the user’s
`request. Otherwise, it forwards the user’s request into the
`web site.
`
`[0059] Web site administrators frequently place all secret
`keys on a single server called a key server. When a pro-
`cessing component of the site needs to apply cryptographic
`operations to data (e.g., encrypt, decrypt, or MAC),
`the
`processing component contacts the key server and requests
`
`11
`
`11
`
`
`
`US 2002/0112167 A1
`
`Aug. 15, 2002
`
`that the key server perform this task. Currently there are no
`standard protocols for communicating with a key server
`Each site implements a site-specific mechanism.
`
`[0060] The TE Appliance of an embodiment functions as
`a key server. This is accomplished by installing the site’s
`secret keys on the TE Appliance. The site’s processing
`components or processors
`then issue standard HTTP
`requests to the TE Appliance in order to encrypt, decrypt, or
`MAC specified data. The response from the TE Appliance
`also uses the standard HTTP protocol. Hence,
`the TE
`Appliance is a convenient way for implementing a key
`server using standard web protocols.
`
`[0061] FIGS. 1 and 2 and the discussion herein provide a
`brief, general description of a suitable computing environ-
`ment in which aspects of the invention can be implemented.
`Although not required, embodiments of the invention are
`described in the general context of computer-executable
`instructions, such as routines executed by a general purpose
`computer (e. g., a server or personal computer). Those skilled
`in the relevant art will appreciate that aspects of the inven-
`tion can be practiced with other computer system configu-
`rations, including Internet appliances, hand-held devices,
`wearable computers, cellular or mobile phones, multi-pro-
`cessor systems, microprocessor-based or programmable
`consumer electronics, set-top boxes, network PCs, mini-
`computers, mainframe computers and the like. Aspects of
`the invention can be embodied in a special purpose com-
`puter or data processor that
`is specifically programmed,
`configured or constructed to perform one or more of the
`computer-executable instructions explained in detail below.
`Indeed, the term “computer,” as used generally herein, refers
`to any of the above devices, as well as any data processor.
`Further, the term “processor” as generally used herein refers
`to any logic processing unit, such as one or more central
`processing units (CPUs), digital signal processors (DSPs),
`application-specific integrated circuits (ASlC), etc.
`
`[0062] Aspects of the invention can also be practiced in
`distributed computing environments where certain tasks or
`modules are performed by remote processing devices and
`which are linked through a communications network, such
`as a Local Area Network (“ AN”), Metropolitan Area
`Network (“MAN”), Wide Area Network (“WAN”), or the
`Internet. In a distributed computing environment, program
`modules or sub-routines may be located in both local and
`remote memory storage devices. Aspects of the invention
`described herein may be stored or distributed on computer-
`readable media, including magnetic and optically readable
`and removable computer disks, hard-wired or prepro-
`grammed in chips (e.g., EEPROM semiconductor chips), as
`well as distributed electronically over the Internet or over
`other networks (including wireless networks). Those skilled
`in the relevant art will re