`US 20020112167Al
`
`(19) United States
`(12) Patent Application Publication
`Boneh et al.
`
`(10) Pub. No.: US 2002/0112167 Al
`Aug. 15, 2002
`( 43) Pub. Date:
`
`(54) METHOD AND APPARATUS FOR
`TRANSPARENT ENCRYPTION
`
`(76)
`
`Inventors: Dan Boneh, Palo Alto, CA (US);
`Rajeev Chawla, Union City, CA (US);
`Alan Frindell, Mountain View, CA
`(US); Eu-Jin Goh, San Carlos, CA
`(US); Nagendra Modadugu, Menlo
`Park, CA (US); Panagiotis Tsirigotis,
`Mountain View, CA (US)
`
`Correspondence Address:
`PERKINS corn LLP
`P.O. BOX 2168
`MENLO PARK, CA 94026 (US)
`
`(21)
`
`Appl. No.:
`
`10/038,169
`
`(22)
`
`Filed:
`
`Jan.2,2002
`
`Related U.S. Application Data
`
`(60)
`
`Provisional application No. 60/259,754, filed on Jan.
`4, 2001. Provisional application No. 60/259,786, filed
`on Jan. 4, 2001.
`
`Publication Classification
`
`Int. Cl.7 ....................................................... H04K 1/00
`(51)
`(52) U.S. Cl. .............................................................. 713/182
`
`(57)
`
`ABSTRACT
`
`A method and apparatus are provided for protecting sensi(cid:173)
`tive information within server or other computing environ(cid:173)
`ments. Numerous electronic requests addressed to a server
`system are received over network couplings and evaluated.
`The evaluation scans for sensitive information including
`credit card information and private user information. Upon
`detecting sensitive data, cryptographic operations are
`applied to the sensitive data. When the sensitive data is being
`transferred to the server system, the cryptographic opera(cid:173)
`tions encrypt the sensitive data prior to transfer among
`components of the server system. When sensitive data is
`being transferred from the server system, the cryptographic
`operations decrypt the sensitive data prior to transfer among
`the network couplings. The cryptographic operations also
`include hash, and keyed hash operations.
`
`400
`~
`
`TE
`SERVER
`
`APPLIANCE ~ SYSTEM
`204
`
`TE
`~ APPLIANCE
`
`KEYS 402
`
`KEYS 402
`
`BACK-END
`SITE
`404
`
`NETWORK
`406
`
`BACK-END
`SITE
`404
`
`CLIENT
`BROWSER
`
`106
`
`Page 1 of 14
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 1 of 6
`
`US 2002/0112167 Al
`
`"°
`
`0
`
`°'
`.,_ w
`ffi ~
`:::; 0
`o°'
`co
`
`'° 0
`
`.,_w
`et:
`ffi~
`:::;o
`0 et:
`co
`
`~ °' o col ~~ w
`
`'Z
`
`"°
`
`0
`
`°'
`.,_ w
`ffi ~
`:::; 0
`o°'
`en
`
`~,
`
`I-
`z.Zw
`°' ~ z
`w O
`c.;>
`<~cc
`cn °' _.
`~ >- -
`Zo~
`<z~
`°'w <
`t-
`
`~I w =I
`0
`Li:
`°'
`.,_
`w
`:!!:
`°'
`w
`en
`::::,
`
`~
`w
`::i,,c
`
`1
`
`0/V
`
`0
`
`\j--LL
`
`Page 2 of 14
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 2 of 6
`
`US 2002/0112167 Al
`
`';:O
`
`~ °' 0 001
`tu -z
`
`~,
`
`w
`Q z
`< =:;
`~ <
`w
`I-
`
`~
`
`~,
`
`w
`Q z
`< =:;
`~ <
`w
`I-
`
`~
`
`(\j .
`\_)-
`LL
`
`c., ~,
`
`w c.,
`<
`O'.l
`~
`< Q
`
`_,
`.....
`
`......
`,
`
`c.,
`
`°' 0 c.,
`
`c.,
`w
`Q
`
`0 °' ~
`
`Page 3 of 14
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 3 of 6
`
`US 2002/0112167 Al
`
`C START")
`
`~ ,I
`
`RECEIVE REQUEST INCLUDING SENSITIVE DATA
`
`\ ,I
`
`EVALUATE REQUEST
`
`304
`0,./
`
`302
`t'-..1
`
`'~
`ENCRYPT DETECTED SENSITIVE DATA
`
`306
`t"-,...,1
`
`'~
`TRANSFER ENCRYPTED SENSITIVE DATA
`TO SERVER ENVIRONMENT
`
`308
`t"-,...,1
`
`' ,I
`
`RECEIVE REQUEST FOR SENSITIVE DATA ~10
`
`' ,I
`
`312
`t'-..1
`
`DECRYPT SENSITIVE DATA
`,~
`PROVIDE DECRYPTED SENSITIVE DATA
`TO REQUESTING THIRD-PARTY
`
`314
`I"'-.../
`
`' ,I C END°'}
`
`Fie;. 3
`
`Page 4 of 14
`
`
`
`.... 0 =
`~ ....
`~ a -.... n
`~ .... o· =
`? 't:I -.... n
`(0 = ....
`~ ....
`"'ti
`
`106
`
`BROWSER
`CLIENT
`
`BROWSER
`CLIENT
`
`108
`
`NETWORK
`
`KEYS 402
`
`TE
`
`102
`,...,<'---__:>i.1 APPLIANCE
`
`104
`
`._ ___ _.
`
`SYSTEM
`SERVER
`
`~
`400
`
`fie;. 4
`
`KEYS 1QZ
`
`204
`APPLIANCE
`
`TE
`
`404
`
`SITE
`
`BACK-END
`
`406
`
`NETWORK
`
`404
`
`SITE
`
`BACK-END
`
`Page 5 of 14
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 5 of 6
`
`US 2002/0112167 Al
`
`RECEIVE REQUEST INCLUDING CREDIT CARD NUMBER
`
`IDENTIFY SENSITIVE INFORMATION TAGS
`
`504
`
`ENCRYPT CREDIT CARD NUMBER USING PUBLIC KEY
`
`SEND ENCRYPTED NUMBER TO ISSUER
`
`sos
`
`DECRYPT ENCRYPTED NUMBER
`
`510
`
`fie;-. 5
`
`Page 6 of 14
`
`
`
`Patent Application Publication Aug. 15, 2002 Sheet 6 of 6
`
`US 2002/0112167 Al
`
`START")
`
`'I I
`
`6 02
`RECEIVE REQUEST INCLUDING PASSWORD ~
`,,
`DETECT USER PASSWORD FIELD
`,,
`REPLACE PASSWORD WITH KEYED HASH FUNCTION
`
`604
`r---,
`
`r!!J
`6
`
`,v
`STORE KEYED HASH FUNCTION
`
`608
`
`~
`
`,(
`
`Fie;. 6
`
`Page 7 of 14
`
`
`
`US 2002/0112167 Al
`
`Aug. 15,2002
`
`1
`
`METHOD AND APPARATUS FOR TRANSPARENT
`ENCRYPTION
`
`[0010] FIG. 3 is a flow diagram of transparent encryption
`used in the embodiments.
`
`RELATED APPLICATIONS
`
`[0001] This application claims the benefit of U.S. Patent
`Application Nos. 60/259,754 and 60/259,786 filed Jan. 4,
`2001, Ser. Nos. 09/877,302 and 09/877,655 filed Jun. 8,
`2001, and Ser. No. 09/901,350 filed Jul. 9, 2001, all of which
`are currently pending.
`
`TECHNICAL FIELD
`
`[0002] The claimed invention relates to the field of data
`security. In particular, the claimed invention relates to secur(cid:173)
`ing sensitive user data in a server system.
`
`BACKGROUND
`
`[0003] World Wide Web sites, or web sites, dealing with
`secure content use various mechanisms to protect this con(cid:173)
`tent. For example, electronic commerce, or e-commerce,
`web sites use a variety of mechanisms to protect user credit
`card numbers and user passwords. Most often, these sites
`use the Secure Socket Layer (SSL) protocol to protect all
`sensitive data while it is in transit on the Internet among
`customer computers and browsers and the web site.
`[0004] The SSL is a typical security protocol used on the
`web. The SSL protects data while it is in the network by
`encrypting it using a session-key known only to the web
`server and the client computer. The data is decrypted as soon
`as it reaches the web server. The web server processes the
`data (e.g., validating the credit card number) and then often
`stores it in a server database.
`[0005] Unfortunately, however, many web servers store
`sensitive data in the clear, or in an unencrypted state, in an
`associated server database. As a result, this database is a
`prime target for hackers. Hackers have broken into web
`server databases, thereby compromising many credit card
`numbers and private user/customer information. These com(cid:173)
`promises are expensive for both electronic retailers and their
`customers.
`[0006] While SSL protects transitory data in the network,
`it does not protect data once it reaches a web site and while
`it resides on the associated web servers. A different archi(cid:173)
`tecture is needed to protect data at the server site. Indeed,
`web sites should ensure that sensitive data stored in their
`database is always encrypted. However, any such system
`must permit efficient communication and not create bottle(cid:173)
`necks that will annoy or discourage users of the network. If
`a security system does create bottlenecks, it could discour(cid:173)
`age or divert customers from the web site.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`[0011] FIG. 4 is a block diagram of a system architecture
`400 including one TE Appliance 102 on a site front-end, and
`one TE Appliance on the site back-end, under an alternate
`embodiment.
`
`[0012] FIG. 5 is a flow diagram of transparent encryption
`under an alternative embodiment using a public key.
`
`[0013] FIG. 6 is a flow diagram of transparent encryption
`under an alternative embodiment that protects user pass(cid:173)
`words against dictionary attacks.
`
`[0014]
`In the drawings, the same reference numbers iden(cid:173)
`tify identical or substantially similar elements or acts. To
`easily identify the discussion of any particular element or
`act, the most significant digit or digits in a reference number
`refer to the Figure number in which that element is first
`introduced ( e.g., element 108 is first introduced and dis(cid:173)
`cussed with respect to FIG. 1).
`
`[0015] Any headings used herein are for convenience only
`and do not affect the scope or meaning of the claimed
`invention.
`
`DETAILED DESCRIPTION OF THE
`ILLUSTRATED EMBODIMENTS
`
`[0016] A method and apparatus are provided for transpar(cid:173)
`ently protecting sensitive data within a server system or
`environment. Data entering and leaving a server site are
`evaluated for sensitive data. The sensitive data includes, e.g.,
`credit card numbers and information, account numbers and
`information, and any other personal information of a cus(cid:173)
`tomer or user that is of a sensitive nature, including birth
`date, social security number, and information related to user
`passwords. Upon detection of sensitive data, cryptographic
`operations are applied to the data. Cryptographic operations
`include encrypting sensitive data transferred to the server
`system. Cryptographic operations also include decrypting
`encrypted sensitive data transferred from the server system
`en-route to a third party system. Further, cryptographic
`operations include hashing and keyed hashing of password
`data received at the server system. Moreover, cryptographic
`operations provide integrity for cookies.
`
`[0017] The transparent protection is provided in an appli(cid:173)
`ance of an embodiment that is separate from the server
`equipment. This appliance is coupled to the server systems
`and the data networks so that the server systems require no
`modification. In this manner, web site operators can install
`the appliances between their servers and the associated
`network connections without installing new hardware or
`software or modifying existing hardware or software on
`their servers.
`
`[0007] The accompanying figures illustrate embodiments
`of the claimed invention. In the figures:
`[0008] FIG. 1 is a block diagram of a system architecture
`including a Transparent Encryption Appliance, under one
`embodiment.
`[0009] FIG. 2 is a block diagram of a system architecture
`including Transparent Encryption Appliances, under an
`alternate embodiment.
`
`[0018]
`In the description herein, numerous specific details
`are included to provide a thorough understanding of, and
`enabling description for, embodiments of the invention. One
`skilled in the relevant art, however, will recognize that the
`invention can be practiced without one or more of the
`specific details, or with other fields, expressions, methods,
`etc. In other instances, well-known structures or operations
`are not shown, or are not described in detail, to avoid
`obscuring aspects of the invention.
`
`Page 8 of 14
`
`
`
`US 2002/0112167 Al
`
`Aug. 15,2002
`
`2
`
`[0019] Unless described otherwise below, the construction
`and operation of the various blocks shown in FIGS. 1 and
`2 are of conventional design. As a result, such blocks need
`not be described in further detail herein, because they will be
`understood by those skilled in the relevant art. Such further
`detail is omitted for brevity and so as not to obscure the
`detailed description of the invention. Any modifications
`necessary to these blocks, or other embodiments, can be
`readily made by one skilled in the relevant art based on the
`detailed description provided herein.
`[0020] Each of the blocks depicted in the flowchart herein
`is of a type well known in the art, and can itself include a
`sequence of operations that need not be described herein.
`Indeed, unless described otherwise herein, the blocks
`depicted in the Figures are well known or described in detail
`in the above-noted and cross-referenced patent applications.
`Indeed, much of the detailed description provided herein is
`explicitly disclosed in the provisional patent applications;
`most or all of the additional material of aspects of the
`invention will be recognized by those skilled in the relevant
`art as being inherent in the detailed description provided in
`such provisional patent applications, or well known to those
`skilled in the relevant art. Those skilled in the relevant art
`can implement aspects of the invention based on the flow(cid:173)
`chart of FIG. 3 and the detailed description provided in the
`patent applications. For example, those skilled in the rel(cid:173)
`evant art can create source code, microcode, program logic
`arrays or otherwise implement aspects of the invention
`based on these flowchart and the detailed description pro(cid:173)
`vided herein. Any routines may be stored in non-volatile
`memory (not shown) that forms part of an associated pro(cid:173)
`cessor, or can be stored in removable media, such as disks,
`or hardwired or preprogrammed in chips, such as EEPROM
`or flash semiconductor memory chips.
`[0021] Those skilled in the relevant art will appreciate that
`the routines and other functions and methods described
`herein can be performed by or distributed among any of the
`components described herein. While many of the embodi(cid:173)
`ments are shown and described as being implemented in
`hardware (e.g., one or more integrated circuits designed
`specifically for a task), such embodiments could equally be
`implemented in software and be performed by one or more
`processors. Such software can be stored on any suitable
`computer-readable medium, such as microcode stored in a
`semiconductor chip, on a computer-readable disk, or down(cid:173)
`loaded from a server and stored locally at a client.
`[0022] The Secure Socket Layer ("SSL") is a protocol that
`uses a significant amount of host server computing power.
`Many web sites use a security appliance or specially
`designed hardware device to manage the SSL traffic in order
`to offload some SSL work from the web servers. The
`security appliance is used coupled between the web server
`and the network connections, and handles the computations
`that support SSL connections.
`
`[0023] A Transparent Encryption Appliance ("TE Appli(cid:173)
`ance") is provided that provides backend database security
`at a web site, thereby protecting sensitive customer data
`stored and managed by the host web site systems and
`servers. The TE Appliance provides enhanced functionality
`in the form of transparent encryption to a security appliance.
`
`[0024] FIG. 1 is a block diagram of a system architecture
`100 including a TE Appliance 102, under one embodiment.
`
`The TE Appliance 102 is coupled to a host web site or server
`system 104, and to numerous client computers and browsers
`106 via at least one network 108. The network 108 includes
`the Internet as well as other wired, wireless, and hybrid
`network types, and may include independent networks,
`proprietary networks, or back plane networks, but is not so
`limited. Data transferred between the client computers 106
`and the server system 104 passes through the TE Appliance
`102. This includes both cleartext transactions, or Hypertext
`Transfer Protocol ("HTTP") transactions, and encrypted
`(SSL) transactions, as explained below. The TE Appliance
`may include a user interface 110. Also, the TE Appliance
`may include keys 120 of differing types.
`[0025] FIG. 2 is a block diagram of a system architecture
`200 including Transparent Encryption Appliances 202 and
`204, under an alternate embodiment. A first TE Appliance
`202 is coupled to receive data transferred from numerous
`client computers and browsers (not shown) via the network
`108. The received data is encrypted or hashed by the first TE
`Appliance 202, as appropriate to the type of data received,
`and the encrypted or hashed data is provided to the server
`system 104. As such, only encrypted or hashed data is
`available within the server system, in particular, in server
`system databases 210.
`[0026] A second TE Appliance 204 is coupled to receive
`data transferred from the server system 104 to third party or
`other electronic systems (not shown) via the network 108.
`The data requested by the third party system is decrypted by
`the second TE Appliance 204.
`[0027] The functionality provided by the TE Appliances of
`both embodiments can be hosted on dedicated network
`appliances as shown in FIGS. 1 and 2, but is not so limited.
`The transparent encryption functions can also be performed
`by, or distributed among any combination of, the host web
`site server systems 104 and 208, numerous client processing
`devices and browsers 106 coupled to the network, and any
`of the associated network components.
`[0028] The TE Appliance of an embodiment can reside at
`the same physical location as the server systems that it
`supports or at different physical locations. Further, a TE
`Appliance may be configured to provide support to multiple
`server systems. It is also possible that the functions provided
`by the TE Appliance of an embodiment are distributed
`among numerous processing devices at numerous physical
`locations.
`[0029] FIG. 3 is a flow diagram of transparent encryption
`of both embodiments. In operation, the TE Appliance
`receives electronic transaction queries from client browsers
`and other electronic systems in block 302. The TE Appli(cid:173)
`ance, in block 304, evaluates the requests entering the site.
`The evaluating or scanning functionality works with typical
`web encodings including Uniform Resource Identifier
`("URI") encoding and Extensible Markup Language
`("XML") encoding, but is not so limited. When the TE
`Appliance identifies tags indicating that the associated data
`is sensitive, it applies an appropriate cryptographic opera(cid:173)
`tion to the data within these tags, in block 306. For example,
`incoming sensitive data is encrypted using known encryp(cid:173)
`tion algorithms such as know public key infrastructure
`("PK.I") encryption algorithms or the Data Encryption Stan(cid:173)
`dard ("DES"). The resulting data is then, in block 308,
`routed to the appropriate component of the backend system
`or network.
`
`Page 9 of 14
`
`
`
`US 2002/0112167 Al
`
`Aug. 15,2002
`
`3
`
`[0030] The server environment, and the corresponding TE
`Appliances, also receive electronic information requests for
`sensitive data from third-party systems, in block 310, via
`network couplings with
`the
`third-party systems. For
`example, in the case of a purchase transaction, sensitive
`information including credit card information would have to
`be cleared with a financial institution before approving the
`purchase transaction. Upon receiving the request, encrypted
`sensitive data is retrieved and decrypted, in block 312. Once
`decrypted, the sensitive information is provided to the
`requesting third party in block 314, generally over a secure
`connection.
`[0031]
`In an embodiment of the transparent encryption
`architecture, regular expressions are used to identify fields
`containing sensitive user information. For example, the
`regular expression "A_.*" is used to match any string that
`begins with " __ ", such as_password. Other forms of
`identifying sensitive fields, however, are also possible.
`[0032] Transparent encryption can be applied to various
`messages in the HTTP protocol including, but not limited to,
`POST messages, GET messages, and HTML responses. The
`examples described herein illustrate the application of trans(cid:173)
`parent encryption to HTML-encoded data. The same mecha(cid:173)
`nism can be applied to other encodings, such as XML(cid:173)
`encoded data, or data encoded in other formats, such as in
`other mark-up language formats.
`[0033] An example application of transparent encryption
`includes POST ENCRYPT operations, wherein a POST
`body is received from a client of the form
`
`[0034] "&_password=mysecretpassword&_
`password_ op=ENCRYPT &_password _ key=
`bank_ key &_password _rewrite=pwd",
`
`[0035] but is not so limited. The "_password" field
`portion supplies the user password. The "_" portion
`indicates that this field is to be processed by the TE
`Appliance. The field portion including "_password_op=
`ENCRYPT" indicates that the data in the "_password"
`fields is to be encrypted. The field portion including
`"_password _ key=bank _ key" provides the key name for
`use in encrypting the password. The field portion including
`"_password _rewrite=pwd" indicates that after transparent
`encryption processing,
`the
`field name changes from
`"_password" to "pwd". Following transparent encryption
`processing the POST request body of an embodiment has the
`form "pwd=Al24FFC9B306BI234AE".
`
`[0036] An example application of transparent encryption
`further includes POST DECRYPT operations, wherein a
`POST body is received from a client of the form
`
`[0037] "&_password=
`A124FFC9B306B1234AE&_password _ op=DE(cid:173)
`CRYPT &_password _rewrite=pwd",
`
`[0038] but is not so limited. The "_password" field
`portion supplies the user password. The "_" portion
`indicates that this field is to be processed by the TE
`Appliance. The field portion including "_password_op=
`DECRYPT" indicates that the data in the"_password"
`fields is to be decrypted. The field portion including
`"_password _rewrite=pwd" indicates that after transparent
`encryption processing,
`the
`field name changes from
`"_password" to "pwd". Following transparent encryption
`
`processing the POST body of an embodiment is of the form
`"pwd=mysecretpassword". It is noted that there is no need
`for a "_password_key" field since the cyphertext gener(cid:173)
`ated during the POST ENCRYPT operation identifies the
`key used to create the cyphertext.
`[0039] An example application of transparent encryption
`also includes GET operations, wherein an original request is
`of the form
`[0040]
`"GET/foo.html?_password=mysecretpass(cid:173)
`word&_password _ op=ENCRYPT &_pass(cid:173)
`word _ key=bank _ key &_password _rewrite=pass(cid:173)
`word",
`[0041] but is not so limited. The "_password" field
`portion supplies the user password. The "_" portion
`indicates that this field is to be processed by the TE
`Appliance. The field portion including "_password_op=
`ENCRYPT" indicates that the data in the "_password"
`fields is to be encrypted. The field portion including
`"_password _ key=bank _ key" provides the key name for
`use in encrypting the password. The field portion including
`"_password _rewrite=pwd" indicates that after transparent
`encryption processing,
`the
`field name changes from
`"_password" to "pwd". Following transparent encryption
`processing the GET request body of an embodiment has the
`form
`"GET/foo.html?password=
`AI24FFC9B306B1234AE".
`[0042] An example application of transparent encryption
`includes HTML responses, wherein a string similar to the
`POST request body is inserted inside an HTML comment.
`The original response from a web server is of the form "<b>
`<!--&_creditcard=
`credit
`card:
`</b>
`Al CDF986FBC15456&_creditcard _ op=DE-
`CRYPT &_creditcard _ key=bank _key-->". It is noted that
`specification of an encryption key in this original response
`example is not required as the cyphertext of an embodiment
`may include encoded key identifiers. Following transparent
`encryption processing, the HTML response is of the form
`"<b>credit card:</b> 1234 4567 1234 4567", but is not so
`limited.
`[0043] The HTML files can be rather large files, so pro(cid:173)
`cessing of these files may slow the TE Appliance. As such,
`the TE Appliance allows the administrator to restrict the
`URLs to which HTML response filtering is applied. There(cid:173)
`fore, the administrator provides a list of regular expressions,
`and any URL matching any of these regular expressions that
`will be processed by the TE Appliance, such as the "_"
`expressions noted above.
`[0044] Furthermore, the administrator can specify that
`transparent encryption processing should only be applied to
`a particular number, X, of bytes of the HTML file. The
`number X is generally on the order of 128 bytes indicating
`that all fields to which TE processing should be applied
`reside in the first 128 bytes of the HTML file, but the
`embodiment is not so limited. This value can be set at a large
`number indicating the entire HTML file is to be searched.
`[0045] With reference to FIG. 1, the TE Appliance 102 of
`an embodiment includes a user interface 110, but is not so
`limited. The user interface 110 enables the loading of
`symmetric encryption/decryption keys 120 onto the TE
`Appliance 102. It also enables the loading of public keys 120
`onto the TE Appliance 102. Each key 120 is identified by a
`key-name.
`
`Page 10 of 14
`
`
`
`US 2002/0112167 Al
`
`Aug. 15,2002
`
`4
`
`[0046] The user interface also displays a fingerprint (hash)
`of all transparent encryption keys currently installed on the
`TE appliance. This enables a third party to apply the same
`hash function to the keys installed on the TE appliance,
`compare the hash result to previously computed and stored
`hash values for the stored key and verify that the correct
`keys are installed.
`[0047] Moreover, the user interface enables a user or
`administrator to specify the list of fields to be processed by
`the TE Appliance. This is a list of regular expressions that
`identify Transparent Encryption fields. For example, setting
`"A _ _ .*" as a delimiter implies that any field matching the
`regular expression "A __ .*" is a Transparent Encryption
`field. For example, " __ password" and " __ creditcard" will
`be processed.
`[0048] The user interface also allows an administrator to
`specify access controls to various keys installed on the
`module. For example, with reference to FIG. 2, the admin(cid:173)
`istrator is able to specify that on TE Appliance 202 the key
`bank-key can only be used for encryption, while on TE
`Appliance 204 the bank-key can only be used for decryption.
`Thus, sites using two TE Appliances can specify that one TE
`Appliance is used for encryption, while the other is used for
`decryption.
`[0049] Transparent encryption on a TE Appliance or web
`security appliance has many important applications. These
`applications include, but are not limited to, protecting credit
`card numbers/information, protecting sensitive user infor(cid:173)
`mation, protecting passwords, providing integrity for cook(cid:173)
`ies, and functioning as a key server.
`[0050] Protecting sensitive user information, such as
`credit card numbers/information and bank account numbers/
`information, is a most natural application for transparent
`encryption. FIG. 4 is a block diagram of a system architec(cid:173)
`ture 400 including one TE Appliance 102 on a site front-end,
`and one TE Appliance on the site back-end, under an
`alternate embodiment.
`[0051] The front-end TE Appliance 102 of an embodiment
`is configured to inspect all requests entering the site via the
`network 108 and the client browsers 106. When a user
`request contains sensitive user data, the TE Appliance 102 is
`configured to encrypt the data using one of the installed keys
`402. The server system 104 receives only the encrypted data.
`This encrypted data is stored in at least one database
`associated with the host web site 104.
`[0052] The backend systems 404 connected to the server
`system 104 often need access to the sensitive user data. For
`example, with credit card numbers, the server system 104, or
`web site, often has to send the numbers to a financial
`clearing house 404 during the course of a transaction.
`Therefore, the server system 104 uses another TE Appliance
`204 at the back-end. The back-end TE Appliance 204 of an
`embodiment is configured to use the installed keys 402 to
`decrypt all sensitive data passing through it enroute to the
`network 406 and back-end systems 404. This way, the credit
`card number is decrypted immediately before it is sent to the
`clearing house 404. Again, none of the host web site internal
`systems 104 see the unencrypted credit card number. The
`network 406 can be a proprietary network, or can be the
`same type as network 108.
`[0053] FIG. 5 is a flow diagram of transparent encryption
`of an alternative embodiment using a public key. The TE
`
`Appliance of the alternative embodiment receives a request
`including a credit card number, at block 502. The TE
`Appliance identifies the sensitive information tags associ(cid:173)
`ated with the credit card number, at block 504, and encrypts
`the credit card number using an issuer's, or acquirer's,
`public key, under block 506. The web site sends the
`encrypted credit card number to the issuer, at block 508, and
`the issuer decrypts the number, at block 510. The issuer
`clears the transaction using the decrypted number. In this
`transaction, the web site never sees credit card numbers in
`the clear. This eliminates the risk of hackers breaking into
`the site and exposing customer credit card numbers.
`
`[0054] FIG. 6 is a flow diagram of transparent encryption
`of an alternative embodiment that protects user passwords
`against dictionary attacks. This function is realized when a
`front-end TE Appliance is configured to receive, under block
`602, and inspect all user requests. When the TE Appliance
`detects a user password field, at block 604, it replaces the
`actual password "pwd" with a keyed hash function of the
`password Hk(pwd), under block 606. Any of a number of
`standard keyed hash functions (also known as message
`authentication code ("MAC") functions) can be used, for
`example HMAC-SHAl. The keyed hash function is stored
`in the server system, under block 608.
`
`[0055] Referring to FIG. 1, the hashing key 120 is pre(cid:173)
`installed on the TE Appliance 102, but is not so limited. The
`hashed password is stored in the host web site 104 database.
`When a user logs in, the user provides the password as part
`of the user's request. The TE Appliance 102 detects the
`password and again applies the keyed hash function to the
`received password. The web site 104 then compares the
`hashed password to the value stored in the database, and
`authorizes the login if the two hashes match.
`
`[0056] As a result of using this scheme, hackers that
`successfully break into the database only recover hashed
`passwords. Hashed passwords do not assist the hacker in
`logging into the site. Furthermore, the hacker is not able to
`mount an oflline dictionary attack on the hashed passwords
`because the hacker does not have the key or keys used by the
`TE Appliance to hash the passwords. Hence, the TE Appli(cid:173)
`ance prevents dictionary attacks on user passwords.
`
`[0057] The TE Appliance of an embodiment also provides
`integrity for HTTP cookies. Typically, the HTTP cookies are
`used to store state on a user's web browser. The web site can
`send a cookie to the user and then retrieve the cookie from
`the user at a later time. Unfortunately, there is no mechanism
`for ensuring that users do not maliciously modify cookies
`while they reside on the user's machine. The TE Appliance
`can be used to overcome this problem.
`
`[0058] When a web site sends a cookie to the user the TE
`Appliance appends a checksum or MAC to the cookie.
`When the user sends the cookie back to the site the TE
`Appliance can verify the checksum/MAC. If the checksum/
`MAC is not verified, the TE Appliance rejects the user's
`request. Otherwise, it forwards the user's request into the
`web site.
`
`[0059] Web site administrators frequently place all secret
`keys on a single server called a key server. When a pro(cid:173)
`cessing component of the site needs to apply cryptographic
`operations to data (e.g., encrypt, decrypt, or MAC), the
`processing component contacts the key server and requests
`
`Page 11 of 14
`
`
`
`US 2002/0112167 Al
`
`Aug. 15,2002
`
`5
`
`that the key server perform this task. Currently there are no
`standard protocols for communicating with a key server.
`Each site implements a site-specific mechanism.
`[0060] The TE Appliance of an embodiment functions as
`a key server. This is accomplished by installing the site's
`secret keys on the TE Appliance. The site's processing
`components or processors then
`issue standard HTTP
`requests to the TE Appliance in order to encrypt, decrypt, or
`MAC specified data. The response from the TE Appliance
`also uses the standard HTTP protocol. Hence, the TE
`Appliance is a convenient way for implementing a key
`server using standard web protocols.
`[0061] FIGS. 1 and 2 and the discussion herein provide a
`brief, general description of a suitable computing environ(cid:173)
`ment in which aspects of the invention can be implemented.
`Although not required, embodiments of the invention are
`described in the general context of computer-executable
`instructions, such as routines executed by a general purpose
`computer ( e.g., a server or personal computer). Those skilled
`in the relevant art will appreciate that aspects of the inven(cid:173)
`tion can be practiced with other computer system configu(cid:173)
`rations, including Internet appliances, hand-held devices,
`wearable computers, cel