CA2342196C - System and method for auditing in network applications - Google Patents
System and method for auditing in network applications Download PDFInfo
- Publication number
- CA2342196C CA2342196C CA002342196A CA2342196A CA2342196C CA 2342196 C CA2342196 C CA 2342196C CA 002342196 A CA002342196 A CA 002342196A CA 2342196 A CA2342196 A CA 2342196A CA 2342196 C CA2342196 C CA 2342196C
- Authority
- CA
- Canada
- Prior art keywords
- server
- client
- encryption key
- user session
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
A system and a method for auditing network applications captures data transmissions between a client (110) and a server (140) during a user session (130). An audit data capture filter captures each request from the client (110) and each response to each request by the server (140). An audit encryption module (1410) encrypts the captured requests and the captured responses using an encryption key and stores them in an audit memory (160). The audit encryption module (1410) additionally outputs parts of the encryption key to the client (110) and to the server (140). An audit decryption module (1520) captures the parts of the encryption key from the client (110) and from the server (140) and decrypts the encrypted requests and the encrypted responses. An audit analysis device can then use the decrypted requests and the decrypted responses to restore the user session (130) so that it is then possible to analyze what has happened during the user session (130). In addition, the audit analysis device can also verify that a particular event has occurred during the user session (130).
Description
SYSTEM AND METHOD FOR AUDITING IN NETWORK APPLICATIONS
The present invention relates to a system and to a method for encrypting audit information in network applications. In particular, the present invention relates to a system and to a method for encrypting and storing information interchanged between a client and a server environment during a user session. The system and the method can be used to recreate the user session or to verify later that a particular event has occurred during the user session.
In a network application, which is also called client/server application, a client requests information from a server. The server supplies information to the client as a response to each request. A typical server is able to respond to several hundred clients at the same time, while the client can access a plurality of servers intermittently and over a very short period of time. The very dynamic nature of such applications makes it difficult to isolate, reproduce and/or diagnose problems associated with the application. Furthermore, it is difficult to attribute such problems either to the server or to the client.
Another problem linked to network applications, in particular to those handling electronic commerce (e-commerce), is that the exact behavior of the purchaser when concluding a transaction is difficult to ascertain and is even more difficult to evaluate or to understand. By way of example, it may be that the developer of a website wishes to understand how a particular purchaser using an e-commerce application navigates through the website in order to buy an article. In view of the nature of conventional network applications, such understanding is difficult to obtain.
A further problem linked to network applications, particularly to those in which data associated with the user session is stored, concerns security and confidentiality. Users may take a negative view of storing data which relates to their user sessions. Server operators may refuse to provide information relating to the behavior of their customers and their own behavior, which is linked thereto, for access by competitors.
Yet another problem with network applications is that the users of the clients and the operators of servers cannot check or prove that a particular event (e. g. a purchase) has occurred during a particular user session.
There are also further problems with network applications, a few of which are discussed in more detail below. There is a need for a system and a method for auditing network applications which solves the problems described here.
The present invention is therefore aimed at a system and a method for encrypting information for auditing network applications. In particular, the present invention captures requests and responses transmitted to and fro between a client and a server during a particular user session on a network application. The present invention encrypts either the whole user session or parts of the user session in order to ensure confidentiality and security and/or to allow verification of events which have occurred during the user session. The present invention stores the encrypted user session (or a part thereof) in an audit memory. The key used for encrypting the user session is output to the subscribers. Next, the user session is retrieved from the audit memory, the necessary keys are taken back from the subscribers and the user session is decrypted.
One of the advantages of the present invention is that the user session or a part thereof is stored in the audit memory with protection against unauthorized access. In one embodiment, the user session, in a similar manner to in the case of access to a safe deposit box, can be decrypted only with the knowledge and permission of each of the subscribers.
A further advantage of the present invention is that it is possible to check, for particular events, that they have occurred during the user session. In other words: a user can prove, for example, that he has carried out a particular transaction (e.g. an electronic purchase) during the user session. He proves this by delivering to the server or to a suitable third party information which corresponds to the occurrence of a particular event during the user session and proves the occurrence of this event.
Further features and advantages of the present invention are explained in the description below, some of them being obvious from the description or becoming apparent when the invention is put into practice. The aims and advantages of the invention are achieved by the method which is illustrated in the description and in the claims derived therefrom, and also in the appended drawings.
The general description given above and the detailed description below are illustrative and explanatory and are intended to be used to explain the claimed invention further.
The appended drawings, which are intended to give a more extensive understanding of the invention, illustrate embodiments of the invention which, together with the description, serve to explain the principles of the invention.
Figure 1 illustrates an embodiment of the present invention which captures session data in a client/server environment;
Figure 2 illustrates an embodiment of the present invention which analyzes the captured session data in an audit environment;
Figure 3 is a flowchart which illustrates the way in which an embodiment of the present invention works when capturing session data;
Figure 4 is a flowchart which illustrates the way in which an embodiment of the present invention works when visually recreating a user session;
Figure 5 is a flowchart which illustrates the way in which a preferred embodiment of the present invention works when performing the step of "recreating and visually presenting the dynamically created screen content", Figure 6 illustrates an analyzing device in accordance with a preferred embodiment of the present invention in more detail;
Figure 7 illustrates an analysis module in accordance with a preferred embodiment of the present invention in more detail;
Figure 8 is a flowchart which illustrates the step of "storing data in the audit memory" in accordance with an embodiment of the present invention;
Figure 9 illustrates, in accordance with an embodiment of the present invention, a star structure for storing OLAP data for an Internet-based environment;
Figure 10 illustrates, in accordance with an embodiment of the present invention, a star structure for storing OLAP data for an SAP
R/3 environment;
Figure 11 illustrates the data structure of a presentation table for an Internet-based environment in accordance with an embodiment of the present invention;
Figure 12 illustrates the data structure of a presentation table for an SAP R/3 environment in accordance with an embodiment of the present invention;
The present invention relates to a system and to a method for encrypting audit information in network applications. In particular, the present invention relates to a system and to a method for encrypting and storing information interchanged between a client and a server environment during a user session. The system and the method can be used to recreate the user session or to verify later that a particular event has occurred during the user session.
In a network application, which is also called client/server application, a client requests information from a server. The server supplies information to the client as a response to each request. A typical server is able to respond to several hundred clients at the same time, while the client can access a plurality of servers intermittently and over a very short period of time. The very dynamic nature of such applications makes it difficult to isolate, reproduce and/or diagnose problems associated with the application. Furthermore, it is difficult to attribute such problems either to the server or to the client.
Another problem linked to network applications, in particular to those handling electronic commerce (e-commerce), is that the exact behavior of the purchaser when concluding a transaction is difficult to ascertain and is even more difficult to evaluate or to understand. By way of example, it may be that the developer of a website wishes to understand how a particular purchaser using an e-commerce application navigates through the website in order to buy an article. In view of the nature of conventional network applications, such understanding is difficult to obtain.
A further problem linked to network applications, particularly to those in which data associated with the user session is stored, concerns security and confidentiality. Users may take a negative view of storing data which relates to their user sessions. Server operators may refuse to provide information relating to the behavior of their customers and their own behavior, which is linked thereto, for access by competitors.
Yet another problem with network applications is that the users of the clients and the operators of servers cannot check or prove that a particular event (e. g. a purchase) has occurred during a particular user session.
There are also further problems with network applications, a few of which are discussed in more detail below. There is a need for a system and a method for auditing network applications which solves the problems described here.
The present invention is therefore aimed at a system and a method for encrypting information for auditing network applications. In particular, the present invention captures requests and responses transmitted to and fro between a client and a server during a particular user session on a network application. The present invention encrypts either the whole user session or parts of the user session in order to ensure confidentiality and security and/or to allow verification of events which have occurred during the user session. The present invention stores the encrypted user session (or a part thereof) in an audit memory. The key used for encrypting the user session is output to the subscribers. Next, the user session is retrieved from the audit memory, the necessary keys are taken back from the subscribers and the user session is decrypted.
One of the advantages of the present invention is that the user session or a part thereof is stored in the audit memory with protection against unauthorized access. In one embodiment, the user session, in a similar manner to in the case of access to a safe deposit box, can be decrypted only with the knowledge and permission of each of the subscribers.
A further advantage of the present invention is that it is possible to check, for particular events, that they have occurred during the user session. In other words: a user can prove, for example, that he has carried out a particular transaction (e.g. an electronic purchase) during the user session. He proves this by delivering to the server or to a suitable third party information which corresponds to the occurrence of a particular event during the user session and proves the occurrence of this event.
Further features and advantages of the present invention are explained in the description below, some of them being obvious from the description or becoming apparent when the invention is put into practice. The aims and advantages of the invention are achieved by the method which is illustrated in the description and in the claims derived therefrom, and also in the appended drawings.
The general description given above and the detailed description below are illustrative and explanatory and are intended to be used to explain the claimed invention further.
The appended drawings, which are intended to give a more extensive understanding of the invention, illustrate embodiments of the invention which, together with the description, serve to explain the principles of the invention.
Figure 1 illustrates an embodiment of the present invention which captures session data in a client/server environment;
Figure 2 illustrates an embodiment of the present invention which analyzes the captured session data in an audit environment;
Figure 3 is a flowchart which illustrates the way in which an embodiment of the present invention works when capturing session data;
Figure 4 is a flowchart which illustrates the way in which an embodiment of the present invention works when visually recreating a user session;
Figure 5 is a flowchart which illustrates the way in which a preferred embodiment of the present invention works when performing the step of "recreating and visually presenting the dynamically created screen content", Figure 6 illustrates an analyzing device in accordance with a preferred embodiment of the present invention in more detail;
Figure 7 illustrates an analysis module in accordance with a preferred embodiment of the present invention in more detail;
Figure 8 is a flowchart which illustrates the step of "storing data in the audit memory" in accordance with an embodiment of the present invention;
Figure 9 illustrates, in accordance with an embodiment of the present invention, a star structure for storing OLAP data for an Internet-based environment;
Figure 10 illustrates, in accordance with an embodiment of the present invention, a star structure for storing OLAP data for an SAP
R/3 environment;
Figure 11 illustrates the data structure of a presentation table for an Internet-based environment in accordance with an embodiment of the present invention;
Figure 12 illustrates the data structure of a presentation table for an SAP R/3 environment in accordance with an embodiment of the present invention;
Figure 13 illustrates the data structure of a dimension buffer memory in accordance with an embodiment of the present invention;
Figure 14 illustrates the capture and encryption of session data in a client/server environment in accordance with an embodiment of the present invention;
Figure 15 illustrates the decryption and analysis of captured session data in an audit environment in accordance with an embodiment of the present invention;
Figure 16 illustrates the manner of operation of the audit encryption module in accordance with an embodiment of the present invention;
Figure 17 illustrates the step of "creating an encryption key" in accordance with a preferred embodiment of the nre~ent invention;
Figure 18 illustrates the manner of operation of the audit decryption module in accordance with an embodiment of the present invention;
Figure 19 illustrates the verification of an event in accordance with an embodiment of the present invention; and Figure 20 illustrates the verification of an event in accordance with a further embodiment of the present invention.
In a client/server environment 100, as shown in Figure 1, a client 110 communicates with a server environment 140 via a data transmission connection 125.
The server environment 140 can, of course, comprise a single network server or a plurality of servers running in conjunction with one another.
A particular set of related data transfers between the client 110 and the server environment 140 is called a user session 130. The user session 130 comprises a series of requests 134 from the client 110 to the server environment 140 and a series of responses 132 from the server environment 140 to the client 110 as reactions to the requests 134. A particular request 134 and the associated response 132 are in this case referred to as one hit 135 or as a request/response pair. During a user session 130, the client 110 can access the server environment 140 in various ways, as is known.
The client 110 accesses the server environment 140 using a dynamically created screen content 120 which indicates information originating from the server environment 140 to the client 110 for a particular network application. On the basis of requests 134 and responses 132, the server environment 140 supplies information for updating the dynamically created screen content 120. In accordance with one embodiment of the present invention, the screen content 120 is dynamically created by a client 110 workstation (not shown) on the basis of information contained in the response 132 from the server environment 140. In one embodiment of the present invention, the dynamically created screen content 120 is created by the workstation on the basis of a response 132 which uses a markup language, such as HTML (Hypertext Markup Language), XML (Extensible Markup Language), SGML
(Standard Generalized Markup Language) and the like, as used in various client/server environments 100. In an alternative embodiment of the present invention, the dynamically created screen content 120 is created by a client 110 workstation on the basis of a response 132 containing information which is compatible with formats used in a dedicated online environment, such as an SAP
R/3 environment.
The discussion below is based on a client/server environment 100 working in an Internet based or Web-based environment. However, the present invention naturally also relates to a system in which the client 110 is hardwired directly to the server environment 140, as is the case in the SAP R/3 7 _ environment, for example. It is evident to a person skilled in the art how the discussion below can be transferred to such hardwired or "dedicated" systems.
In accordance with the present invention, an audit data capture filter 150 monitors the data transmission connection 125 in order to capture messages (i.e. requests 134 and responses 132) between the client 110 and the server environment 140. In particular, the audit data capture filter 150 captures the request 134 from the client 110 to the server environment 140 and the response 132 from the server environment 140 to the client 110. In one embodiment of the present invention, the audit data capture filter 150 captures the request 134 in the data transmission connection 125 after the server environment 140 has received the request 134, but before it has processed the request 134. In this embodiment of the present invention, the audit data capture filter 150 captures the response 132 after the server environment 140 has processed the request 134 and has determined the response 132, but before it dispatches the response 132. Of course, the capture function of a preferred audit data capture filter 150 should not disrupt or interrupt communication between the client 110 and the server environment 140.
In the embodiment of the present invention previously described, the server environment 140 has the modifications which are necessary in order to permit the audit data capture filter 150 to access the requests 134 and the responses 132. In other words: the server environment 140 uses known means to provide the hooks for the session data for the audit data capture filter 150. In this embodiment, the audit data capture filter 150 captures the requests 134 and the responses 132 in collaboration with the server environment 140, and possibly with the aid of its active participation.
In one alternative embodiment of the present invention, the audit data capture filter 150 does not require the modifications to the server environment 140 which are discussed above. In this embodiment, the audit data capture filter 150 captures the requests 134 and the responses 132 directly from the data transmission connection 125. The server environment 140 operates without regard to the presence of the audit data capture filter 150 in this case.
The audit data capture filter 150 stores the captured request 134 and the captured response 132 in an audit memory 160. In one preferred embodiment, a captured request 134 and a captured response 132 are stored as one hit 135. The audit memory 160 naturally has a memory device, for example a disk drive, a R.AM or another such memory device. In some preferred embodiments of the present invention, the audit memory 160 stores all the hits 135 in a particular user session 130 as stored hits 175 for a stored user session 170. In other words: the series of captured requests 134 and captured responses 132 contained in a particular user session 130 are altogether stored as a stored user session 170.
In one embodiment of the present invention, the user session 130 is conducted via an Internet. In this case, the client 110 and the server environment 140 are not actively connected (i.e. the connection is effectively broken) after each transmission (i.e. after each request 134 from the client 110 to the server environment 140 and after each response 132 from the server environment 140 to the client 110). In such an application, a unique identification of the session (also called status identification in this case) is used to identify a particular client 110 each time it accesses the server environment 140. The identification of the session is transmitted with each request 134 in order to determine the user context unambiguously.
Owing to the fact that the server environment 140 uses the identification of the session to assign each request 134 to a particular client 110, the server environment 140 is able to handle the client 110 over the Internet as if the client 110 were constantly connected to the server environment 140.
In a second embodiment of the present invention, the client 110 and the server environment 140 are constantly connected via a dedicated data transmission connection 125. In this embodiment of the present invention, identification of the session is not necessary for each request 134; instead, the session is identified implicitly with each transmission between the client 110 and the server environment 140, since the connection is effected by the dedicated data transmission connection 125.
As discussed above, a series of requests 134 and responses 132 in a user session 130 between the client 110 and the server environment 140 is stored in the audit memory 160 as stored hits 175 in the stored user session 170. As discussed with regard to Figure 2, an analyzing device 220 enables an analyst 210 to analyze the user session 170. The analyst 210 can, by way of example, evaluate the user session 170 to establish how the client 110 moves through a particular network application to arrive at a particular result.
Such evaluation is useful, for example, in the case of commercial (e-commerce) Internet applications. In the context of such applications, application developers are interested in understanding how a client 110 moves through a particular application to arrive at a particular result, such as making a purchase. The present invention permits the analyst 210 to evaluate the particular application for various clients 110 at different times etc.
In another example, the analyst 210 can evaluate the user session 170 to isolate errors which have arisen during the user session 130. In this example, he is able to recreate the entire user session 130 in order to identify and isolate a problem which has arisen for a particular network application.
As Figure 2 shows, the analyst 210 uses the analyzing device 220 to access the audit memory 160. In particular, the analyst 210 is able to access a particular user session 170 and to recreate it visually. In other words: the analyst 210 is able to run through the particular user session 170 step by step and to display and evaluate each request 134 and each response 132 individually, as they occurred during the user session 170. In one preferred embodiment of the present invention, the analyzing device 220 reproduces the user session 170 by creating the various screen contents 120 which were presented to the client 110 during the user session 130 by the server environment 140. In this way, the analyst 210 is able to look at the same screen contents 120 as the client 110 observed during the user session 130. The analyst 210 is also able to evaluate each request made by the client 110 and each subsequent response 132 from the server environment 140. The analyst 210 can evaluate the user session 130 offline, i.e. after the user session 170 has ended, or in almost real time, i.e.
while the user session 170 is taking place. In the latter embodiment, the analyzing device 220 can retrieve hits 175 either from the audit memory 160 or, by bypassing the audit memory 160, directly from the audit data capture filter 150.
Since the components of the present invention have been described, the way in which the present invention works is now discussed. Figure 3 is a flowchart which, in accordance with one embodiment of the present invention, illustrates an operating cycle 300 of the audit data capture filter 150 when capturing requests 134 and responses 132 during a user session 130. In a step 310, the server environment 140 receives a request 134 from the client 110. In a step 320, the audit data capture filter 150 captures the request 134.
In one embodiment, this happens in the server environment 140. In particular, in this embodiment, the audit data capture filter 150 captures the request 134 from the server environment 140 after the server environment 140 receives the request 134, but before it processes the request 134. In one alternative embodiment, the server environment 140 can forward the request 134 to the audit data capture filter 150. In addition, further mechanisms exist which permit the audit data capture filter 150 to obtain access to the request 134. In any case, the capture of the request 134 does not disrupt or interrupt communication between the client 110 and the server environment 140.
In one alternative embodiment of the present invention, the audit data capture filter 150 captures the request 134 directly from the data transmission connection 125 without the collaboration or participation of the server environment 140.
In one preferred embodiment of the present invention, the capture of the request 134 includes capturing or determining particular environment data (not shown) which was associated with the client 110 and with the server environment 140 around the time at which the request 134 was transmitted or captured. This environment data contains parameters such as utilization level, extent of data traffic, status or other such information which is available on the data transmission connection 125 and is well known in the client/server environment 100. As discussed below, the environment data permits the analyzing device 220 to evaluate the influence of the client/server environment 100 on a particular user session 170.
In a step 330, the server environment 140 determines a response 132 to the request 134 from the client 110. In a step 340, the server environment 140 transmits the response 132 to the client 110. In a step 350, in accordance with one embodiment of the present invention, the audit data capture filter 150 captures the response 132 from the server environment 140 to the client 110. In one alternative embodiment, the server environment 140 can forward the response 132 to the audit data capture filter 150. In a further alternative embodiment of the present invention, the audit data capture filter 150 captures the response 132 directly from the data transmission connection 125. As discussed above with regard to capture of the request 134, in one preferred embodiment of the present invention, capturing the response 132 also comprises capturing environment data linked to the response 132.
Finally, the audit data capture filter 150 stores the captured request 134 and the captured response 132 as a hit 175 in the audit memory 160 in a step 360. In particular, each hit 175 (or each request/response pair) is stored in the audit memory 160 together with other hits associated with a particular user session 170.
In one alternative embodiment of the present invention, the audit data capture filter 150 stores the request 134 in the audit memory 160 as soon as it has been captured, instead of waiting for an associated response 132. The request 134 and the response 132 are thus each stored as soon as they are captured.
In accordance with one embodiment of the present invention, the audit data capture filter 150 captures or receives requests 134 and/or responses 132 from the server environment 140. In a practical implementation, the audit data capture filter 150 can be resident in the server environment 140 and can work in conjunction with it. In this implementation of the present invention, the client 110, in connection with the audit data capture filter 150, requires neither software, hardware or a combination of software and hardware nor any modification to its software or hardware.
In one alternative embodiment, the audit data capture filter 150 captures the requests 134 and the responses 132 directly from the data transmission connection 125. In this embodiment, in connection with the audit data capture filter 150, additional software or hardware is required neither in the client 110 nor in the server environment 140.
Figure 4 is a flowchart which illustrates the manner of operation 400 of the analyzing device 220, which, in accordance with one embodiment of the present invention, makes it possible to analyze a user session 170. In a step 410, the analyzing device 220 localizes a particular user session 170 in the audit memory 160.
In an alternative embodiment operating without an audit memory 160, the analyzing device 220 specifies to the audit data capture filter 150 a particular user session 170 which is to be analyzed.
The user session 170 can be localized using a multiplicity of mechanisms. Such mechanisms can permit the analyzing device to access the audit memory 160 on the basis of the date associated with a particular user session 170 being sought, and/or on the basis of the session number associated with a particular user session 170 being sought. However, the date and the session number may not be known in every case. It is evident to the person skilled in the art that the analyzing device 220 can provide other mechanisms for localizing the user session 170, e.g. searching the audit memory 160 for keywords, for identifiers (e. g.
data characterizing the client, such as the latter's user indentification) etc., or any other manner of searching the audit memory 160.
Once a user session 170 has been localized, the analyzing device 220 retrieves the request 134 from the audit memory 160 in a step 420. Equally, the analyzing device 220 retrieves the response 132, corresponding to the request 134, from the audit memory 160 in a step 430. As discussed above, in one alternative embodiment of the present invention, the analyzing device 220 can retrieve the request 134 and the response 132 directly from the audit data capture filter 150.
In one preferred embodiment of the present invention, when retrieving the request 134 and the response 132, the analyzing device 220 also retrieves associated environment data which may have been stored with each request 134 and response 132, as discussed above.
In a step 440, the analyzing device 220 uses the retrieved request 134 and the retrieved response 132, and also the retrieved environment data associated with each of them in the preferred embodiment, to recreate and present the screen content 120. In this way, the analyzing device 220 is able to present to the analyst 210 a dynamically created screen content 120 which is the same as that presented by the client 110 during the user session 130.
Figure 5 illustrates the step 440 in a preferred embodiment in more detail. In a step 510, the analyzing device 220 examines the environment data and other factors associated with the retrieved request 134 and with the retrieved response 132. In a step 520, the analyzing device 220 creates a screen content on the basis of the retrieved request 134 and of the retrieved response 132 and thus restores the screen content 120.
In a step 530, the analyzing device 220 displays the analyzed environment data and the created screen content to the analyst 210. This permits the analyst 210 to examine the restored screen content in connection with the environment factors which may have influenced the particular user session 170. In one preferred embodiment of the present invention, the recreated screen content is updated in a step 540 in order to reproduce the data entered by the user of the client 110. This data is obtained from a subsequent request 134 from the client 110 to the server environment 140 in the particular user session 170.
The analyzing device 220 is now discussed in more detail with reference to Figure 6. Said device comprises an analysis module 620, an analysis database 630 and an import module 640. The import module 640 retrieves significant information from the unprocessed data stored for the user session 170 in the audit memory 160 so that the analyst 210 can use said information. In one preferred embodiment, the import module 640 retrieves information from hits 175 in the user session 170 which are stored in the audit memory 160 and stores it in the analysis database 630 in a particular format unique to the analysis database 630.
By way of example, in one application, the import module 640 retrieves information from hits 175 which have been captured in an Internet environment, whereas, in another application, it retrieves information from hits 175 which have been captured in an SAP R/3 environment. This allows the import module 640 to retrieve session data associated with a multiplicity of clients 110 and server environments 140 and to combine it in a central, standardized database, such as the analysis database 630. This means that analysis tools (e.g. the analysis module 620) used subsequently can analyze the session data regardless of the format of the captured hits 175. Owing to the fact that they use the common format of the analysis database 630, analysis tools can additionally carry out useful comparisons of the session data available from various clients 110, server environments 140, applications etc.
In one preferred embodiment of the present invention, the data stored in the analysis database 630 contains relevant data, comprising the request 134 and the response 132, and the associated environment data.
This data contains information which is linked to the client 110 and to the server environment 140 and is derived from these, and also the communication protocols used and further relevant information familiar to a person involved with different network protocols.
In one preferred embodiment of the present invention, the analysis database 630 has two sets of tables for each application in the client/server environment 100. The first set of tables is called OLAP
("Online Analytical Processing") analysis tables. They are designed and optimized for provisional OLAP
analysis. In one preferred embodiment of the present invention, the OLAP analysis tables have a star structure and are fully indexed. Figure 9 illustrates a preferred embodiment of a star structure for hits which were captured in an Internet environment or in a Web-based environment, while Figure 10 illustrates a preferred embodiment of a star structure for hits which were captured in an SAP R/3 environment.
The second set of tables in the analysis database 630 is called session presentation/analysis tables. The session presentation/analysis tables are designed and optimized for visually recreating the user session 130 and carrying out session-specific analysis.
The session presentation/analysis tables contain all the information for the hits and also information about the recreation of available sessions and information retrieved from the identification of the session.
Figure 11 illustrates a preferred embodiment of a presentation table for hits which were captured in the (Web-based) Internet environment, while Figure 12 illustrates a preferred embodiment of a presentation table for hits which were captured in an SAP R/3 environment.
Figure 13 illustrates a data structure of a dimension buffer in accordance with an embodiment of the present invention. The dimension buffer data structure is useful for accelerating the OLAP analysis.
In one embodiment of the present invention, the import module 640 also stores information from the audit memory 160 in an archive (not shown). The archive is preferably a more permanent memory device. The information stored in the archive can be unprocessed data, as stored in the audit memory 160, or it can be data from the audit memory 160 which has been freed of unessential information not linked to the function or the manner of operation of the analyzing device 220. In every case, the information stored in the archive is indexed on the basis of the session identification number associated with each user session 130. Since the identification of each session is unique and is not repeated, the archive can store user sessions 170 from a multiplicity of sources and from a multiplicity of applications without there being any risk of a conflict entailing the loss of data.
The analysis module 620 is now described in more detail with reference to Figure 7. It comprises a global analysis module 710 and a presentation module 720. The presentation module 720 comprises a module for specific analysis module 730, an intelligent parser module 740 and a presentation component 750.
The global analysis module 710 permits the analyst 210 to carry out dynamic analysis of user sessions 170 which are stored in the analysis database 630 and originate from various clients 110, server environments 140 and various applications running in the client/server environment 100. By way of example, the global analysis module 110 permits the analyst 210 to analyze user sessions 170 for all the clients 110 which have accessed a particular site in the server environment 140. In another example, the global analysis module 710 permits the analyst 210 to analyze user sessions 170 for a particular client 110 which has accessed a multiplicity of sites in various server environments 140. In a further example, the global analysis module 710 permits the analyst 210 to analyze all user sessions 170 for all clients 110 in all server environments 140 which have resulted in goods being purchased on a particular day. These are merely examples of how the global analysis module 710 can access the analysis database 630, the only restriction being the scope of information available in the analysis database 630 itself.
The presentation module 720 is used for recreating a particular user session 130 visually, for carrying out session level analysis and for presenting the user session to the analyst 210. As mentioned above, the presentation module 720 comprises a component for specific analysis 730, an intelligent parser module 740 and a presentation component 750. The component for specific analysis 730 provides statistical information associated with a particular dynamically created screen content 120, and environment data which is associated with this screen content at the instant of its being created and/or displayed for the client 110. In one preferred embodiment of the present invention, the component 730 for specific analysis also calculates overloads in the client/server environment 100 on the server 140 or on the data transmission line 125 for the instant at which the screen content 120 was made available to the client 110 by the server environment 140.
The presentation component 750 is responsible for physically presenting the user session 170. In particular, the presentation component 750 provides the analyst 210 with means for going through the user session 170 and displaying the statistical data provided by the component for specific analysis 730. In one preferred embodiment of the present invention, a dedicated presentation component 750 exists for each client/server application. For HTML and XML, the presentation component 750 comprises a web browser. For SAP R/3, the presentation component 750 is a constituent part of a modified version of a user interface used by SAP R/3. For other applications, the presentation component 750 comprises a suitable presentation program. In other words: the specific presentation component 750 is used on the basis of a particular client/server application.
The intelligent parser module 740 scans the analysis database 630 to establish whether it contains HTML. If this is the case, the intelligent parser module 740 establishes whether the HTML contains data fields which permit the intelligent parser module 740 to change the value of the fields securely when there is a subsequent user request 134. In this way, the analyst 210 is able to observe data which has been entered by the client 110 on the basis of the dynamically created screen content 120, as it occurred during the user session 130. In one preferred embodiment of the present invention, the intelligent parser module 740 does not implement this function for password fields, for security reasons.
In the embodiment described, the present invention stores all requests 134 and responses 132 occurring between the client 110 and the server environment 140.
However, this approach is not necessary in all client/server environments 100, and is perhaps also not desirable. In alternative embodiments, the audit data capture filter 150 stores requests 134 and responses 132 in the audit memory 160 only when a significant event occurs. By way of example, in one embodiment, requests 134 and responses 132 are stored in the audit memory 160 only when a purchase has been made. In this example, the purchase is a significant event. In another embodiment of the present invention, significant events can be subdivided further. For example, a set of session data is stored for those clients 110 purchasing goods with a value of 10 million dollars or more, while another set of session data is stored for those clients 110 purchasing goods having a particular value. This embodiment of the present invention eliminates from the audit memory 160 a large part of the data which is linked to "surfing" or "browsing" or to other insignificant events and would otherwise be stored. In other embodiments of the present invention, such data associated with "surfing"
or "browsing" can be useful, however, for establishing particular behavior patterns (e.g. while shopping), and it may be desirable to store this data in the audit memory 160. The specific significant events triggering the storage of session data in the audit memory 160 may vary from application to application.
In embodiments of the present invention which use such significant events as a criterion for storing session data, the requests 134 and the responses 132 are preferably temporarily stored in a temporary memory until the significant event occurs. As soon as the significant event occurs, the requests 134 and the responses 132 are transferred from the temporary memory to the audit memory 160. This process of transferring the requests 134 and the responses 132 from the temporary memory to the audit memory 160 is called "entering" the requests 134 and the responses 132 into the audit memory 160. Other methods for entering the session data (i.e. the requests 134 and the responses 132) into the audit memory 160 are available. By way of example, session data can be stored in the audit memory 160 before the significant event and marked as temporary or provisional, or labeled in another way. As soon as the significant event occurs, this data is labeled as entered. If the significant event does not occur, this data is subsequently erased or made illegible.
Against this background, the storage procedure 360 is now described with reference to Figure 8 in accordance with such an embodiment of the present invention. In a step 810, the audit data capture filter 150 stores a request/response pair in a temporary database or in a temporary memory. In a decision step 820, the audit data capture filter 150 establishes whether a significant event has occurred. If this is the case, the audit data capture filter 150 enters the request/response pairs stored in the temporary database or in the temporary memory into the audit memory 160 in a step 830. At a particular instant, the audit data capture filter 150 erases the temporary database or the temporary memory if the request/response pair has not been entered in the temporary database or the temporary memory.
One embodiment of the present invention, in which an encryption process is used to protect data which is stored in the audit memory 160, is now described with reference to Figures 14 to 18. Figure 14 illustrates a client/server environment 1400 in which encryption is used to protect the data stored in the audit memory 160. In addition to the elements discussed above with regard to the client/server environment 100, the client/server environment 1400 comprises an audit encryption module 1410, and, in a preferred embodiment, a data processing unit 1420 which is audited by a trustworthy third party and is called the "third party".
In one embodiment of the present invention, the audit data capture filter 150 observes the data transmission connection 125 in order to capture data transfers (i.e. requests 134 and responses 132) between the client 110 and the server environment 140. As before, the audit data capture filter 150 captures the request 134 from the client to the server environment 140 and the response 132 from the server environment 140 to the client 110. Instead of storing the captured request 134 and the captured response 132 in the audit memory 160, the audit data capture filter 150 transfers the captured request 134 and the captured response 132 to the audit encryption module 1410, which encrypts the captured request 134 and the captured response 132 in order to protect the confidentiality of data transfers and to provide security between the client 110 and the server environment 140 during the user session 130. The audit encryption module 1410 stores the encrypted request 134 and the encrypted response 132 in the audit memory 160 as described above.
In one preferred embodiment of the present invention, the encryption is carried out such that neither the client 110 nor the server environment 140 are able to decrypt encrypted requests 134 and encrypted responses 132 without the consent or cooperation of the other. This embodiment provides not only confidentiality and security for communication between the client 110 and the server environment 140, but also provides a mechanism which allows both the client 110 and the server environment 140 to verify that a particular sequence of events or transactions has taken place during a particular user session 130.
These features are discussed in more detail further below.
Access to the encrypted requests 134 and to the encrypted responses 132 is now discussed with reference to Figure 15. In order to be able to access the encrypted requests 134 and encrypted responses 132 in the audit memory 160, the analyzing device 220 first needs to access an audit encryption module 1510 during analysis of a user session 170. In particular, the analyst 210 needs to determine or have transmitted to him a decryption key which can be used to decrypt the user session 170. When the decryption key has been restored, the audit decryption module 1510 can decrypt the encrypted user session 170, so that requests 134 and responses 132 which it contains can be analyzed as discussed above. As described, in some embodiments of the present invention, the decryption key and the encryption key are the same. Hence, these terms can often be interchanged with one another. However, the present invention also relates to embodiments in which the encryption key and the decryption key are not the same.
Various encryption/decryption systems have been developed and are known in encryption technology. These systems can be used to provide encryption keys and/or decryption keys for use in the present invention.
Preferably, the encryption method ensures so-called "non-repudiation", i.e. it ensures that the sender is not able to question the fact that a message which has arrived at the receiver has been sent. In this case, the source of the message is demonstrable.
Figure 16 illustrates the operation 1600 during encryption of a user session 130 in accordance with an embodiment of the present invention. In a step 1610, a client 110 starts a session 130 with a server environment 140. This is achieved, for example in an Internet application, by virtue of the client 110 first accessing a particular URL linked to the server environment. Typically, this access encompasses a first request 134 from the client 110 to the server environment 140. The audit data capture filter 150 establishes that the first request 134 is not associated with another existing user session 130, and informs the audit encryption module 1410 that a new user session 130 has been started.
When a new user session 130 has been started, the audit encryption module 1410 produces, in a step 1620, an encryption key in accordance with one of the various known encryption methods. In a step 1630, the encryption key is split into two or more parts. This is again done using various known methods, so that the encryption key can be restored only from all the parts, or in some cases from a majority of the parts. By way of example, in one embodiment of the present invention, the encryption key comprises a string which can be divided into two or more string parts. In this embodiment, the string parts can be assembled again in order to restore the encryption key. In another embodiment, the encryption key contains a numerical value from which the parts can be calculated. In this embodiment, the encryption key can be calculated from the parts and restored as a result of this. In some embodiments of the present invention, the parts of the encryption key are first determined and the encryption key is determined after that from the parts. Other methods may also be used, however.
In a step 1640, the parts of the encryption key are transmitted to the subscribers in the user session 130. In one embodiment of the present invention, a first part of the encryption key is transmitted to the client 110 and a second part is transmitted to the server environment 140. In embodiments of the present invention in which a multiplicity of clients 110 are involved in one user session 130 with the server environment 140, the encryption key is split into as many parts as there are subscribers in the user session 130, including the server environment 140, and is appropriately transmitted, so that a part of the encryption key is delivered to each subscriber.
The parts of the encryption key can be transmitted in a number of different ways. In one embodiment, the parts of the encryption key are transmitted to the subscribers electronically using a secure or confidential communication channel. In another embodiment, the parts of the encryption key are sent to the subscribers physically by post or using other such communication paths. There are also various other methods for distributing the parts of the encryption key.
In one embodiment of the present invention, the audit encryption module 1410 delivers to each subscriber not only the part of the encryption key but also identification information which can be used to localize a particular encrypted user session 170 associated with the respective part of the encryption key. In one embodiment, the encryption key itself is sufficient to identify the encrypted user session 170 with which it is associated. In another embodiment of the invention, a user session identifier which identifies the encrypted user session 170 is delivered to the subscriber together with the respective part of the encryption key. In yet other embodiments, information used in Internet protocols (e.g. in the form of a "cookie") can be used to identify the encrypted user session 170. Various other methods for identifying the encrypted user session 170 are available.
In a step 1650, the audit encryption module 1410 encrypts the user session 130 using the encryption key which was produced in step 1620. In a step 1660, the user session 170 is stored in the audit memory 160.
In one embodiment of the present invention, the user session 170 is stored in the audit memory 160 together with identification information, so that the encrypted user session can be localized, as discussed above.
The purpose of transmitting parts of the encryption key to the various subscribers in the user session 130, as discussed above with reference to step 1640, is to ensure that an individual subscriber is not able to access the encrypted user session 170 without the permission or knowledge of the other subscribers.
To this extent, the invention works in a similar manner to a safe-deposit box. In order to be able to access the content of the safe-deposit box, two keys are required: one is held by the bank and one is held by the owner of the content of the safe-deposit box.
Neither the bank nor the owner can access the content of the safe-deposit box alone; the cooperation of both is required.
In one embodiment of the present invention, both the client 110 and the server environment 140 each have a pair of keys comprising a public key and a private key. In this embodiment, the public keys (which are generally known and are therefore called "public") are in each case used to encrypt the user session 130 individually and successively. By way of example, a request 134 is first encrypted using a public key associated with the client 110. The resultant encrypted information is encrypted by a public key associated with the server environment 140. In this embodiment, the private keys of both the client 110 and the server environment 140 are used to restore the request 134.
Figure 17 illustrates step 1620 in accordance with a preferred embodiment of the present invention in more detail. In particular, Figure 17 shows how an encryption key can be created. then a user session 130 has been started, the audit encryption module 1410 collects information associated with the user session 130 in a step 1710. This information is dependent on the application. By way of example, it may comprise an IP address for the client 110 and an IP address for the server environment 140, a date and/or time identification for the request 134, a user name and/or other information linked to the user session 130. This information is collected and assembled to form a string, which is called "collected information string"
here.
In a step 1720, the audit encryption module 1410 signs the collected information string in accordance with known methods using a private signature. In a step 1730, the collected information string is encrypted to form the final encryption key.
The order in which the step 1720 and the step 1730 are carried out can be reversed. The final encryption key, which is a string in the preferred embodiment of the present invention, is used to encrypt the user session 130.
The way in which the audit decryption module 1510 works is described with reference to Figure 18. In a step 1810, the audit decryption module 1510 localizes the user session 170 which the analyst 210 wishes to analyze. In one embodiment, the analyst 210 enters identification information into the audit decryption module 1510, and this identification information permits the audit decryption module 1510 to localize the encrypted user session 170 which the analyst 210 wishes to analyze. In another embodiment, the identification information can be part of the encryption key itself. Other embodiments use other identification information, as has been discussed above.
In a step 1820, the audit decryption module 1510 collects the parts of the encryption key from all the subscribers associated with the user session 170.
As discussed above, the audit decryption module 1510 needs to collect the respective part of the decryption key from each of the subscribers (or, in some embodiments, from a majority of the subscribers).
In a step 1830, the parts of the encryption key are combined in order to restore it. As discussed above, the parts in embodiments which use a string to define the encryption key are lined up next to one another in order to restore the encryption key. In embodiments which use a numerical value as the encryption key, the encryption key is calculated from the parts.
In a step 1840, the audit decryption module 1510 uses various known methods to verify the integrity of the encryption key and of the encrypted user session 170, in order to ensure that no corruption has taken place.
In a step 1850, the audit decryption module 1410 [sic] uses the decryption key to decrypt the encrypted user session 170. When it is decrypted, the analyst 210 is able to analyze the requests 134 and the responses 132 as discussed above.
Instead of encrypting a complete user session 130 in the manner described above, or in addition to this, various embodiments of the present invention can be used to encrypt and store particular events which have occurred during the user session 130. These embodiments of the present invention are used in connection with the event verification. The event verification provides a reliable and checkable method of proving that a particular event has occurred during the user session 130. By way of example, in the case of an electronic purchase of goods, it may be useful for both parties to the purchase transaction to prove that the transaction has taken place. By encrypting and storing the request 134, which contains the statement "I agree to purchase X products at a particular price D", each party can later prove that the transaction has taken place once a suitable part of the encryption key has been transmitted to the audit decryption module 1510. Event verification can be of use, for example, in the case of the encryption and storage of significant events, discussed above.
The procedure for the event verification in accordance with a preferred embodiment of the present invention is now described with reference to Figure 19.
In a step 1910, a client 110 sends a request 134 to a server environment 140. In one embodiment, the request 134 contains a significant event, e.g. "I agree to the purchase". In other embodiments, each request 134 in the user session 130 may be processed in the manner described.
In a step 1920, the server environment 140 (called "SERVER" in Figure 19) receives the request 134. In a step 1930, the server environment 140 collects information associated with the received request 134, as described above with reference to step 1710. In a step 1940, the server environment 140 signs the collected information, as described above with reference to step 1720. Signing the collected information acknowledges receipt of the request 134 by the server environment 140, which prevents subsequent corruption attempts by a third party.
In a step 1950, the server environment 140 encrypts the signed information, as described above with reference to step 1730, in order thereby to create an encryption key. In a step 1960, the server environment splits the key into two (or more) parts, as described above. In a step 1970, the server environment 140 delivers a first part of the key to the client 110.
In a step 1980, the server environment 140 delivers a second part of the key to the audit memory 160 in order to record the event for its own purposes. In another embodiment of the present invention, the server environment stores both the first part and the second part of the encrypted information in the audit memory 160. In a step 1990, the server environment 140 sends a response 132 to the client 110 in response to the request 134, as described above.
The procedure for the event verification is now described further with reference to Figure 20. In a step 2010, the server environment 140 identifies an event which is to be verified. By way of example, a client 110 may require acknowledgement of the fact that he has placed an order on a particular day. The server environment 140 scans the audit memory 160 on the basis of identification information, such as an IP address, a date, a transaction type or other such identification information, as was discussed above. The identification information may alternatively also be the first part of the encryption key delivered to the client 110 in step 1970, as discussed above.
In a step 2020, the server environment 140 retrieves the first part of the encryption key from the client 110. In a step 2030, the server environment 140 retrieves the second part of the encryption key from the audit memory 160. In a step 2040, the server environment 140 combines the two parts of the encryption key with one another. In a step 2050, the server environment 140 decrypts the encryption key in order to obtain the signed information. In a step 2060, the server environment 140 uses the signed information to verify that a particular event has occurred, namely that the client 110 has sent a particular request 134.
Figures 14 to 20 have been described above in connection with the server environment 140, which carries out various operations linked to the creation of keys, to the encryption of information, to the decryption of information etc. In this context, it is assumed that the server environment 140 is trustworthy.
In other words, the server environment 140 carries out no action or operation which could corrupt the intended function of the present invention (e. g. corrupting events, delivering incorrect parts of the encryption key, delivering incorrect information relating to events etc.).
However, this assumption may not be true for server environments 140. By way of example, clients 110 may not trust the server environment to operate correctly and with integrity in all situations. In some embodiments of the present invention, an independent, trustworthy third party (such as the third party 1420 illustrated in Figures 14 and 15) may be used. In these embodiments of the present invention, particularly the operations and functions of the audit encryption module 1410 and of the audit decryption module 1510 are carried out by the third party 1420. By way of example, the third party 1420 may carry out the following operations: creating an encryption key, dividing the encryption key into parts, transmitting the parts of the encryption key to the subscribers and encrypting the user session (steps 1620 to 1650 in Figure 16);
collecting the parts of the encryption key from the subscribers, combining the parts to restore the encryption key, verifying the integrity of the encryption key and of the encrypted session and decrypting the encryption key (steps 1820 to 1850 in Figure 18); encrypting the signed information using an encryption key, splitting the encryption key into two parts, sending a first part to the client (steps 1950 to 1970 in Figure 19); and retrieving the parts of the encryption key from the client and from the server environment, combining the parts to restore the encryption key, decrypting the encryption key and verifying that a particular event has occurred (steps 2020 to 2060 in Figure 20) . This list is not intended to give a complete enumeration of the steps which may be carried out by the third party 1420. Instead, the list is illustrative of the steps which the third party 1420 in accordance with the present invention may carry out. They are illustrative of the steps which a client 110 may not wish to entrust to a server environment 140, particularly in situations in which he has a negative view or a potentially negative view of the server environment 140. In any case, it is evident how the present invention can be modified by involving a third party 1420.
One advantage when using the third party 1420 is achieved by allowing the third party 1420 to store all the parts of the encryption key and/or the encryption key as a whole. In this way, the third party 1420 is always able to restore the encrypted session 170 or parts thereof if the parts of the encryption key which have been delivered to the client 110 or to the server environment 140 are lost, or if one of the subscribers refuses to cooperate.
The description of the present invention additionally assumes that requests 134 can always be assigned to a particular client 110. In fact, requests 134 during actual operation can be definitively assigned to only one particular computer or terminal, however. In particular, requests 134 in an IP
environment can be identified as originating from a particular IP address uniquely associated with a particular computer, while requests 134 in a dedicated environment can be identified as originating from a particular terminal. There is therefore a need for additional security protocols which effectively restrict access to a particular computer or a particular terminal, such as passwords, security smartcards, fingerprint scans, retinal scans, etc., so that a request 134 coming from the computer or the terminal can be unquestionably assigned to a particular client 110.
Since the invention has been described in detail and with reference to specific embodiments, it is obvious to a person skilled in the art that various changes and modifications can be made without departing from the scope of protection of the invention. The present invention therefore also relates to modifications and variations of the invention, provided that these modifications and variations lie within the scope of protection of the appended claims and their equivalents.
Figure 14 illustrates the capture and encryption of session data in a client/server environment in accordance with an embodiment of the present invention;
Figure 15 illustrates the decryption and analysis of captured session data in an audit environment in accordance with an embodiment of the present invention;
Figure 16 illustrates the manner of operation of the audit encryption module in accordance with an embodiment of the present invention;
Figure 17 illustrates the step of "creating an encryption key" in accordance with a preferred embodiment of the nre~ent invention;
Figure 18 illustrates the manner of operation of the audit decryption module in accordance with an embodiment of the present invention;
Figure 19 illustrates the verification of an event in accordance with an embodiment of the present invention; and Figure 20 illustrates the verification of an event in accordance with a further embodiment of the present invention.
In a client/server environment 100, as shown in Figure 1, a client 110 communicates with a server environment 140 via a data transmission connection 125.
The server environment 140 can, of course, comprise a single network server or a plurality of servers running in conjunction with one another.
A particular set of related data transfers between the client 110 and the server environment 140 is called a user session 130. The user session 130 comprises a series of requests 134 from the client 110 to the server environment 140 and a series of responses 132 from the server environment 140 to the client 110 as reactions to the requests 134. A particular request 134 and the associated response 132 are in this case referred to as one hit 135 or as a request/response pair. During a user session 130, the client 110 can access the server environment 140 in various ways, as is known.
The client 110 accesses the server environment 140 using a dynamically created screen content 120 which indicates information originating from the server environment 140 to the client 110 for a particular network application. On the basis of requests 134 and responses 132, the server environment 140 supplies information for updating the dynamically created screen content 120. In accordance with one embodiment of the present invention, the screen content 120 is dynamically created by a client 110 workstation (not shown) on the basis of information contained in the response 132 from the server environment 140. In one embodiment of the present invention, the dynamically created screen content 120 is created by the workstation on the basis of a response 132 which uses a markup language, such as HTML (Hypertext Markup Language), XML (Extensible Markup Language), SGML
(Standard Generalized Markup Language) and the like, as used in various client/server environments 100. In an alternative embodiment of the present invention, the dynamically created screen content 120 is created by a client 110 workstation on the basis of a response 132 containing information which is compatible with formats used in a dedicated online environment, such as an SAP
R/3 environment.
The discussion below is based on a client/server environment 100 working in an Internet based or Web-based environment. However, the present invention naturally also relates to a system in which the client 110 is hardwired directly to the server environment 140, as is the case in the SAP R/3 7 _ environment, for example. It is evident to a person skilled in the art how the discussion below can be transferred to such hardwired or "dedicated" systems.
In accordance with the present invention, an audit data capture filter 150 monitors the data transmission connection 125 in order to capture messages (i.e. requests 134 and responses 132) between the client 110 and the server environment 140. In particular, the audit data capture filter 150 captures the request 134 from the client 110 to the server environment 140 and the response 132 from the server environment 140 to the client 110. In one embodiment of the present invention, the audit data capture filter 150 captures the request 134 in the data transmission connection 125 after the server environment 140 has received the request 134, but before it has processed the request 134. In this embodiment of the present invention, the audit data capture filter 150 captures the response 132 after the server environment 140 has processed the request 134 and has determined the response 132, but before it dispatches the response 132. Of course, the capture function of a preferred audit data capture filter 150 should not disrupt or interrupt communication between the client 110 and the server environment 140.
In the embodiment of the present invention previously described, the server environment 140 has the modifications which are necessary in order to permit the audit data capture filter 150 to access the requests 134 and the responses 132. In other words: the server environment 140 uses known means to provide the hooks for the session data for the audit data capture filter 150. In this embodiment, the audit data capture filter 150 captures the requests 134 and the responses 132 in collaboration with the server environment 140, and possibly with the aid of its active participation.
In one alternative embodiment of the present invention, the audit data capture filter 150 does not require the modifications to the server environment 140 which are discussed above. In this embodiment, the audit data capture filter 150 captures the requests 134 and the responses 132 directly from the data transmission connection 125. The server environment 140 operates without regard to the presence of the audit data capture filter 150 in this case.
The audit data capture filter 150 stores the captured request 134 and the captured response 132 in an audit memory 160. In one preferred embodiment, a captured request 134 and a captured response 132 are stored as one hit 135. The audit memory 160 naturally has a memory device, for example a disk drive, a R.AM or another such memory device. In some preferred embodiments of the present invention, the audit memory 160 stores all the hits 135 in a particular user session 130 as stored hits 175 for a stored user session 170. In other words: the series of captured requests 134 and captured responses 132 contained in a particular user session 130 are altogether stored as a stored user session 170.
In one embodiment of the present invention, the user session 130 is conducted via an Internet. In this case, the client 110 and the server environment 140 are not actively connected (i.e. the connection is effectively broken) after each transmission (i.e. after each request 134 from the client 110 to the server environment 140 and after each response 132 from the server environment 140 to the client 110). In such an application, a unique identification of the session (also called status identification in this case) is used to identify a particular client 110 each time it accesses the server environment 140. The identification of the session is transmitted with each request 134 in order to determine the user context unambiguously.
Owing to the fact that the server environment 140 uses the identification of the session to assign each request 134 to a particular client 110, the server environment 140 is able to handle the client 110 over the Internet as if the client 110 were constantly connected to the server environment 140.
In a second embodiment of the present invention, the client 110 and the server environment 140 are constantly connected via a dedicated data transmission connection 125. In this embodiment of the present invention, identification of the session is not necessary for each request 134; instead, the session is identified implicitly with each transmission between the client 110 and the server environment 140, since the connection is effected by the dedicated data transmission connection 125.
As discussed above, a series of requests 134 and responses 132 in a user session 130 between the client 110 and the server environment 140 is stored in the audit memory 160 as stored hits 175 in the stored user session 170. As discussed with regard to Figure 2, an analyzing device 220 enables an analyst 210 to analyze the user session 170. The analyst 210 can, by way of example, evaluate the user session 170 to establish how the client 110 moves through a particular network application to arrive at a particular result.
Such evaluation is useful, for example, in the case of commercial (e-commerce) Internet applications. In the context of such applications, application developers are interested in understanding how a client 110 moves through a particular application to arrive at a particular result, such as making a purchase. The present invention permits the analyst 210 to evaluate the particular application for various clients 110 at different times etc.
In another example, the analyst 210 can evaluate the user session 170 to isolate errors which have arisen during the user session 130. In this example, he is able to recreate the entire user session 130 in order to identify and isolate a problem which has arisen for a particular network application.
As Figure 2 shows, the analyst 210 uses the analyzing device 220 to access the audit memory 160. In particular, the analyst 210 is able to access a particular user session 170 and to recreate it visually. In other words: the analyst 210 is able to run through the particular user session 170 step by step and to display and evaluate each request 134 and each response 132 individually, as they occurred during the user session 170. In one preferred embodiment of the present invention, the analyzing device 220 reproduces the user session 170 by creating the various screen contents 120 which were presented to the client 110 during the user session 130 by the server environment 140. In this way, the analyst 210 is able to look at the same screen contents 120 as the client 110 observed during the user session 130. The analyst 210 is also able to evaluate each request made by the client 110 and each subsequent response 132 from the server environment 140. The analyst 210 can evaluate the user session 130 offline, i.e. after the user session 170 has ended, or in almost real time, i.e.
while the user session 170 is taking place. In the latter embodiment, the analyzing device 220 can retrieve hits 175 either from the audit memory 160 or, by bypassing the audit memory 160, directly from the audit data capture filter 150.
Since the components of the present invention have been described, the way in which the present invention works is now discussed. Figure 3 is a flowchart which, in accordance with one embodiment of the present invention, illustrates an operating cycle 300 of the audit data capture filter 150 when capturing requests 134 and responses 132 during a user session 130. In a step 310, the server environment 140 receives a request 134 from the client 110. In a step 320, the audit data capture filter 150 captures the request 134.
In one embodiment, this happens in the server environment 140. In particular, in this embodiment, the audit data capture filter 150 captures the request 134 from the server environment 140 after the server environment 140 receives the request 134, but before it processes the request 134. In one alternative embodiment, the server environment 140 can forward the request 134 to the audit data capture filter 150. In addition, further mechanisms exist which permit the audit data capture filter 150 to obtain access to the request 134. In any case, the capture of the request 134 does not disrupt or interrupt communication between the client 110 and the server environment 140.
In one alternative embodiment of the present invention, the audit data capture filter 150 captures the request 134 directly from the data transmission connection 125 without the collaboration or participation of the server environment 140.
In one preferred embodiment of the present invention, the capture of the request 134 includes capturing or determining particular environment data (not shown) which was associated with the client 110 and with the server environment 140 around the time at which the request 134 was transmitted or captured. This environment data contains parameters such as utilization level, extent of data traffic, status or other such information which is available on the data transmission connection 125 and is well known in the client/server environment 100. As discussed below, the environment data permits the analyzing device 220 to evaluate the influence of the client/server environment 100 on a particular user session 170.
In a step 330, the server environment 140 determines a response 132 to the request 134 from the client 110. In a step 340, the server environment 140 transmits the response 132 to the client 110. In a step 350, in accordance with one embodiment of the present invention, the audit data capture filter 150 captures the response 132 from the server environment 140 to the client 110. In one alternative embodiment, the server environment 140 can forward the response 132 to the audit data capture filter 150. In a further alternative embodiment of the present invention, the audit data capture filter 150 captures the response 132 directly from the data transmission connection 125. As discussed above with regard to capture of the request 134, in one preferred embodiment of the present invention, capturing the response 132 also comprises capturing environment data linked to the response 132.
Finally, the audit data capture filter 150 stores the captured request 134 and the captured response 132 as a hit 175 in the audit memory 160 in a step 360. In particular, each hit 175 (or each request/response pair) is stored in the audit memory 160 together with other hits associated with a particular user session 170.
In one alternative embodiment of the present invention, the audit data capture filter 150 stores the request 134 in the audit memory 160 as soon as it has been captured, instead of waiting for an associated response 132. The request 134 and the response 132 are thus each stored as soon as they are captured.
In accordance with one embodiment of the present invention, the audit data capture filter 150 captures or receives requests 134 and/or responses 132 from the server environment 140. In a practical implementation, the audit data capture filter 150 can be resident in the server environment 140 and can work in conjunction with it. In this implementation of the present invention, the client 110, in connection with the audit data capture filter 150, requires neither software, hardware or a combination of software and hardware nor any modification to its software or hardware.
In one alternative embodiment, the audit data capture filter 150 captures the requests 134 and the responses 132 directly from the data transmission connection 125. In this embodiment, in connection with the audit data capture filter 150, additional software or hardware is required neither in the client 110 nor in the server environment 140.
Figure 4 is a flowchart which illustrates the manner of operation 400 of the analyzing device 220, which, in accordance with one embodiment of the present invention, makes it possible to analyze a user session 170. In a step 410, the analyzing device 220 localizes a particular user session 170 in the audit memory 160.
In an alternative embodiment operating without an audit memory 160, the analyzing device 220 specifies to the audit data capture filter 150 a particular user session 170 which is to be analyzed.
The user session 170 can be localized using a multiplicity of mechanisms. Such mechanisms can permit the analyzing device to access the audit memory 160 on the basis of the date associated with a particular user session 170 being sought, and/or on the basis of the session number associated with a particular user session 170 being sought. However, the date and the session number may not be known in every case. It is evident to the person skilled in the art that the analyzing device 220 can provide other mechanisms for localizing the user session 170, e.g. searching the audit memory 160 for keywords, for identifiers (e. g.
data characterizing the client, such as the latter's user indentification) etc., or any other manner of searching the audit memory 160.
Once a user session 170 has been localized, the analyzing device 220 retrieves the request 134 from the audit memory 160 in a step 420. Equally, the analyzing device 220 retrieves the response 132, corresponding to the request 134, from the audit memory 160 in a step 430. As discussed above, in one alternative embodiment of the present invention, the analyzing device 220 can retrieve the request 134 and the response 132 directly from the audit data capture filter 150.
In one preferred embodiment of the present invention, when retrieving the request 134 and the response 132, the analyzing device 220 also retrieves associated environment data which may have been stored with each request 134 and response 132, as discussed above.
In a step 440, the analyzing device 220 uses the retrieved request 134 and the retrieved response 132, and also the retrieved environment data associated with each of them in the preferred embodiment, to recreate and present the screen content 120. In this way, the analyzing device 220 is able to present to the analyst 210 a dynamically created screen content 120 which is the same as that presented by the client 110 during the user session 130.
Figure 5 illustrates the step 440 in a preferred embodiment in more detail. In a step 510, the analyzing device 220 examines the environment data and other factors associated with the retrieved request 134 and with the retrieved response 132. In a step 520, the analyzing device 220 creates a screen content on the basis of the retrieved request 134 and of the retrieved response 132 and thus restores the screen content 120.
In a step 530, the analyzing device 220 displays the analyzed environment data and the created screen content to the analyst 210. This permits the analyst 210 to examine the restored screen content in connection with the environment factors which may have influenced the particular user session 170. In one preferred embodiment of the present invention, the recreated screen content is updated in a step 540 in order to reproduce the data entered by the user of the client 110. This data is obtained from a subsequent request 134 from the client 110 to the server environment 140 in the particular user session 170.
The analyzing device 220 is now discussed in more detail with reference to Figure 6. Said device comprises an analysis module 620, an analysis database 630 and an import module 640. The import module 640 retrieves significant information from the unprocessed data stored for the user session 170 in the audit memory 160 so that the analyst 210 can use said information. In one preferred embodiment, the import module 640 retrieves information from hits 175 in the user session 170 which are stored in the audit memory 160 and stores it in the analysis database 630 in a particular format unique to the analysis database 630.
By way of example, in one application, the import module 640 retrieves information from hits 175 which have been captured in an Internet environment, whereas, in another application, it retrieves information from hits 175 which have been captured in an SAP R/3 environment. This allows the import module 640 to retrieve session data associated with a multiplicity of clients 110 and server environments 140 and to combine it in a central, standardized database, such as the analysis database 630. This means that analysis tools (e.g. the analysis module 620) used subsequently can analyze the session data regardless of the format of the captured hits 175. Owing to the fact that they use the common format of the analysis database 630, analysis tools can additionally carry out useful comparisons of the session data available from various clients 110, server environments 140, applications etc.
In one preferred embodiment of the present invention, the data stored in the analysis database 630 contains relevant data, comprising the request 134 and the response 132, and the associated environment data.
This data contains information which is linked to the client 110 and to the server environment 140 and is derived from these, and also the communication protocols used and further relevant information familiar to a person involved with different network protocols.
In one preferred embodiment of the present invention, the analysis database 630 has two sets of tables for each application in the client/server environment 100. The first set of tables is called OLAP
("Online Analytical Processing") analysis tables. They are designed and optimized for provisional OLAP
analysis. In one preferred embodiment of the present invention, the OLAP analysis tables have a star structure and are fully indexed. Figure 9 illustrates a preferred embodiment of a star structure for hits which were captured in an Internet environment or in a Web-based environment, while Figure 10 illustrates a preferred embodiment of a star structure for hits which were captured in an SAP R/3 environment.
The second set of tables in the analysis database 630 is called session presentation/analysis tables. The session presentation/analysis tables are designed and optimized for visually recreating the user session 130 and carrying out session-specific analysis.
The session presentation/analysis tables contain all the information for the hits and also information about the recreation of available sessions and information retrieved from the identification of the session.
Figure 11 illustrates a preferred embodiment of a presentation table for hits which were captured in the (Web-based) Internet environment, while Figure 12 illustrates a preferred embodiment of a presentation table for hits which were captured in an SAP R/3 environment.
Figure 13 illustrates a data structure of a dimension buffer in accordance with an embodiment of the present invention. The dimension buffer data structure is useful for accelerating the OLAP analysis.
In one embodiment of the present invention, the import module 640 also stores information from the audit memory 160 in an archive (not shown). The archive is preferably a more permanent memory device. The information stored in the archive can be unprocessed data, as stored in the audit memory 160, or it can be data from the audit memory 160 which has been freed of unessential information not linked to the function or the manner of operation of the analyzing device 220. In every case, the information stored in the archive is indexed on the basis of the session identification number associated with each user session 130. Since the identification of each session is unique and is not repeated, the archive can store user sessions 170 from a multiplicity of sources and from a multiplicity of applications without there being any risk of a conflict entailing the loss of data.
The analysis module 620 is now described in more detail with reference to Figure 7. It comprises a global analysis module 710 and a presentation module 720. The presentation module 720 comprises a module for specific analysis module 730, an intelligent parser module 740 and a presentation component 750.
The global analysis module 710 permits the analyst 210 to carry out dynamic analysis of user sessions 170 which are stored in the analysis database 630 and originate from various clients 110, server environments 140 and various applications running in the client/server environment 100. By way of example, the global analysis module 110 permits the analyst 210 to analyze user sessions 170 for all the clients 110 which have accessed a particular site in the server environment 140. In another example, the global analysis module 710 permits the analyst 210 to analyze user sessions 170 for a particular client 110 which has accessed a multiplicity of sites in various server environments 140. In a further example, the global analysis module 710 permits the analyst 210 to analyze all user sessions 170 for all clients 110 in all server environments 140 which have resulted in goods being purchased on a particular day. These are merely examples of how the global analysis module 710 can access the analysis database 630, the only restriction being the scope of information available in the analysis database 630 itself.
The presentation module 720 is used for recreating a particular user session 130 visually, for carrying out session level analysis and for presenting the user session to the analyst 210. As mentioned above, the presentation module 720 comprises a component for specific analysis 730, an intelligent parser module 740 and a presentation component 750. The component for specific analysis 730 provides statistical information associated with a particular dynamically created screen content 120, and environment data which is associated with this screen content at the instant of its being created and/or displayed for the client 110. In one preferred embodiment of the present invention, the component 730 for specific analysis also calculates overloads in the client/server environment 100 on the server 140 or on the data transmission line 125 for the instant at which the screen content 120 was made available to the client 110 by the server environment 140.
The presentation component 750 is responsible for physically presenting the user session 170. In particular, the presentation component 750 provides the analyst 210 with means for going through the user session 170 and displaying the statistical data provided by the component for specific analysis 730. In one preferred embodiment of the present invention, a dedicated presentation component 750 exists for each client/server application. For HTML and XML, the presentation component 750 comprises a web browser. For SAP R/3, the presentation component 750 is a constituent part of a modified version of a user interface used by SAP R/3. For other applications, the presentation component 750 comprises a suitable presentation program. In other words: the specific presentation component 750 is used on the basis of a particular client/server application.
The intelligent parser module 740 scans the analysis database 630 to establish whether it contains HTML. If this is the case, the intelligent parser module 740 establishes whether the HTML contains data fields which permit the intelligent parser module 740 to change the value of the fields securely when there is a subsequent user request 134. In this way, the analyst 210 is able to observe data which has been entered by the client 110 on the basis of the dynamically created screen content 120, as it occurred during the user session 130. In one preferred embodiment of the present invention, the intelligent parser module 740 does not implement this function for password fields, for security reasons.
In the embodiment described, the present invention stores all requests 134 and responses 132 occurring between the client 110 and the server environment 140.
However, this approach is not necessary in all client/server environments 100, and is perhaps also not desirable. In alternative embodiments, the audit data capture filter 150 stores requests 134 and responses 132 in the audit memory 160 only when a significant event occurs. By way of example, in one embodiment, requests 134 and responses 132 are stored in the audit memory 160 only when a purchase has been made. In this example, the purchase is a significant event. In another embodiment of the present invention, significant events can be subdivided further. For example, a set of session data is stored for those clients 110 purchasing goods with a value of 10 million dollars or more, while another set of session data is stored for those clients 110 purchasing goods having a particular value. This embodiment of the present invention eliminates from the audit memory 160 a large part of the data which is linked to "surfing" or "browsing" or to other insignificant events and would otherwise be stored. In other embodiments of the present invention, such data associated with "surfing"
or "browsing" can be useful, however, for establishing particular behavior patterns (e.g. while shopping), and it may be desirable to store this data in the audit memory 160. The specific significant events triggering the storage of session data in the audit memory 160 may vary from application to application.
In embodiments of the present invention which use such significant events as a criterion for storing session data, the requests 134 and the responses 132 are preferably temporarily stored in a temporary memory until the significant event occurs. As soon as the significant event occurs, the requests 134 and the responses 132 are transferred from the temporary memory to the audit memory 160. This process of transferring the requests 134 and the responses 132 from the temporary memory to the audit memory 160 is called "entering" the requests 134 and the responses 132 into the audit memory 160. Other methods for entering the session data (i.e. the requests 134 and the responses 132) into the audit memory 160 are available. By way of example, session data can be stored in the audit memory 160 before the significant event and marked as temporary or provisional, or labeled in another way. As soon as the significant event occurs, this data is labeled as entered. If the significant event does not occur, this data is subsequently erased or made illegible.
Against this background, the storage procedure 360 is now described with reference to Figure 8 in accordance with such an embodiment of the present invention. In a step 810, the audit data capture filter 150 stores a request/response pair in a temporary database or in a temporary memory. In a decision step 820, the audit data capture filter 150 establishes whether a significant event has occurred. If this is the case, the audit data capture filter 150 enters the request/response pairs stored in the temporary database or in the temporary memory into the audit memory 160 in a step 830. At a particular instant, the audit data capture filter 150 erases the temporary database or the temporary memory if the request/response pair has not been entered in the temporary database or the temporary memory.
One embodiment of the present invention, in which an encryption process is used to protect data which is stored in the audit memory 160, is now described with reference to Figures 14 to 18. Figure 14 illustrates a client/server environment 1400 in which encryption is used to protect the data stored in the audit memory 160. In addition to the elements discussed above with regard to the client/server environment 100, the client/server environment 1400 comprises an audit encryption module 1410, and, in a preferred embodiment, a data processing unit 1420 which is audited by a trustworthy third party and is called the "third party".
In one embodiment of the present invention, the audit data capture filter 150 observes the data transmission connection 125 in order to capture data transfers (i.e. requests 134 and responses 132) between the client 110 and the server environment 140. As before, the audit data capture filter 150 captures the request 134 from the client to the server environment 140 and the response 132 from the server environment 140 to the client 110. Instead of storing the captured request 134 and the captured response 132 in the audit memory 160, the audit data capture filter 150 transfers the captured request 134 and the captured response 132 to the audit encryption module 1410, which encrypts the captured request 134 and the captured response 132 in order to protect the confidentiality of data transfers and to provide security between the client 110 and the server environment 140 during the user session 130. The audit encryption module 1410 stores the encrypted request 134 and the encrypted response 132 in the audit memory 160 as described above.
In one preferred embodiment of the present invention, the encryption is carried out such that neither the client 110 nor the server environment 140 are able to decrypt encrypted requests 134 and encrypted responses 132 without the consent or cooperation of the other. This embodiment provides not only confidentiality and security for communication between the client 110 and the server environment 140, but also provides a mechanism which allows both the client 110 and the server environment 140 to verify that a particular sequence of events or transactions has taken place during a particular user session 130.
These features are discussed in more detail further below.
Access to the encrypted requests 134 and to the encrypted responses 132 is now discussed with reference to Figure 15. In order to be able to access the encrypted requests 134 and encrypted responses 132 in the audit memory 160, the analyzing device 220 first needs to access an audit encryption module 1510 during analysis of a user session 170. In particular, the analyst 210 needs to determine or have transmitted to him a decryption key which can be used to decrypt the user session 170. When the decryption key has been restored, the audit decryption module 1510 can decrypt the encrypted user session 170, so that requests 134 and responses 132 which it contains can be analyzed as discussed above. As described, in some embodiments of the present invention, the decryption key and the encryption key are the same. Hence, these terms can often be interchanged with one another. However, the present invention also relates to embodiments in which the encryption key and the decryption key are not the same.
Various encryption/decryption systems have been developed and are known in encryption technology. These systems can be used to provide encryption keys and/or decryption keys for use in the present invention.
Preferably, the encryption method ensures so-called "non-repudiation", i.e. it ensures that the sender is not able to question the fact that a message which has arrived at the receiver has been sent. In this case, the source of the message is demonstrable.
Figure 16 illustrates the operation 1600 during encryption of a user session 130 in accordance with an embodiment of the present invention. In a step 1610, a client 110 starts a session 130 with a server environment 140. This is achieved, for example in an Internet application, by virtue of the client 110 first accessing a particular URL linked to the server environment. Typically, this access encompasses a first request 134 from the client 110 to the server environment 140. The audit data capture filter 150 establishes that the first request 134 is not associated with another existing user session 130, and informs the audit encryption module 1410 that a new user session 130 has been started.
When a new user session 130 has been started, the audit encryption module 1410 produces, in a step 1620, an encryption key in accordance with one of the various known encryption methods. In a step 1630, the encryption key is split into two or more parts. This is again done using various known methods, so that the encryption key can be restored only from all the parts, or in some cases from a majority of the parts. By way of example, in one embodiment of the present invention, the encryption key comprises a string which can be divided into two or more string parts. In this embodiment, the string parts can be assembled again in order to restore the encryption key. In another embodiment, the encryption key contains a numerical value from which the parts can be calculated. In this embodiment, the encryption key can be calculated from the parts and restored as a result of this. In some embodiments of the present invention, the parts of the encryption key are first determined and the encryption key is determined after that from the parts. Other methods may also be used, however.
In a step 1640, the parts of the encryption key are transmitted to the subscribers in the user session 130. In one embodiment of the present invention, a first part of the encryption key is transmitted to the client 110 and a second part is transmitted to the server environment 140. In embodiments of the present invention in which a multiplicity of clients 110 are involved in one user session 130 with the server environment 140, the encryption key is split into as many parts as there are subscribers in the user session 130, including the server environment 140, and is appropriately transmitted, so that a part of the encryption key is delivered to each subscriber.
The parts of the encryption key can be transmitted in a number of different ways. In one embodiment, the parts of the encryption key are transmitted to the subscribers electronically using a secure or confidential communication channel. In another embodiment, the parts of the encryption key are sent to the subscribers physically by post or using other such communication paths. There are also various other methods for distributing the parts of the encryption key.
In one embodiment of the present invention, the audit encryption module 1410 delivers to each subscriber not only the part of the encryption key but also identification information which can be used to localize a particular encrypted user session 170 associated with the respective part of the encryption key. In one embodiment, the encryption key itself is sufficient to identify the encrypted user session 170 with which it is associated. In another embodiment of the invention, a user session identifier which identifies the encrypted user session 170 is delivered to the subscriber together with the respective part of the encryption key. In yet other embodiments, information used in Internet protocols (e.g. in the form of a "cookie") can be used to identify the encrypted user session 170. Various other methods for identifying the encrypted user session 170 are available.
In a step 1650, the audit encryption module 1410 encrypts the user session 130 using the encryption key which was produced in step 1620. In a step 1660, the user session 170 is stored in the audit memory 160.
In one embodiment of the present invention, the user session 170 is stored in the audit memory 160 together with identification information, so that the encrypted user session can be localized, as discussed above.
The purpose of transmitting parts of the encryption key to the various subscribers in the user session 130, as discussed above with reference to step 1640, is to ensure that an individual subscriber is not able to access the encrypted user session 170 without the permission or knowledge of the other subscribers.
To this extent, the invention works in a similar manner to a safe-deposit box. In order to be able to access the content of the safe-deposit box, two keys are required: one is held by the bank and one is held by the owner of the content of the safe-deposit box.
Neither the bank nor the owner can access the content of the safe-deposit box alone; the cooperation of both is required.
In one embodiment of the present invention, both the client 110 and the server environment 140 each have a pair of keys comprising a public key and a private key. In this embodiment, the public keys (which are generally known and are therefore called "public") are in each case used to encrypt the user session 130 individually and successively. By way of example, a request 134 is first encrypted using a public key associated with the client 110. The resultant encrypted information is encrypted by a public key associated with the server environment 140. In this embodiment, the private keys of both the client 110 and the server environment 140 are used to restore the request 134.
Figure 17 illustrates step 1620 in accordance with a preferred embodiment of the present invention in more detail. In particular, Figure 17 shows how an encryption key can be created. then a user session 130 has been started, the audit encryption module 1410 collects information associated with the user session 130 in a step 1710. This information is dependent on the application. By way of example, it may comprise an IP address for the client 110 and an IP address for the server environment 140, a date and/or time identification for the request 134, a user name and/or other information linked to the user session 130. This information is collected and assembled to form a string, which is called "collected information string"
here.
In a step 1720, the audit encryption module 1410 signs the collected information string in accordance with known methods using a private signature. In a step 1730, the collected information string is encrypted to form the final encryption key.
The order in which the step 1720 and the step 1730 are carried out can be reversed. The final encryption key, which is a string in the preferred embodiment of the present invention, is used to encrypt the user session 130.
The way in which the audit decryption module 1510 works is described with reference to Figure 18. In a step 1810, the audit decryption module 1510 localizes the user session 170 which the analyst 210 wishes to analyze. In one embodiment, the analyst 210 enters identification information into the audit decryption module 1510, and this identification information permits the audit decryption module 1510 to localize the encrypted user session 170 which the analyst 210 wishes to analyze. In another embodiment, the identification information can be part of the encryption key itself. Other embodiments use other identification information, as has been discussed above.
In a step 1820, the audit decryption module 1510 collects the parts of the encryption key from all the subscribers associated with the user session 170.
As discussed above, the audit decryption module 1510 needs to collect the respective part of the decryption key from each of the subscribers (or, in some embodiments, from a majority of the subscribers).
In a step 1830, the parts of the encryption key are combined in order to restore it. As discussed above, the parts in embodiments which use a string to define the encryption key are lined up next to one another in order to restore the encryption key. In embodiments which use a numerical value as the encryption key, the encryption key is calculated from the parts.
In a step 1840, the audit decryption module 1510 uses various known methods to verify the integrity of the encryption key and of the encrypted user session 170, in order to ensure that no corruption has taken place.
In a step 1850, the audit decryption module 1410 [sic] uses the decryption key to decrypt the encrypted user session 170. When it is decrypted, the analyst 210 is able to analyze the requests 134 and the responses 132 as discussed above.
Instead of encrypting a complete user session 130 in the manner described above, or in addition to this, various embodiments of the present invention can be used to encrypt and store particular events which have occurred during the user session 130. These embodiments of the present invention are used in connection with the event verification. The event verification provides a reliable and checkable method of proving that a particular event has occurred during the user session 130. By way of example, in the case of an electronic purchase of goods, it may be useful for both parties to the purchase transaction to prove that the transaction has taken place. By encrypting and storing the request 134, which contains the statement "I agree to purchase X products at a particular price D", each party can later prove that the transaction has taken place once a suitable part of the encryption key has been transmitted to the audit decryption module 1510. Event verification can be of use, for example, in the case of the encryption and storage of significant events, discussed above.
The procedure for the event verification in accordance with a preferred embodiment of the present invention is now described with reference to Figure 19.
In a step 1910, a client 110 sends a request 134 to a server environment 140. In one embodiment, the request 134 contains a significant event, e.g. "I agree to the purchase". In other embodiments, each request 134 in the user session 130 may be processed in the manner described.
In a step 1920, the server environment 140 (called "SERVER" in Figure 19) receives the request 134. In a step 1930, the server environment 140 collects information associated with the received request 134, as described above with reference to step 1710. In a step 1940, the server environment 140 signs the collected information, as described above with reference to step 1720. Signing the collected information acknowledges receipt of the request 134 by the server environment 140, which prevents subsequent corruption attempts by a third party.
In a step 1950, the server environment 140 encrypts the signed information, as described above with reference to step 1730, in order thereby to create an encryption key. In a step 1960, the server environment splits the key into two (or more) parts, as described above. In a step 1970, the server environment 140 delivers a first part of the key to the client 110.
In a step 1980, the server environment 140 delivers a second part of the key to the audit memory 160 in order to record the event for its own purposes. In another embodiment of the present invention, the server environment stores both the first part and the second part of the encrypted information in the audit memory 160. In a step 1990, the server environment 140 sends a response 132 to the client 110 in response to the request 134, as described above.
The procedure for the event verification is now described further with reference to Figure 20. In a step 2010, the server environment 140 identifies an event which is to be verified. By way of example, a client 110 may require acknowledgement of the fact that he has placed an order on a particular day. The server environment 140 scans the audit memory 160 on the basis of identification information, such as an IP address, a date, a transaction type or other such identification information, as was discussed above. The identification information may alternatively also be the first part of the encryption key delivered to the client 110 in step 1970, as discussed above.
In a step 2020, the server environment 140 retrieves the first part of the encryption key from the client 110. In a step 2030, the server environment 140 retrieves the second part of the encryption key from the audit memory 160. In a step 2040, the server environment 140 combines the two parts of the encryption key with one another. In a step 2050, the server environment 140 decrypts the encryption key in order to obtain the signed information. In a step 2060, the server environment 140 uses the signed information to verify that a particular event has occurred, namely that the client 110 has sent a particular request 134.
Figures 14 to 20 have been described above in connection with the server environment 140, which carries out various operations linked to the creation of keys, to the encryption of information, to the decryption of information etc. In this context, it is assumed that the server environment 140 is trustworthy.
In other words, the server environment 140 carries out no action or operation which could corrupt the intended function of the present invention (e. g. corrupting events, delivering incorrect parts of the encryption key, delivering incorrect information relating to events etc.).
However, this assumption may not be true for server environments 140. By way of example, clients 110 may not trust the server environment to operate correctly and with integrity in all situations. In some embodiments of the present invention, an independent, trustworthy third party (such as the third party 1420 illustrated in Figures 14 and 15) may be used. In these embodiments of the present invention, particularly the operations and functions of the audit encryption module 1410 and of the audit decryption module 1510 are carried out by the third party 1420. By way of example, the third party 1420 may carry out the following operations: creating an encryption key, dividing the encryption key into parts, transmitting the parts of the encryption key to the subscribers and encrypting the user session (steps 1620 to 1650 in Figure 16);
collecting the parts of the encryption key from the subscribers, combining the parts to restore the encryption key, verifying the integrity of the encryption key and of the encrypted session and decrypting the encryption key (steps 1820 to 1850 in Figure 18); encrypting the signed information using an encryption key, splitting the encryption key into two parts, sending a first part to the client (steps 1950 to 1970 in Figure 19); and retrieving the parts of the encryption key from the client and from the server environment, combining the parts to restore the encryption key, decrypting the encryption key and verifying that a particular event has occurred (steps 2020 to 2060 in Figure 20) . This list is not intended to give a complete enumeration of the steps which may be carried out by the third party 1420. Instead, the list is illustrative of the steps which the third party 1420 in accordance with the present invention may carry out. They are illustrative of the steps which a client 110 may not wish to entrust to a server environment 140, particularly in situations in which he has a negative view or a potentially negative view of the server environment 140. In any case, it is evident how the present invention can be modified by involving a third party 1420.
One advantage when using the third party 1420 is achieved by allowing the third party 1420 to store all the parts of the encryption key and/or the encryption key as a whole. In this way, the third party 1420 is always able to restore the encrypted session 170 or parts thereof if the parts of the encryption key which have been delivered to the client 110 or to the server environment 140 are lost, or if one of the subscribers refuses to cooperate.
The description of the present invention additionally assumes that requests 134 can always be assigned to a particular client 110. In fact, requests 134 during actual operation can be definitively assigned to only one particular computer or terminal, however. In particular, requests 134 in an IP
environment can be identified as originating from a particular IP address uniquely associated with a particular computer, while requests 134 in a dedicated environment can be identified as originating from a particular terminal. There is therefore a need for additional security protocols which effectively restrict access to a particular computer or a particular terminal, such as passwords, security smartcards, fingerprint scans, retinal scans, etc., so that a request 134 coming from the computer or the terminal can be unquestionably assigned to a particular client 110.
Since the invention has been described in detail and with reference to specific embodiments, it is obvious to a person skilled in the art that various changes and modifications can be made without departing from the scope of protection of the invention. The present invention therefore also relates to modifications and variations of the invention, provided that these modifications and variations lie within the scope of protection of the appended claims and their equivalents.
Claims (26)
1. A method for storing communications during a user session and for verifying an event which takes place during the user session, in a computer environment comprising a client and a server wherein the user session comprises at least one request and one response between the client and the server, the method comprising the steps of:
receiving a request of the client at the server;
capturing the request of the client at the server;
capturing at the server the response of the server to the client in response to the request of the client;
encrypting the communications of the user session by means of an encryption key of the client and an encryption key of the server such that neither the client nor the server can decrypt stored communications of the user session without the consent, cooperation or knowledge of the other.
receiving a request of the client at the server;
capturing the request of the client at the server;
capturing at the server the response of the server to the client in response to the request of the client;
encrypting the communications of the user session by means of an encryption key of the client and an encryption key of the server such that neither the client nor the server can decrypt stored communications of the user session without the consent, cooperation or knowledge of the other.
2. The method of claim 1, wherein environmental data associated with the computer environment are also captured at the server jointly with the request of the client.
3. The method of claim 1 or 2, wherein environmental data associated with the computer environment are also captured at the server jointly with the response to the client in response to the request of the client.
4. The method of any one of claims 1 to 3, further comprising verifying that the user session was not tampered with.
5. The method of any one of claims 1 to 4, wherein the communications of the user session are decrypted by means of the encryption key from the client and the encryption key from the server, and the communications are recreated.
6. The method of claim 5, wherein the communications are recreated at the server.
7. The method of any one of claims 1 to 6, wherein communications of a computer environment comprising multiple clients and one server are stored, wherein the user session comprises requests and responses between the clients and the server, and wherein the method comprises the steps of:
receiving requests of the clients at the server;
capturing the requests of the clients at the server;
capturing at the server the responses of the server to the clients in response to the requests of the clients;
encrypting the communications of the user session by means of an encryption key;
separating the encryption key into key portions; and distributing a different key portion of the encryption key each to the clients and to the server such that the stored communications of the user session cannot be decrypted without the consent, cooperation or knowledge of all clients and the server.
receiving requests of the clients at the server;
capturing the requests of the clients at the server;
capturing at the server the responses of the server to the clients in response to the requests of the clients;
encrypting the communications of the user session by means of an encryption key;
separating the encryption key into key portions; and distributing a different key portion of the encryption key each to the clients and to the server such that the stored communications of the user session cannot be decrypted without the consent, cooperation or knowledge of all clients and the server.
8. The method of claim 7, wherein each client and the server are provided with identifying information for locating the clients and the server.
9. The method of claim 7, wherein the communications of the user session are decrypted by means of the encryption keys from the clients and the encryption key from the server, and the communications are recreated.
10. The method of any one of claims 1 to 9, wherein the step of encrypting the communications of the user session by means of the encryption key is performed by a third party.
11. The method of any one of claims 1 to 10, wherein steps of encrypting the request by means of an encryption key, decrypting the encrypted request and, if applicable, the steps of encrypting the response, capturing the request, and capturing the response are performed by a third party.
12. The method of claim 11, further comprising the steps of:
communicating a first key portion of the encryption key to the client by the third party;
communicating a second key portion of the encryption key to the server by the third party;
retrieving at least the first key portion or the second key portion by the third party;
recreating the encryption key by the third party by means of at least the retrieved key portion.
communicating a first key portion of the encryption key to the client by the third party;
communicating a second key portion of the encryption key to the server by the third party;
retrieving at least the first key portion or the second key portion by the third party;
recreating the encryption key by the third party by means of at least the retrieved key portion.
13. The method of claim 11 or 12, wherein the first key portion of the encryption key and the second key portion of the encryption key are stored by the third party.
14. The method of claim 12, wherein the step of recreating the encryption key includes the steps of:
retrieving the first key portion of the encryption key that was communicated to the client;
retrieving the second key portion of the encryption key from the server;
and determining the encryption key from the first key portion of the encryption key retrieved from the client and the second key portion of the encryption key retrieved from the server.
retrieving the first key portion of the encryption key that was communicated to the client;
retrieving the second key portion of the encryption key from the server;
and determining the encryption key from the first key portion of the encryption key retrieved from the client and the second key portion of the encryption key retrieved from the server.
15. The method of claim 14, wherein the step of determining the encryption key includes calculating the encryption key from the first key portion retrieved from the client and the second key portion of the encryption key retrieved from the server.
16. The method of claim 14, wherein the step of determining the encryption key includes appending the first key portion of the encryption key retrieved from the client to the second key portion of the encryption key retrieved from the server in order to recreate the encryption key from the two key portions.
17. A system for storing communications during a user session and for verifying an event which takes place during the user session, in a computer environment comprising a client and a server, wherein the user session comprises at least one request and one response between the client and the server, the system comprising:
an audit data capture fitter for capturing a request of the client to the server and a response of the server to the client in response to the request of the client;
an audit encryption module for encrypting the captured request and the captured response by means of an encryption key such that neither the client nor the server can decrypt stored communications of the user session without the consent, cooperation or knowledge of the other; and an audit memory for storing the encrypted communications of the user session.
an audit data capture fitter for capturing a request of the client to the server and a response of the server to the client in response to the request of the client;
an audit encryption module for encrypting the captured request and the captured response by means of an encryption key such that neither the client nor the server can decrypt stored communications of the user session without the consent, cooperation or knowledge of the other; and an audit memory for storing the encrypted communications of the user session.
18. The system of claim 17, wherein the audit data capture filter is configured to capture environmental data associated with the computer environment jointly with the request of the client.
19. The system of claim 17 or 18, wherein the audit data capture filter is configured to capture environmental data associated with the computer environment jointly with the response to the client in response to the request of the client.
20. The system of any one of claims 17 to 19, wherein the audit data capture filter is configured to verify that the encrypted user session was not tampered with.
21. The system of any one of claims 17 to 20, wherein the audit data capture filter is configured to decrypt the communications of the user session by means of the encryption key from the client and the encryption key from the server, and to recreate the communications.
22. The system of any one of claims 17 to 21, wherein communications of a computer environment comprising multiple clients and one server are stored, wherein the user session comprises requests and responses between the clients and the server, and wherein:
the audit data capture filter is configured to receive requests of the clients at the server, capture the requests of the clients at the server; and capture at the server the responses of the server to the clients in response to the requests of the clients;
the audit encryption module is configured to encrypt the captured request and the captured response by means of the encryption key, separate the encryption key into key portions, and distribute a different key portion of the encryption key each to the clients and to the server such that stored communications of the user session cannot be decrypted without the consent, cooperation or knowledge of all clients and the server; and the audit memory is configured to store the encrypted communications of the user session.
the audit data capture filter is configured to receive requests of the clients at the server, capture the requests of the clients at the server; and capture at the server the responses of the server to the clients in response to the requests of the clients;
the audit encryption module is configured to encrypt the captured request and the captured response by means of the encryption key, separate the encryption key into key portions, and distribute a different key portion of the encryption key each to the clients and to the server such that stored communications of the user session cannot be decrypted without the consent, cooperation or knowledge of all clients and the server; and the audit memory is configured to store the encrypted communications of the user session.
23. The system of claim 22, wherein the audit data capture filter is configured to provide each client and the server with identifying information for locating the clients and the server.
24. The system of claim 23, wherein the communications of the user session are decrypted by means of the encryption keys from the clients and the encryption key from the server and the communications are recreated.
25. The system of any one of claims 22 to 24, wherein the audit data capture filter is configured to verify that the encrypted user session was not tampered with.
26. The system of any one of claims 22 to 25, further comprising an auditor decryption module configured to retrieve the key portions of the encryption key from the clients and the server, decrypt the encrypted communications of the user session by means of the encryption keys of the clients and the server, and recreate the communications of the user session at the server.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/143,537 | 1998-08-28 | ||
| US09/143,537 US6286098B1 (en) | 1998-08-28 | 1998-08-28 | System and method for encrypting audit information in network applications |
| PCT/EP1999/006143 WO2000013371A1 (en) | 1998-08-28 | 1999-08-23 | System and method for controlling the operational sequence in network applications |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2342196A1 CA2342196A1 (en) | 2000-03-09 |
| CA2342196C true CA2342196C (en) | 2005-11-15 |
Family
ID=22504501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002342196A Expired - Lifetime CA2342196C (en) | 1998-08-28 | 1999-08-23 | System and method for auditing in network applications |
Country Status (8)
| Country | Link |
|---|---|
| US (1) | US6286098B1 (en) |
| EP (1) | EP1108308B1 (en) |
| AT (1) | ATE308840T1 (en) |
| AU (1) | AU5970299A (en) |
| CA (1) | CA2342196C (en) |
| DE (1) | DE59912743D1 (en) |
| DK (1) | DK1108308T3 (en) |
| WO (1) | WO2000013371A1 (en) |
Families Citing this family (76)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6286030B1 (en) | 1998-07-10 | 2001-09-04 | Sap Aktiengesellschaft | Systems and methods for recording and visually recreating sessions in a client-server environment |
| US6286098B1 (en) | 1998-08-28 | 2001-09-04 | Sap Aktiengesellschaft | System and method for encrypting audit information in network applications |
| US6496931B1 (en) * | 1998-12-31 | 2002-12-17 | Lucent Technologies Inc. | Anonymous web site user information communication method |
| CA2301435C (en) * | 1999-04-16 | 2006-10-10 | At&T Corp. | Method for reducing congestion in packet-switched networks |
| US7149726B1 (en) | 1999-06-01 | 2006-12-12 | Stamps.Com | Online value bearing item printing |
| US20020023057A1 (en) * | 1999-06-01 | 2002-02-21 | Goodwin Johnathan David | Web-enabled value bearing item printing |
| US7233929B1 (en) | 1999-10-18 | 2007-06-19 | Stamps.Com | Postal system intranet and commerce processing for on-line value bearing system |
| US7240037B1 (en) | 1999-10-18 | 2007-07-03 | Stamps.Com | Method and apparatus for digitally signing an advertisement area next to a value-bearing item |
| US6868406B1 (en) * | 1999-10-18 | 2005-03-15 | Stamps.Com | Auditing method and system for an on-line value-bearing item printing system |
| US7216110B1 (en) | 1999-10-18 | 2007-05-08 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
| US7236956B1 (en) | 1999-10-18 | 2007-06-26 | Stamps.Com | Role assignments in a cryptographic module for secure processing of value-bearing items |
| EP1224628B1 (en) | 1999-10-18 | 2017-02-22 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
| EP1232482B1 (en) | 1999-10-18 | 2016-07-06 | Stamps.Com | Secure and recoverable database for on-line value-bearing item system |
| US7299210B2 (en) * | 2000-02-16 | 2007-11-20 | Stamps.Com | On-line value-bearing indicium printing using DSA |
| US7134137B2 (en) * | 2000-07-10 | 2006-11-07 | Oracle International Corporation | Providing data to applications from an access system |
| US7464162B2 (en) | 2000-07-10 | 2008-12-09 | Oracle International Corporation | Systems and methods for testing whether access to a resource is authorized based on access information |
| US7194764B2 (en) * | 2000-07-10 | 2007-03-20 | Oracle International Corporation | User authentication |
| US7080077B2 (en) * | 2000-07-10 | 2006-07-18 | Oracle International Corporation | Localized access |
| US7249369B2 (en) | 2000-07-10 | 2007-07-24 | Oracle International Corporation | Post data processing |
| US7124203B2 (en) | 2000-07-10 | 2006-10-17 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
| US20040073512A1 (en) * | 2001-02-23 | 2004-04-15 | David Maung | Unique session storage design |
| US7185364B2 (en) | 2001-03-21 | 2007-02-27 | Oracle International Corporation | Access system interface |
| US7231661B1 (en) | 2001-06-21 | 2007-06-12 | Oracle International Corporation | Authorization services with external authentication |
| US7051046B2 (en) * | 2001-08-01 | 2006-05-23 | Roy F. Weston, Inc. | System for managing environmental audit information |
| US20070197664A1 (en) * | 2001-11-29 | 2007-08-23 | Steiner Mitchell S | Prevention and treatment of androgen-deprivation induced osteoporosis |
| US7225256B2 (en) | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
| US20030126159A1 (en) * | 2001-12-28 | 2003-07-03 | Nwafor John I. | Method and system for rollback of software system upgrade |
| US20060112011A1 (en) * | 2002-09-16 | 2006-05-25 | Al-Ali Abdulhadi M | Electronic banking system |
| US7359935B1 (en) * | 2002-12-20 | 2008-04-15 | Versata Development Group, Inc. | Generating contextual user network session history in a dynamic content environment |
| US8683016B1 (en) | 2002-12-20 | 2014-03-25 | Versata Development Group, Inc. | Data recording components and processes for acquiring selected web site data |
| US7272228B2 (en) * | 2003-06-12 | 2007-09-18 | International Business Machines Corporation | System and method for securing code and ensuring proper execution using state-based encryption |
| US20040107363A1 (en) * | 2003-08-22 | 2004-06-03 | Emergency 24, Inc. | System and method for anticipating the trustworthiness of an internet site |
| US7904487B2 (en) | 2003-10-09 | 2011-03-08 | Oracle International Corporation | Translating data access requests |
| US7882132B2 (en) | 2003-10-09 | 2011-02-01 | Oracle International Corporation | Support for RDBMS in LDAP system |
| US7929697B2 (en) * | 2004-03-09 | 2011-04-19 | Thomson Licensing | Secure data transmission via multichannel entitlement management and control |
| US7899189B2 (en) * | 2004-12-09 | 2011-03-01 | International Business Machines Corporation | Apparatus, system, and method for transparent end-to-end security of storage data in a client-server environment |
| US7703144B2 (en) * | 2005-04-12 | 2010-04-20 | International Business Machines Corporation | Method, apparatus, and program to post process applications encrypting sensitive objects that are logged |
| US8688813B2 (en) | 2006-01-11 | 2014-04-01 | Oracle International Corporation | Using identity/resource profile and directory enablers to support identity management |
| US8949406B2 (en) | 2008-08-14 | 2015-02-03 | International Business Machines Corporation | Method and system for communication between a client system and a server system |
| US8583772B2 (en) | 2008-08-14 | 2013-11-12 | International Business Machines Corporation | Dynamically configurable session agent |
| US8868533B2 (en) | 2006-06-30 | 2014-10-21 | International Business Machines Corporation | Method and apparatus for intelligent capture of document object model events |
| US8127000B2 (en) | 2006-06-30 | 2012-02-28 | Tealeaf Technology, Inc. | Method and apparatus for monitoring and synchronizing user interface events with network data |
| US20080047003A1 (en) * | 2006-08-02 | 2008-02-21 | Oracle International Corporation | Audit system |
| US9779556B1 (en) | 2006-12-27 | 2017-10-03 | Stamps.Com Inc. | System and method for identifying and preventing on-line fraud |
| US8510233B1 (en) | 2006-12-27 | 2013-08-13 | Stamps.Com Inc. | Postage printer |
| CA2623331C (en) * | 2007-03-01 | 2015-11-24 | Accenture Global Services Gmbh | Sales transaction hub |
| JP2008219454A (en) * | 2007-03-05 | 2008-09-18 | Hitachi Ltd | Communication content audit supporting system |
| US8042055B2 (en) * | 2007-08-31 | 2011-10-18 | Tealeaf Technology, Inc. | Replaying captured network interactions |
| US20100131752A1 (en) * | 2008-11-26 | 2010-05-27 | Ulrich Flegel | Method and system for invalidation of cryptographic shares in computer systems |
| US9934320B2 (en) | 2009-03-31 | 2018-04-03 | International Business Machines Corporation | Method and apparatus for using proxy objects on webpage overlays to provide alternative webpage actions |
| US8930818B2 (en) | 2009-03-31 | 2015-01-06 | International Business Machines Corporation | Visualization of website analytics |
| US8533532B2 (en) | 2010-06-23 | 2013-09-10 | International Business Machines Corporation | System identifying and inferring web session events |
| US8565422B2 (en) * | 2010-12-03 | 2013-10-22 | Salesforce.Com, Inc. | Method and system for enryption key versioning and key rotation in a multi-tenant environment |
| JP2014505305A (en) * | 2011-01-28 | 2014-02-27 | ロイヤル カナディアン ミント | Electronic transaction risk management |
| CN103384864B (en) | 2011-02-22 | 2016-12-14 | 国际商业机器公司 | The method and system of rendering content |
| US20130054462A1 (en) * | 2011-08-24 | 2013-02-28 | Volusion, Inc. | Ecommerce system with payment data division |
| US10404615B2 (en) | 2012-02-14 | 2019-09-03 | Airwatch, Llc | Controlling distribution of resources on a network |
| US9680763B2 (en) | 2012-02-14 | 2017-06-13 | Airwatch, Llc | Controlling distribution of resources in a network |
| US9635094B2 (en) | 2012-10-15 | 2017-04-25 | International Business Machines Corporation | Capturing and replaying application sessions using resource files |
| US9536108B2 (en) | 2012-10-23 | 2017-01-03 | International Business Machines Corporation | Method and apparatus for generating privacy profiles |
| US9535720B2 (en) | 2012-11-13 | 2017-01-03 | International Business Machines Corporation | System for capturing and replaying screen gestures |
| US10474735B2 (en) | 2012-11-19 | 2019-11-12 | Acoustic, L.P. | Dynamic zooming of content with overlays |
| US20140280955A1 (en) * | 2013-03-14 | 2014-09-18 | Sky Socket, Llc | Controlling Electronically Communicated Resources |
| US11665145B1 (en) * | 2014-05-02 | 2023-05-30 | Navroop Mitter | Method of providing end to end encryption with auditability |
| WO2015175854A2 (en) * | 2014-05-15 | 2015-11-19 | Cryptyk, Inc. (Trading As Bitsavr Inc.) | System and method for digital currency storage, payment and credit |
| US10032134B2 (en) | 2014-10-02 | 2018-07-24 | Sap Se | Automated decision making |
| KR102460096B1 (en) * | 2015-05-27 | 2022-10-27 | 삼성에스디에스 주식회사 | Method and apparatus for managing encryption keys for cloud service |
| CN109314636B (en) | 2016-02-23 | 2022-01-11 | 区块链控股有限公司 | Cryptographic method and system for secure extraction of data from blockchains |
| WO2017145006A1 (en) | 2016-02-23 | 2017-08-31 | nChain Holdings Limited | Agent-based turing complete transactions integrating feedback within a blockchain system |
| CN114282928A (en) * | 2016-02-23 | 2022-04-05 | 恩链控股有限公司 | Encryption key storage and transfer based on blockchain system combined with wallet management system |
| CN116739778A (en) | 2016-02-23 | 2023-09-12 | 区块链控股有限公司 | Blockchain-based exchange with tokenization |
| JP6515246B2 (en) | 2016-02-23 | 2019-05-15 | エヌチェーン ホールディングス リミテッドNchain Holdings Limited | Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys |
| SG11201806784UA (en) | 2016-02-23 | 2018-09-27 | Nchain Holdings Ltd | System and method for controlling asset-related actions via a blockchain |
| US11050568B2 (en) * | 2017-08-07 | 2021-06-29 | Eliahu Antopolsky | System for encryption and decryption films of personal meetings |
| US11443310B2 (en) * | 2017-12-19 | 2022-09-13 | Paypal, Inc. | Encryption based shared architecture for content classification |
| US20230082233A1 (en) * | 2021-09-11 | 2023-03-16 | Meir Dahan | Device for recording encrypting and saving videos on external data storage device |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB843449A (en) | 1956-09-21 | 1960-08-04 | Fairbanks Morse & Co | Improvements in weighing scale arrangements |
| CA2038244A1 (en) | 1990-04-19 | 1991-10-20 | Arthur D. Markowitz | Hand held computer terminal |
| US5825880A (en) * | 1994-01-13 | 1998-10-20 | Sudia; Frank W. | Multi-step digital signature method and system |
| NZ500372A (en) * | 1995-06-05 | 2001-04-27 | Certco Inc | Delegated use of electronic signature |
| WO1996041289A2 (en) * | 1995-06-07 | 1996-12-19 | Electronic Data Systems Corporation | System and method for electronically auditing point-of-sale transactions |
| US5848396A (en) | 1996-04-26 | 1998-12-08 | Freedom Of Information, Inc. | Method and apparatus for determining behavioral profile of a computer user |
| US5889860A (en) * | 1996-11-08 | 1999-03-30 | Sunhawk Corporation, Inc. | Encryption system with transaction coded decryption key |
| US5969632A (en) | 1996-11-22 | 1999-10-19 | Diamant; Erez | Information security method and apparatus |
| US5903652A (en) * | 1996-11-25 | 1999-05-11 | Microsoft Corporation | System and apparatus for monitoring secure information in a computer network |
| AU3879497A (en) | 1997-02-13 | 1998-09-08 | Secure Transaction Solutions, Llc | Cryptographic key split combiner |
| US6286098B1 (en) | 1998-08-28 | 2001-09-04 | Sap Aktiengesellschaft | System and method for encrypting audit information in network applications |
-
1998
- 1998-08-28 US US09/143,537 patent/US6286098B1/en not_active Expired - Lifetime
-
1999
- 1999-08-23 CA CA002342196A patent/CA2342196C/en not_active Expired - Lifetime
- 1999-08-23 WO PCT/EP1999/006143 patent/WO2000013371A1/en active IP Right Grant
- 1999-08-23 AT AT99968276T patent/ATE308840T1/en not_active IP Right Cessation
- 1999-08-23 EP EP99968276A patent/EP1108308B1/en not_active Expired - Lifetime
- 1999-08-23 DK DK99968276T patent/DK1108308T3/en active
- 1999-08-23 AU AU59702/99A patent/AU5970299A/en not_active Abandoned
- 1999-08-23 DE DE59912743T patent/DE59912743D1/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CA2342196A1 (en) | 2000-03-09 |
| DE59912743D1 (en) | 2005-12-08 |
| AU5970299A (en) | 2000-03-21 |
| WO2000013371A1 (en) | 2000-03-09 |
| ATE308840T1 (en) | 2005-11-15 |
| EP1108308B1 (en) | 2005-11-02 |
| US6286098B1 (en) | 2001-09-04 |
| DK1108308T3 (en) | 2006-03-20 |
| EP1108308A1 (en) | 2001-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2342196C (en) | System and method for auditing in network applications | |
| US6879979B2 (en) | Method to remotely query, safely measure, and securely communicate configuration information of a networked computational device | |
| WO2020098336A1 (en) | Data sharing method and apparatus, and digital gateway and computer-readable storage medium | |
| US6463418B1 (en) | Secure and stateful electronic business transaction system | |
| AU772016B2 (en) | System and method for auditing network applications | |
| US5907621A (en) | System and method for session management | |
| US7917759B2 (en) | Identifying an application user as a source of database activity | |
| CN107124281B (en) | Data security method and related system | |
| US7590844B1 (en) | Decryption system and method for network analyzers and security programs | |
| US20030079120A1 (en) | Web environment access control | |
| US20070011450A1 (en) | System and method for concurrent discovery and survey of networked devices | |
| Lindqvist et al. | eXpert-BSM: A host-based intrusion detection solution for Sun Solaris | |
| JP4006214B2 (en) | Data search system, data relay server, database server, and database access method | |
| WO2002021283A1 (en) | System and method for transmitting and storing sensitive data | |
| EP0829991B1 (en) | Methods and apparatus for sending electronic data signals | |
| JP3537018B2 (en) | Data transmission method and information system | |
| CN115423273A (en) | Enterprise heterogeneous system integration method, device, equipment and storage medium | |
| US20020111818A1 (en) | Method and apparatus for providing independent filtering of e-commerce transactions | |
| CN115310993B (en) | Business handling system based on private chain | |
| JP2002359618A (en) | Personal information protection system and personal information protecting method | |
| WO2016158908A1 (en) | Network communication method and network communication system | |
| US20240137351A1 (en) | Systems and methods of sharing information through a tag-based consortium | |
| CN116866079A (en) | HTTPS encrypted flow analysis method | |
| Kumar et al. | Secure and Proficient Provable Data Procurity With Privacy Protection in Cloud Storage | |
| Codona | Analysis and Evaluation of the Windows Event Log for Forensic Purposes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20190823 |