All of the material in this patent application is subject to copyright protection under the copyright laws of the United States and of other countries. As of the first effective filing date of the present application, this material is protected as unpublished material. However, permission to copy this material is hereby granted to the extent that the copyright owner has no objection to the facsimile reproduction by anyone of the patent documentation or patent disclosure, as it appears in the United States Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
Not Applicable
1. Field of the Invention
This invention generally pertains to sending secure information between two parties, particularly this invention pertains to submitting information in a secure manner over the world wide web (WWW), more particularly this invention pertains to a manner in which product information in an E-commerce web page may be transmitted to a cash register server in an encrypted, and signed manner.
2. Description of the Prior Art
The present invention pertains to E-commerce. It specifically pertains to web pages used to present goods or services for sale over the Internet, and to accept orders for such goods or services interactively. It pertains more generally, to analogous uses, i.e., where a user is presented with a web page bearing some information, the web page being capable of accepting a response (e.g. a form), which will trigger some information from the web page to be transmitted to some destination on the Internet, and it is preferable to maintain the transmitted information confidential.
There has been a good deal of concern expressed over confidentiality of messages sent over the Internet. A message sent from one computer to another over the Internet may pass through other computers and network routers in route, in fact the exact path of the message is not predetermined, and may vary from one transmission between the two computers, to the next. The concern stems, in part from the fact that the messages go through numerous computers in the course of transmission, which increases the opportunity for illegal interception and/or alteration.
There is a need to maintain confidentiality in E-commerce for a number of reasons. Public users of the Internet have expressed concern about the security of the Internet as it pertains to submitting credit card information over the Internet when ordering goods. In response to this the Secure Socket Layer (SSL) method of security and encryption has been widely implemented. This method will preserve the security of any credit card information entered by the user but requires negotiation of keys and encryption and decryption for each transmission between the client and the server which requires processing by both the client and server computer and slows down the response to user inputs.
In an E-commerce transaction, it is also desirable to maintain confidentiality as to the identity of the product being purchased. The buyer=s desire for confidentiality may stems from privacy considerations. The seller may consider the number and type of purchases of specific items proprietary. It would be desirable to maintain confidentiality without the processing overhead of SSL method and the resulting time delay.
Preserving the security of an item ordered from a web page presents a different challenge to preserving the confidentiality of submitted credit card information. In the case of the credit card when the web page containing the form for accepting the credit card information is downloaded to the client computer the credit card information is not known. On the other hand when the web page that accepts a buy order for a product, for example, is downloaded to the client computer, the identity of the product that will be requested when the buy (form submit) button is activated is already known. Only some ancillary information, for example, size and color, is not known.
There are many Internet service providers (ISP) that are well equipped to host merchants web pages on the WWW, but are ill equipped and lack to expertise to handle business/financial transactions, e.g., order processing associated with an E-commerce web site.
What is needed is a system by which a WWW user can submit secure information received on a web page from a WWW server back to the WWW server, or to another WWW server addressed in the web page, without requiring the use of SSL or other in line encryption techniques. One specific case is that of shopping over the Internet, in which it is desirable to have a system in which an online shopper using the WWW can submit a request to purchase a product from a web page, and have that information remain confidential. It is also desirable to provide a system by which the online shopper or other user can specify ancillary information, and have that information submitted as well, along with the confidential information.
It would be desirable to provide an E-commerce methodology that allows an online shopping web page to be hosted by an ISP, and allows for processing of transaction from the shopping web page to be handled by a service specializing in providing business/financial services for E-commerce. The ISP may have a high-speed connection to the Internet but lack the hardware, software, and expertise for handling business/financial transactions.
It would be desirable to be able to present an online shopping web page to a WWW user that has a simple  greater than clean=layout i.e., a set up selectable inputs such as radio buttons or pull down selection menus, and a single buy button, as opposed to a web page having a large array of individual buy buttons corresponding to a myriad of selection combinations (e.g. size and color of a garment).
It would be desirable to have such a one-buy button per product web page, which is compatible with encrypted basic product data, so that confidentiality is maintained as to the basic product data.
According to one aspect of the invention a method of making a web page containing secure information comprising the steps of: assembling a first concatenated string by concatenating, at least, one or more associated name value pairs, encrypting the first concatenated string to yield an encrypted string, encoding the encrypted string to produce a displayable character string, associating the displayable character string with a name, and placing the name and the displayable character string into an HTML source code.
According to another aspect of the invention a system and computer readable medium is disclosed for carrying out the above method.