Data access and manipulation devices proliferate in many different forms, with widely varying input, output and processing capabilities. This creates difficulties in providing general purpose access to centralized processing and database systems, since such a large range of devices must be accommodated. Typically such centralized systems are primarily designed to be accessed by powerful devices such as PCs which have sophisticated processing and I/O capabilities compared to many data manipulation devices currently in use. As an example of the problem, it is becoming increasingly desirable to provide users with mobile access to centralized systems over the Internet via portable devices such as small, hand-held computing devices, pagers and mobile phones. In the case of the Internet, for example, the vast majority of users have access via browsers running on powerful computing devices such as PCs with relatively high-speed, high bandwidth communications links, and the nature of the data that can be retrieved from the Internet, in terms of the structure, variety and complexity of its content, has developed with such powerful devices in mind. However, the expectations of the data handling capabilities of the recipient device far exceed the capabilities of many portable access devices, which may have slow communications links, limited processing power and unsophisticated display hardware.
To accommodate such a range of data access devices and allow them access to centralized systems, modem data delivery chains incorporate devices known as “transcoders”. A transcoder processes generically formatted data content in a message received from a source device such as a server to produce a device-specific data message adapted to the capabilities of the intended destination device. Common tasks that a transcoder might perform include the removal of non-essential data, conversion between different data formats, data compression or decompression, and general processing of data content to simplify the resulting message. In simple terms, however, transcoder operations can be categorized as one of three main types of operation, namely: omitting data, whereby certain data is removed from the received message; maintaining data, whereby certain data in the received message is maintained without change; or modifying data, whereby certain data in the received message is changed in some way, e.g., by altering the existing data through processing, or replacing the existing data with new data. In this context, it will be understood that the “message” on which the transcoder operates may be any type of data communication to be delivered from a source device to a destination device, from a simple document to a complex communication with textual, graphics, audio or visual content.
Incorporating the transcoding function into source or destination devices is impractical for all but a few highly security-sensitive applications due to the additional software and hardware requirements and the consequent cost implications, particularly as data access devices and transcoder functionality evolve quite rapidly. External transcoder services, provided for example by portable device manufacturers, network operators or ISPs, offer a more practical solution. In such cases in particular, however, the question of security arises. Specifically, the “verifiability” of the transcoder action, ie. the ability of the end user to verify that the message content has not been unacceptably or maliciously altered in the transcoding process, becomes a concern. Common cryptographic facilities, such as “message hashing”, can provide verification that a message has not been altered during transit, but transcoders need to alter messages in order to accomplish their task. While some of the alterations may be legitimate, others could be malicious. As a highly simplistic example, consider that the following message is received by a transcoder from an origin server:
Original message: Do you wish to transfer $10 from account A to account B?
For a destination device with limited output capability, a transcoder may generate View 1 as follows:
View 1: transfer $10 from A to B?
Alternatively, the message might be altered to View 2 as follows:
View 2: transfer $100 from B to A?
Clearly View 1 is a legitimate rendition of the original message whereas View 2 is a malicious, unacceptable rendition.
It should be evident that an automatic method for verifying the semantic content of a message against the original is not feasible. For example, another possible rendition of the above message is View 3 as follows:
View 3: credit $10 from B to A?
This is a legitimate rendition of the original message, but it is infeasible to verify automatically that the meaning of “credit” here is equivalent to the meaning of “transfer” in the original message.
It will be apparent from the above that an efficient system allowing verification of transcoder action to the extent feasible would be of significant advantage in data communications systems where transcoding is required.
It is therefore an object of the invention to provide a system and method for transcoding a data message.