1. Technical Field
The present invention relates generally to transactions over computer networks and more particularly to a method and system for certifying that a given copy of a Web page is authentic.
2. Description of the Related Art
The World Wide Web is the Internet""s multimedia information retrieval system. In the Web environment, client machines effect transactions to Web servers using the Hypertext Transfer Protocol (HTTP), which is a known application protocol providing users access to files (e.g., text, graphics, images, sound, video, etc.) using a standard page description language known as Hypertext Markup Language (HTML). HTML provides basic document formatting and allows the developer to specify xe2x80x9clinksxe2x80x9d to other servers and files. In the Internet paradigm, a network path to a server is identified by a so-called Uniform Resource Locator (URL) having a special syntax for defining a network connection. Use of an HTML-compatible browser (e.g., Netscape Navigator or Microsoft Internet Explorer) at a client machine involves specification of a link via the URL. In response, the client makes a request to the server (sometimes referred to as a xe2x80x9cWeb sitexe2x80x9d) identified in the link and, in return, receives in return a document or other object formatted according to HTML.
Given content on a Web page may be time-sensitive. Thus, for example, the Web page may include an advertisement or coupon for a given product or service offering, and such advertisement or coupon may need to be printed and delivered to the vendor for redemption or to prove that an offer existed at a given time (namely, when the page was viewed by the user and the copy made). In another application, a given Web page may include information evidencing or relating to a financial transaction. In this example, transaction or other verification may involve proof that the Web page had certain information content before, during or after the transaction. Although it is known in the art to make a copy of a Web page, there is no convenient method in the art for certifying that the copy itself was made at a given time.
It would be very desirable to be able to make a copy of a given Web page that could then be certified as xe2x80x9cauthenticxe2x80x9d. The present invention addresses this problem.
It is thus a primary object of the present invention to enable a user of a Web browser to make a certified copy of a Web page or other document object.
It is a further object of this invention to certify that a given Web page or file, or some content therein, existed at a particular time.
It is still another important object of this invention to provide a certification service to enable third parties to obtain proof that a given document or some portion thereof existed at a given time or during a given time period.
Still another object of this invention is to store, in a publicly-accessible location, information from which a given entity may verify the authenticity of a document or some content thereof.
It is still another primary object of this invention to provide a Web page certification service that is useful is authenticating Web page copies.
It is another more general object of this invention to manage the administration, collection and use of certified copies of documents or objects in an open computer network environment such as the World Wide Web of the Internet.
In one particular embodiment, a Web site supports a Web page. A user of a Web client connectable to that Web site makes a copy of the Web page or some identifiable portion thereof. The user desires to xe2x80x9cprovexe2x80x9d or xe2x80x9cvalidatexe2x80x9d his or her xe2x80x9ccopyxe2x80x9d at some later time or upon a given occurrence. To this end, a xe2x80x9ccertifiedxe2x80x9d copy is generated at the client machine. Preferably, this certification is accomplished by applying a given mathematical transform (e.g., a one-way hashing function) to the copy of the page (or some portion thereof) to generate a string. The one-way hashing function has the property that the resulting string is of sufficient length and content that it cannot be reproduced through any other search method or function. The string is then concatenated with given identifying information (e.g., the Web site URL, a timestamp and, optionally, a user identifier) to generate a signature. To facilitate later verification, the signature is then provided to a certification server located elsewhere in the computer network.
Upon receipt, the certification server first verifies that the information in the signature is authentic. To this end, the certification server obtains the URL within the signature and, using the URL, retrieves the specified Web page. The newly-retrieved Web page is then applied through the same one-way function used at the client machine. If the resulting bit string matches the string in the signature, the certification server provides a confirmation to the client. The signature is also stored in a database associated with the server, although preferably the server does not store the Web page itself to conserve memory. Further, the certification server preferably combines the signature with all other signatures received during a given time period (e.g., during a particular day) to generate a checksum (or other given function) of all or a given number of the signatures. This value is then published in a convenient location (e.g., a newspaper).
Later, when the user desires to prove that he or she has a true and correct copy of the Web page, the user presents the Web page copy (and, optionally, the server confirmation) to a given entity (which may be the certification server itself). If running the one-way function then produces the same bit string that is logged in the server""s database for the date, the copy is certified as authentic. As another check, the server may also re-calculate the checksum (or other given function) and compare it to the value original published for the particular date in question. The checksum guarantees that the information associated with a given signature has not changed.
The foregoing has outlined some of the more pertinent objects and features of the present invention. These objects should be construed to be merely illustrative of some of the more prominent features and applications of the invention. Many other beneficial results can be attained by applying the disclosed invention in a different manner or modifying the invention as will be described. Accordingly, other objects and a fuller understanding of the invention may be had by referring to the following Detailed Description of the Preferred Embodiment.