1. Technical Field
The present invention is directed to a method and apparatus for establishing a secure communication connection over a network. In particular, the present invention is directed to a method and apparatus for establishing a secure communication connection between a Java application running on a client device and a secure network server using a secure communication protocol.
2. Description of Related Art
The Internet is increasingly being used as a mechanism by which confidential transactions are conducted. For example, the Internet is increasingly being used in electronic commerce to provide individuals the ability to purchase items using their credit cards, and such. With increased use of the Internet in confidential transactions, the demand for secure communication connections through which to conduct these confidential transactions also increases.
Traditionally, these secure communication connections are created using HyperText Markup Language (HTML) documents and the HyperText Transport Protocol Secure (HTTPS) protocol. HTML is a document format used on the World Wide Web (the Web). With HTML, web pages are built with HTML tags, or codes, embedded in the text. HTML defines the page layout, fonts and graphic elements as well as the hypertext links to other documents on the Web. Each link contains the Universal Resource Locator (URL), or address, of a Web page residing on the same server or any server worldwide.
HTTPS is one of the protocols for accessing a secure Web server. HTTPS is a unique combination of the Secure Socket Layer (SSL) and HTTP protocols. SSL is a protocol that was designed to ensure that data transfers between a client and a server remain secret, and it also allows the client to authenticate the identity of the server to prevent impersonation attacks. SSL can be used with most any Internet protocol, such as Simple Mail Transport Protocol (SMTP) or File Transport Protocol (FTP). Today, SSL is mainly used for securing transactions on the Web. SSL uses a mechanism known as public key encryption. Digital keys are generated as random combinations of complex mathematical expressions along with a series of primary numbers. These combinations of values are extremely difficult to guess because of the sheer number of possible combinations.
HTTPS behaves just like the HTTP protocol, but requires the SSL protocol to safeguard any data that is exchanged. The conversation between an HTTPS enabled client device and a secure Web server starts as a normal readable transaction. However, before data is transmitted over the Internet, SSL protocol stack takes over and scrambles the data according to the digital keys the browser and the server agree to use. When the sensitive information reaches the other side it is unscrambled and processed as readable text. Anyone who may be watching the conversation just sees what looks like gibberish.
Using HTTPS in the URL, e.g. “https:// . . . ”, instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. The session is then managed by a security protocol, such as SSL, that encrypts and decrypts messages for online transmission.
Increasingly, Java applications and applets, i.e. small application programs, are being hosted by Web servers to provide a platform independent mechanism by which the Web servers may share programs with client devices. Java is a programming language for Internet and intranet applications that was created by the Sun Corporation. Java programs can be called from within HTML documents or launched stand alone.
Java is an interpreted language that uses an intermediate language. The source code of a Java program is compiled into “byte code, ”which cannot be run by itself. The byte code must be converted into machine code at runtime. Upon finding a Java applet, a Web browser on a client device switches to its Java interpreter (Java Virtual Machine) which translates the byte code into machine code and runs it. This means Java programs are not dependent on any specific hardware and will run in any computer with the Java Virtual Machine.
Java applications and applets may be created using, for example, the Java Development Kit (JDK). JDK provides the java.net package which provides a Java application or applet the ability to create its own network connections by initializing URL objects (url=URL(“http://www.ibm.com”). However, JDK, and Java applications and applets in general, do not provide any support for secure communication connections. For example, Java and JDK do not provide support for the HTTPS protocol.
Web servers must still rely on HTML documents and a Web browser's ability to create secure communication connections. This is undesirable since many Internet/Intranet applications need to use Java applets or applications to provide more sophisticated and powerful front ends to users, and take advantage of Java's platform independent nature. Therefore, it would be advantageous to have a method and apparatus for establishing a secure communication connection between a Java application and a network server.