1. Field of the Invention
The present invention relates to a system and method for encrypting audit information in network applications. More particularly, the present invention relates to a system and method for encrypting and storing information transmitted between a client and a server environment during a user session that can be used to recreate the user session or to later verify that a particular event occurred during the user session.
2. Discussion of the Related Art
In a network application, also referred to as a client/server application, a client requests information from a server. In response to each request, the server provides information to the client. A typical server may be responding to several hundred clients at one time, while the client may access several servers intermittently and over a very short period of time. As a result of the very dynamic nature of such applications, problems associated with the application are difficult to isolate, repeat, and/or diagnose. Furthermore, such problems are difficult to attribute to either the server or the client.
Another problem associated with network applications, particularly those dealing in electronic commerce ("e-commerce"), is that the precise behavior of the purchaser during the transaction is difficult to ascertain and even more difficult to evaluate or understand. For example, website developers may wish to understand how a particular buyer using an e-commerce application navigates through the website to purchase an item. Given the nature of conventional network applications, such understanding is difficult to obtain.
Yet another problem associated with network applications, particularly those where data associated with the user session is stored is security and privacy. Clients may be adverse to data regarding their users sessions being stored. Servers may be adverse to information regarding their clients' and their associated behavior susceptible to access by competitors.
Still yet another problem associated with network applications is that clients and servers are unable to verify or prove that certain events (e.g., purchases, etc.) occurred during a particular user session.
Other problems exists with network applications, some of which are discussed in further detail below. A need exists for a system and method for auditing network applications that solves the problems described herein.