1. Field of the Present Invention
The present invention generally relates to computer systems, and more particularly, to methods and apparatuses which create secure connections between Java Applets and web servers.
2. Description of the Related Art
The development of computerized distributed information resources, such as the "Internet", allows users to link with servers and networks, and thus retrieve vast amounts of electronic information that was previously unavailable using conventional electronic mediums. Such electronic information increasingly is displacing more conventional techniques of information transmission, such as newspapers, magazines, and even television.
The term "Internet" is an abbreviation for "Internetwork", and refers commonly to a collection of computer networks that use the TCP/IP suite of protocols. TCP/IP is an acronym for "Transport Control Protocol/Interface Program", a software protocol developed by the Department of Defense for communication between computers.
Electronic information transferred between computer networks (e.g., the Internet) can be presented to a user in hypertext, a metaphor for presenting information in a manner in which text, images, sounds, and actions become linked together in a complex non-sequential web of associations that permit the user to "browse" through related topics, regardless of the presented order of the topics. These links are often established by both the author of a hypertext document and by the user.
For example, traveling among hypertext links to the word "iron" in an article displayed within a graphical user interface might lead the user to the periodic table of the chemical elements (e.g., linked by the word "iron"), or to a reference to the use of iron in weapons in Europe in the Dark Ages. The term "hypertext" is used to describe documents, as presented by a computer, that express the non-lineal structure of ideas, as opposed to the linear format of books, film, and speech.
Hypertext, especially in an interactive format where choices are controlled by the user, is structured around the idea of offering a working and learning environment that parallels human thinking--that is, an environment that allows the user to make associations between topics, rather than moving sequentially from one topic to the next, as in an alphabetic list. In other words, hypertext topics are linked in a manner that allows users to jump from one subject to other related subjects during a search for information.
Networked systems using hypertext conventions typically follow a client/server architecture. A "client" is a member of a class or group that uses the services of another class or group to which it is not related. In the context of a computer network, such as the Internet, a client is a process (i.e., roughly a program or task) that requests a service which is provided by another program. The client process uses the requested service without having to "know" any working details about the other program or the service itself. In networked systems, a client is usually a computer that accesses shared network resources provided by another computer (i.e., a server).
A "server" is typically a remote computer system which is accessible over a communications medium such as the Internet. The server scans and searches for raw (e.g., unprocessed) information sources (e.g., newswire feeds or newsgroups). Based upon such requests by the user, the server presents filtered electronic information to the user as server responses to the client process. The client process may be active in a second computer system, and communicate with one another over a communications medium that allows multiple clients to take advantage of the information-gathering capabilities of the server.
Clients and servers communicate with one another using the functionality provided by a HyperText Transfer Protocol (HTTP). The World Wide Web (WWW) or, simply, the "web," includes all servers adhering to this protocol, which are accessible to clients via a Universal Resource Location (URL). Internet services can be accessed by specifying Universal Resource Locators that have two basic components: a protocol to be used and an object pathname. For example, the Universal Resource Locator address, "http://www.uspto.gov" (i.e., the "home page" for the U.S. Patent and Trademark Office), specifies a hypertext transfer protocol ("http") and a pathname of the server ("www.uspto.gov").
The server name is associated with a unique numeric value (TCP/IP address). Active within the client is a first process, known as a "browser", that establishes the connection with the server, and presents information to the user. The server itself executes corresponding server software that presents information to the client in the form of HTTP responses. The HTTP responses correspond to "web pages" constructed from a Hypertext Markup Language (HTML), or other server-generated data.
A "web page" (also referred to by some designers simply as a "page") is a data file written in a hyper-text language that may have text, graphic images, and even multimedia objects such as sound recordings or move video clips associated with that data file. The web page can be displayed as a viewable object within a computer system. A viewable object can contain one or more components such as spreadsheets, text, hot links, pictures, sound, and video objects. A web page can be constructed by loading one or more separate files into an active directory or file structure that is then displayed as a viewable object within a graphical user interface.
When a client workstation sends a request to a server for a web page, the server first transmits (at least partially) the main hypertext file associated with the web page, and then loads, either sequentially or simultaneously, the other files associated with the web page. A given file may be transmitted as several separate pieces via TCP/IP protocol. The constructed web page is then displayed as a viewable object on the workstation monitor. A web page may be "larger" than the physical size of the monitor screen, and devices such as graphical user interface scroll bars can be utilized by the viewing software (i.e., the browser) to view different portions of the web page.
Most text displayed by a web browser is formatted using standard HTML. An HTML file is a text file that contains both the text to be displayed and markup tags that describe how the text should be formatted by the web browser. The HTML markup tags support basic text formatting, such as paragraph breaks, bullet lists, tables, graphs, charts, and so forth. In addition to these basic text formatting tags, HTML provides tags defining graphical user interface components. HTML also can be used to display well known graphical user interface components such as radio buttons, check boxes, scrolling lists of selectable text, and various other such components at the web browser itself
In an open network, such as the Internet, establishing a secure connection is required in order to prevent a third party from viewing sensitive information, such as personal data or financial transactions. Secure connections can be established between a browser running on a typical client machine, or on a network computer, and a web server using a security protocol such as Secure Sockets Layer (SSL). Unfortunately, this connection is limited to HTML pages loaded by the web browser. In other words, there is no support built into the web browser in order to enable a Java Applet to establish a secure connection through the browser other than the HTTPS protocol. If a Java Applet is to be connected to the web server using a different protocol such as the CORBA IIOP, then a Java security service class library, such as RSA'S JSAFE or IBM'S SSLink must be used.
To establish an encrypted connection from a web browser, executing a Java Applet, to a web server requires an exchange of server certificates between the Java Applet and the server. This presents two problems. First, the browser's certificates are not available to Java for use in establishing a secure connection. Second, the certificate(s) required by the Java security service to establish a secure connection cannot be accessed by a Java Applet, since Applets are not inherently allowed local disk access.
It would therefore be a distinct advantage to have a method and apparatus for using the web browser's installed certificates to set up and establish an encrypted session between a Java Applet and a secure web server for protocols other than HTTPS. It would be further advantageous if the method and apparatus would only require the use of a secure web server and no additional services (i.e., additional servers). The present invention provides such a method and apparatus.