This invention relates to distributed computing and, more particularly, to a secure data file uploading system for a distributed computer application utilizing the Internet and a Web browser as the user interface to the distributed computer application.
Distributed computing allows members of a user community to share data. Distributed computing relies on the use of multiple computers in a distributed computer network rather than one centralized system. For example, large organizations have computers dedicated to departmental use. In a distributed computer network these computers are networked together and are not just decentralized systems without any communications between them. In addition, client/server applications tend to disburse more and more computers throughout the organization.
Some users of the community are providers of data and some users are consumers. In certain application domains, such as healthcare, providers of data require a secure user agent to upload data into the distributed computer application. If the distributed computer network relies upon the Internet for communication between users, data security becomes an important issue. With the growth of the Internet, distributed computer networks are more and more likely to use a Web browser as their user agent of choice for data file uploading from their data providers due to the user-friendly features that more and more people are accustomed to in using Web browsers and the Internet. However, it has been difficult to provide the security necessary for distributed computer applications that wish to use Web browsers and the Internet as the user interface. This is due in part to the unsecured circuitous route taken by data transmitted over the Internet and the possibility of unauthorized access of the data during transmission. In addition, in order to make such distributed computer applications affordable, there are often resource constraints that limit the use of server technology to simpler systems that are incompatible with the high security that is both desired and necessary in some cases. Finally, distributed computer networks that require a lot of effort to set up and maintain have proven to be very undesirable and not cost effective.
It is therefore desirable to securely move data files from a remote site to a distributed computer application server using a Web browser and the Internet, an intranet, or other network with standard communication protocols and to protect the distributed computer application server from any direct Internet, intranet, or other network connections. It is also desirable to use one process in a Web server that is exposed to the Internet, intranet, or other external network that will collect the data and pass the data securely through a firewall and a router to a second process in the distributed computer application server that processes the data and is protected from the Internet, intranet, or other external network.
The present invention is a distributed computer application that utilizes the Internet and Web browsers as the interface to the distributed computer application. Users who are providers of data utilize Secure Sockets Layer (SSL) enabled HyperText Transport Protocol (HTTP), referred to as HTTPS (HTTP with SSL), to encrypt communications between their Web browser and the distributed computer application server. SSL is a leading security protocol on the Internet and provides server authentication and optionally user authentication. HTTP is a communications protocol used to connect servers on the World Wide Web. Its primary function is to establish a connection with the Web server and transmit HTML pages to the client Web browser.
The HTTPS capability is used to upload data files and handle the data file transfer from the Web browser to the external HTTP distributed computer application Web server. A collection Java servlet on the external HTTP distributed computer application Web server handles the data file upload from the Web browser, checks for required form elements, adds, the Internet Protocol (IP) address of the computer running the Web browser software to the form elements, re-POSTs the data to a processing Java servlet on an internal HTTP distributed computer application WEB server, records the response of the processing Java servlet on the internal HTTP distributed computer application WEB server, and returns the response to the initiating Web browser.
The processing Java servlet on the internal HTTP distributed computer application WEB server is used to handle the data file upload from the processing Java servlet on the external HTTP distributed computer application Web server, checks for required form elements, checks that the identity for the POST is valid, saves the data file locally on the internal HTTP distributed computer application WEB server, and returns a response to the collection Java servlet.
When an HTTPS session is started, the Web browser sends its public key to the Web server so that the Web server can securely send a secret key to the Web browser. The Web browser and Web server exchange data via secret key encryption during that session. Using HTTPS in the Uniform Resource Locator (URL) instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. The session is then managed by a security protocol. The security protocol is a communications protocol that encrypts and decrypts the message for on-line transmission. The security protocol can also provide user authentication.