1. Field of the Invention
The present invention relates to computer systems and networks of computer systems, and, more particularly, to a system of conducting transactions over a network of computer systems in a secure manner.
2. Description of the Related Art
Computer systems are information handling systems which can be designed to give independent computing power to one user or a plurality of users. Computer systems may be found in many forms including mainframes, minicomputers, workstations, servers, personal computers, Internet terminals and notebooks. A computer system often includes multiple computer processes executing on the same computer system at the same time. Computer systems are often coupled to other computer systems to form a network to facilitate the exchange and handling of information. A computer network is a group of computer systems and associated hardware devices (e.g., physical connections) and software applications (e.g., communications protocol programs and data).
A network of computer systems may include multiple computer processes executing on multiple computer systems as if the multiple computer systems were a combined resource to the computer processes. Consequently, it often makes sense to discuss computer processes instead of, or in addition to, computer systems when discussing interaction over a computer network. For example, a web server can be considered to be a computer system, but it is often more accurate to describe the web server as a computer process running on a computer system. A computer system including a web server process typically includes other computer processes as well. Also, a database server can be a computer process that includes management software and information files that reside on one or several computer systems or computer servers.
A network can involve permanent connections, such as cables, or temporary connections made through telephone or other communications links. A network can be as small as a local area network (LAN) consisting of a few computers, printers, and other devices, or it can consist of many computers of various types distributed over a vast geographic area (e.g., a wide area network, or WAN). Similarly, a computer network can be an intranet (internal to a defined user entity) or an internet. An internet is a set of possibly dissimilar computer networks joined together by means of gateways or bridges. A gateway handles data transfer and conversion of messages from a sending network to the protocols used by a receiving network, if necessary. Also, the term xe2x80x9cInternetxe2x80x9d more specifically refers to the collection of networks and gateways that use the TCP/IP (Transport Control Protocol/Interface Program) suite of protocols. When used in this more specific manner, the term is often capitalized.
Interaction over the Internet occurs in many different ways. For example, computer system users on the Internet can communicate via electronic mail, network news and newsgroups, so-called xe2x80x9cchat roomsxe2x80x9d and real-time exchange of video and audio. Users may also locate and access information across the internet using various interaction protocols including the network terminal protocol (telnet), the file transfer protocol (FTP), Gopher and search engines such as Wide Area Information Service (WAIS), to name only a few. An increasingly popular medium for communication over the Internet is the World Wide Web.
The World Wide Web (WWW, or the Web) includes interaction between Internet users via request and distribution of hypertext documents or web pages. Interaction on the World Wide Web is performed according to the HyperText Transfer Protocol (HTTP) and HTTP client-server interactions. HTTP servers are designed specifically to distribute hypertext documents by way of a request and response dynamic with client applications such as web browsers, web robots or proxy servers. Internet resources are addressed on the World Wide Web by uniform resource locators (URLs). A web page may be accessed by directing a computer system to access a particular URL. Web pages are written in the HyperText Markup Language (HTML). HTML allows the creation of hypertext links to other Web resources, fill-in forms, feedback email, etc., by referencing other URLs. The JAVA programming language can be used to extend the capabilities of the HTTP by interacting with a runtime interpreter on the computer system of the web browser to provide features such as animation. The JAVA language and related packages also enable the assemblage of dynamic content by accessing local and/or remote data and application sources independent of platform from the HTTP server.
Web users can utilize several different means of communication over the Internet depending on the capabilities of the user""s web browser. A web browser can support some or all of the above mentioned Internet communication techniques in addition to the HyperText Transfer Protocol. Furthermore, portions of the Web can be internal to a defined user entity and protected by various security protocols so that external users cannot access such private portions of the Web.
Server-side resource processing allows a user with a Web browser to interact with resources on an HTTP server computer system by providing a tunnel through the server to these resources. This can be either through the common gateway interface (CGI), or through special modules built into the server. The common gateway interface is the interface between an HTTP server (the program that serves the pages for a Web site) and the other resources of the server""s host computer system. CGI is a set of commonly named variables and conventions for passing information from the client to the server to the server system and back again.
The file transfer protocol (FTP) is another commonly known and widely used method of communication over the Internet. FTP is a method of copying binary and ASCII (American Standard Code for Information Interchange) files between computer systems connected via the Internet. FTP allows files of any type to be copied regardless of the types of computer systems connected or operating systems being used as long as both computer systems understand the FTP. Although FTP commands are usually the same, there may be some variations from one FTP implementation to the next. Like HTTP, FTP uses a client-server model. The server side is implemented by a daemon process typically referred to as either FTPD or IN.FTPD, and the client side is implemented by an FTP program. In operation, a client FTP program sends a control connection request to a server requesting either files or information regarding the files which are stored on the FTP server. The server provides the file to the client responsive to the request if the connection request is granted. FTP is supported by many versions of HTTP daemons (HTTPDs) and thus is executable via the World Wide Web.
Interaction with databases via the Internet is becoming more common as more powerful computer systems, cheaper storage and faster communication technologies are developed, and as companies and customer bases become geographically separated. One powerful type of database system is the relational database management system (RDBMS) which is a system for storing and retrieving data in which the data is represented in two-dimensional tables or relations. A relational database includes a collection of such tables that store interrelated data. Each table in the database holds information about different data points, but some information in each table overlaps with information in another table. Columns that appear in more than one table and that link the tables together are called keys. Keys allow retrieval of information that is distributed over multiple tables.
A powerful query language called the Structured Query Language (SQL) is a commonly used language for seeking and selecting data from a database. SQL enables users to construct precise, complex query statements to search a database and to return data that matches the search restraints. One type of database system which uses such a SQL is the Sybase SQL Server 11 which is available from Sybase, Inc. of Emeryville, Calif. Another common type of database system is the Oracle database system which is available from Oracle Corporation of Redwood Shores, Calif.
Increasingly, the Internet is being used as a medium for commercial transactions. Internet commerce is the capability to buy and sell goods and services using the Internet. Often, orders are placed over the Internet but payment and shipping occurs xe2x80x9coffline,xe2x80x9d but a primary advantage of using Internet commerce is that information and digital products may be inexpensively distributed via the Internet. Shareware, for example, has been available for many years for free or for a small price.
The use of the Internet for commercial transactions has raised many concerns regarding security and privacy. Especially, for example, regarding the transmission of credit card numbers and the susceptibility of data transmissions to interception by criminal hackers. In a secure WWW environment, a web server employs various access control protections and the web browser is a secure browser capable of encryption and decryption. xe2x80x9cCleartextxe2x80x9d information is encrypted into xe2x80x9cciphertextxe2x80x9d prior to transmission; upon receipt of the ciphertext, the receiving computer system decrypts the ciphertext into the original cleartext. Thus, any data that is intercepted is worthless because of the encryption. Various encryption algorithms used to encrypt information are publicly available and include RC4 and MD5. RC4 is a variable-key-size stream cipher which is used in many commercial cryptography products. MD5 (Message Digest 5) is a one-way hash function which produces a 128-bit hash, or message digest, of the input message. RC4 and MD5 are well known in the art.
In one embodiment of the invention, a method for transacting business electronically includes storing first information in a database management module, reading the first information in the database management module by a network server module, providing a client customized interface with the first information by the network server module, providing client information and product information to a file transfer module responsive to a client ordering a product, and transferring a product to a client by the file transfer module.