XML Security

[admin]

Topics: SECURITY FOR XMLInventor: Hsin NingAs the XML grows, many Web sites are becoming connected andare trying to interchanged data on the "Web". Because an increasingnumber of B2B are attempting to actually interchange their data by XML,most information will be freely on the Internet. The lack of security fortransmissions of XML document through the Internet is a hindrance tothe further development of electronic commerce.My present invention relates to XML security on the Internet, and inparticular, to a method for providing dynamic secure interchanging of XMLdocument through the Internet.Let me present one of my inventionsas following :A method for interchanging credit card numbers in a secure manner throughXML document. Credit card numbers typically consist of a string of 10-20digits,with the exact number of digits depending upon the provider of thecredit card.The security is provided by interchanging the credit card number in aplurality of different interchanging,each interchanging containing at leastone digit of the credit card number, but fewer than all of the digits ofthe credit card number. Preferably, the user selects the number of digitsfrom the credit card number to send with each interchanging. Thus,the entirecredit card number can only be determined by receiving all of theinterchanging from each orther XML document, thereby significantly increasingthe difficulty of intercepting the credit card number.My invention for securely interchanging credit card XML Documentof a vender from a Web browser to another vendor through an Internet,the credit card number comprising a plurality of digits, the steps of themethodbeing performed by a data processor, the method comprising the steps of:Step 1.Entering the entire credit card number,for example 2345 1267 0008 1080,from a Web browser by a vender prepared to form a credit card numberXMLdocument; such as// Obtain form element textscustno1 = document.all("no1").value;scustno2= document.all("no2").value;scustno3= document.all("no3").value;scustno4 = document.all("no4").value;Step 2.preparing a 4X4 matric A with determinent value det(A) =1 and usingtheentire credit card number from Step(1) to form a 4X1 matrix B;such as1 3 2 5 23452 7 6 13 1267A= B=3 11 13 23 00084 16 23 37 1080Step 3.multiplying A by B to obtain a 4X1 matrix C, say C=AXB,as following// Build an XML fragmentsXML1 = 1* scustno1 + 3* scustno2 +2* scustno3 +5* scustno4;sXML2 = 2* scustno1 + 7* scustno2 +6* scustno3+13* scustno4;sXML3 = 3* scustno1 + 11* scustno2 +13* scustno3 + 23* scustno4;sXML4 = 4* scustno1 + 16* scustno2 +23* scustno3+ 37* scustno4;1156227647C=4591669796Step 4.sending the encrypted credit card number including in matrix C asXML document to another vendor through an Internet from the creditcard Web browser vender ; such as// Build an XML fragmentsXML = "<CARD>";sXML += "<number1>" + sXML1 + "</number1>";sXML += "<number2>" + sXML2+ "</number2>";sXML += "<number3>" + sXML3+ "</number3>";sXML += "<number4>" + sXML4+ "</number4>";sXML += "</CARD>";// Set the hidden form element and force a submitoForm.elements("XMLValue").value = sXML;oForm.submit();Step 5.receiving said the encrypted credit card number including inoForm.elements("XMLValue").value in Step 4. The receiving venderprepare a 4X4 matric D which is the inverse matrix of A as following15 -3 -8 4-11 -1 11 -5D=-3 -2 5 -25 2 -7 3Step 6.The receiving XML handle decrypted the encrypted XML document fromthe sending vender by using matrix D in Step 5. as followingsXML11=15*sXML1-3*sXML2-8*sXML3+4*sXML4sXML22=11*sXML3-5*sXML4-1*sXML2-11*sXML1sXML33=5*sXML3-2*sXML2-3*sXML1-2*sXML4sXML44=2*sXML2+5*sXML1-7*sXML3+3*sXML4The transmission of credit card numbers must be perceived as secure,as well as being secure in actuality. Without such security, many B2B2C,B2B,B2Cwill be hesitant to interchange their credit card XML document through theInternet, thereby potentially reducing sales or orders through electroniccommerce.I have invented so many methods to manage XML Security that I have to applypatents for these inventions .Now I send one of test production to you (XMLSecurity.htm and svc_customer.xml) and hope that you can understand myinvention.If your company has any question about XML Security , please contact withme by sent <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e --> will give you my professional assistance !Rgds,HSIN NING