endtoend.html

encrypt and security way to hide data

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN""http://www.w3.org/TR/REC-html40/loose.dtd">
<!--NewPage-->
<HTML>
<HEAD>
<!-- Generated by javadoc on Tue Apr 29 18:10:39 SGT 2003 -->
<TITLE>
EndtoEnd
</TITLE>
<META NAME="keywords" CONTENT="endtoend.EndtoEnd,EndtoEnd class">
<LINK REL ="stylesheet" TYPE="text/css" HREF="../stylesheet.css" TITLE="Style">
</HEAD>
<SCRIPT>
function asd()
{
parent.document.title="EndtoEnd";
}
</SCRIPT>
<BODY BGCOLOR="white" onload="asd();">

<!-- ========== START OF NAVBAR ========== -->
<A NAME="navbar_top"><!-- --></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
<TR>
<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_top_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
  <TR ALIGN="center" VALIGN="top">
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
  <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
  </TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
</EM>
</TD>
</TR>

<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;PREV CLASS&nbsp;
&nbsp;<A HREF="../endtoend/EndtoEndException.html"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
  <A HREF="../index.html" TARGET="_top"><B>FRAMES</B></A>  &nbsp;
&nbsp;<A HREF="EndtoEnd.html" TARGET="_top"><B>NO FRAMES</B></A>  &nbsp;
&nbsp;
<SCRIPT>
  <!--
  if(window==top) {
    document.writeln('<A HREF="../allclasses-noframe.html" TARGET=""><B>All Classes</B></A>');
  }
  //-->
</SCRIPT>
<NOSCRIPT>
<A HREF="../allclasses-noframe.html" TARGET=""><B>All Classes</B></A>
</NOSCRIPT>
</FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
  SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#fields_inherited_from_class_java.awt.Component">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
</TR>
</TABLE>
<!-- =========== END OF NAVBAR =========== -->

<HR>
<!-- ======== START OF CLASS DATA ======== -->
<H2>
<FONT SIZE="-1">
endtoend</FONT>
<BR>
Class EndtoEnd</H2>
<PRE>
java.lang.Object
  |
  +--java.awt.Component
        |
        +--java.awt.Container
              |
              +--java.awt.Panel
                    |
                    +--java.applet.Applet
                          |
                          +--<B>endtoend.EndtoEnd</B>
</PRE>
<DL>
<DT><B>All Implemented Interfaces:</B> <DD>javax.accessibility.Accessible, java.awt.image.ImageObserver, java.awt.MenuContainer, java.io.Serializable</DD>
</DL>
<HR>
<DL>
<DT>public class <B>EndtoEnd</B><DT>extends java.applet.Applet</DL>

<P>
EndtoEnd is an applet that is used to encrypt and decrypt data between
 the browser and the application server.
 <P>In a multi-tier architecture, there is usually a dedicated web server
 between the browser and the application server. This web server will
 normally perform the HTTPS protocol. What this means is that the data from
 the web server to the application server becomes unencrypted clear text -
 this includes passwords and credit card numbers entered at the browser. 
 If the web server at the front line became compromised, so will the
 sensitive information.
 <P>This module intends to solve this by making it possible to encrypt
 the data all the way to the application server or even the database server.
 The return data can also be encrypted. Thus the term "end-to-end" encryption.
 One can even say that with end-to-end encryption, there may be no need for
 HTTPS if only data security is of concern (Note that there are other used
 of HTTPS besides data encyrption).
 <P>It is also the intend for this
 module to be very very light weight in terms of applet file size and
 CPU processing. Thus, only the basic of the basic encryption is implemented.
 Please visit the web site at http://.... for more information.
 <P>The encryption algorithm and protocol is similar in concept to that
 of SSL or HTTPS.
 <ol>
 <li>Firstly, the applet and a public key is sent to the browser.
 <li>The applet generates a random number (128 bits) that will become the
 symmetric encryption key for the data transfer. The AES (Rijndael) encryption
 algorithm is used here. A different number will be generated each time the
 applet is used (unlike HTTPS that uses the same key in one session).
 <li>This symmetric key is then encrypted with the public key using RSA
 algorithm. The RSA key length is 1024 bits.
 <li>The entire chunk is base64 encoded and submitted to the application
 server via the normal HTTP POST.
 <li>The application server does the reverse - decrypts the symmetric key
 using the private key and then decrypts the data.
 <li>Return data to the browser can also be encrypted by the application
 server using the same symmetric key and decrypted by the applet.
 </ol>
 <P>
 Advantage of using end-to-end encryption over HTTPS:
 <ul>
 <li>Only selected sensitive information need to be encrypted - and not
 the whole web page including images, flash, applet, scripts, text, etc.
 Thus, performance and user experience becomes much better.
 <li>No need to pay hundreds of dollars to buy a SSL certificate every
 year. Save cost.
 <li>The public and private key can be changed as and when required -
 even every browser session. But key generation is a very CPU intensive
 operation. So once a day is viable.
 </ul>
 <P>
 Much comments and feedback is appreciated. Please email to ???@???.
 <br>Web site: http://......
<P>

<P>
<DL>
<DT><B>Version:</B></DT>
  <DD>0.5.0.1</DD>
<DT><B>See Also:</B><DD><A HREF="../serialized-form.html" TARGET="endtoend.EndtoEnd">Serialized Form</A></DL>
<HR>

<P>
<!-- ======== NESTED CLASS SUMMARY ======== -->


<!-- =========== FIELD SUMMARY =========== -->

<A NAME="field_summary"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TD COLSPAN=2><FONT SIZE="+2">
<B>Field Summary</B></FONT></TD>
</TR>
</TABLE>
&nbsp;<A NAME="fields_inherited_from_class_java.awt.Component"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
<TD><B>Fields inherited from class java.awt.Component</B></TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD><CODE>BOTTOM_ALIGNMENT, CENTER_ALIGNMENT, LEFT_ALIGNMENT, RIGHT_ALIGNMENT, TOP_ALIGNMENT</CODE></TD>
</TR>
</TABLE>
&nbsp;<A NAME="fields_inherited_from_class_java.awt.image.ImageObserver"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
<TD><B>Fields inherited from interface java.awt.image.ImageObserver</B></TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD><CODE>ABORT, ALLBITS, ERROR, FRAMEBITS, HEIGHT, PROPERTIES, SOMEBITS, WIDTH</CODE></TD>
</TR>
</TABLE>
&nbsp;
<!-- ======== CONSTRUCTOR SUMMARY ======== -->

<A NAME="constructor_summary"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TD COLSPAN=2><FONT SIZE="+2">
<B>Constructor Summary</B></FONT></TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD><CODE><B><A HREF="../endtoend/EndtoEnd.html#EndtoEnd()">EndtoEnd</A></B>()</CODE>

<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
</TABLE>
&nbsp;
<!-- ========== METHOD SUMMARY =========== -->

<A NAME="method_summary"><!-- --></A>
<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TD COLSPAN=2><FONT SIZE="+2">
<B>Method Summary</B></FONT></TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;java.lang.String</CODE></FONT></TD>
<TD><CODE><B><A HREF="../endtoend/EndtoEnd.html#done()">done</A></B>()</CODE>

<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Finalize the data to be sent back.
 </TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;java.lang.String</CODE></FONT></TD>
<TD><CODE><B><A HREF="../endtoend/EndtoEnd.html#get(java.lang.String)">get</A></B>(java.lang.String&nbsp;param)</CODE>

<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieve the decrypted value of the return data from the application server.
 </TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../endtoend/EndtoEnd.html#init()">init</A></B>()</CODE>