Topics: SECURITY FOR XML

Inventor: Hsin Ning

As the XML grows, many Web sites are becoming connected and
are trying to interchanged data on the "Web". Because an increasing
number of B2B are attempting to actually interchange their data by XML,
most information will be freely on the Internet. The lack of security for

transmissions of XML document through the Internet is a hindrance to
the further development of electronic commerce.
My present invention relates to XML security on the Internet, and in
particular, to a method for providing dynamic secure interchanging of XML

document through the Internet.Let me present one of my inventions
as following :

A method for interchanging credit card numbers in a secure manner through

XML document. Credit card numbers typically consist of a string of 10-20

digits,with the exact number of digits depending upon the provider of the

credit card.
The security is provided by interchanging the credit card number in a
plurality of different interchanging,each interchanging containing at least
one digit of the credit card number, but fewer than all of the digits of

the credit card number. Preferably, the user selects the number of digits

from the credit card number to send with each interchanging. Thus,the entire

credit card number can only be determined by receiving all of the
interchanging from each orther XML document, thereby significantly increasing

the difficulty of intercepting the credit card number.

My invention for securely interchanging credit card XML Document
of a vender from a Web browser to another vendor through an Internet,
the credit card number comprising a plurality of digits, the steps of the
method
being performed by a data processor, the method comprising the steps of
:
Step 1.
Entering the entire credit card number,for example 2345 1267 0008 1080,
from a Web browser by a vender prepared to form a credit card number
XML
document; such as


// Obtain form element text
scustno1 = document.all("no1").value;
scustno2= document.all("no2").value;
scustno3= document.all("no3").value;
scustno4 = document.all("no4").value;


Step 2.
preparing a 4X4 matric A with determinent value det(A) =1 and using
the
entire credit card number from Step(1) to form a 4X1 matrix B;such as


1 3 2 5 2345

2 7 6 13 1267
A= B=
3 11 13 23 0008

4 16 23 37 1080



Step 3.
multiplying A by B to obtain a 4X1 matrix C, say C=AXB,as following


// Build an XML fragment
sXML1 = 1* scustno1 + 3* scustno2 +2* scustno3 +5* scustno4;
sXML2 = 2* scustno1 + 7* scustno2 +6* scustno3+13* scustno4;
sXML3 = 3* scustno1 + 11* scustno2 +13* scustno3 + 23* scustno4;
sXML4 = 4* scustno1 + 16* scustno2 +23* scustno3+ 37* scustno4;





11562

27647
C=
45916

69796

Step 4.
sending the encrypted credit card number including in matrix C as
XML document to another vendor through an Internet from the credit
card Web browser vender ; such as



// Build an XML fragment

sXML = "<CARD>";
sXML += "<number1>" + sXML1 + "</number1>";
sXML += "<number2>" + sXML2+ "</number2>";
sXML += "<number3>" + sXML3+ "</number3>";
sXML += "<number4>" + sXML4+ "</number4>";
sXML += "</CARD>";
// Set the hidden form element and force a submit
oForm.elements("XMLValue").value = sXML;
oForm.submit();

Step 5.
receiving said the encrypted credit card number including in
oForm.elements("XMLValue").value in Step 4. The receiving vender
prepare a 4X4 matric D which is the inverse matrix of A as following







15 -3 -8 4

-11 -1 11 -5
D=
-3 -2 5 -2

5 2 -7 3

Step 6.
The receiving XML handle decrypted the encrypted XML document from
the sending vender by using matrix D in Step 5. as following


sXML11=15*sXML1-3*sXML2-8*sXML3+4*sXML4
sXML22=11*sXML3-5*sXML4-1*sXML2-11*sXML1
sXML33=5*sXML3-2*sXML2-3*sXML1-2*sXML4
sXML44=2*sXML2+5*sXML1-7*sXML3+3*sXML4


The transmission of credit card numbers must be perceived as secure,
as well as being secure in actuality. Without such security, many B2B2C,B2B,B2C

will be hesitant to interchange their credit card XML document through the
Internet, thereby potentially reducing sales or orders through electronic
commerce.

I have invented so many methods to manage XML Security that I have to apply
patents for these inventions .Now I send one of test production to you (
XMLSecurity.htm and svc_customer.xml) and hope that you can understand my
invention.
If your company has any question about XML Security , please contact with
me by sent Email

ningsin@ms42.hinet.net

I will give you my professional assistance !

Rgds,
HSIN NING