|
Method for secure and efficient metering on Internet (Web) communications
US Tech Discovery
The designed scheme enables secure, efficient, and accurate measurement of the number of clients that are served by a (web) server. The methods are secure and efficient, and provide a short proof for the metered data. The method does not require the use of tamper-resistant modules at the client or at the server.
Each client that approaches a server sends a short message that depends on a secret piece of information known to that client. The server is able to efficiently consolidate messages received from many different clients and generate a short proof for the number of clients that visited. The length of the proof is much shorter than the number of clients the server has served (one might think of each client as sending the server a one-cent coin and then the server somehow converting 10000 such coins into a single $100 note).
The security features of the scheme are:
- Servers are prevented from inflating the count of their reported clients (even if a coalition of servers cooperates and tries to forge proofs).
- Servers are protected from subversive clients that send erroneous metering messages.
- The privacy of the client is protected: the proofs that servers produce are for the number of clients that visited them and do not disclose the identities of these clients.
Current methods of Web measurement services do not provide secure and efficient measurement of accesses to web pages. In particular, it is very hard to accumulate data on most Web sites since web measurements, which are based on user survey, do not provide reliable statistics for all but the most popular sites. Other Internet metering schemes require an audit agency to install a metering module in an audited web server, which counts the number of visits by clients. The security of these schemes is based on the tamper-resistance of the metering module: if it is broken by the web site, then it can start sending false usage reports. Past experience in the software and pay-TV industries has shown that tamper-resistant modules can be broken if there is a large enough financial incentive. These methods are secure and efficient, and provide a short proof for the metered data. The method of the present invention does not require the use of tamper-resistant modules at the client nor at the server.
Immediate applications are a secure measurement of visits to a Web site and a secure usage-based accounting mechanism between networks. In the context of the present invention, the “web” is used as an archetype example for a communications network. It should be recognized that many other styles of networks are amenable for using the method of the present invention: computer networks, telecommunications networks, and the like. The method of the present invention provides validated measurements of the amount of service that servers perform for their clients, in a manner that is efficient and is secure against fraud attempts by servers and clients. There are two main applications for such methods: a certified measurement of the usage of Web sites, and measurement of the amount of traffic that a communication network delivers. Both these applications have a tremendous financial importance which makes them targets for fraud and piracy.
|
Download this Tech of the Week as a PDF
You can download this Tech of the Week as a PDF file that you can share with co-workers. When viewed on a computer with an Internet connection, the PDF includes live links back to yet2.com and the technology listing.
|
|
|
|
