FORM 2
THE PATENT ACT, 1970 (39 OF 1970)
COMPLETE SPECIFICATION
(See Section 10 and rule 13)
"METHOD FOR CLIENT-SIDE ENCRYPTION OF THE SENSITIVE INFORMATION"
Applicant' Name: Forbes Technosys Limited.
Address: Plot No C-17/18, Road No 16,
Wagle Industrial Estate, Thane (w) - 400604, Maharashtra, India.
The following specification particularly describes the invention and the matter in which it is to be performed

A) TECHNICAL FIELD OF INVENTION
[0001] The present invention generally relates to a method for protecting sensitive data during a monetary transaction and particularly relates to a method for a client-end encryption of data by using enhanced security tools. The present invention more particularly relates to a method for providing data security to the web based application at the client's Internet browser using industry strength asynchronous and synchronous cryptographic methods.
B) BACKGROUND OF THE INVENTION
[0002] Presently E-cash, mobile wallet and online transactions are used for making payments or monetary transactions. But most of the business transactions with high monetary amount are done through the cheque payments. Now-a-days the verification of cheque transactions is becoming most important due to increase in fraudulent behaviours.
[0003] One of the prior arts discloses a method for performing secure electronic transactions between a server computer and a client computer. The method comprises running a first communication protocol with encrypted data transmission and mutual authentication between the server computer and a hardware device via a communication network. The encrypted server response which is received from the server computer, is decrypted in the hardware device. The method further comprises receiving the client requests to be sent from the client computer to the server computer by the hardware device. The client requests are encrypted and forwarded to the server computer by the hardware device. The method further comprises forwarding and encrypting the client request containing the predefined transaction information to the server computer. [0004] However, the prior arts offer a limited functionality over digital signing of the cheques. Also in the prior art method, a bank officer has to be present at the premises where the cheque is scanned with his digital certificate token in order to sign. Also the prior arts provide a method of digitally signing the cheques by keeping the digital certificates at a central processing premise. But the digital certificate is required to be shared across the system that makes the entire process

vulnerable to fraudulent behaviour. Further, the prior arts fail to provide an
efficient file-level and database-level encryption at the client-end.
[0005] In the view foregoing, there is a need for a method to process a monetary
transaction, specifically but not limited to a cheque transaction, with enhanced
security measure. Also there is a need for a method to authenticate a monetary
transaction, specifically but not limited to a cheque transaction, on a client end to
reduce vulnerability during the transaction procedure and reduce the time for
completion of procedure. Further there is a need to provide a method with an
efficient file-level and database-level encryption at client-end.
[0006] The above mentioned shortcomings, disadvantages and problems are
addressed herein, as detailed below.
C) OBJECTS OF THE INVENTION
[0007] The primary object of the present invention is to provide a method for authenticating a monetary transaction under enhanced security measures. It is required that the client uses an Internet browser to implement a monetary transaction as a part of enhanced security.
[0008] Another object of the present invention is to provide a method to authenticate a monetary transaction, specifically but not limited to a cheque transaction, on a client end to reduce vulnerability in the transaction procedure. [0009] Yet another embodiment of the present invention is to provide a method with an efficient encryption at client-end in a web based application architecture. [00010] These and other objects and advantages of the embodiments herein will become readily apparent from the following detailed description taken in conjunction with the accompanying drawings.
D) SUMMARY OF THE INVENTION
[00011] The various embodiments of the present invention disclose a method for client side security of data during a monetary transaction in a web based application. The method comprises of encrypting predetermined valuable information at a central server using industry standard synchronous methods. The

method further comprises downloading the page that has encrypted information by an authenticated user before issuing decrypting commands. The method further comprises decrypting the encrypted information on the client side in Internet browser after the page is downloaded. The method further comprises sending the values back to the server after encrypting it on the client side in Internet browser. The method further comprises applying a PKI based asynchronous digital signature (DS) after the information is reviewed and approved by the user. The data is sent to the USB hardware token and digital signature is applied by the token hardware using the private key of the authenticated user that is available in the token. All the aforementioned actions happen in Internet browser and the data is not shared or stored on the client PC.
[00012] According to one embodiment of the present invention, the method is implemented through a system for encrypting a data during a monetary transaction on the client side, in Internet browser. The system comprises a client workstation, a central server, a data flow, a USB based security token at a client end, a digital certificate, which is imported to the USB token and a communication network. The client workstation holds encrypted sensitive data related to a monetary transaction and facilitates a user to take decisions on the data. The central server connects a plurality of client workstations. The central server stoves all the data, encrypted at the file and database level. The central server has abilities to control the data flow to the Internet browser at the client. A cheque data is secured at the central server and implemented in transit from the central server. The page that is downloaded has the necessary code to decrypt the data only after ensuring that the data is viewed by an authenticated user. The USB based security token is a hardware device that holds asynchronous certificates. The USB based security token comprises of a processing unit to scramble the data and generate a digital signature for every data record. The digital certificate is a unique, digital representation of the identity of the certificate holder. The digital certificate contains critical information of a certifying authority. The data in the digital certificate is scrambled with the cheque data and an overall digital signature is computed. The overall digital signature resembles to a combination of information in the digital certificate and a digest (called as hash) of the

information in a cheque transaction. The communication network connects the client workstation and the central server. The network is a multi-point network in which a client data passes through several servers to reach the destination. [00013] According to one embodiment of the present invention, the cheque data is barred from display to un-authenticated users during a transit or a storage or at the client workstation.
[00014] According to one embodiment of the present invention, the method implements a client based Public Key Infrastructure (PKI) to provide the digital signature.
[00015] These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
E) BRIEF DESCRIPTION OF THE DRAWINGS
[00016] The other objects, features and advantages will occur to those skilled in
the art from the following description of the preferred embodiment and the
accompanying drawings in which:
[00017] FIG. 1 illustrates a flowchart depicting a method for encryption of data
during a monetary transaction, according to one embodiment of the present
invention.
[00018] FIG. 2 illustrates a bock diagram depicting a system for encryption of
data during a monetary transaction, according to one embodiment of the present
invention.
F) DETAILED DESCRIPTION OF DRAWINGS

[00019] FIG. 1 illustrates a flowchart depicting a method for securing of data during a monetary transaction, according to one embodiment of the present invention. With respect to FIG. 1, the method comprises reading encrypted values from the central server (101). The read encrypted values are displayed on a web browser over the client workstation (102), after they are decrypted. Decryption is implemented only if an authenticated user has signed in. The decrypted values are cross-verified by the user by seeing the data along with cheque image on the screen and if the values are correct (103). The USB token hardware is authenticated with the user generated password. The time validity of the token is verified. If the token is valid and user has authenticated the certificate (2-factor authentication), the data is passed to the token hardware (104). Digital signature is computed on the cheque data using the private key on the token hardware. (105). Further if the digital certificate is not valid then an error message appears on the display of the client workstation that leads to re-verification of the validity of the digital certificate (110). If the values are not correct then the cheque is rejected (108) to re-initiate the method (109). The computed digital signature along with encrypting the values as received in (102) is sent to the server followed by checking a completion status of a batch process (106). If the batch process is completed then the method for the encryption is ended otherwise next cheque transaction is processed for generating the digital signature (107). [00020] FIG. 2 illustrates a bock diagram depicting a system for encryption of data during a monetary transaction, according to one embodiment of the present invention. With respect to FIG. 2, the system comprises a client workstation 101, a central server 102, a USB based security token at a server end 103, a digital certificate 104 and a communication network 105, The client workstation 101, which is running a local instance of the Internet browser, holds sensitive data related to a monetary transaction and facilitates a user to take decisions on the data. The central server 102 connects a plurality of client workstations 101. The central server 102 stores all the data, which also comprises of some critical values, encrypted using 192-bit AES standard. The central server 102 has abilities to control the data flow, which is encrypted on a file-level and a database-level. A cheque data is encrypted at the central server 102 and implemented in transit from

the central server 102. The data is decrypted using synchronous encryption methods. The USB based security token 103 is a hardware device that holds asynchronous certificates. The USB based security token 103 comprises a processing unit 106 to scramble the decrypted, actual data and generate signature for every data record. The digital certificate 104 is a unique digital representation of the identity of the certificate holder. The digital certificate 104 contains critical information of a certifying authority along with the critical information pertaining to the user. The data in the digital certificate 104 is scrambled with the cheque data in the token hardware and an overall digital signature is computed. The overall digital signature resembles to a combination of information in the digital certificate 104 and the information in a cheque transaction. The communication network 105 connects the client workstation 101 and the central server 102. The communication network 105 is a multi-point network in which a client data passes through several servers to reach the destination. The entire operation is carried in the Internet browser and there is no storage of readable data or keys on the client workstation. This ability is a special feature of the invention. [00021] According to an exemplary embodiment of the present invention, the method for the encryption of a data during monetary transaction further comprises of providing a digital signature as well as a decryption of the data at the client side. The generation of the digital signature comprises log in by an operator into the system. The operator views the data, after the web page decrypts the data values, and the images corresponding to a cheque. The operator passes the cheque transaction when the data related to the cheque is in an appropriate order. During the cheque transaction, the system asks password to authenticate the token if the token has a valid digital certificate. The pre-defined record fields of the cheque data are sent to the token after authentication. The token computes the digital signature with the private key of the digital certificate and returns it to the system. The system repeats the procedure for the next cheque in the batch. The cheque data along with the digital signature is sent back to the server after encrypting at the client in an Internet browser using 192-bit AES synchronous encryption methods.

[00022] In the following detailed description, a reference is made to the accompanying drawings that form a part hereof, and in which the specific embodiments that may be practiced is shown by way of illustration. The embodiments are described in sufficient detail to enable those skilled in the art to practice the embodiments and it is to be understood that the logical, mechanical and other changes may be made without departing from the scope of the embodiments. The following detailed description is therefore not to be taken in a limiting sense.
G) ADVANTAGES OF THE INVENTION
[00023] The present invention allows thousands of cheque transactions in an Internet browser at a client end that provides an enhanced security of industrial strength. Also since the cheque transaction is verified and decrypted at the client end only after an authenticated user tries to see the data, the vulnerability to a fraudulent behaviour reduces. The transaction provides non-repudiation, by which the users can't deny they have entered / modified the data. [00024] The invention provides Internet browser based data security at the client side using one of the most secured modes of industry standard data security at the time of publishing.
[00025] It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the claims.

Claims
We claim:
1. A method for Internet browser based client side security of data during a
monetary transaction comprising the steps of:
decrypting data in the Internet browser using 192-bit synchronous keys and
AES methods only by the authenticated users.
providing an asynchronous digital signature based on PKI standards over a web
based application;
inserting a digital certificate hardware token on a client workstation, wherein
inserting the digital certificate token and the provision of the asynchronous
digital signature further comprises the steps of:
downloading an executable software code through a HTML page in a web
browser on the client workstation, wherein the software code accesses and
controls the digital certificate token inserted into the client workstation;
accessing a data for a cheque from a central server, wherein the accessed data is decrypted and sent to the digital certificate token through the software code;
generating a digital signature through a token hardware attached to the client workstation, wherein the software code controls the digital certificate token to generates digital signatures based on the accessed data;
providing a synchronous encryption on the cheque data on the client side in Internet browser by using a 192-bit AES encryption standard.;
wherein the encrypted cheque data is specifically available to an authenticated and authorized person, wherein the authorized person logs into the central server for accessing the cheque data.
2. The method as claimed in claim 1 is implemented through a system for
securing a data during a monetary transaction, wherein the system comprises:
a client workstation, wherein the client workstation holds sensitive data and facilitates a user to take decisions on the data;

a central server, wherein the central server connects a plurality of client workstations, wherein the central server stores all the data, wherein the central server has abilities to control a data flow, wherein the data flow is secured on a file-level and a database-level, wherein a cheque data is secured at the server and implemented during a transit of the cheque data from the server; a USB based security token at a client end, wherein the USB based security token is a hardware device that holds asynchronous certificates, wherein the USB based security token comprises a processing unit to scramble the data and generate signature for every data record related to a cheque transaction; a digital certificate, wherein the digital certificate is a unique, digital representation of the identity of the certificate holder, wherein the digital certificate contains critical information of a certifying authority, wherein the data in the digital certificate is scrambled with the cheque data and an overall digital signature is computed, wherein the overall digital signature resembles to a combination of information in the digital certificate and the information in a cheque transaction;
a communication network, wherein the communication network connects the client workstation and the central server, wherein the network is a multi-point network in which a client data passes through several servers to reach the destination.
3. The method as claimed in claim 1, wherein the cheque data is barred from display to un-authenticated and un-authorized users during a transit or storage or at the client workstation.
4. The method as claimed in claim 1 implements a web client-based Public Key Infrastructure (PKI) to provide the digital signature.