Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-02-03
2002-11-05
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S170000, C713S176000, C713S180000, C713S182000
Reexamination Certificate
active
06477645
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to a system and method for verifying the authority and integrity of information, and more particularly to a system and method for verifying the authority and integrity of information when a public key is unavailable.
BACKGROUND OF THE INVENTION
In the field of information technology (IT) management, a large number of computing platforms, such as personal computers, servers, communication devices, and mainframes can be networked together and managed by a single organization. The management of these platforms often requires remote installation and configuration of software. One problem associated with the remote installation and configuration of software is assuring that only authorized code and configuration commands are installed and executed on the platforms. Failure to address this problem can result in problems ranging in seriousness from having merely incompatible or untested applications installed on the platforms to having a malicious virus introduced into the network.
After networked platforms are installed and operational, a public key for the IT management organization responsible for maintaining the platforms is stored on each platform. This permits the IT management organization to affix a digital signature to software and commands sent to each platform. A digital signature is a device by which the source and integrity of transmitted information can be verified. Before the installation of software or the execution of commands, the digital signature is verified at the platform by using the public key for the IT management organization to confirm that the software or commands came from an authorized source.
Unfortunately, in today's fast paced and heavily networked environments new platforms arriving directly from a manufacturer are constantly being connected to existing networks. These new platforms do not yet contain the public key for the IT management organization, so software and commands sent to the platform cannot yet be authenticated using public key cryptography. This is a problem when initial setup of a newly installed platform is performed remotely by an IT organization, since a few pieces of code and configuration commands must be installed on the platform to identify the responsible IT management organization by its public key for the first time. In essence, there is a window of time during which, for a newly installed platform, the standard mechanism for verifying the source and integrity of transmitted information and commands is unavailable.
For these and other reasons, there is a need for the present invention.
SUMMARY OF THE INVENTION
In one embodiment of the invention, a system includes a user platform, a communication channel, and a remote platform. The user platform authenticates information using a transformation value generated from the information. The remote platform transmits the information to the user platform via the communication channel.
REFERENCES:
patent: 4264782 (1981-04-01), Konheim
patent: 5005200 (1991-04-01), Fischer
patent: 5420927 (1995-05-01), Micali
patent: 5465299 (1995-11-01), Matsumoto et al.
patent: 5953420 (1999-09-01), Matyas et al.
patent: 6190257 (2001-02-01), Takeda et al.
patent: 6292896 (2001-09-01), Guski et al.
Intel Corporation
Peeso Thomas R.
LandOfFree
Authority and integrity check in systems lacking a public key does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authority and integrity check in systems lacking a public key, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authority and integrity check in systems lacking a public key will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2965368