Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-06-10
2004-01-27
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S169000, C713S152000, C713S161000
Reexamination Certificate
active
06684332
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to network communication, and more particularly to authenticated communication across an insecure network.
BACKGROUND OF THE INVENTION
Data communication across computer networks has become a standard in both professional and personal computing environments. With the increase in reliance on computer networks for data communication, increased efforts have arisen to ensure that networks remain secure during data transfers. More particularly, data encryption techniques have been developed and utilized to aid in securing data communication across networks.
Encryption suitably refers to the transformation of plaintext data into an unintelligible form known as ciphertext. Encryption is usually accomplished by the application of mathematical algorithms on the plaintext data. These algorithms are defined by parameters known as ‘keys’. Two common encryption methods are symmetric methods which use private keys, and asymmetric methods which use public keys. Both private key encryption (such as DES (Data Encryption Standard)) and public key encryption methods have been implemented, but, key cryptographic methods alone do not allow a recipient to authenticate the validity of the public key nor to validate the identity of the sender.
In general, authentication allows for the verification that someone or something is valid or genuine. Digital signature authentication allows the receiver of a message to be confident of the identity of the sender and/or the integrity of the message. Digital signatures have been used to guarantee the validity of a public key by being incorporated into a digital certificate. The ‘signed’ document containing the digital signature attests to the validity and public key of the person signing the message, and prevents one user from impersonating another through a phony key pair. Along with the public key and name of the subject, the certificate also contains the validity period of the key, the name of the issuer of the certificate, the certificate serial number, and is digitally signed by the issuer. However, a secure, centralized repository is required for storing and managing the keys. For example, the X.500 directory may be used as a repository for storing certificates, with association of the public keys of network users with their distinguished name. (An X.500 distinguished name refers to a unique object in the X.500 Directory, and is a sequence of vertex points leading from the ‘root’ of the tree to the object of interest, as is conventionally understood). The X.500 standard defines an authentication framework, known as X.509, for use by OSI (Open Systems International connection) applications to provide a basis for authentication and security services. The X.509 framework describes how authentication information is formed and placed in the directory. The X.509 authentication framework also defines basic security services, including simple and strong authentication. Strong authentication involves the use of public key cryptographic standard (PKCS) and a trusted hierarchy of Certificate Authorities (CAs), where a CA refers to a trusted source for obtaining a user's authentication information or certificate.
While data encryption techniques do provide security for network communications, such security measures are too extreme and costly to implement for some networks. For example, in certain situations, total data security is not as vital as verification that systems performing communication are authentic. A desire remains therefore for authenticated communication across an insecure network. In such situations, the concern is ensuring that the communicating system is genuine in its representation, rather than strict security of data.
Accordingly, what is needed is a method and system for providing an authenticated communication channel in an efficient and effective manner. The present invention addresses such a need.
SUMMARY OF THE INVENTION
The present invention provides method and system aspects for authenticated communication of messages among computer systems in an insecure network. These aspects include building a first signed object message in a first computer system, the first signed object message including a first sequence number, a first object, and a first signature. Further included is sending the first signed object message to a second computer system, verifying the first signed object message in the second computer system, and building a second signed object message in the second computer system for replying to the first computer system when the first signed object message is verified, the second signed object message including a second sequence number, a second object, and a second signature.
Through the present invention, communication among computer systems in an insecure network readily occurs in an authenticated manner. Further, the signed object exchange utilizes available resources in an innovative and straightforward manner, while achieving communication techniques that are resistant to replay attacks and exportable. These and other advantages of the aspects of the present invention will be more fully understood in conjunction with the following detailed description and accompanying drawings.
REFERENCES:
patent: 5005200 (1991-04-01), Fischer
patent: 5164988 (1992-11-01), Matyas et al.
patent: 5200999 (1993-04-01), Matyas et al.
patent: 5537475 (1996-07-01), Micali
patent: 5539828 (1996-07-01), Davis
patent: 5602918 (1997-02-01), Chen et al.
patent: 5604804 (1997-02-01), Micali
patent: 5615268 (1997-03-01), Bisbee et al.
patent: 5680461 (1997-10-01), McManis
patent: 5692047 (1997-11-01), McManis
patent: 5694546 (1997-12-01), Reisman
patent: 5701343 (1997-12-01), Takashima et al.
patent: 5748960 (1998-05-01), Fiskcher
patent: 5757913 (1998-05-01), Bellare et al.
patent: 5956404 (1999-09-01), Schneier
patent: 6047067 (2000-04-01), Rosen
patent: 6148349 (2000-11-01), Chow et al.
patent: 0778520 (1997-06-01), None
Schneier, Applied Cryptography, 2e, 1996.*
Richard Smith, Internet Cryptography, 1997.*
Coulouris et. al. Distributed Systems, Concepts and Design 2e, Addison-Wesley, 1994.*
Shoffner et. al. Java and Web-Executable Object Security, Nov. 1996.*
Grady Booch, Object-Oriented Analysis and Design with Applications 2e, Benjamin, p. 474, 1994.*
Keefe, et. al. Soda: A Secure Object-Oriented Database System, Computers & Security 8, pp. 517-533, 1989.*
Felten, Webware Security, Communication of the AC M, 40(4) pp. 130, Nov. 1996.*
Stevens, TCP/IP Illustrated, vol. 1 Protocols, Addison-Wesley, p. 226, 231-233, 1994.*
IBM Technical Disclosure Bulletin, vol. 39, No. 02, Feb. 1996, Public-Key-Based Certification Infrastructure Framework for Asynchronous Transfer Mode.
Sawyer Law Group LLP
Seal James
Sheikh Ayaz
LandOfFree
Method and system for the exchange of digitally signed... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for the exchange of digitally signed..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for the exchange of digitally signed... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3239848