Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
2002-04-01
2003-07-29
Najjar, Saleh (Department: 2157)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S217000, C709S219000, C709S225000, C713S171000, C713S182000
Reexamination Certificate
active
06601102
ABSTRACT:
BACKGROUND OF INVENTION
1. Field of the Invention
The present invention relates generally to a secure communication protocol for providing document services on a network, and more particularly, to a protocol for performing secure token-based document transaction services that includes services for emailing and printing secure document tokens.
2. Description of Related Art
While the use of mobile computing devices is becoming more prevalent among mobile workers, transfer of document information between mobile computing devices is often limited due to inadequate storage capacity on such devices or due to inadequate communication channel bandwidth. To overcome these limitations, many mobile workers carry a laptop computer with them while traveling. Although laptop computers are increasingly smaller and lighter, their functionality, which is designed to meet the requirements of office-based document work, is determined largely by the desktop machines from which they evolved. Powerful editors and spreadsheet applications, for example, that are essential in certain office-based work environments have limited utility while away from the office. In some circumstances, mobile workers carry laptop computers simply to be able to access their documents, and not necessarily to create or edit them.
One mobile document transaction service for overcoming these limitations is disclosed in U.S. Pat. No. 5,862,321 (published also as European Patent Application EP 691,619 A2). More specifically, U.S. Pat. No. 5,862,321 (entitled: “System and Method for Accessing and Distributing Electronic Documents”) discloses a system for transferring between computers document identifiers that represent a particular document, rather than the document itself. This system can include any number of workstations, file servers, printers and other fixed devices (including multifunction devices) coupled to a network, as well as a number of mobile computing devices mobile computing device appears to hold a user's personal collection of documents, carried by users and coupled to the network by an infrared (IR) or radio (RE) link. Each with the devices being programmed to receive, transmit, and store document identifiers (e.g., a URL—“Uniform Resource Locator”) or document tokens, as defined herein.
Each document token is associated with an electronic document stored in an electronic repository or database. The mobile document transaction service effectively distributes references to documents between mobile computing devices by transmission of document tokens, rather than the documents themselves. For example, a document can be sent to an IR transceiver equipped network printer by “beaming” a document token, which references the document, from a mobile computing device to the network printer. The network printer retrieves the complete document referenced by the document token, and immediately prints a copy of the document. Thus, to a user of the mobile document transaction service, documents are seamlessly passed between users and output or input to devices coupled to networks as expansive as the Internet. Since the document references are small and defined, the documents that they reference can have an arbitrary size and not impact the performance of the mobile computing devices. Advantageously, token based document references can be passed between two mobile computing devices without having to transmit large amounts of data.
Document tokens that are modeled after URLs are not secure. That is, anyone who obtains a copy of a URL is capable of accessing the document to which the URL references. Currently there exists a need for secure document tokens that are not as freely accessible as URLs. It would therefore be desirable to provide a mobile document transaction service that ensures secure transfer of document tokens between mobile computing devices. Such systems would advantageously support document tokens that can only be used a limited number of times or a limited length of time to retrieve the document, thereby avoiding replay attacks. In addition, it would be advantageous to provide an electronic mail system that supports secure transfer of document tokens between mail clients. Such a system would minimize the impact on data throughput of email servers when large files are attached to email messages.
SUMMARY OF INVENTION
In accordance with the invention, there is provided a method and apparatus therefor, for operating on a network a secure document server (or a token-enabled server). The secure document server receives from a holder of a document token a request for a copy of a document identified by the document token. The document token includes issuer content and a signature from an issuer and holder content and a signature from the holder. The secure document server locates in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder. The document identifier specifies where the document is stored on the network. In a key list on the secure document server, the server locates the public key of the issuer using the hint to the public key of the issuer. Subsequently, the server authenticates the issuer content of the document identifier with the public key of the issuer. The server then locates in the holder content of the document a time stamp. The time stamp identifies when the holder of the document token requested the copy of the document. Using the public key of the holder, the server authenticates the holder content of the document identifier. Also, the server verifies that the time stamp is within a predetermined window of time relative to a current time. Finally, the secure document server issues, to the holder of the document identifier, a copy of the document identified by the document identifier when the document token is authenticated. The authentication process allows the secure document server to authenticate a request for the document identified by the document token without prior knowledge of the identity of the holder of the document token.
REFERENCES:
patent: 4405829 (1983-09-01), Rivest et al.
patent: 5555376 (1996-09-01), Theimer et al.
patent: 5748735 (1998-05-01), Ganesan
patent: 5771355 (1998-06-01), Kuzma
patent: 5862321 (1999-01-01), Lamming et al.
patent: 5903723 (1999-05-01), Beck et al.
patent: 5953419 (1999-09-01), Lohstroh et al.
patent: 6061448 (2000-05-01), Smith et al.
patent: 6085322 (2000-07-01), Romney et al.
patent: 6144997 (2000-11-01), Lamming et al.
patent: 6151675 (2000-11-01), Smith
patent: 6169805 (2001-01-01), Dunn et al.
patent: 6192407 (2001-02-01), Smith et al.
patent: 6205549 (2001-03-01), Pravetz
patent: 6385655 (2002-05-01), Smith et al.
patent: 6470086 (2002-10-01), Smith
patent: 6487599 (2002-11-01), Smith et al.
patent: 6529956 (2003-03-01), Smith et al.
patent: 0 691 619 (1996-01-01), None
patent: 0 893 759 (1999-01-01), None
patent: 0 893 760 (1999-01-01), None
patent: 2 296 115 (1996-06-01), None
Schilit, Bill et al., “Context-Aware Computing Applications”, published inProceedings Workshop on Mobile Computing Systems and Applications, IEEE, Dec. 1994, and in Technical Report CSL-94-12, Xerox Palo Alto Research Center, Nov. 1994.
Want, Roy et al., “The PARCTUB Ubiquitous Computing Experiment,” published in Technical Report CSL-95-1, Xerox Palo Alto Research Center, Mar. 1995 and in IEEE Personal Communications, Dec. 1995.
Eldridge Margery A.
Flynn Michael J.
Jones Christopher M.
Kleyn Michiel F. E.
Lamming Michael G.
LandOfFree
Secure token-based document server does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure token-based document server, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure token-based document server will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3105215