Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1998-09-29
2003-01-28
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S159000
Reexamination Certificate
active
06513116
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to security information acquisition.
2. Related Art
Secure communication between devices often uses some form of encoding or encryption so that both sender and recipient can trust that their communications are not being interfered with or listened to by an unauthorized third party. One method in the known art for secure communications is public key encryption. In public key encryption, each sender has a key pair, comprising both a public key and a private key. The sender can encrypt messages to prevent unauthorized reading (using the recipient's public key), and can sign messages to prevent undetected tampering (using the sender's own private key). The sender and recipient can each obtain the other's public key from a CA (certification authority). The CA issues certificates, each of which binds a particular public key to a particular owner of that public key.
One problem in the known art is that both sender and recipient trust the CA and trust the certificates issued by that CA. However, each CA can have differing standards and techniques for authenticating the binding between keys and the individual g sender or recipient. Before establishing trusted communication, the sender and recipient each determine which CA to trust for authenticating keys. Each CA distributes a CA root certificate authenticating itself.
This problem is particularly difficult for consumer electronic devices, due to shelf life, the time period the device is likely to remain on the shelf before being sold, and the product life, the time period the device is likely to remain in operation before being disposed of. First, the set of trusted CAs is likely to change during the shelf life and product life of any particular consumer electronic device. Second, each CA root certificate is issued for a limited time (as are all CA certificates), and this limited time may not coincide well with the shelf life or product life. Third, if a CA's root key is compromised, its root certificate should be revoked, and some trusted entity is desired to assume responsibility for revoking compromised CA root certificates. fourth, nonvolatile storage is relatively expensive, making it advantageous to use as little as possible for consumer electronic devices; similarly, whatever data is written into that nonvolatile storage should never become obsolete.
Accordingly, it would be desirable to provide an improved method and system for security information acquisition. This advantage is achieved in an embodiment of the invention in which a relatively small amount of nonvolatile storage is used to obtain a chain of trusted root certificates, thus providing each consumer electronic device with a trustable technique for access to secure communication.
SUMMARY OF THE INVENTION
The invention provides an improved method and system for security information acquisition. A relatively small amount of nonvolatile storage at the client consumer electronic device is used to obtain a chain of trusted root certificates, thus providing each client consumer electronic device with a trustable technique for access to secure communication. The trusted root certificates are provided by one or more TSIPs (trusted security information providers), and are chained together so that a current root certificate can be obtained by the client consumer electronic device, even using an expired root certificate.
The client consumer electronic device uses a current root certificate to verify an SIO (security information object) obtained from the TSIP. The SIO includes information regarding at least one trusted party (such as information regarding at least one trusted CA, such as a CA root certificate), and other trust information. Although the invention is described herein with regard to trust information about CAs, it is also applicable to trust information about other types of trusted entities, such as trusted financial institutions, trusted information providers, or trusted software publishers. The SIO is digitally signed by the TSIP and can be verified by the client consumer electronic device using the current root certificate.
REFERENCES:
patent: 4035835 (1977-07-01), Poetsch
patent: 5155847 (1992-10-01), Kirouac et al.
patent: 5373561 (1994-12-01), Haber et al.
patent: 5436673 (1995-07-01), Bachmann et al.
patent: 5444861 (1995-08-01), Adamec et al.
patent: 5453779 (1995-09-01), Dan et al.
patent: 5495610 (1996-02-01), Shing et al.
patent: 5497422 (1996-03-01), Tysen et al.
patent: 5541638 (1996-07-01), Story
patent: 5600364 (1997-02-01), Hendricks et al.
patent: 5634051 (1997-05-01), Thomson
patent: 5680458 (1997-10-01), Spelman et al.
patent: 5708845 (1998-01-01), Wistendahl et al.
patent: 5727129 (1998-03-01), Barrett et al.
patent: 5752042 (1998-05-01), Cole et al.
patent: 5754938 (1998-05-01), Herz et al.
patent: 5754939 (1998-05-01), Herz et al.
patent: 5761306 (1998-06-01), Lewis
patent: 5764992 (1998-06-01), Kullick et al.
patent: 5787172 (1998-07-01), Arnold
patent: 5796840 (1998-08-01), Davis
patent: 5808628 (1998-09-01), Hinson et al.
patent: 5809287 (1998-09-01), Stupeck, Jr. et al.
patent: 5850232 (1998-12-01), Engstrom et al.
patent: 5859969 (1999-01-01), Oki et al.
patent: 5867166 (1999-02-01), Myhrvold et al.
patent: 5870765 (1999-02-01), Bauer et al.
patent: 5874967 (1999-02-01), West et al.
patent: 5877741 (1999-03-01), Chee et al.
patent: 5926624 (1999-07-01), Katz et al.
patent: 5936606 (1999-08-01), Lie
patent: 5977960 (1999-11-01), Nally et al.
patent: 6005574 (1999-12-01), Herrod
patent: 6009363 (1999-12-01), Beckert et al.
patent: 6018768 (2000-01-01), Ullman et al.
patent: 6028583 (2000-02-01), Hamburg
patent: 6047269 (2000-04-01), Biffar
patent: 6049628 (2000-04-01), Chen et al.
patent: 6049835 (2000-04-01), Gagnon
patent: 6104727 (2000-08-01), Moura et al.
Bussey H E Et Al: “Service Architecture, Prototype Description, And Network Implications Of A Personalized Information Grazing Service” Multiple Facets Of Integration,San Francisco,Jun. 3-7, 1990 Institute Of Electrical And Electronic Engineers, pp. 1046-1053, XP000164339 see whole document.
Wyle M F: “A Wide Area Network Information Filter” Proceedings International Conference Artificial Intelligence On Wall Street, Oct. 9, 1991, pp. 10-15, XP000534152 see the whole document.
Lang K: “NewsWeeder: Learning to filter netnews” Machine Learning. Proceedings Of The Twelfth International Conference On Machine Learning, Tahoe City, CA, USA, Jul. 9-12, 1995, San Francisco, CA, USA, Morgan Kaufmann Publishers, USA, pp. 331-339, XP002046557 see the whole document.
Rosenfeld L B, et al: “Automated Filtering Of Internet Postings” Online, vol. 18, No. 3, May 1994, pp. 27-30, XP000616769 see the whole document.
Yan T W, et al: “Sift—A Tool For Wide-Area Information Dissemination” Usenix Technical Conference, Jan. 16, 1995, pp. 177-186, XP000617276 see the whole document.
Glenn Michael A.
Liberate Technologies
Wong Kirk D.
LandOfFree
Security information acquisition does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security information acquisition, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security information acquisition will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3001860