Trusted intermediary
First Claim
1. A method for authenticating messages communicated between partners that belong to a plurality of partners, the method comprising the steps of:
- maintaining at a trusted intermediary a signature decryption key for each partner of said plurality of partners that is authorized to use said trusted intermediary to send messages;
receiving at said trusted intermediary messages originated by partners of said plurality of partners that are intended for other partners of said plurality of partners;
for each message thus received, the trusted intermediary performing the steps of using the signature decryption key associated with the partner that sent the message to determine whether the message was actually sent by that partner; and
if the message was actually sent by that partner, then sending the message to the partner for which the message is intended along with a digital signature of said trusted intermediary to indicate that the trusted intermediary has verified that the message was actually sent by the partner that sent the message.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanism are provided for a trusted intermediary partner to mange the encryption/decryption keys of trading partners in a trading community. As the trusted intermediary manages the public signature decryption keys for each potential sender, the recipient does not have to manage these keys. In one embodiment, a recipient receives a message from a sender via the trusted intermediary, knowing that the message originates from an authentic sender, but not from an imposter. The sender sends the message together with a digital signature of the sender, which is created from the private signature creation key of the sender, to the trusted intermediary. The trusted intermediary, having the public signature decryption key associated with the private signature creation key of the sender, uses this public signature decryption key to authenticate the sender, i.e., verifying that the message originates from a real sender, and not an imposter. Upon verifying that the message indeed originates from the authentic sender, the trusted intermediary sends the message together with a digital signature of the trusted intermediary, which is created from the private signature creation key of the trusted intermediary, to the recipient. The recipient, receiving the message and the digital signature and having the public signature decryption key associated with the private signature creation key of the trusted intermediary, uses this public signature decryption key to authenticate the trusted intermediary, i.e., verifying that the message comes from an authentic trusted intermediary, and not an imposter. If the message indeed comes from the authentic trusted intermediary, then the recipient knows that the message originates from the authentic sender, who has been authenticated by the trusted intermediary. In one embodiment, the trading partners may use message encryption/decryption keys to encrypt/decrypt the message. In this embodiment, the trusted intermediary maintains public message encryption keys of all potential recipients, eliminating the need for each sender to manage these public message encryption keys.
-
Citations
24 Claims
-
1. A method for authenticating messages communicated between partners that belong to a plurality of partners, the method comprising the steps of:
-
maintaining at a trusted intermediary a signature decryption key for each partner of said plurality of partners that is authorized to use said trusted intermediary to send messages;
receiving at said trusted intermediary messages originated by partners of said plurality of partners that are intended for other partners of said plurality of partners;
for each message thus received, the trusted intermediary performing the steps of using the signature decryption key associated with the partner that sent the message to determine whether the message was actually sent by that partner; and
if the message was actually sent by that partner, then sending the message to the partner for which the message is intended along with a digital signature of said trusted intermediary to indicate that the trusted intermediary has verified that the message was actually sent by the partner that sent the message. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-readable medium storing computer code for causing a computer to perform a method for authenticating messages communicated between partners that belong to a plurality of partners, by the steps of:
-
maintaining at a trusted intermediary a signature decryption key for each partner of said plurality of partners;
receiving at said trusted intermediary messages originated by partners of said plurality of partners that are intended for other partners of said plurality of partners;
for each message thus received, the trusted intermediary performing the steps of using the signature decryption key associated with the partner that sent the message to determine whether the message was actually sent by that partner; and
if the message was actually sent by that partner, then sending the message to the partner for which the message is intended along with a digital signature of said trusted intermediary to indicate that the trusted intermediary has verified that the message was sent actually sent by the partner that sent the message. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer for use in communications between partners that belong to a plurality of partners, comprising:
-
storage means configured to store a signature decryption key for each partner of said plurality of partners that is authorized to use said computer to send messages;
receiving means configured to receive messages that are originated by partners of said plurality of partners and that are intended for other partners of said plurality of partners;
signature decryption means; and
sending means;
whereinfor each message thus received, said signature decryption means is configured to use the signature decryption key associated with the partner that sent the message to determine whether the message was actually sent by that partner; and
if the message was actually sent by that partner, said sending means is configured to send the message along with a digital signature of said trusted intermediary to the partner for which the message is intended;
wherein said digital signature of said trusted intermediary is used to indicate that said trusted intermediary has verified that the message was actually sent by the partner that sent the message. - View Dependent Claims (12, 15, 16, 17, 19, 20, 21)
-
-
13. A computer network for use in communications between partners that belong to a plurality of partners, comprising:
-
a plurality of computers each of which is configured to store a respective signature creation key of a partner of said plurality of partners that is authorized to use a trusted intermediary computer to send messages;
wherein said trusted intermediary computer is configured to store a plurality of signature decryption keys each of which corresponds to the respective signature creation key that is stored in each of said plurality of computers;
wherein, upon receiving messages that are originated by partners of said plurality of partners and that are intended for other partners of said plurality of partners, said trusted intermediary computer, for each message thus received, is configured to use the signature decryption key associated with the partner that sent the message to determine whether the message was actually sent by that partner; and
if the message was actually sent by that partner, then sending the message to the partner for which the message is intended along with a digital signature of said trusted intermediary to indicate that the trusted intermediary has verified that the message was actually sent by that partner that sent the message.
-
-
14. A method for a trusted intermediary to manage keys used in communications between partners that belong to a plurality of partners, the method comprising the steps of:
-
a trusted intermediary maintaining a message encryption key for each partner of said plurality of partners that is authorized to use said trusted intermediary to receive messages;
whereinupon receiving messages that are originated by partners of said plurality of partners and that are intended for other partners of said plurality of partners, said trusted intermediary, for each message thus received, performing the steps of encrypting the message using the message encryption key associated with the partner for which the message is intended; and
sending the encrypted message to the partner for which the message is intended.
-
-
18. A computer-readable medium storing computer code for causing a computer to perform a method for a trusted intermediary to manage keys used in communications between partners that belong to a plurality of partners, by the steps of:
-
said trusted intermediary maintaining a message encryption key for each partner of said plurality of partners that is authorized to use said trusted intermediary to receive messages;
whereinupon receiving messages originated by partners of said plurality of partners that are intended for other partners of said plurality of partners, said trusted intermediary, for each message thus received, performing the steps of encrypting the message using the message encryption key associated with the partner for which the message is intended; and
sending the encrypted message to the partner for which the message is intended.
-
-
22. A computer for use in communications between partners that belong to a plurality of partners, comprising:
-
storage means configured to store a message encryption key for each partner of said plurality of partners that is authorized to use said computer to receive messages;
message encryption means;
sending means; and
receiving means configured to receive messages that are originated by partners of said plurality of partners and that are intended for other partners of said plurality of partners;
whereinfor each message thus received, said message encryption means encrypts the message using the message encryption key associated with the partner for which the message is intended; and
said sending means sends the encrypted message to the partner for which the message is intended. - View Dependent Claims (23)
-
-
24. A computer network for use in communications between partners that belong to a plurality of partners, comprising:
-
a plurality of computers each of which is configured to store a respective message decryption key of a partner of said plurality of partners that is authorized to use a trusted intermediary computer to receive messages;
wherein said trusted intermediary computer is configured to store a plurality of message encryption keys each of which corresponds to the respective message decryption key that is stored in each of said plurality of computers;
wherein, upon receiving messages that are originated by partners of said plurality of partners and that are intended for others partners of said plurality of partners, said trusted intermediary computer, for each message thus received, is configured to encrypt the message using the message encryption key associated with the partner for which the message is intended, and to send the encrypted message to the partner for which the message is intended.
-
Specification