Secure token-based document server
First Claim
1. A method for operating on a network a secure document server that receives from a holder of a document token a request for a copy of a document identified by the document token, the document token including issuer content and a signature from an issuer and holder content and a signature from the holder, said method comprising the steps of:
- locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
authenticating the issuer content of the document identifier with the public key of the issuer;
locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
authenticating the holder content of the document identifier with the public key of the holder;
authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
issuing, to the holder of the document identifier, a copy of the document identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating steps;
said issuing step providing secure access to the document without prior knowledge of the public key of the holder.
11 Assignments
0 Petitions
Accused Products
Abstract
A system is presented for transmitting document references or tokens between users of integrated wireless and wire-based communication services. The system includes workstations, files servers, printers and other devices coupled to a wire-based network. Mobile computing devices are coupled to the wire-based network through either IR (infrared) or RF (radio) transceiver gateways. Each mobile computing device appears to hold a user'"'"'s collection of documents: the device is programmed to receive, transmit, and store document tokens. The system includes a token-enabled document server that uses digital signatures to provide secure transfer of document tokens between users of the mobile computing devices and email clients. The token-enabled document server operates independent of the identity of the holder of the document token. Only the issuer of the document token needs be registered with the signature based document server to properly authenticate document tokens.
-
Citations
20 Claims
-
1. A method for operating on a network a secure document server that receives from a holder of a document token a request for a copy of a document identified by the document token, the document token including issuer content and a signature from an issuer and holder content and a signature from the holder, said method comprising the steps of:
-
locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
authenticating the issuer content of the document identifier with the public key of the issuer;
locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
authenticating the holder content of the document identifier with the public key of the holder;
authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
issuing, to the holder of the document identifier, a copy of the document identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating steps;
said issuing step providing secure access to the document without prior knowledge of the public key of the holder. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 18, 19, 20)
-
-
12. A secure document server for operating on a network and receiving from a holder of a document token a request for a copy of a document identified by the document token, the document token including issuer content and a signature from an issuer and holder content and a signature from the holder, said secure document server comprising:
-
means for locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
means for identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
means for authenticating the issuer content of the document identifier with the public key of the issuer;
means for locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
means for authenticating the holder content of the document identifier with the public key of the holder;
means for authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
means for issuing, to the holder of the document identifier, a copy of the document identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating means;
said issuing means providing secure access to the document without prior knowledge of the public key of the holder.
-
-
17. A secure document mail system operating on a network, comprising:
-
a sender mail client for sending an email message with a document attachment;
the sender mail client including an encoder for substituting in the email message a document token for the document attachment;
a recipient mail client for receiving the email message and the document token from a mail server;
the recipient mail client including a decoder;
a secure document server for receiving from the recipient mail client a request for a copy of a document identified by the document token in the email message;
the document token including issuer content and a signature generated by the encoder of the sender mail client, and holder content and a signature generated by the decoder of the recipient mail client;
wherein the secure document server further comprises;
means for locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
means for identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
means for authenticating the issuer content of the document identifier with the public key of the issuer;
means for locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
means for authenticating the holder content of the document identifier with the public key of the holder;
means for authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
means for issuing, to the recipient mail client, a copy of the document attachment identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating means;
said issuing means providing secure access to the document attachment without prior knowledge of the public key of the holder.
-
Specification