Secure content system and method
First Claim
Patent Images
1. A method of authenticating a file to be executed, comprising the steps of:
- generating a key pair, comprising a public key and a private key;
signing a file with a digital signature using said private key;
sending said file to a client; and
authenticating said file at said client with said public key.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a system and method for distributing files, such as data files, executable files, and web page content files, between an unsecure server and a client. The client is capable of authenticating the transferred file to determine if the creator of the file has been previously authorized to create files for the client., The file creator may be the original equipment manufacturer (OEM) of the client. The file creator may be a third party that is not the same party as the OEM of the client.
82 Citations
62 Claims
-
1. A method of authenticating a file to be executed, comprising the steps of:
-
generating a key pair, comprising a public key and a private key;
signing a file with a digital signature using said private key;
sending said file to a client; and
authenticating said file at said client with said public key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of authenticating a second file to be executed, comprising the steps of:
-
storing said public key in a non-alterable memory in a client;
transferring the first file bearing a digital signature into said client;
authenticating said first file with digital signature using said public key;
transferring a second file bearing a digital signature to said client after authenticating and executing said first file; and
authenticating said second file bearing a digital signature, by executing the software in said first file on said client, using said public key. - View Dependent Claims (9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32)
-
-
13. A POS system for providing secure Internet content, comprising:
-
one or more servers with one or more clients, using common Internet web content for control of the client machine for customer or attendant use, said client used to provide a user controlled payment terminal that uses a language from the group consisting of HTML, UML, XML, Java, Java Script, Java Applets, or other content producing languages;
said one or more servers used to provide web content to said client, where both said server and said client are located in an unsecure location, or where one of said client and said server are located in an unsecure location, that uses DSS or some other method of generating a digital signature using a private key for generation and a public key for authentication;
said public key is locked into the memory of said client and cannot be removed or altered;
said public key is accessible by said client software that cannot be altered;
said private key is known only by the OEM; and
wheresaid web content or individual portions of the said web contents, bears an authentic digital signature, and therefore the entire resources or portion thereof of the said client are available for use of and control by the said signed web content or portion thereof.
-
-
19. A POS system for providing secure Internet content, comprising:
-
one or more servers with one or more clients, using common Internet web content for control of the client machine for customer or attendant use, said client used to provide a user controlled payment terminal that uses a language from the group consisting of HTML, UML, XML, Java, Java Script, Java Applets, or other content producing languages;
said one or more servers used to provide web content to said client, where both said server and said client are located in an unsecure location, or where one of said client and said server are located in an unsecure location, that uses DSS or some other method of generating a digital signature using a private key for generation and a public key for authentication;
said public key is locked into the memory of said client and cannot be removed or altered;
said public key is accessible by said client software that cannot be altered;
said private key is known only by the OEM; and
wheresaid web content or individual portions of the said web contents, bears an authentic digital signature, and therefore the entire resources or portion thereof of the said client are available for use of and control by the said signed web content or portion thereof, and where said client and said server are in different computers or central processing units.
-
-
25. A POS system for providing secure Internet content, comprising:
-
one or more servers with one or more clients, using common Internet web content for control of the client machine for customer or attendant use, said client used to provide a user controlled payment terminal that uses a language from the group consisting of HTML, UML, XML, Java, Java Script, Java Applets, or other content producing languages;
said one or more servers used to provide web content to said client, where both said server and said client are located in an unsecure location, or where one of said client and said server are located in an unsecure location, that uses DSS or some other method of generating a digital signature using a private key for generation and a public key for authentication;
said public key is locked into the memory of said client and cannot be removed or altered;
said public key is accessible by said client software that cannot be altered;
said private key is known only by the OEM; and
wheresaid web content or individual portions of the said web contents, bears an authentic digital signature, and therefore the entire resources or portion thereof of the said client are available for use of and control by the said signed web content or portion thereof, and where said client and said server are in the same computer or central processing unit.
-
-
33. A method of allowing a third party to author web content for a OEM client, comprising the steps of:
-
said third party generating a private key and a public key, wherein said private key is kept secret;
sending said third party public key to the OEM;
said OEM signing said third party public key using the OEM private key;
said OEM sending said signed third party public key back to said third party. said third party generating web content pages;
said third party signing said third party web content pages using said third party private key;
said third party sending said third party signed public key to said client;
said client checking said signature of said signed third party public key to determine if said signed third party public key is authentic;
said client accepting and storing said signed third party public key if the digital signature is authentic;
said third party sending said third party signed web content to said client; and
said client authenticating said signed third party signed web content using said signed third party public key;
said client executing or displaying said third party web content if said third party digital signature is authentic;
said client not executing or displaying said third party signed web content if said third party digital signature is not authenticated with the said signed third party public key. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method of authenticating a file to be executed, comprising:
-
generating a key pair, comprising a public key and a private key;
signing a file with a client manufacturer signature using said private key;
sending said file to a client; and
authenticating said file at said client with said public key. - View Dependent Claims (43, 44, 45, 46, 47, 48)
-
-
49. The method of 42, wherein said sending of said file is first transferred to a server before being transferred to said client.
-
50. A system for providing secure content using a public and private key pair, comprising:
-
a server and client located in an unsecure environment;
a client containing the public key in an unalterable form that is capable of receiving a file from said server containing a digital signature generated with the private key; and
wherein said client authenticates said file before executing said file by authenticating said signature contained in said file. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
Specification