Secure content system and method

US 20020124170A1
Filed: 03/02/2001
Published: 09/05/2002
Est. Priority Date: 03/02/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating a file to be executed, comprising the steps of:

generating a key pair, comprising a public key and a private key;

signing a file with a digital signature using said private key;

sending said file to a client; and

authenticating said file at said client with said public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and method for distributing files, such as data files, executable files, and web page content files, between an unsecure server and a client. The client is capable of authenticating the transferred file to determine if the creator of the file has been previously authorized to create files for the client., The file creator may be the original equipment manufacturer (OEM) of the client. The file creator may be a third party that is not the same party as the OEM of the client.

82 Citations

View as Search Results

62 Claims

1. A method of authenticating a file to be executed, comprising the steps of:
- generating a key pair, comprising a public key and a private key;
  
  signing a file with a digital signature using said private key;
  
  sending said file to a client; and
  
  authenticating said file at said client with said public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising storing said public key in non-alterable memory in said client at time of manufacture.
  - 3. The Method of claim 1, where the software which uses said public key to authenticate said file, is stored in and executed from said non-alterable memory in the client, and where said software is stored in said non-alterable memory at the time of manufacture.
  - 4. The method of claim 1, further comprising executing said file at said client if said file is authenticated successfully using said public key.
  - 5. The method of claim 1, further comprising not executing said file if said file is not authenticated successfully using said public key.
  - 6. The method of claim 1, wherein said sending of said file is first transferred to a server before being transferred to said client.
  - 7. The method of claim 1, wherein said sending of said file is transferred to said client using a portable computer directly connected to said client.

8. A method of authenticating a second file to be executed, comprising the steps of:
- storing said public key in a non-alterable memory in a client;
  
  transferring the first file bearing a digital signature into said client;
  
  authenticating said first file with digital signature using said public key;
  
  transferring a second file bearing a digital signature to said client after authenticating and executing said first file; and
  
  authenticating said second file bearing a digital signature, by executing the software in said first file on said client, using said public key.
- View Dependent Claims (9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32)
- - 9. The method of claim 8, further comprising executing said second file at said client if said second file is authenticated successfully using said public key.
  - 10. The method of claim 8, further comprising not executing or displaying said second file if said second file is not authenticated successfully using said public key.
  - 11. The method of claim 8, wherein said sending of said file is transferred to a server before being transferred to said client.
  - 12. The method of claim 8, wherein said first file or said second file is transferred to said client using a portable computer connected directly to said client.
  - 14. The system of claim 13, wherein said digital signature can be applied to the entire said web page as a whole including all display and control components.
  - 15. The system of claim 13, wherein said digital signature can be applied to each of said individual components of said web page including all display and control components.
  - 16. The system of claim 13, wherein said digital signature is applied to a control portion of said web page.
  - 17. The system of claim 13, wherein said digital signature is applied to images, from the group consisting of JPEG, JPG, GIF, MOV, AVI, MPEG, MPG, or others, either static or animated.
  - 18. The system in claim 13, wherein said digital signature excludes certain portions of said web content from said digital signature to allow unapproved content to be displayed along with approved content.
  - 20. The system of claim 19, wherein said digital signature can be applied to the entire said web page as a whole including all display and control components.
  - 21. The system of claim 19, wherein said digital signature can be applied to each of said individual components of said web page including all display and control components.
  - 22. The system of claim 19, wherein said digital signature is applied to a control portion of said web page.
  - 23. The system of claim 19, wherein said digital signature is applied to images, from the group consisting of JPEG, JPG, GIF, MOV, AVI, MPEG, MPG, or others, either static or animated.
  - 24. The system of claim 19, where said digital signature excludes certain portions of said web content from said digital signature to allow unapproved content to be displayed with approved content.
  - 26. The system of claim 25, wherein said digital signature can be applied to the entire said web page as a whole including all display and control components.
  - 27. The system of claim 25, wherein said digital signature can be applied to each of said individual components of said web page including all display and control components.
  - 28. The system of claim 25, wherein said digital signature is applied to a control portion of said web page.
  - 29. The system of claim 25, wherein said digital signature is applied to images from the group consisting of JPEG, JPG, GIF, MOV, AVI, MPEG, MPG or others, either static or animated.
  - 30. The system of claim 25, where said digital signature excludes certain portions of said web content from aid digital signature to allow an unapproved content to be displayed with an approved content.
  - 31. The system of claim 19, wherein a third party is permitted to author said web content for said client.
  - 32. The system of claim 25, wherein a third party is permitted to author said web content for said client.

13. A POS system for providing secure Internet content, comprising:
- one or more servers with one or more clients, using common Internet web content for control of the client machine for customer or attendant use, said client used to provide a user controlled payment terminal that uses a language from the group consisting of HTML, UML, XML, Java, Java Script, Java Applets, or other content producing languages;
  
  said one or more servers used to provide web content to said client, where both said server and said client are located in an unsecure location, or where one of said client and said server are located in an unsecure location, that uses DSS or some other method of generating a digital signature using a private key for generation and a public key for authentication;
  
  said public key is locked into the memory of said client and cannot be removed or altered;
  
  said public key is accessible by said client software that cannot be altered;
  
  said private key is known only by the OEM; and
  
  where said web content or individual portions of the said web contents, bears an authentic digital signature, and therefore the entire resources or portion thereof of the said client are available for use of and control by the said signed web content or portion thereof.

19. A POS system for providing secure Internet content, comprising:
- one or more servers with one or more clients, using common Internet web content for control of the client machine for customer or attendant use, said client used to provide a user controlled payment terminal that uses a language from the group consisting of HTML, UML, XML, Java, Java Script, Java Applets, or other content producing languages;
  
  said one or more servers used to provide web content to said client, where both said server and said client are located in an unsecure location, or where one of said client and said server are located in an unsecure location, that uses DSS or some other method of generating a digital signature using a private key for generation and a public key for authentication;
  
  said public key is locked into the memory of said client and cannot be removed or altered;
  
  said public key is accessible by said client software that cannot be altered;
  
  said private key is known only by the OEM; and
  
  where said web content or individual portions of the said web contents, bears an authentic digital signature, and therefore the entire resources or portion thereof of the said client are available for use of and control by the said signed web content or portion thereof, and where said client and said server are in different computers or central processing units.

25. A POS system for providing secure Internet content, comprising:
- one or more servers with one or more clients, using common Internet web content for control of the client machine for customer or attendant use, said client used to provide a user controlled payment terminal that uses a language from the group consisting of HTML, UML, XML, Java, Java Script, Java Applets, or other content producing languages;
  
  said one or more servers used to provide web content to said client, where both said server and said client are located in an unsecure location, or where one of said client and said server are located in an unsecure location, that uses DSS or some other method of generating a digital signature using a private key for generation and a public key for authentication;
  
  said public key is locked into the memory of said client and cannot be removed or altered;
  
  said public key is accessible by said client software that cannot be altered;
  
  said private key is known only by the OEM; and
  
  where said web content or individual portions of the said web contents, bears an authentic digital signature, and therefore the entire resources or portion thereof of the said client are available for use of and control by the said signed web content or portion thereof, and where said client and said server are in the same computer or central processing unit.

33. A method of allowing a third party to author web content for a OEM client, comprising the steps of:
- said third party generating a private key and a public key, wherein said private key is kept secret;
  
  sending said third party public key to the OEM;
  
  said OEM signing said third party public key using the OEM private key;
  
  said OEM sending said signed third party public key back to said third party. said third party generating web content pages;
  
  said third party signing said third party web content pages using said third party private key;
  
  said third party sending said third party signed public key to said client;
  
  said client checking said signature of said signed third party public key to determine if said signed third party public key is authentic;
  
  said client accepting and storing said signed third party public key if the digital signature is authentic;
  
  said third party sending said third party signed web content to said client; and
  
  said client authenticating said signed third party signed web content using said signed third party public key;
  
  said client executing or displaying said third party web content if said third party digital signature is authentic;
  
  said client not executing or displaying said third party signed web content if said third party digital signature is not authenticated with the said signed third party public key.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
- - 34. The system of claim 33, wherein said third party digital signature can be applied to the entire said third party web page as a whole including all display and control components.
  - 35. The system of claim 33, wherein said third party digital signature can be applied to each of said individual components of said third party web page including all display and control components.
  - 36. The system of claim 33, wherein said third party digital signature is applied to a control portion of said third party web page.
  - 37. The system of claim 33, wherein said third party digital signature is applied to images from the group consisting of JPEG, JPG, GIF, MOV, AVI, MPEG, MPG or others, either static or animated.
  - 38. The system of claim 33, where said third party digital signature excludes certain portions of said third party web content from said third party digital signature to allow an unapproved content to be displayed with an approved content.
  - 39. The method of claim 33, further comprising said client accepting one or more said third party signed public keys in order to authenticate said web contents or portions thereof, received from more than one third party or OEM server or servers, either simultaneously, sequentially, or interlaced with said web content provided by the said third party servers or an OEM server.
  - 40. The method of claim 33, further comprising allowing only the OEM to sign said third party public key.
  - 41. The method of claim 33, wherein said third parties can sign other third party public keys as long as the first said signed third party public key presented to said client has been signed by the OEM and the others are presented to said client in the order of signage.

42. A method of authenticating a file to be executed, comprising:
- generating a key pair, comprising a public key and a private key;
  
  signing a file with a client manufacturer signature using said private key;
  
  sending said file to a client; and
  
  authenticating said file at said client with said public key.
- View Dependent Claims (43, 44, 45, 46, 47, 48)
- - 43. The method of claim 42, wherein said authenticating is comprised of determining if said file has a signature.
  - 44. The method of claim 42, further comprising executing said file at said client if said file is authenticated successfully.
  - 45. The method of claim 42, further comprising disabling execution of said file if said file is not authenticated successfully.
  - 46. The method of claim 42, further comprising identifying said server from said file.
  - 47. The method of claim 42, further comprising disabling additional files from said server if said server has previously sent a file to said client that was not authenticated successfully.
  - 48. The method of claim 42, wherein said signing is performed on only a portion of said file.

49. The method of 42, wherein said sending of said file is first transferred to a server before being transferred to said client.

50. A system for providing secure content using a public and private key pair, comprising:
- a server and client located in an unsecure environment;
  
  a client containing the public key in an unalterable form that is capable of receiving a file from said server containing a digital signature generated with the private key; and
  
  wherein said client authenticates said file before executing said file by authenticating said signature contained in said file.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 51. The system of claim 50, wherein said server is a POS.
  - 52. The system of claim 50, wherein said server is comprised of a plurality of servers.
  - 53. The system of claim 50, wherein said file contains a signature for only a portion of said file.
  - 54. The system of claim 50, wherein said client executes said file if said file is authenticated successfully.
  - 55. The system of claim 50, wherein said client only authenticates a portion of said file.
  - 56. The system of claim 50, wherein said signature is applied to images from the group comprising:
    - MPEG, JPEG, TIF, GIF, MOV, AVI, MPG. Or others, either static or animated.
  - 57. The system of claim 50, wherein said mark-up language is from the group comprising:
    - HTML, XML, UML, Java, Java Script, Java Applets, or other content producing language.
  - 58. The system of claim 50, wherein said signature is a DSS.
  - 59. The system of claim 50, wherein said client is a retail device.
  - 60. The system in claim 50, where the primary purpose of said client and said server is not a POS system but any system that must use secure identification methods to prevent web content from being used to fraudulently obtain user identification or other data.
  - 61. The system of claim 50, wherein said client is a fuel dispenser and said server is a POS.
  - 62. The system of claim 50, wherein said client contains an Internet browser and said file is an Internet application that is executed by said browser if said file is authenticated by said client successfully.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gilbarco Incorporated (Vontier Corp.)
Original Assignee
Gilbarco Incorporated (Vontier Corp.)
Inventors
Johnson, William S. Jr.

Application Number

US09/798,411
Publication Number

US 20020124170A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

G06F 2221/2119   Authenticating web pages, e...

G06Q 20/3674   involving authentication

Secure content system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Secure content system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links