System and method for message encryption and signing in a transaction processing system

US 20020138735A1
Filed: 02/21/2002
Published: 09/26/2002
Est. Priority Date: 02/22/2001
Status: Active Grant

First Claim

Patent Images

1. A method for secure communication of a message from a first server process to a second server process in a transactional processing system, comprising the steps of:

marking a message buffer for encryption;

marking said message buffer for attachment of a digital signature;

creating an encryption envelope by encrypting said message buffer, and signing the encrypted contents of said message buffer with a digital signature; and

, sending said encryption envelope from the sender process to the recipient process.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a system and a method which utilizes a combination of message-based encryption and message-based digital signing to ensure the security and authenticity of a message or message buffer sent from one party or process to another in a transaction processing system. In one embodiment the invention includes a method comprising the steps of: creating an encryption envelope by encrypting a message buffer, signing the encrypted contents of said message buffer with a digital signature, sending said encryption envelope from the sender process to the recipient process, receiving the encryption envelope at the recipient process, decrypting said encryption envelope to retrieve said message, and verifying the identity of the sender process by retrieving the digital signature from the encryption envelope. The invention allows intermediate recipients to inspect the message, and provides for reliable authentication, confidentiality, integrity, and non-repudiation, of communicated messages.

230 Citations

20 Claims

1. A method for secure communication of a message from a first server process to a second server process in a transactional processing system, comprising the steps of:
- marking a message buffer for encryption;
  
  marking said message buffer for attachment of a digital signature;
  
  creating an encryption envelope by encrypting said message buffer, and signing the encrypted contents of said message buffer with a digital signature; and
  
  , sending said encryption envelope from the sender process to the recipient process.

2. A method for verifying secure communication of a message from a first server process to a second server process in a transactional processing system, comprising the steps of:
- receiving an encryption envelope from a sender process;
  
  importing said encryption envelope into a message buffer content readable by said recipient process;
  
  decrypting said encryption envelope to retrieve said message; and
  
  , verifying the identity of the sender process by retrieving said digital signature from said encryption envelope.

3. A method for secure communication of a message from a first server process to a second server process in a transactional processing system, comprising the steps of:
- storing as content in a message buffer, a message from a first server process or sender process, for delivery to a second server process or recipient process;
  
  exporting the contents of said message buffer to an external representation of said message buffer, said step of exporting includes the substeps of marking said message buffer for encryption, marking said message buffer for attachment of a digital signature identifying the sender process, and, creating an encryption envelope by encrypting said message buffer, and signing the encrypted contents of said message buffer with a digital signature;
  
  sending said encryption envelope from the sender process to the recipient process; and
  
  , importing said encryption envelope into a message buffer content readable by said recipient process, said step of importing includes the substeps of decrypting said encryption envelope to retrieve said message; and
  
  , verifying the identity of the sender process by retireiving said digital signature from said encryption envelope.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20)
- - 4. The method of claim 3 wherein the sender process and the recipient process are transaction software processes running on a computer.
  - 5. The method of claim 3 wherein the message is a portion or all of the content of a message buffer used to hold messages for communication between said sender process and said recipient process.
  - 6. The method of claim 5 wherein said step of storing includes a step of preparing said portion or all of the content of said message buffer for communication to said recipient process.
  - 7. The method of claim 3 wherein said step of encrypting includes the substeps of:
    - generating at said sender process a message key;
      
      combining said message key with the contents of said message buffer to create an encrypted message buffer;
      
      generating a decryption key from a public key associated with said recipient process; and
      
      , placing said encrypted message and said decryption key in said encryption envelope.
  - 8. The method of claim 3 wherein said step of signing includes the steps of:
    - generating a message digest from said message buffer;
      
      retrieving a private key associated with said sender process; and
      
      , combining said message digest with said private key to create a digital signature; and
      
      , placing said digital signature in said encryption envelope.
  - 9. The method of claim 7 wherein said step of decrypting includes the steps of:
    - receiving said encryption envelope;
      
      combining said encryption envelope with a private key associated with said recipient process;
      
      retrieving said decryption key;
      
      using said decryption key to retrieve said encrypted message; and
      
      , decrypting said encrypted message to retrieve said message.
  - 10. The method of claim 8 wherein said step of verifying includes the steps of:
    - receiving a message including said digital signature;
      
      generating a first message digest from said digital signature;
      
      generating a second message digest, said step of generating a second message digest including the steps of retrieving a public key associated with said sender process, and, combining said senders public key with said digital signature to generate a second message digest; and
      
      , comparing said first and second message digest to determine the validity of the digital signature sent with the message.
  - 11. The method of claim 3 wherein said step of sending includes sending said message via an intermediate recipient, said step of sending said message via an intermediate recipient includes the substeps of placing at said send process said encryption envelope in a second encryption envelope;
    - receiving at said intermediate process said encryption envelope;
      
      verifying the identity of the sender process by retrieving said digital signature from said encryption envelope; and
      
      , if said identity is valid, forwarding said encryption envelope to said recipient process.
  - 13. The system of claim 12 wherein the sender process and the recipient process are transaction software processes running on a computer.
  - 14. The system of claim 12 wherein the message is a portion or all of the content of a message buffer used to hold messages for communication between said sender process and said recipient process.
  - 15. The system of claim 14 wherein said instructions for storing includes a step of preparing said portion or all of the content of said message buffer for communication to said recipient process.
  - 16. The system of claim 12 wherein said instructions for encrypting includes the substeps of:
    - generating at said sender process a message key;
      
      combining said message key with the contents of said message buffer to create an encrypted message buffer;
      
      generating a decryption key from a public key associated with said recipient process; and
      
      , placing said encrypted message and said decryption key in said encryption envelope.
  - 17. The system of claim 12 wherein said instructions for signing includes the steps of:
    - generating a message digest from said message buffer;
      
      retrieving a private key associated with said sender process; and
      
      , combining said message digest with said private key to create a digital signature; and
      
      , placing said digital signature in said encryption envelope.
  - 18. The system of claim 16 wherein said instructions for decrypting includes the steps of:
    - receiving said encryption envelope;
      
      combining said encryption envelope with a private key associated with said recipient process;
      
      retrieving said decryption key;
      
      using said decryption key to retrieve said encrypted message; and
      
      , decrypting said encrypted message to retrieve said message.
  - 19. The system of claim 17 wherein said instructions for verifying includes the steps of:
    - receiving a message including said digital signature;
      
      generating a first message digest from said digital signature;
      
      generating a second message digest, said step of generating a second message digest including the steps of retrieving a public key associated with said sender process, and, combining said senders public key with said digital signature to generate a second message digest; and
      
      , comparing said first and second message digest to determine the validity of the digital signature sent with the message.
  - 20. The system of claim 12 wherein said instructions for sending includes sending said message via an intermediate recipient, said step of sending said message via an intermediate recipient includes computer-readable instructions for performing the substeps of placing at said send process said encryption envelope in a second encryption envelope;
    - receiving at said intermediate process said encryption envelope;
      
      verifying the identity of the sender process by retrieving said digital signature from said encryption envelope; and
      
      , if said identity is valid, forwarding said encryption envelope to said recipient process.

12. A system for secure communication of a message from a first server process to a second server process in a transactional processing system, comprising computer-readable instructions for performing the steps of:
- storing as content in a message buffer, a message from a first server process or sender process, for delivery to a second server process or recipient process;
  
  exporting the contents of said message buffer to an external representation of said message buffer, via a tpexport( ) function, said step of exporting includes the substeps of marking, using a tpseal( ) function, said message buffer for encryption, marking, using a tpsign( ) function, said message buffer for attachment of a digital signature identifying the sender process, and, creating an encryption envelope by encrypting said message buffer, and signing the encrypted contents of said message buffer with a digital signature;
  
  sending said encryption envelope from the sender process to the recipient process; and
  
  , importing said encryption envelope, via a tpimport( ) function, into a message buffer content readable by said recipient process, said step of importing includes the substeps of decrypting said encryption envelope to retrieve said message; and
  
  , verifying the identity of the sender process by retireiving said digital signature from said encryption envelope.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Felt, Edward P., Wells, John R., Felt, Sandra V.

Granted Patent

US 7,363,495 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06Q 20/3829   involving key management

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

System and method for message encryption and signing in a transaction processing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for message encryption and signing in a transaction processing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links