IMPLEMENTING NONREPUDIATION AND AUDIT USING AUTHENTICATION ASSERTIONS AND KEY SERVERS
First Claim
1. A method for a transaction source and a transaction target to exchange a transaction that cannot be repudiated, the method comprising:
- (a) receiving a first request for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
(b) verifying said source authentication assertion;
(c) storing said transaction identifier and information from said source authentication assertion, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction;
(d) providing said transaction identifier in reply to said first request so that the transaction and said transaction identifier can be sent to the transaction target;
(e) receiving a second request for a decryption key to decrypt the transaction once it has been received by the transaction target, wherein said second request includes said transaction identifier and a target authentication assertion;
(f) verifying said target authentication assertion;
(g) storing information from said target authentication assertion with the transaction identifier; and
(h) providing said decryption key in reply to said second request so that the transaction can be decrypted, thereby establishing information making the transaction target unable to plausibly repudiate being a recipient of the transaction.
5 Assignments
0 Petitions
Accused Products
Abstract
A communication system (410) wherewith sources (414) and targets (416) employ a key server (420) to exchange transactions (424). A first request to the key server includes a source assertion (422) from an authentication authority (418), and optionally a key (430). The key server provides a transaction ID (428), and the key if not already provided, in reply to this request. The key server stores the transaction ID and source assertion. The source encrypts the transaction and sends it with the transaction ID to the targets. A second request to the key server includes a target assertion and the transaction ID. The key server provides the key in reply to this request. The key server also stores the target assertion in association with the transaction ID. The respective assertions then establish the source and targets of the transaction in a manner that cannot plausibly be repudiated.
-
Citations
27 Claims
-
1. A method for a transaction source and a transaction target to exchange a transaction that cannot be repudiated, the method comprising:
-
(a) receiving a first request for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
(b) verifying said source authentication assertion;
(c) storing said transaction identifier and information from said source authentication assertion, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction;
(d) providing said transaction identifier in reply to said first request so that the transaction and said transaction identifier can be sent to the transaction target;
(e) receiving a second request for a decryption key to decrypt the transaction once it has been received by the transaction target, wherein said second request includes said transaction identifier and a target authentication assertion;
(f) verifying said target authentication assertion;
(g) storing information from said target authentication assertion with the transaction identifier; and
(h) providing said decryption key in reply to said second request so that the transaction can be decrypted, thereby establishing information making the transaction target unable to plausibly repudiate being a recipient of the transaction. - View Dependent Claims (2, 3, 4)
-
-
5. A method for establishing a transaction as nonrepudiate able by a transaction source that is the origin of the transaction, the method comprising:
-
(a) receiving a request for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
(b) verifying said source authentication assertion;
(c) storing said transaction identifier and information from said source authentication assertion; and
(d) providing said transaction identifier in reply to said request, thereby establishing information making the transaction source unable to plausibly repudiate being the origin of the transaction. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for establishing a transaction as nonrepudiate able by a transaction target that is a recipient of the transaction, wherein a transaction identifier identifying the transaction and a decryption key usable to decrypt the transaction have been pre-stored, the method comprising:
-
(a) receiving a request for the decryption key, wherein said request includes the transaction identifier and a target authentication assertion;
(b) verifying said target authentication assertion;
(c) storing information from said target authentication assertion with the transaction identifier; and
(d) providing the decryption key in reply to said request, thereby establishing information making the transaction target unable to plausibly repudiate being a recipient of the transaction. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system for a transaction source and a transaction target to exchange a transaction that cannot be repudiated, comprising:
-
a computerized key server;
said key server suitable for receiving a first request via a network for a transaction identifier to identify the transaction, wherein said first request includes a source authentication assertion;
said key server suitable for receiving a second request via said network for a decryption key usable to decrypt the transaction, wherein said second request includes said transaction identifier and a target authentication assertion;
said key server suitable for verifying said source authentication assertion and said target authentication assertion;
said key server suitable for storing said transaction identifier, information from said source authentication assertion, and information from said target authentication in association in a database;
said key server suitable for providing a first reply to said first request via said network that includes said transaction identifier; and
said key server suitable for providing a second reply to said second request via said network that includes said decryption key, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction and also making the transaction target unable to plausibly repudiate once it is provided said decryption key. - View Dependent Claims (20, 21, 22)
-
-
23. A system for establishing a transaction as nonrepudiate able by a transaction source that is the origin of the transaction, comprising:
-
a computerized key server;
said key server suitable for receiving a request via a network for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
said key server suitable for verifying said source authentication assertion;
said key server suitable for storing said transaction identifier and information from said source authentication assertion in a database; and
said key server suitable for providing a reply via said network that includes said transaction identifier, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction. - View Dependent Claims (24, 25)
-
-
26. A system for establishing a transaction as nonrepudiate able by a transaction target that is a recipient of the transaction, wherein a transaction identifier identifying the transaction and a decryption key usable to decrypt the transaction have been pre-stored in a database, comprising:
-
a computerized key server;
said key server suitable for receiving a request via a network for the decryption key, wherein said request includes the transaction identifier and a target authentication assertion;
said key server suitable for verifying said target authentication assertion;
said key server suitable for storing information from said target authentication assertion with the transaction identifier in the database; and
said key server suitable for providing a reply via said network that includes the decryption key, thereby establishing information making the transaction target unable to plausibly repudiate. - View Dependent Claims (27)
-
Specification