Data certification method and apparatus

US 20050010758A1
Filed: 08/12/2002
Published: 01/13/2005
Est. Priority Date: 08/10/2001
Status: Active Grant

First Claim

Patent Images

1. A method of certifying electronic data supplied by a user, the method comprising:

receiving the data to be certified at a certifying apparatus from a source device;

certifying the data at the certifying apparatus with one or more elements of information secure to the certifying apparatus, said elements being unique to the user; and

outputting the data so certified from the certifying apparatus, for passing to a recipient device;

wherein the elements of secure information certify that the supplier of the data is the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for signing electronic data with a digital signature in which a central server comprises a signature server (110) and a authentication server (120). The signature server (110) securely stores the private cryptographic keys of a number of users (102). The user (102) contacts the central server using a workstation (101) through a secure tunnel which is setup for the purpose. The user (102) supplies a password or other token (190), based on information previously supplied to the user by the authentication server (120) through a separate authentication channel. The authentication server provides the signature server with a derived version of the same information through a permanent see tunnel between the servers, which is compared with the one supplied by the user (102). If they match, data received from the user (102) is signed with the user'"'"'s private key.

148 Citations

74 Claims

1. A method of certifying electronic data supplied by a user, the method comprising:
- receiving the data to be certified at a certifying apparatus from a source device;
  
  certifying the data at the certifying apparatus with one or more elements of information secure to the certifying apparatus, said elements being unique to the user; and
  
  outputting the data so certified from the certifying apparatus, for passing to a recipient device;
  
  wherein the elements of secure information certify that the supplier of the data is the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 42, 43, 44)
- - 2. A method according to claim 1, wherein the private key of a public key/private key pair specific to the user defines a said element unique to the user.
  - 3. A method according to claim 1 or 2, wherein a digital signature specific to the user defines a said element unique to the user.
  - 4. A method according to any preceding claim, wherein the recipient device is the source device.
  - 5. A method according to claim 1, 2 or 3, wherein the recipient device is a third party device.
  - 6. A method according to any preceding claim, wherein a hash value of a message to be certified is generated at the source device, the hash value being the data to be certified by the certifying apparatus.
  - 7. A method according to any preceding claim, wherein the certifying apparatus can receive data from many different source devices.
  - 14. A method according to any preceding claim, wherein the certifying apparatus comprises a signature server.
  - 15. A method according to any preceding claim, wherein the certifying apparatus comprises a plurality of signature servers using secret sharing to store individual portions of a private key of a user, and wherein the signature is generated based on individual portions of a private key of a user stored on some or all of the signature servers.
  - 16. A method according to claim 14 or 15, wherein the certifying apparats further comprises one or several authentication servers.
  - 17. A method according to any preceding claim, wherein the source device comprises a workstation.
  - 18. A method according to any preceding claim, wherein the source device comprises an interactive television.
  - 19. A method according to any preceding claim, wherein the source device and certifying apparatus establish authenticated individual connections between the source device and one or several servers of the certifying apparatus before and during transfer of the data to be certified.
  - 20. A method according to claim 19, wherein the connection is encrypted.
  - 21. A method according to claim 19 or 20, wherein the source device supplies a token to the certifying apparatus for authentication.
  - 22. A method according to claim 21, wherein the token is supplied to the user or source device by the certifying apparatus via an alternate channel to the authenticated connection.
  - 23. A method according to claim 22, wherein the alternate channel is a mobile telephone network.
  - 24. A method according to claim 23, wherein the token is distributed as a Short Message Service message.
  - 25. A method according to claim 21 or 22, wherein the token is a fixed password.
  - 26. A method according to any of claims 21 to 24, wherein the token is a one-time password.
  - 27. A method according to claim 21 or 22, wherein the token is unique to a transaction.
  - 28. A method according to claim 21 or 22, wherein the token is stored on a portable device.
  - 29. A method according to any of claims 21 to 28, wherein more than one type of token may authenticate the user or source device to one or several servers at the certifying apparatus.
  - 30. A method according to claim 29, wherein the method operates with one level of security reached by authenticating the user regardless of the source, and another, higher, level of security reached by authenticating the user and the source device.
  - 31. A method according to claim 21 or 22, wherein the certifying apparatus certifies the data with different unique elements, dependent upon the type of token used to authenticate the user or source device of security, as well as the data.
  - 32. A method according to any preceding claim, wherein validation data for validating the user is received from a remote device before the data is certified.
  - 33. A method according to any preceding claim, wherein validation data for validating the data to be certified is received from a remote device before the data is certified.
  - 34. A method according to any preceding claim, wherein the certifying apparatus additionally sends a request to a remote device instructing the remote device to send identification data to the user.
  - 35. A method according to any of claims 32 to 34, further comprising the certifying apparatus sending the request to the remote device after receiving a request to certify data.
  - 36. A method according to any of claims 32 to 35, further comprising receiving data derived from the identification data from the remote device.
  - 37. A method according to claim 36, further comprising the certifying device receiving further user data from the user, comparing the further user data with the data derived from the identification data, and certifying the data to be certified if the further user data corresponds to the data derived from the identification data.
  - 38. A method according to any of claims 32 to 37 further comprising establishing a communication channel between the workstation and the remote device.
  - 42. A method according to any of claims 39 to 41, further comprising the method of any of claims 1 to 31.
  - 43. A computer apparatus for use in data certification, the apparatus comprising:
    - a program memory storing instructions for controlling a processor; and
      
      a processor for reading and implementing the instructions stored in the program memory;
      
      wherein the program instructions stored in the program memory comprise instructions for controlling the processor to carry out the method of claim 1 to claim 38.
  - 44. A carrier medium cog computer readable code for controlling a computer to carry out the method of claim 1 to claim 38.

8. A method of certifying electronic data supplied by a user, the method comprising:
- establishing a secure connection between a source device and a certifying apparatus;
  
  sending the data from the source device to be received by the certifying apparatus; and
  
  receiving a version of the data from the certifying apparatus certified as originating from the user, using information unique to the user.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A method according to claim 8, further comprising the step of incorporating a certified version of the data into further data to be sent to a third party device.
  - 10. A method according to claim 8 or 9, wherein the certifying apparatus holds information unique to the user to carry out the certification.
  - 11. A method according to claim 10, wherein the unique information is the private key of a public key/private key pair specific to the user.
  - 12. A method according to claim 10 or 11, wherein the unique information is a digital signature specific to the user.
  - 13. A method according to any of claims 8 to 12, wherein the data to be certified is a hash value of a message.

39. A method for use in data certification, comprising:
- receiving a request from a remote device to supply a user with identification data;
  
  supplying said identification data to a user; and
  
  supplying a derived version of the identification data to the remote device.
- View Dependent Claims (40, 41, 45, 46)
- - 40. A method according to claim 39, wherein the identification data is a one-time password.
  - 41. A method according to claim 39 or 40, wherein the request and derived version of the identification are transferred via a different communication method to the identification data.
  - 45. A computer apparatus for certifying data as originating from a user, the apparatus comprising:
    - a program memory storing instructions for controlling a processor, and a processor for reading and implementing the instructions stored in the program memory;
      
      wherein the program instructions stored in the program memory comprise instructions for controlling the processor to carry out the method of claim 39 to claim 42.
  - 46. A carrier medium carrying computer readable code for controlling a computer to carry out the method of claim 39 to claim 42.

47. A data certifying apparatus, comprising:
- a signing device adapted to certify electronic data received from a remote source device as originating from a user, wherein the certifying apparatus is arranged to receive data from the souse device, certify the data as belonging to the user, using information stored in the certifying apparatus and cryptographic techniques, said information being unique to the user, and send the certified data to a recipient device.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 74)
- - 48. A certifying apparatus according to claim 47, where the recipient device is the source device.
  - 49. A certifying apparatus according to claim 48, wherein the recipient device is a third party device.
  - 50. A data certifying apparatus according to any of claims 47 to 49, wherein the source device and certifying apparatus are arranged to establish an authenticated connection between them before and during transfer of the data to be certified.
  - 51. A data certifying apparatus according to claim 50, wherein the source device and certifying apparatus are arranged such that the connection between them is encrypted.
  - 52. A data certifying apparatus according to claim 50 or 51, wherein the source device is arranged to supply a token to the certifying apparatus for authentication.
  - 53. A data certifying apparatus according to claim 52, wherein the authentication device is arranged to supply the token to the user or source via an alternate channel to the authenticated connection.
  - 54. A data certifying apparatus according to claim 52 or 53, wherein the token is a fixed password.
  - 55. A data certifying apparatus according to claim 52 or 53, wherein the token is a one-time password.
  - 56. A data certifying apparatus according to claim 52 or 53, wherein wherein the authentication device is arranged to supply the token to the user or source device via a mobile telephone network.
  - 57. A certifying apparatus according to claim 55 or 56, wherein wherein the authentication device is arranged to supply the token to the user or source device via a Short Message Service message.
  - 58. A certifying apparatus according to claim 52 or 53, wherein authentication device is arranged to supply a unique token for each transaction.
  - 59. A data certifying apparatus according to claim 52 or 53, wherein the token is stored on a portable device.
  - 60. A data certifying apparatus according to any of claims 52 to 59, wherein the certifying apparatus is arranged to use more than one type of token to authenticate the user or source device.
  - 61. A data certifying apparatus according to claim 60, wherein the data certifying apparatus is arranged to operate with one level of security reached by authenticating the user regardless of the source device, and another, higher, level of security reached by authenticating the user and the source device.
  - 62. The data certifying apparatus according to claim 52 or 53, wherein the certifying apparatus is arranged to certify the data with different unique elements, dependent upon the type of token used to authenticate the user or source device.
  - 63. A data certifying apparatus according to claims 47 to 62, wherein the certifying apparatus comprises a signature server.
  - 64. A data certifying apparatus according to claim 63, wherein the certifying apparatus comprises a plurality of signature servers, each signature server being arranged to use secret sharing to store individual shares of a private key of a user, wherein, the signature generated.
  - 65. A data certifying apparatus according to claims 63 or 64, wherein the certifying apparatus further comprises an authentication server.
  - 66. A data certifying apparatus according to any of claims 47 to 65, wherein the source device comprises a workstation.
  - 67. A data certifying apparatus according to any of claims 47 to 65, wherein the source device comprises an interactive television.
  - 68. A data certifying apparatus according to any of claims 47 to 67, further comprising instructing means for sending a request to a remote device instructing the remote device to send identification data to the user.
  - 69. A data certifying apparatus according to any of claims 47 to 68, further comprising receiving means for receiving data derived from the identification data from the remote device.
  - 70. A data certifying apparatus according to any of claims 47 to 68, wherein the receiving means is arranged to receive further user data from the user, the apparatus further comprising:
    - comparing means for comparing the further user data with the data derived from the identification data, and certifying means for certifying the data to be certified if the further user data corresponds to the data derived from the identification data.
  - 74. An apparatus according to claim 73, further comprising an apparatus according to any of claims 47 to 70.

71. An apparatus for use in data certification, comprising:
- receiving means for receiving a request from a remote device to supply a user with identification data;
  
  supplying means for supplying said identification data to a user; and
  
  further supplying means for supplying a derived version of the identification data to the remote device.
- View Dependent Claims (72, 73)
- - 72. An apparatus according to claim 71, further comprising password generating means for generating a one-time password to be supplied with the supplying means.
  - 73. An apparatus according to claim 71 or 72, wherein the receiving means and further supplying means are arranged to operate via a different communication method to the supplying means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptomathic Ltd
Original Assignee
Cryptomathic A/S (Infineon Technologies AG)
Inventors
Tuliani, Jonathan Roshan, Landrock, Peter

Granted Patent

US 7,725,723 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/313   using a call-back technique...

G06F 21/645   using a third party

G06F 2221/2115   Third party

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 63/18   using different networks or...

Data certification method and apparatus

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

148 Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

Data certification method and apparatus

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links