Secure logging of transactions
First Claim
1. A method of generating a secure transaction log recording transaction data established between a first (10) and a second (20) data processing device, comprising the steps of:
- the first device issuing a partial transaction log (63) to the second device, the partial transaction log including identification data and event data associated with the transaction;
the second device issuing to the first device, in response to the partial transaction log, a signed full log (66), the signed full log including said identification data and event data, secured by a first digital signature specific to the second device (20); and
the first device issuing, in response to the signed full log (66), a re-signed full log (67) including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the first device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of generating a secure transaction log recording transaction data established between a first 10 and a second 20 data processing device. The transaction log includes transaction data derived from the first device that is digitally signed by the second device, and then digitally re-signed by the first device, with copies being stored locally to both devices. Any interference with the data by either device, or during transfer of data between them is evident to both devices. The transaction data may include data received and signed by an independent third party as a trusted third party.
64 Citations
33 Claims
-
1. A method of generating a secure transaction log recording transaction data established between a first (10) and a second (20) data processing device, comprising the steps of:
-
the first device issuing a partial transaction log (63) to the second device, the partial transaction log including identification data and event data associated with the transaction;
the second device issuing to the first device, in response to the partial transaction log, a signed full log (66), the signed full log including said identification data and event data, secured by a first digital signature specific to the second device (20); and
the first device issuing, in response to the signed full log (66), a re-signed full log (67) including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of operating an access control device (20) to generate a secure transaction log recording transaction data established between a first device (10) and the access control device (20), comprising the steps of:
-
receiving from the first device, a partial transaction log (63), the partial transaction log including identification data and event data associated with the transaction;
issuing to the first device, in response to the partial transaction log, a signed full log (66), the signed full log including said identification data and event data, secured by a first digital signature specific to the access control device; and
receiving, from the first device, in response to the signed full log, a re-signed full log (67) including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the first device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 30)
-
-
28. A method of operating a first data processing device to generate a secure transaction log recording transaction data established between the first device (10) and a second data processing device (20), comprising the steps of:
-
issuing a partial transaction log (63) to the second device, the partial transaction log including identification data and event data associated with the transaction;
receiving from the second device, in response to the partial transaction log, a signed full log (66), the signed full log including said identification data and event data, secured by a first digital signature specific to the second device; and
issuing, in response to the signed full log, a re-signed full log (67) including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the first device. - View Dependent Claims (29)
-
-
31. Apparatus for generating a secure transaction log recording transaction data established between a first (10) and a second (20) data processing device, comprising:
-
means (11), in the first device, for issuing a partial transaction log to the second device, the partial transaction log including identification data and event data associated with the transaction;
means (21), in the second device, for issuing to the first device, in response to the partial transaction log, a signed full log, the signed full log including said identification data and event data, secured by a first digital signature specific to the second device; and
means (11), in the first device, for issuing, in response to the signed full log, a re-signed full log including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the first device.
-
-
32. An access control device (20) adapted to generate a secure transaction log recording transaction data established between a first device (10) and the access control device, comprising:
-
means (21,25) for receiving from the first device, a partial transaction log, the partial transaction log including identification data and event data associated with the transaction;
means (21) for issuing to the first device, in response to the partial transaction log, a signed full log, the signed full log including said identification data and event data, secured by a first digital signature specific to the access control device; and
means (21) for receiving, from the first device, in response to the signed full log, a re-signed full log including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the first device.
-
-
33. A data processing device (10) adapted to generate a secure transaction log recording transaction data established between the data processing device and a second data processing device (20), comprising:
-
means (11,15) for issuing a partial transaction log to the second device, the partial transaction log including identification data and event data associated with the transaction;
means (11) for receiving from the second device, in response to the partial transaction log, a signed full log, the signed full log including said identification data and event data;
secured by a first digital signature specific to the second device; and
means (11) for issuing, in response to the signed full log, a re-signed full log including said identification data, said event data and said first digital signature, secured by a second digital signature specific to the data processing device.
-
Specification