Versatile secure and non-secure messaging

US 20070250710A1
Filed: 04/25/2006
Published: 10/25/2007
Est. Priority Date: 04/25/2006
Status: Active Grant

First Claim

Patent Images

1. A messaging system associated with a first device and comprising:

a plurality of credentials; and

a plurality of authorities, each authority associating at least one of a plurality of protocol operations with at least one of the plurality of credentials, wherein the messaging system is adapted to receive an initiating message from a second device, which identifies at least one of the authorities, and responsively implements a security protocol for further messages between the first and second devices in accordance with the identified authority.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A messaging system and method are associated with a first device. The messaging system includes a plurality of credentials and a plurality of authorities. Each authority associates at least one of a plurality of protocol operations with at least one of the plurality of credentials. The messaging system is adapted to receive an initiating message from a second device, which identifies at least one of the authorities, and responsively implements a security protocol for further messages between the first and second devices in accordance with the identified authority.

115 Citations

View as Search Results

23 Claims

1. A messaging system associated with a first device and comprising:
- a plurality of credentials; and
  
  a plurality of authorities, each authority associating at least one of a plurality of protocol operations with at least one of the plurality of credentials, wherein the messaging system is adapted to receive an initiating message from a second device, which identifies at least one of the authorities, and responsively implements a security protocol for further messages between the first and second devices in accordance with the identified authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The messaging system of claim 1 wherein the plurality of authorities comprises:
    - a signing authority, which defines a credential and a protocol operation by which the one of the first and second devices can authenticate itself to the other of the first and second devices.
  - 3. The messaging system of claim 1 wherein the plurality of authorities comprises:
    - an exchange authority, which defines a credential and a protocol operation with which the further messages from one of the first and second devices to the other of the first and second devices are encrypted and decrypted.
  - 4. The messaging system of claim 1 wherein at least one of the plurality of authorities are known to the first device prior to receiving the initiating message.
  - 5. The messaging system of claim 1 wherein where at least one of the plurality of authorities links to another of the plurality of authorities.
  - 6. The messaging system of claim 1 and further comprising:
    - an authority table in which the plurality of authorities are stored in respective rows of the table; and
      
      at least one credential table in which at least one of the plurality of credentials is stored in a row of the credential table.
  - 7. The messaging system of claim 1 and further comprising a credential table for each of the plurality of authentication operations, and wherein the credentials that are associated with a particular one of the plurality of authentication operations are stored in the credential table that corresponds to that authentication operation.

8. A messaging system comprising:
- a peripheral comprising a first table of authorities, each authority in the first table associating at least one of a plurality of authentication operations with at least one of a plurality of credentials;
  
  a host comprising a second table of authorities, each authority in the second table associating at least one of the plurality of authentication operations with at least part of the credential associated with that authority in the first table; and
  
  a communication channel between the peripheral and the host, wherein messages passed through the communication channel invoke at least one corresponding authority in each table.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The messaging system of claim 8 wherein the first and second tables of authorities comprise:
    - a signing authority, which defines a credential and a protocol operation by which the one of the peripheral and the host can authenticate itself to the other of the peripheral and the host through the channel.
  - 10. The messaging system of claim 8 wherein the first and second tables of authorities comprise:
    - an exchange authority, which defines a credential and a protocol operation with which the messages from one of the peripheral and the host to the other of the peripheral and the host are encrypted and decrypted.
  - 11. The messaging system of claim 8 wherein in each table, at least one of the plurality of authorities links to another of the plurality of authorities in that table.
  - 12. The messaging system of claim 8 wherein the peripheral device and the host device each comprise, for each of the authentication operations:
    - a corresponding credential table, wherein the credentials that are associated with a particular one of the authentication operations are stored in the corresponding credential table.

13. A method of initiating a messaging session, comprising:
- maintaining a plurality of authorities known to a peripheral, wherein each authority associates at least one of a plurality of authentication operations with at least one of a plurality of credentials;
  
  passing a start session message from a host to the peripheral, which identifies at least one of the authorities known to the peripheral;
  
  retrieving the identified authority from the plurality of authorities known to the peripheral; and
  
  implementing a security protocol on further messages between the host and the peripheral in accordance with the identified authority.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method of claim 13 and further comprising:
    - maintaining a plurality of authorities known to the host, which correspond to the plurality of authorities known to the peripheral, wherein each authority associates at least one of the plurality of authentication operations with at least one of the plurality of credentials, and wherein each credential known to the host comprises at least a portion the corresponding credential known to the peripheral.
  - 15. The method of claim 13 wherein:
    - retrieving the identified authority comprises exchanging one or more cryptographic keys between the peripheral and the host as a function of the identified authority; and
      
      implementing the security protocol comprises encrypting the further messages using the cryptographic key and the authentication operation of the identified authority.
  - 16. The method of claim 13 wherein:
    - implementing the security protocol comprises encrypting the further messages at one end of the communication channel using a public key portion of the credential and the associated authentication operation of the identified authority, and decrypting the further messages at another end of the communication channel using a private key portion of that credential.
  - 17. The method of claim 13 wherein implementing the security protocol comprises implementing the security protocol without either the host or the peripheral negotiating security capabilities of the other.
  - 18. The method of claim 13 wherein the plurality of authorities comprises:
    - a signing authority, which defines a credential and a protocol operation by which the one of the host and the peripheral can authenticate itself to the other.
  - 19. The method of claim 13 wherein the plurality of authorities comprises:
    - an exchange authority, which defines a credential and a protocol operation with which the further messages from one of the host and the peripheral to the other are encrypted and decrypted.
  - 20. The method of claim 13 wherein the host has knowledge of the authentication operation at least part of the associated credential of the identified authority prior to passing the start session message.
  - 21. The method of claim 13 wherein where at least one of the plurality of authorities links to another of the plurality of authorities.
  - 22. The method of claim 13 and further comprising:
    - maintaining an authority table in which the plurality of authorities are stored; and
      
      maintaining at least one credential table in which at least one of the plurality of credentials is stored, and linking the authority table to the credential table.
  - 23. The method of claim 22 and further comprising maintaining a credential table for each of the plurality of authentication operations, and wherein the credentials that are associated with a particular one of the plurality of authentication operations are stored in the credential table that corresponds to that authentication operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Thibadeau, Robert

Granted Patent

US 8,028,166 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/101   Access control lists [ACL]

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/3226   using a predetermined code,...

H04L 9/3249   using RSA or related signat...

H04L 9/3265   using certificate chains, t...

H04L 9/3271   using challenge-response

Versatile secure and non-secure messaging

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Versatile secure and non-secure messaging

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links