SYSTEM FOR MESSAGE ENCRYPTION AND SIGNING IN A TRANSACTION PROCESSING SYSTEM

US 20080140578A1
Filed: 02/21/2008
Published: 06/12/2008
Est. Priority Date: 02/22/2001
Status: Abandoned Application

First Claim

Patent Images

1. A system for the transfer of messages in a transaction processing system, comprising:

a transaction server which encrypts messages and also attaches to each message a message-based digital signature that includes a tamper-resistant time stamp; and

a security policy that is used by the transaction server to automatically reject a message if the message'"'"'s public key properties do not conform to the security policy, the security policy further identifying;

that at least one valid public key digital signature is attached to the message,that the message is encrypted for confidentiality, andlimits on the acceptable range of timestamps associated with a digital signature.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention herein provides a system for message encryption and signing within a transaction processing system. As disclosed herein the invention applies the operation of public key technology to transactional server security. Embodiments of the invention utilize a combination of message-based encryption and message-based digital signing, to ensure the security and authenticity of a message or message buffer sent from one party or process to another. Intermediate recipients may also inspect the message. The system described ensures the reliable authentication, confidentiality, integrity, and non-repudiation, of communicated messages.

129 Citations

View as Search Results

21 Claims

1. A system for the transfer of messages in a transaction processing system, comprising:
- a transaction server which encrypts messages and also attaches to each message a message-based digital signature that includes a tamper-resistant time stamp; and
  
  a security policy that is used by the transaction server to automatically reject a message if the message'"'"'s public key properties do not conform to the security policy, the security policy further identifying;
  
  that at least one valid public key digital signature is attached to the message,that the message is encrypted for confidentiality, andlimits on the acceptable range of timestamps associated with a digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein the tamper-resistant time stamp is based on the originating machine'"'"'s local clock.
  - 3. The system of claim 2, wherein the tamper-resistant time stamp is based on the originating machine'"'"'s local and unsynchronized clock.
  - 4. The system of claim 1, wherein message-based encryption and digital signature are controlled by administrative parameters, with little or no application code modification.
  - 5. The system of claim 1, wherein the system allows a system administrator to set security policies for clients, server machines, and gateway links that interact with a server domain.
  - 6. The system of claim 1, wherein the system allows an application programmer to examine a time stamp and implement security policies to inhibit replay attacks.
  - 7. The system of claim 1, further comprising a mode of operation to automatically generate public key signatures.
  - 8. The system of claim 1, further comprising automatic verification of digital signatures before a message is delivered.
  - 9. The system of claim 1, further comprising a mode of operation to automatically perform public key encryption.
  - 10. The system of claim 1, further comprising provisions to enable partial encryption, so that an intermediate process can route a message based on partial application content data while maintaining confidentiality of the remaining data.
  - 11. The system of claim 1, further comprising provisions for an intermediate process to decrypt an entire message in order to make routing decisions based on complete application content data.
  - 12. The system of claim 1, further comprising integration with reliable disk-based queuing so that application messages remain encrypted while queued on disk.
  - 13. The system of claim 1, further comprising integration with publish/subscribe messaging, so that unauthorized subscribers cannot access confidential data.
  - 14. The system of claim 1, further comprising:
    - a capability to export messages into an external format that preservers public key digital signatures and public key encryption; and
      
      an import facility that allows authorized software to decrypt and verify signatures.
  - 15. The system of claim 1, further comprising a security provider interface allowing customization of public key features, including operations performed in system processes.
  - 16. The system of claim 1, further comprising automatic public key signature time stamp generation and verification.
  - 17. The system of claim 1, further comprising high-level programming interfaces for public key encryption and public key digital signature that intuitively mesh with existing application interface standards for transaction processing.
  - 18. The system of claim 1, further comprising distributed processing techniques that allow a significant portion of public key algorithm execution to be performed on a client'"'"'s desktop computer.
  - 19. The system of claim 1, wherein the message-based digital signature contains a cryptographically secure checksum computed on the contents of the message buffer.
  - 20. The system of claim 1, wherein the message-based digital signature is used by a sending process to prove its identity, and to bind the proof to contents of a message buffer, and wherein a third-party verifies authenticity of the message-based digital signature.
  - 21. The system of claim 1, wherein administrative parameters control message-based encryption and the message-based digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Felt, Sandra V., Felt, Edward P., Wells, John R.

Application Number

US12/035,334
Publication Number

US 20080140578A1
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/3829   involving key management

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

SYSTEM FOR MESSAGE ENCRYPTION AND SIGNING IN A TRANSACTION PROCESSING SYSTEM

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

129 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM FOR MESSAGE ENCRYPTION AND SIGNING IN A TRANSACTION PROCESSING SYSTEM

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others