COMPACT ATTRIBUTE FOR CRYPTOGRAPHICALLY PROTECTED MESSAGES

US 20120179903A1
Filed: 01/06/2011
Published: 07/12/2012
Est. Priority Date: 01/06/2011
Status: Active Grant

First Claim

Patent Images

1. A method for verifying a signature of a signed message, said method comprising:

receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising components appearing in a predefined order, the components being identified by an object identifier associated with the compact attribute, the components comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;

recovering the components of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving; and

validating the signature of the signed message based on the processing flag and the security assertion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and associated method for verifying a signature of a signed message having a compact attribute. Components of the compact attribute of the signed message appear in a predefined order within the compact attribute, and are identified by an object identifier associated with the compact attribute. A processing flag and a security assertion are among the components of the compact message. The processing flag directs rules to process the security assertion. The security assertion is made by an authority trusted by both a sender and a recipient of the signed message. The recipient validates the signature of the signed message based on the processing flag and the security assertion recovered from the compact attribute.

29 Citations

View as Search Results

20 Claims

1. A method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising components appearing in a predefined order, the components being identified by an object identifier associated with the compact attribute, the components comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the components of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving; and
  
  validating the signature of the signed message based on the processing flag and the security assertion.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is valid upon said ascertaining the signature as valid; and
      
      accepting the signature of the signed message as valid.
  - 3. The method of claim 1, said validating comprising:
    - determining that a key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 4. The method of claim 1, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 5. The method of claim 1, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is invalid upon said ascertaining the signature as valid; and
      
      rejecting the signature of the signed message as invalid.

6. A computer program product comprising:
- a computer readable storage medium having a computer readable program code embodied therein, said computer readable program code containing instructions that perform verifying a signature of a signed message, said verifying comprising;
  
  receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising components appearing in a predefined order, the components being identified by an object identifier associated with the compact attribute, the components comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the components of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving; and
  
  validating the signature of the signed message based on the processing flag and the security assertion.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product of claim 6, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is valid upon said ascertaining the signature as valid; and
      
      accepting the signature of the signed message as valid.
  - 8. The computer program product of claim 6, said validating comprising:
    - determining that a key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 9. The computer program product of claim 6, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 10. The computer program product of claim 6, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is invalid upon said ascertaining the signature as valid; and
      
      rejecting the signature of the signed message as invalid.

11. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising components appearing in a predefined order, the components being identified by an object identifier associated with the compact attribute, the components comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the components of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving; and
  
  validating the signature of the signed message based on the processing flag and the security assertion.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer system of claim 11, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is valid upon said ascertaining the signature as valid; and
      
      accepting the signature of the signed message as valid.
  - 13. The computer system of claim 11, said validating comprising:
    - determining that a key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 14. The computer system of claim 11, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 15. The computer system of claim 11, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is invalid upon said ascertaining the signature as valid; and
      
      rejecting the signature of the signed message as invalid.

16. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein the code in combination with the computing system is capable of performing a method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising components appearing in a predefined order, the components being identified by an object identifier associated with the compact attribute, the components comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the components of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving; and
  
  validating the signature of the signed message based on the processing flag and the security assertion.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The process of claim 16, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is valid upon said ascertaining the signature as valid; and
      
      accepting the signature of the signed message as valid.
  - 18. The process of claim 16, said validating comprising:
    - determining that a key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 19. The process of claim 16, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 20. The process of claim 16, said validating comprising:
    - determining that a key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      ascertaining that a signature of the security assertion is valid upon determining that the key identifies the trusted authority;
      
      determining that the signature of the signed message is invalid upon said ascertaining the signature as valid; and
      
      rejecting the signature of the signed message as invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
ARNOLD, TODD W., GRIFFIN, PHILLIP H.

Granted Patent

US 8,782,397 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 9/321 involving a third party or ...

H04L 9/3247 involving digital signatures

COMPACT ATTRIBUTE FOR CRYPTOGRAPHICALLY PROTECTED MESSAGES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

COMPACT ATTRIBUTE FOR CRYPTOGRAPHICALLY PROTECTED MESSAGES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others