Method for obtaining a securitized cleartext attestation in a distributed data processing system environment

US 5,214,700 A
Filed: 05/09/1991
Issued: 05/25/1993
Est. Priority Date: 05/10/1990
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing an attestation in a data processing system said method comprising the steps of:

choosing, at random, a check datum;

relating said check datum to at least one protection datum through a one-way relationship said one way relationship corresponding to a first one of;

(a) a public key/private key algorithm; and

(b) a one way encryption system;

sending an attestation request to a server;

transmitting in cleartext from at least one requestor subject to said server, said attestation request and an identifier, said identifier defining said one-way relationship between said check datum and said protection datum;

forming, in the server, an attestation in the form of a set of pieces of binary information wherein said attestation includes said at least one protection datum and said identifier;

calculating, in the server at least one of;

a seal of attestation; and

a signature of attestation;

wherein said step of calculating takes into account said at least one protection datum and said identifier; and

transmitting the attestation in cleartext from said server to the at least one requestor subject.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for obtaining at least one securitized cleartext attestation by at least one requestor subject coupled to a data processing system and communicating with each other through a network. The data processing system includes a plurality of subjects and an authority represented by at least one server acting on behalf of the authority and issuing attestations. The requestor subject sends the authority an attestation request including at least one protection datum. The requestor subject chooses, at random, a check datum which is associated and linked with the protection datum. The requestor subject then transmits, in cleartext, to the authority both a piece of identification information defining the relationship between the check datum and the protection datum, and the protection datum itself. The server organizes the attestation in the form of binary information and calculates at least one of a signature and a seal of attestation taking into account the protection datum and the identification information. The server then transmits the sealed or signed attestation, in cleartext, to the requestor subject A method for providing a chaining value for the check datum when multiple subjects request sequential attestation of a message is also provided.

107 Citations

View as Search Results

10 Claims

1. A method for providing an attestation in a data processing system said method comprising the steps of:
- choosing, at random, a check datum;
  
  relating said check datum to at least one protection datum through a one-way relationship said one way relationship corresponding to a first one of;
  
  (a) a public key/private key algorithm; and
  
  (b) a one way encryption system;
  
  sending an attestation request to a server;
  
  transmitting in cleartext from at least one requestor subject to said server, said attestation request and an identifier, said identifier defining said one-way relationship between said check datum and said protection datum;
  
  forming, in the server, an attestation in the form of a set of pieces of binary information wherein said attestation includes said at least one protection datum and said identifier;
  
  calculating, in the server at least one of;
  
  a seal of attestation; and
  
  a signature of attestation;
  
  wherein said step of calculating takes into account said at least one protection datum and said identifier; and
  
  transmitting the attestation in cleartext from said server to the at least one requestor subject.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein said check datum corresponds to a private key and said at least one protection datum corresponds to a public key and wherein said check datum and said at least one protection datum are related by an encryption function.
  - 3. The method of claim 2 wherein the step of sending an attestation request to a server includes the step of:
    - said requestor subject requesting an attestation from said server for the benefit of a third party subject, said third party subject being coupled to said data processing system; and
      
      wherein, after the step of transmitting the attestation to said requestor subject, the method further comprises steps of;
      
      preparing, by said requestor subject, a cleartext request to be transmitted to said third party subject;
      
      forming by said requestor subject, a message including said cleartext request and said attestation, specifying the usage that may be made of said attestation;
      
      signing said message, by said requestor subject, with said private key to provide a signed cleartext message having a signature;
      
      transmitting said signed cleartext message from said requestor subject to said third party subject;
      
      verifying, by said third party subject, the signature of said signed cleartext message; and
      
      accepting, by said third party subject, said attestation of said signed cleartext message upon the verification of the signature provided in the message signing step of the signed cleartext message.
  - 4. The method according to claim 3 wherein:
    - a plurality n of requestor subjects S₁ -S_n each request an attestation of said server, each of the n attestations being transmitted to a third party subject (S_n+1), said method further comprising the steps of;
      
      receiving a preceding check datum CL_n-1 from a preceding subject S_n-1 by subject S_n ;
      
      choosing, by subject S_n, a next check datum CL_n ;
      
      calculating, by subject S_n, a chaining value CV_n related to the next check datum and to the preceding check datum through a two-way encryption function wherein in said two way encryption function the next check datum corresponds to an encryption key and the preceding check datum corresponds to an input value;
      
      transmitting, by said subject S_n, said chaining value to said sever;
      
      introducing said chaining value by said server into said attestation; and
      
      calculating a first one of;
      
      (a) a seal of said attestation; and
      
      (b) a signature of said attestation;
      
      wherein said calculating step utilizes said chaining value introduced into said attestation during said introducing step.
  - 5. The method of claim 4 further comprises the step of:
    - verifying each of the n attestations, wherein said verifying step includes the steps of;
      
      decrypting, by a first one of the plurality of subjects, the received preceding check datum CL_n-1 ; and
      
      calculating by said first one of said plurality of subjects a current check datum CL_n from at least one chaining value CV_n introduced into said attestation and from the decryption of said two-way encryption function.
  - 6. The method of claim 1 wherein said check datum and said at least one protection datum are encrypted by a one-way encryption system, and whereby the check datum is a hidden key and the at least one protection datum is a revealed key.
  - 7. The method of claim 6 wherein said requestor subject requests an attestation from said server for the benefit of a third party subject coupled to said data processing system and wherein after the step of transmitting the attestation to said requestor subject, the method further comprises the steps of:
    - preparing, by said requestor subject, a cleartext request to be transmitted to said third party subject;
      
      forming, by said requestor subject, a cleartext message, said cleartext message including said cleartext request and said attestation, specifying the usage that may be made of said attestation;
      
      sealing said cleartext message, by said requestor subject, with said hidden key to provide a sealed cleartext message;
      
      transmitting said sealed cleartext message from said requestor subject to said third party subject;
      
      encrypting the check datum represented by said hidden key;
      
      transmitting said encrypted check datum from said requestor subject to said third party subject;
      
      decrypting, by said third party subject, said encrypted check datum;
      
      calculating, by said third party subject, a protection datum from said decrypted check datum and from said one-way encryption function;
      
      calculating, by said third party subject, the seal on the sealed cleartext message;
      
      comparing, by said third party subject, the calculated protection datum with the value of the protection datum transmitted within the attestation, and verifying whether the seal of the sealed cleartext message calculated in said seal calculating step is correct; and
      
      accepting the attestation when the following two conditions are met;
      
      (a) the comparing step indicates the transmitted protection datum and the calculated transmission datum are equal; and
      
      (b) the seal calculated in the seal calculating step is correct.
  - 8. The method according to claim 7 in which a plurality n of requestor subjects S₁ -S_n each request an attestation of said server, each of the n attestations being transmitted to a third party subject (S_n+1), said method further comprising the steps of:
    - receiving a preceding check datum CL_n-1 from a preceding subject S_n-1 by subject S_n ;
      
      choosing, by subject S_n, a next check datum CL_n ;
      
      calculating, by subject S_n, a chaining value CV_n related to the next check datum and to the preceding check datum through a two-way encryption function wherein in said two way encryption function the next check datum corresponds to an encryption key and the preceding check datum corresponds to an input value;
      
      transmitting, by said subject S_n, said chaining value to said server;
      
      p1 introducing said chaining value by said server into said attestation; and
      
      calculating a first one of;
      
      (a) a seal of said attestation; and
      
      (b) a signature of said attestation;
      
      wherein said calculating step utilizes said chaining value introduced into said attestation during said introducing step.
  - 9. The method of claim 8 further comprising the step of:
    - verifying each of the n attestations, wherein said verifying step includes the steps of;
      
      decrypting, by said a first one of said plurality of subject S_n a received preceding check datum CL_n-1 ; and
      
      calculating, by said first one of said plurality if requestor subjects a current check datum CL_n from at least one chaining value CV_n introduced into said attestation and from the decryption of said two-way encryption function.
  - 10. The method of claim 1 wherein said at least one protection datum is a first protection datum and said check datum is a first check datum and wherein said attestation further includes:
    - a second protection datum;
      
      a second check datum;
      
      wherein the first check datum and the first protection datum are related by a public key/private key algorithm and the first protection datum includes a private key and the first protection datum includes a public key; and
      
      wherein the second check datum includes a hidden key and the second protection datum includes a revealed key, and the second check datum and the second protection datum are related through a one-way encryption function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bull Sas (Atos SE)
Original Assignee
Bull Sas (Atos SE)
Inventors
Caille, Philippe, Pinkas, Denis
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US07/697,408
Time in Patent Office

747 Days
Field of Search

380/3, 380/4, 380/23, 380/24, 380/25, 380/30, 380/49, 380/50, 340/825.31, 340/825.34
US Class Current

713/156
CPC Class Codes

H04L 9/0869   involving random numbers or...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Method for obtaining a securitized cleartext attestation in a distributed data processing system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

107 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Method for obtaining a securitized cleartext attestation in a distributed data processing system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others