Non-repudiation in computer networks
First Claim
1. A first data processor (10), connected to a network of other data processors (20, 30), comprising:
- means (300) for sending a message to a second data processor forming part of the network; and
means (310) for cryptographically combining information derived from said message (600), information (612, 613, 614,
615) derived from one or more previous messages transferred between said first data processor and one of said other data processors forming part of the network, and secret information (611) held by the said first data processor, to produce a non-repudiation vector including an authentication token (540), said token cryptographically combined with said message.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention supplements the use of a conventional authentication token such as a MAC or DSG, to provide very strong evidence of the origin of an electronic message. A new type of authentication token, known as the "Non-Repudiation Vector" (NRV) is attached to each message sent across a data network. The NRV cryptographically links each message sent or received by a particular data processor on the network to previous and subsequent messages handled by that data processor, to create a chain of cryptographically linked messages. The burden of proof for the repudiation of a message is transferred to the sender of a message, who must demonstrate how the sending data processor could have moved through the time period during which the disputed message was sent, without generating the NRV corresponding to the disputed message.
62 Citations
18 Claims
-
1. A first data processor (10), connected to a network of other data processors (20, 30), comprising:
-
means (300) for sending a message to a second data processor forming part of the network; and means (310) for cryptographically combining information derived from said message (600), information (612, 613, 614,
615) derived from one or more previous messages transferred between said first data processor and one of said other data processors forming part of the network, and secret information (611) held by the said first data processor, to produce a non-repudiation vector including an authentication token (540), said token cryptographically combined with said message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for effecting non-repudiation of a data message in a computer network, including a plurality of data processors comprising the steps of:
-
(a) initiating (110) a data message (550) in a first data processor (300) for transmission to second data processor (400) in the computer network; (b) generating (310) a non-repudiation vector (540), including an authentication token (530) derived from one or more previous messages transferred between said first data processor and one of said other data processors forming part of the network, and secret information (611) held by said first data processor; (c) cryptographically combining said vector (540) to the data message (550) to form a compound message; and (c) enciphering (140) said compound message for transmission to said second data processor (400). - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification