Secure token-based document server
First Claim
1. A method for operating on a network a secure document server that receives from a holder of a document token a request for a copy of a document identified by the document token, the document token including issuer content and a signature from an issuer and holder content and a signature from the holder, said method comprising the steps of:
- locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
authenticating the issuer content of the document identifier with the public key of the issuer;
locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
authenticating the holder content of the document identifier with the public key of the holder;
authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
issuing, to the holder of the document identifier, a copy of the document identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating steps;
said issuing step providing secure access to the document without prior knowledge of the public key of the holder.
8 Assignments
0 Petitions
Accused Products
Abstract
A system is presented for transmitting document references or tokens between users of integrated wireless and wire-based communication services. The system includes workstations, files servers, printers and other devices coupled to a wire-based network. Mobile computing devices are coupled to the wire-based network through either IR (infrared) or RF (radio) transceiver gateways. Each mobile computing device appears to hold a user'"'"'s collection of documents: the device is programmed to receive, transmit, and store document tokens. The system includes a token-enabled document server that uses digital signatures to provide secure transfer of document tokens between users of the mobile computing devices and email clients. The token-enabled document server operates independent of the identity of the holder of the document token. Only the issuer of the document token needs be registered with the signature based document server to properly authenticate document tokens.
245 Citations
20 Claims
-
1. A method for operating on a network a secure document server that receives from a holder of a document token a request for a copy of a document identified by the document token, the document token including issuer content and a signature from an issuer and holder content and a signature from the holder, said method comprising the steps of:
-
locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
authenticating the issuer content of the document identifier with the public key of the issuer;
locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
authenticating the holder content of the document identifier with the public key of the holder;
authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
issuing, to the holder of the document identifier, a copy of the document identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating steps;
said issuing step providing secure access to the document without prior knowledge of the public key of the holder.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
generating the hint to the public key of the issuer; and
transmitting the hint to the public key of the issuer to the issuer.
-
-
4. The method according to claim 2, wherein said receiving step receives the request from an issuer operating a mobile computing device.
-
5. The method according to claim 1, further comprising the step of receiving a request for a copy of the document from a holder of the document token operating a mobile computing device.
-
6. The method according to claim 1, further comprising the steps of:
-
locating a serial number in the issuer content of the document token;
identifying, in an access list, a number indicating how many times document tokens with the serial number have been cashed; and
authenticating the issuer content by verifying that the number of times the document token has been cashed does not exceed a predefined maximum number.
-
-
7. The method according to claim 1, wherein said step of identifying the public key of the issuer using the hint to the public key of the issuer is performed by querying a certificate authority.
-
8. The method according to claim 1, further comprising the steps of:
-
receiving from a recipient mail client the request for a copy of the document identified by the document token; and
issuing to the recipient mail client a copy of the document identified by the document identifier.
-
-
9. The method according to claim 1, further comprising the step of substituting for the document, which is attached to an email message, the document token identifying the document.
-
10. The method according to claim 9, wherein said substituting step is performed by a proxy server.
-
11. The method according to claim 1, further comprising the steps of:
-
receiving an email message from a sender mail client with the document token attached thereto; and
substituting for the document token in the email message the copy of the document issued by said issuing step.
-
-
12. A secure document server for operating on a network and receiving from a holder of a document token a request for a copy of a document identified by the document token, the document token including issuer content and a signature from an issuer and holder content and a signature from the holder, said secure document server comprising:
-
means for locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
means for identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
means for authenticating the issuer content of the document identifier with the public key of the issuer;
means for locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
means for authenticating the holder content of the document identifier with the public key of the holder;
means for authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
means for issuing, to the holder of the document identifier, a copy of the document identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating means;
said issuing means providing secure access to the document without prior knowledge of the public key of the holder.- View Dependent Claims (13, 14, 15, 16)
means for locating a serial number in the issuer content of the document token;
means for identifying, in an access list, a number indicating how many times document tokens with the serial number have been cashed; and
means for authenticating the issuer content by verifying that the number of times the document token has been cashed does not exceed a predefined maximum number.
-
-
15. The secure document server according to claim 12, wherein said means for identifying the public key of the issuer using the hint to the public key of the issuer queries a certificate authority.
-
16. The secure document server according to claim 12, further comprising means for receiving, from the issuer, the public key of the issuer.
-
17. A secure document mail system operating on a network, comprising:
-
a sender mail client for sending an email message with a document attachment;
the sender mail client including an encoder for substituting in the email message a document token for the document attachment;
a recipient mail client for receiving the email message and the document token from a mail server;
the recipient mail client including a decoder;
a secure document server for receiving from the recipient mail client a request for a copy of a document identified by the document token in the email message;
the document token including issuer content and a signature generated by the encoder of the sender mail client, and holder content and a signature generated by the decoder of the recipient mail client;
wherein the secure document server further comprises;
means for locating in the issuer content a document identifier, a hint to a public key of the issuer, and a public key of the holder;
the document identifier specifying where the document is stored on the network;
means for identifying, in a key list on the secure document server, the public key of the issuer using the hint to the public key of the issuer;
means for authenticating the issuer content of the document identifier with the public key of the issuer;
means for locating in the holder content of the document a time stamp;
the time stamp identifying when the holder of the document token requested the copy of the document;
means for authenticating the holder content of the document identifier with the public key of the holder;
means for authenticating the time stamp by verifying that the time stamp is within a predetermined window of time; and
means for issuing, to the recipient mail client, a copy of the document attachment identified by the document identifier when the issuer content and the holder content are positively authenticated by said authenticating means;
said issuing means providing secure access to the document attachment without prior knowledge of the public key of the holder.- View Dependent Claims (18, 19, 20)
-
Specification