Method and system for presentation and manipulation of PKCS signed-data objects
First Claim
1. A method for processing signed data objects in a data processing system comprising a display, the method comprising the computer-implemented steps of:
- presenting a signed data object; and
modifying the signed data object through processing of user actions within a graphical user interface.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for processing signed data objects in a data processing system is presented. A signed data object utility allows a user to view and edit the contents of data objects embedded within a signed data object via a graphical user interface. Graphical objects represent the data objects embedded within a signed data object. A user may drag and drop objects onto other objects within the signed data object, and the signed data object utility automatically performs the necessary signing operations. Logical associations between data objects contained within the signed data object are determined, and the logical associations are displayed using visual indicators between graphical objects representing the associated data objects. As data objects are added or deleted, the visual indicators are updated to reflect any updates to the logical associations. The user may direct other operations on the signed data object through the graphical user interface.
71 Citations
48 Claims
-
1. A method for processing signed data objects in a data processing system comprising a display, the method comprising the computer-implemented steps of:
-
presenting a signed data object; and
modifying the signed data object through processing of user actions within a graphical user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
obtaining a signed data object, wherein the signed data object comprises a content data object and at least one signature-related data object;
determining data objects contained with the signed data object;
displaying the signed data object, wherein data objects contained within the signed data object are represented by graphical objects;
determining logical associations between data objects contained within the signed data object; and
displaying visual indicators between graphical objects, wherein the visual indicators represent logical associations between data objects contained within the signed data object.
-
-
4. The method of claim 3 wherein the step of modifying the signed data object further comprises:
-
selecting a graphical object representing a data object contained within the signed data object;
displaying data values of the selected data object;
editing the data values of the selected data object; and
saving the data values of the selected data object in the signed data object.
-
-
5. The method of claim 4 further comprising:
-
identifying a data type of the data object represented by the selected graphical object, wherein the selected data object is a content data object; and
identifying a default editor for displaying the selected data object according to the identified data type of the data object represented by the selected graphical object.
-
-
6. The method of claim 4 wherein the step of modifying the signed data object further comprises:
-
selecting a graphical object representing a data object contained within the signed data object;
receiving a user action on the selected graphical object representing a deletion request; and
deleting from the signed data object the data object represented by the selected graphical request.
-
-
7. The method of claim 6 further comprising:
-
determining whether the selected graphical object represents a certificate object;
in response to a determination that the selected graphical object represents a certificate object;
determining whether the certificate object is logically associated with a different certificate object embedded within the signed data object; and
in response to a determination that the certificate object is logically associated with a different certificate object embedded within the signed data object, removing a visual indicator representing a logical association between the certificate object and the different certificate object;
determining whether the certificate object is logically associated with a signer information object;
in response to a determination that the certificate object is logically associated with a signer information object;
deleting the signer information object; and
removing a visual indicator representing a logical association between the certificate object and the signer information object.
-
-
8. The method of claim 6 further comprising:
-
determining whether the selected graphical object represents a certificate revocation list object;
in response to a determination that the selected graphical object represents a certificate revocation list object;
determining whether the certificate revocation list object is logically associated with a certificate object; and
in response to a determination that the certificate revocation list object is logically associated with a certificate object, removing a visual indicator representing a logical association between the certificate object and the certificate revocation list object.
-
-
9. The method of claim 3 further comprising:
-
receiving a user request to send the signed data object;
obtaining one or more e-mail addresses to which to send the signed data object;
in response to a determination that the signed data object contains a certificate object, sending an e-mail message comprising the certificate object to the one or more e-mail addresses; and
in response to a determination that the signed data object contains a signer information object, sending an e-mail message comprising the signed data object to the one or more e-mail addresses.
-
-
10. The method of claim 3 further comprising:
-
receiving a user request to export the signed data object;
obtaining a user-specified file name; and
storing the signed data object in DER-encoded format in the user-specified file.
-
-
11. The method of claim 3 further comprising:
-
receiving a user request to import the signed data object;
obtaining a user-specified file name;
importing the signed data object in DER-encoded format from the user-specified file; and
populating the graphical objects representing data objects contained within the signed data object.
-
-
12. The method of claim 1 further comprising:
-
receiving a user request to add a content data object to the signed data object;
generating an encapsulated data object within the signed data object, wherein the encapsulated data object comprises the content data object and a content type identifier for the content data object; and
displaying a graphical object representing the content data object, wherein the graphical object indicates that the content data object is embedded within the signed data object.
-
-
13. The method of claim 12 further comprising:
-
determining whether the signed data object contains a signer information object;
in response to a determination that the signed data object contains a signer information object, determining whether the signer information object contains a private key;
in response to a determination that the signer information object contains a private key, recalculating a signature on contents within the content data object and storing the recalculated signature; and
in response to a determination that the signer information object does not contain a private key, deleting the signer information object.
-
-
14. The method of claim 12 further comprising:
dragging and dropping a graphical object representing the content data object on a graphical object representing the signed data object.
-
15. The method of claim 1 further comprising:
-
receiving a user request to add a certificate object to the signed data object;
storing the certificate object in the signed data object; and
displaying a graphical object representing the certificate object, wherein the graphical object indicates that the certificate object is embedded within the signed data object.
-
-
16. The method of claim 15 further comprising:
-
determining whether the certificate object is logically associated with a different certificate object embedded within the signed data object; and
in response to a determination that the certificate object is logically associated with a different certificate object embedded within the signed data object, displaying a visual indicator representing a logical association between the certificate object and the different certificate object.
-
-
17. The method of claim 15 further comprising:
dragging and dropping a graphical object representing the certificate object on a graphical object representing the signed data object.
-
18. The method of claim 1 further comprising:
-
receiving a user request to add a certificate revocation list object to the signed data object;
storing the certificate revocation list object in the signed data object; and
displaying a graphical object representing the certificate revocation list object, wherein the graphical object indicates that the certificate revocation list object is embedded within the signed data object.
-
-
19. The method of claim 18 further comprising:
-
determining whether the certificate revocation list object is logically associated with a certificate object embedded within the signed data object; and
in response to a determination that the certificate revocation list object is logically associated with a certificate object embedded within the signed data object, displaying a visual indicator representing a logical association between the certificate revocation list object and the certificate object.
-
-
20. The method of claim 18 further comprising:
dragging and dropping a graphical object representing the certificate revocation list object on a graphical object representing the signed data object.
-
21. The method of claim 1 further comprising:
-
receiving a user request to sign contents in a content object embedded in the signed data object;
generating a signer information object;
storing a signer information object in the signed data object; and
displaying a graphical object representing the signer information object, wherein the graphical object indicates that the signer information object is embedded within the signed data object.
-
-
22. The method of claim 21 further comprising:
dragging and dropping a graphical object representing a private key object on a graphical object representing a certificate object or content object.
-
23. A data processing system for processing signed data objects in the data processing system comprising a display, the data processing system comprising:
-
presenting means for presenting a signed data object; and
modifying means for modifying the signed data object through processing of user actions within a graphical user interface. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
first obtaining means for obtaining a signed data object, wherein the signed data object comprises a content data object and at least one signature-related data object;
first determining means for determining data objects contained within the signed data object;
first displaying means for displaying the signed data object, wherein data objects contained within the signed data object are represented by graphical objects;
second determining means for determining logical associations between data objects contained within the signed data object; and
second displaying means for displaying visual indicators between graphical objects, wherein the visual indicators represent logical associations between data objects contained within the signed data object.
-
-
26. The data processing system of claim 25 wherein the means for modifying the signed data object further comprises:
-
first selecting means for selecting a graphical object representing a data object contained within the signed data object;
third displaying means for displaying data values of the selected data object;
editing means for editing the data values of the selected data object; and
saving means for saving the data values of the selected data object in the signed data object.
-
-
27. The data processing system of claim 26 further comprising:
-
first identifying means for identifying a data type of the data object represented by the selected graphical object, wherein the selected data object is a content data object; and
second identifying means for identifying a default editor for displaying the selected data object according to the identified data type of the data object represented by the selected graphical object.
-
-
28. The data processing system of claim 26 wherein the means for modifying the signed data object further comprises:
-
second selecting means for selecting a graphical object representing a data object contained within the signed data object;
first receiving means for receiving a user action on the selected graphical object representing a deletion request; and
first deleting means for deleting from the signed data object the data object represented by the selected graphical request.
-
-
29. The method of claim 28 further comprising:
-
third determining means for determining whether the selected graphical object represents a certificate object;
fourth determining means for determining, in response to a determination that the selected graphical object represents a certificate object, whether the certificate object is logically associated with a different certificate object embedded within the signed data object;
first removing means for removing, in response to a determination that the certificate object is logically associated with a different certificate object embedded within the signed data object, a visual indicator representing a logical association between the certificate object and the different certificate object;
fifth determining means for determining whether the certificate object is logically associated with a signer information object;
second deleting means for deleting, in response to a determination that the certificate object is logically associated with a signer information object, the signer information object; and
second removing means for removing a visual indicator representing a logical association between the certificate object and the signer information object.
-
-
30. The data processing system of claim 28 further comprising:
-
sixth determining means for determining whether the selected graphical object represents a certificate revocation list object;
seventh determining means for determining, in response to a determination that the selected graphical object represents a certificate revocation list object, whether the certificate revocation list object is logically associated with a certificate object; and
third removing means for removing, in response to a determination that the certificate revocation list object is logically associated with a certificate object, a visual indicator representing a logical association between the certificate object and the certificate revocation list object.
-
-
31. The data processing system of claim 25 further comprising:
-
second receiving means for receiving a user request to send the signed data object;
second obtaining means for obtaining one or more e-mail addresses to which to send the signed data object;
first sending means for sending, in response to a determination that the signed data object contains a certificate object, an e-mail message comprising the certificate object to the one or more e-mail addresses; and
second sending means for sending, in response to a determination that the signed data object contains a signer information object, an e-mail message comprising the signed data object to the one or more e-mail addresses.
-
-
32. The data processing system of claim 25 further comprising:
-
third receiving means for receiving a user request to export the signed data object;
third obtaining means for obtaining a user-specified file name; and
first storing means for storing the signed data object in DER-encoded format in the user-specified file.
-
-
33. The data processing system of claim 25 further comprising:
-
fourth receiving means for receiving a user request to import the signed data object;
fourth obtaining means for obtaining a user-specified file name;
importing means for importing the signed data object in DER-encoded format from the user-specified file; and
populating means for populating the graphical objects representing data objects contained within the signed data object.
-
-
34. The data processing system of claim 23 further comprising:
-
fifth receiving means for receiving a user request to add a content data object to the signed data object;
first generating means for generating an encapsulated data object within the signed data object, wherein the encapsulated data object comprises the content data object and a content type identifier for the content data object; and
fourth displaying means for displaying a graphical object representing the content data object, wherein the graphical object indicates that the content data object is embedded within the signed data object.
-
-
35. The data processing system of claim 34 further comprising:
-
eighth determining means for determining whether the signed data object contains a signer information object;
ninth determining means for determining, in response to a determination that the signed data object contains a signer information object, whether the signer information object contains a private key;
recalculating means for recalculating, in response to a determination that the signer information object contains a private key, a signature on contents within the content data object and storing the recalculated signature; and
third deleting means for deleting, in response to a determination that the signer information object does not contain a private key, the signer information object.
-
-
36. The data processing system of claim 34 further comprising:
first dragging and dropping means for dragging and dropping a graphical object representing the content data object on a graphical object representing the signed data object.
-
37. The data processing system of claim 23 further comprising:
-
sixth receiving means for receiving a user request to add a certificate object to the signed data object;
second storing means for storing the certificate object in the signed data object; and
fifth displaying means for displaying a graphical object representing the certificate object, wherein the graphical object indicates that the certificate object is embedded within the signed data object.
-
-
38. The data processing system of claim 37 further comprising:
-
tenth determining means for determining whether the certificate object is logically associated with a different certificate object embedded within the signed data object; and
sixth displaying means for displaying, in response to a determination that the certificate object is logically associated with a different certificate object embedded within the signed data object, a visual indicator representing a logical association between the certificate object and the different certificate object.
-
-
39. The data processing system of claim 37 further comprising:
second dragging and dropping means for dragging and dropping a graphical object representing the certificate object on a graphical object representing the signed data object.
-
40. The data processing system of claim 23 further comprising:
-
seventh receiving means for receiving a user request to add a certificate revocation list object to the signed data object;
third storing means for storing the certificate revocation list object in the signed data object; and
seventh displaying means for displaying a graphical object representing the certificate revocation list object, wherein the graphical object indicates that the certificate revocation list object is embedded within the signed data object.
-
-
41. The data processing system of claim 40 further comprising:
-
eleventh determining means for determining whether the certificate revocation list object is logically associated with a certificate object embedded within the signed data object; and
eighth displaying means for displaying, in response to a determination that the certificate revocation list object is logically associated with a certificate object embedded within the signed data object, a visual indicator representing a logical association between the certificate revocation list object and the certificate object.
-
-
42. The data processing system of claim 40 further comprising:
third dragging and dropping means for dragging and dropping a graphical object representing the certificate revocation list object on a graphical object representing the signed data object.
-
43. The data processing system of claim 23 further comprising:
-
eighth receiving means for receiving a user request to sign contents in a content object embedded in the signed data object;
second generating means for generating a signer information object;
fourth storing means for storing a signer information object in the signed data object; and
ninth displaying means for displaying a graphical object representing the signer information object, wherein the graphical object indicates that the signer information object is embedded within the signed data object.
-
-
44. The data processing system of claim 43 further comprising:
fourth dragging and dropping means for dragging and dropping a graphical object representing a private key object on a graphical object representing a certificate object or content object.
-
45. A computer program product in a computer-readable medium for use in a data processing system for processing signed data objects, the computer program product comprising:
-
first instructions for presenting a signed data object; and
second instructions for modifying the signed data object through processing of user actions within a graphical user interface. - View Dependent Claims (46, 47, 48)
instructions for obtaining a signed data object, wherein the signed data object comprises a content data object and at least one signature-related data object;
instructions for determining data objects contained with the signed data object;
instructions for displaying the signed data object, wherein data objects contained within the signed data object are represented by graphical objects;
instructions for determining logical associations between data objects contained within the signed data object; and
instructions for displaying visual indicators between graphical objects, wherein the visual indicators represent logical associations between data objects contained within the signed data object.
-
-
48. The computer program product of claim 47 wherein the step of modifying the signed data object further comprises:
-
instructions for selecting a graphical object representing a data object contained within the signed data object;
instructions for displaying data values of the selected data object;
instructions for editing the data values of the selected data object; and
instructions for saving the data values of the selected data object in the signed data object.
-
Specification