Method and system for presentation and manipulation of PKCS enveloped-data objects
First Claim
1. A method for processing enveloped data objects in a data processing system comprising a display, the method comprising the computer-implemented steps of:
- presenting an enveloped data object; and
modifying the enveloped data object through processing of user actions within a graphical user interface.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for processing enveloped data objects in a data processing system. The enveloped data object may be formatted as defined by PKCS (Public Key Cryptography Standard) standards. An enveloped data object utility allows a user to view and edit the contents of data objects embedded within an enveloped data object via a graphical user interface. Graphical objects represent the data objects embedded within an enveloped data object. A user may drag and drop objects onto other objects within the enveloped data object, and the enveloped data object utility automatically performs the necessary encrypting operations. Logical associations between data objects contained within the enveloped data object are determined or created, and the logical associations are displayed using visual indicators. As data objects are added or deleted through user actions on the graphical objects, the visual indicators are updated.
62 Citations
50 Claims
-
1. A method for processing enveloped data objects in a data processing system comprising a display, the method comprising the computer-implemented steps of:
-
presenting an enveloped data object; and
modifying the enveloped data object through processing of user actions within a graphical user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
2. The method of claim 1 wherein the enveloped data object is formatted according to PKCS (Private Key Cryptography Standard) standards, and wherein the enveloped data object is presented on the display.
-
3. The method of claim 1 wherein the step of presenting the enveloped data object further comprises:
-
obtaining an enveloped data object, wherein the enveloped data object comprises a content data object and at least one content encryption key object;
determining data objects contained with the enveloped data object;
displaying the enveloped data object, wherein data objects contained within the enveloped data object are represented by graphical objects;
determining logical associations between data objects contained within the enveloped data object; and
displaying visual indicators between graphical objects, wherein the visual indicators represent logical associations between data objects contained within the enveloped data object.
-
-
4. The method of claim 3 wherein the step of modifying the enveloped data object further comprises:
-
selecting a graphical object representing a data object contained within the enveloped data object;
displaying data values of the selected data object;
editing the data values of the selected data object; and
saving the data values of the selected data object in the enveloped data object.
-
-
5. The method of claim 4 further comprising:
-
identifying a data type of the data object represented by the selected graphical object, wherein the selected data object is a content data object; and
identifying a default editor for displaying the selected data object according to the identified data type of the data object represented by the selected graphical object.
-
-
6. The method of claim 4 wherein the step of modifying the enveloped data object further comprises:
-
selecting a graphical object representing a data object contained within the enveloped data object;
receiving a user action on the selected graphical object representing a deletion request; and
deleting from the enveloped data object the data object represented by the selected graphical request.
-
-
7. The method of claim 6 further comprising:
-
determining whether the selected graphical object represents a certificate object;
in response to a determination that the selected graphical object represents a certificate object;
determining whether the certificate object is logically associated with a different certificate object embedded within the enveloped data object; and
in response to a determination that the certificate object is logically associated with a different certificate object embedded within the enveloped data object, removing a visual indicator representing a logical association between the certificate object and the different certificate object;
determining whether the certificate object is logically associated with a recipient information object;
in response to a determination that the certificate object is logically associated with a recipient information object;
deleting the recipient information object; and
removing a visual indicator representing a logical association between the certificate object and the recipient information object.
-
-
8. The method of claim 6 further comprising:
-
determining whether the selected graphical object represents a certificate revocation list object;
in response to a determination that the selected graphical object represents a certificate revocation list object;
determining whether the certificate revocation list object is logically associated with a certificate object; and
in response to a determination that the certificate revocation list object is logically associated with a certificate object, removing a visual indicator representing a logical association between the certificate object and the certificate revocation list object.
-
-
9. The method of claim 3 further comprising:
-
receiving a user request to send the enveloped data object;
obtaining one or more e-mail addresses to which to send the enveloped data object; and
in response to a determination that the enveloped data object contains a recipient information object, sending an e-mail message comprising the enveloped data object to the one or more e-mail addresses.
-
-
10. The method of claim 3 further comprising:
-
receiving a user request to export the enveloped data object;
obtaining a user-specified file name; and
storing the enveloped data object in DER-encoded format in the user-specified file.
-
-
11. The method of claim 3 further comprising:
-
receiving a user request to import the enveloped data object;
obtaining a user-specified file name;
importing the enveloped data object in DER-encoded format from the user-specified file; and
populating the graphical objects representing data object contained within the enveloped data object.
-
-
12. The method of claim 1 further comprising:
-
receiving a user request to add a content data object to the enveloped data object;
determining whether an encryption key data object is embedded in the enveloped data object;
in response to a determination that an encryption key data object is not embedded in the enveloped data object;
storing the content data object within the enveloped data object;
displaying a graphical object representing the content data object, wherein the graphical object indicates that the content data object is embedded within the enveloped data object;
in response to a determination that an encryption key data object is embedded in the enveloped data object;
generating an encrypted content data object within the enveloped data object, wherein the encrypted content data object comprises encrypted content for the content data object, a content type identifier for the encrypted content, and an encryption algorithm identifier;
enabling a decrypt button for decrypting the encrypted content data object; and
displaying a graphical object representing the encrypted content data object, wherein the graphical object indicates that the encrypted content data object is embedded within the enveloped data object.
-
-
13. The method of claim 12 further comprising:
dragging and dropping a graphical object representing the content data object on a graphical object representing the enveloped data object.
-
14. The method of claim 1 further comprising:
-
receiving a user request to add a certificate object to the enveloped data object;
storing the certificate object in the enveloped data object; and
displaying a graphical object representing the certificate object, wherein the graphical object indicates that the certificate object is embedded within the enveloped data object.
-
-
15. The method of claim 14 further comprising:
-
determining whether the certificate object is logically associated with a different certificate object embedded within the enveloped data object; and
in response to a determination that the certificate object is logically associated with a different certificate object embedded within the enveloped data object, displaying a visual indicator representing a logical association between the certificate object and the different certificate object.
-
-
16. The method of claim 14 further comprising:
-
determining whether an encryption key data object is embedded in the enveloped data object;
in response to a determination that an encryption key data object is embedded in the enveloped data object, receiving user input requesting generation of a recipient information object;
generating a recipient information object;
storing the recipient information object in the enveloped data object; and
displaying a graphical object representing the recipient information object, wherein the graphical object indicates that the recipient information object is embedded within the enveloped data object; and
displaying a visual indicator representing a logical association between the recipient information object and an associated certificate object.
-
-
17. The method of claim 14 further comprising:
dragging and dropping a graphical object representing the certificate object on a graphical object representing the enveloped data object.
-
18. The method of claim 1 further comprising:
-
receiving a user request to add a certificate revocation list object to the enveloped data object;
storing the certificate revocation list object in the enveloped data object; and
displaying a graphical object representing the certificate revocation list object, wherein the graphical object indicates that the certificate revocation list object is embedded within the enveloped data object.
-
-
19. The method of claim 18 further comprising:
-
determining whether the certificate revocation list object is logically associated with a certificate object embedded within the enveloped data object; and
in response to a determination that the certificate revocation list object is logically associated with a certificate object embedded within the enveloped data object, displaying a visual indicator representing a logical association between the certificate revocation list object and the certificate object.
-
-
20. The method of claim 18 further comprising:
dragging and dropping a graphical object representing the certificate revocation list object on a graphical object representing the enveloped data object.
-
21. The method of claim 3 further comprising:
-
receiving a user request to encrypt a content data object embedded in the enveloped data object;
generating an encrypted content data object within the enveloped data object, wherein the encrypted content data object comprises encrypted content for the content data object, a content type identifier for the encrypted content, and an encryption algorithm identifier;
enabling a decrypt button for decrypting the encrypted content data object; and
displaying a graphical object representing the encrypted content data object, wherein the graphical object indicates that the encrypted content data object is embedded within the enveloped data object.
-
-
22. The method of claim 3 further comprising:
-
receiving a user request to decrypt an encrypted content data object embedded in the enveloped data object;
decrypting the encrypted content data object to a content data object embedded in the enveloped data object;
enabling a encrypt button for encrypting the content data object; and
displaying a graphical object representing the content data object, wherein the graphical object indicates that the content data object is embedded within the enveloped data object.
-
-
23. The method of claim 3 further comprising:
-
receiving a user request to select an encryption key algorithm;
deleting an encryption key embedded in the enveloped data object; and
removing the encryption key from recipient information objects embedded in the enveloped data object.
-
-
2. The method of claim 1 wherein the enveloped data object is formatted according to PKCS (Private Key Cryptography Standard) standards, and wherein the enveloped data object is presented on the display.
-
-
24. A data processing system for processing enveloped data objects in the data processing system comprising a display, the data processing system comprising:
-
presenting means for presenting an enveloped data object; and
modifying means for modifying the enveloped data object through processing of user actions within a graphical user interface. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
25. The data processing system of claim 24 wherein the enveloped data object is formatted according to PKCS (Private Key Cryptography Standard) standards, and wherein the enveloped data object is presented on the display.
-
26. The data processing system of claim 24 wherein the means for presenting the enveloped data object further comprises:
-
obtaining means for obtaining an enveloped data object, wherein the enveloped data object comprises a content data object and at least one content encryption key object;
first determining means for determining data objects contained with the enveloped data object;
first displaying means for displaying the enveloped data object, wherein data objects contained within the enveloped data object are represented by graphical objects;
second determining means for determining logical associations between data objects contained within the enveloped data object; and
second displaying means for displaying visual indicators between graphical objects, wherein the visual indicators represent logical associations between data objects contained within the enveloped data object.
-
-
27. The data processing system of claim 26 wherein the means for modifying the enveloped data object further comprises:
-
first selecting means for selecting a graphical object representing a data object contained within the enveloped data object;
third displaying means for displaying data values of the selected data object;
editing means for editing the data values of the selected data object; and
saving means for saving the data values of the selected data object in the enveloped data object.
-
-
28. The data processing means of claim 27 further comprising:
-
first identifying means for identifying a data type of the data object represented by the selected graphical object, wherein the selected data object is a content data object; and
second identifying means for identifying a default editor for displaying the selected data object according to the identified data type of the data object represented by the selected graphical object.
-
-
29. The data processing system of claim 27 wherein the means for modifying the enveloped data object further comprises:
-
second selecting means for selecting a graphical object representing a data object contained within the enveloped data object;
first receiving means for receiving a user action on the selected graphical object representing a deletion request; and
first deleting means for deleting from the enveloped data object the data object represented by the selected graphical request.
-
-
30. The data processing system of claim 29 further comprising:
-
third determining means for determining whether the selected graphical object represents a certificate object;
fourth determining means for determining, in response to a determination that the selected graphical object represents a certificate object, whether the certificate object is logically associated with a different certificate object embedded within the enveloped data object;
first removing means for removing, in response to a determination that the certificate object is logically associated with a different certificate object embedded within the enveloped data object, a visual indicator representing a logical association between the certificate object and the different certificate object;
fifth determining means for determining whether the certificate object is logically associated with a recipient information object;
second deleting means for deleting, in response to a determination that the certificate object is logically associated with a recipient information object, the recipient information object; and
second removing means for removing, in response to a determination that the certificate object is logically associated with a recipient information object, a visual indicator representing a logical association between the certificate object and the recipient information object.
-
-
31. The data processing system of claim 29 further comprising:
-
sixth determining means for determining whether the selected graphical object represents a certificate revocation list object;
seventh determining means for determining, in response to a determination that the selected graphical object represents a certificate revocation list object, whether the certificate revocation list object is logically associated with a certificate object; and
third removing means for removing, in response to a determination that the certificate revocation list object is logically associated with a certificate object, a visual indicator representing a logical association between the certificate object and the certificate revocation list object.
-
-
32. The data processing system of claim 26 further comprising:
-
second receiving means for receiving a user request to send the enveloped data object;
first obtaining means for obtaining one or more e-mail addresses to which to send the enveloped data object; and
first sending means for sending, in response to a determination that the enveloped data object contains a recipient information object, an e-mail message comprising the enveloped data object to the one or more e-mail addresses.
-
-
33. The data processing system of claim 26 further comprising:
-
third receiving means for receiving a user request to export the enveloped data object;
second obtaining means for obtaining a user-specified file name; and
first storing means for storing the enveloped data object in DER-encoded format in the user-specified file.
-
-
34. The data processing system of claim 26 further comprising:
-
fourth receiving means for receiving a user request to import the enveloped data object;
third obtaining means for obtaining a user-specified file name;
importing means for importing the enveloped data object in DER-encoded format from the user-specified file; and
populating means for populating the graphical objects representing data object contained within the enveloped data object.
-
-
35. The data processing system of claim 24 further comprising:
-
fifth receiving means for receiving a user request to add a content data object to the enveloped data object;
eighth determining means for determining whether an encryption key data object is embedded in the enveloped data object;
second storing means for storing, in response to a determination that an encryption key data object is not embedded in the enveloped data object, the content data object within the enveloped data object;
fourth displaying means for displaying, in response to a determination that an encryption key data object is not embedded in the enveloped data object, a graphical object representing the content data object, wherein the graphical object indicates that the content data object is embedded within the enveloped data object;
first generating means for generating, in response to a determination that an encryption key data object is embedded in the enveloped data object, an encrypted content data object within the enveloped data object, wherein the encrypted content data object comprises encrypted content for the content data object, a content type identifier for the encrypted content, and an encryption algorithm identifier;
first enabling means for enabling, in response to a determination that an encryption key data object is embedded in the enveloped data object, a decrypt button for decrypting the encrypted content data object; and
fifth displaying means for displaying, in response to a determination that an encryption key data object is embedded in the enveloped data object, a graphical object representing the encrypted content data object, wherein the graphical object indicates that the encrypted content data object is embedded within the enveloped data object.
-
-
36. The data processing system of claim 35 further comprising:
first dragging and dropping means for dragging and dropping a graphical object representing the content data object on a graphical object representing the enveloped data object.
-
37. The data processing system of claim 24 further comprising:
-
sixth receiving means for receiving a user request to add a certificate object to the enveloped data object;
third storing means for storing the certificate object in the enveloped data object; and
sixth displaying means for displaying a graphical object representing the certificate object, wherein the graphical object indicates that the certificate object is embedded within the enveloped data object.
-
-
38. The data processing system of claim 37 further comprising:
-
ninth determining means for determining whether the certificate object is logically associated with a different certificate object embedded within the enveloped data object; and
seventh displaying means for displaying, in response to a determination that the certificate object is logically associated with a different certificate object embedded within the enveloped data object, a visual indicator representing a logical association between the certificate object and the different certificate object.
-
-
39. The data processing system of claim 37 further comprising:
-
tenth determining means for determining whether an encryption key data object is embedded in the enveloped data object;
receiving means for receiving, in response to a determination that an encryption key data object is embedded in the enveloped data object, user input requesting generation of a recipient information object;
second generating means for generating the recipient information object;
third storing means for storing the recipient information object in the enveloped data object; and
eighth displaying means for displaying a graphical object representing the recipient information object, wherein the graphical object indicates that the recipient information object is embedded within the enveloped data object; and
ninth displaying means for displaying a visual indicator representing a logical association between the recipient information object and an associated certificate object.
-
-
40. The data processing system of claim 37 further comprising:
second dragging and dropping means for dragging and dropping a graphical object representing the certificate object on a graphical object representing the enveloped data object.
-
41. The data processing system of claim 24 further comprising:
-
seventh receiving means for receiving a user request to add a certificate revocation list object to the enveloped data object;
third storing means for storing the certificate revocation list object in the enveloped data object; and
tenth displaying means for displaying a graphical object representing the certificate revocation list object, wherein the graphical object indicates that the certificate revocation list object is embedded within the enveloped data object.
-
-
42. The data processing system of claim 41 further comprising:
-
eleventh determining means for determining whether the certificate revocation list object is logically associated with a certificate object embedded within the enveloped data object; and
eleventh displaying means for displaying, in response to a determination that the certificate revocation list object is logically associated with a certificate object embedded within the enveloped data object, a visual indicator representing a logical association between the certificate revocation list object and the certificate object.
-
-
43. The data processing system of claim 41 further comprising:
third dragging and dropping means for dragging and dropping a graphical object representing the certificate revocation list object on a graphical object representing the enveloped data object.
-
44. The data processing system of claim 26 further comprising:
-
eighth receiving means for receiving a user request to encrypt a content data object embedded in the enveloped data object;
third generating means for generating an encrypted content data object within the enveloped data object, wherein the encrypted content data object comprises encrypted content for the content data object, a content type identifier for the encrypted content, and an encryption algorithm identifier;
second enabling means for enabling a decrypt button for decrypting the encrypted content data object; and
twelfth displaying means for displaying a graphical object representing the encrypted content data object, wherein the graphical object indicates that the encrypted content data object is embedded within the enveloped data object.
-
-
45. The data processing system of claim 26 further comprising:
-
ninth receiving means for receiving a user request to decrypt an encrypted content data object embedded in the enveloped data object;
decrypting means for decrypting the encrypted content data object to a content data object embedded in the enveloped data object;
third enabling means for enabling a encrypt button for encrypting the content data object; and
thirteenth displaying means for displaying a graphical object representing the content data object, wherein the graphical object indicates that the content data object is embedded within the enveloped data object.
-
-
46. The data processing system of claim 26 further comprising:
-
tenth receiving means for receiving a user request to select an encryption key algorithm;
third deleting means for deleting an encryption key embedded in the enveloped data object; and
fourth removing means for removing the encryption key from recipient information objects embedded in the enveloped data object.
-
-
25. The data processing system of claim 24 wherein the enveloped data object is formatted according to PKCS (Private Key Cryptography Standard) standards, and wherein the enveloped data object is presented on the display.
-
-
47. A computer program product in a computer-readable medium for use in a data processing system for processing enveloped data objects, the computer program product comprising:
-
first instructions for presenting an enveloped data object; and
second instructions for modifying the enveloped data object through processing of user actions within a graphical user interface. - View Dependent Claims (48, 49, 50)
-
48. The computer program product of claim 47 wherein the enveloped data object is formatted according to PKCS (Private Key Cryptography Standard) standards, and wherein the enveloped data object is presented on the display.
-
49. The computer program product of claim 47 wherein the instructions for presenting the enveloped data object further comprise:
-
instructions for obtaining an enveloped data object, wherein the enveloped data object comprises a content data object and at least one content encryption key object;
instructions for determining data objects contained with the enveloped data object;
instructions for displaying the enveloped data object, wherein data objects contained within the enveloped data object are represented by graphical objects;
instructions for determining logical associations between data objects contained within the enveloped data object; and
instructions for displaying visual indicators between graphical objects, wherein the visual indicators represent logical associations between data objects contained within the enveloped data object.
-
-
50. The computer program product of claim 49 wherein the instructions for modifying the enveloped data object further comprise:
-
instructions for selecting a graphical object representing a data object contained within the enveloped data object;
instructions for displaying data values of the selected data object;
instructions for editing the data values of the selected data object; and
instructions for saving the data values of the selected data object in the enveloped data object.
-
-
48. The computer program product of claim 47 wherein the enveloped data object is formatted according to PKCS (Private Key Cryptography Standard) standards, and wherein the enveloped data object is presented on the display.
-
Specification
- Resources
-
Current AssigneePayPal, Inc. (PayPal Holdings, Inc.)
-
Original AssigneeInternational Business Machines Corporation
-
InventorsNadalin, Anthony Joseph, Shrader, Theodore Jack London, Yarsa, Julianne, Rich, Bruce Arland
-
Primary Examiner(s)CALDWELL, ANDREW T
-
Assistant Examiner(s)Fields, Courtney
-
Application NumberUS09/460,839Time in Patent Office2,030 DaysField of Search380/30, 380/29, 713/156, 713/158, 713/167, 713/181US Class Current380/30CPC Class CodesG06F 21/6209 to a single file or object,...H04L 2209/60 Digital content management,...H04L 2209/805 Lightweight hardware, e.g. ...H04L 9/3268 using certificate validatio...