System and methods for using a signature protocol by a nonsigning client
First Claim
1. A method for transmitting data according to a signature-based protocol comprising:
- generating, at a server and in response to a request from a nonsigning client device, a signature corresponding to a signature block having a covered data portion and an information object portion, the signature computed only on data in the covered data portion such that payload data is not included in computing the signature, the server conversant in a predetermined protocol and the signature and signature block conformant with the predetermined protocol;
storing, at the server, the signature in the signature block, the signature covering the covered data portion and the information object portion remaining independent of the signature;
transmitting from the server to the nonsigning client device, the signature block, the nonsigning client device conversant in the predetermined protocol and unable to generate the signature in the signature block, the signature block further operable to store, in the information object portion, payload data in a nondestructive manner so as to preserve the covered data portion and corresponding signature generated by the server without regenerating the signature, the covered data portion remaining unwritten by the nonsigning client device; and
storing, at the nonsigning client device, payload data in the information object portion, the signature block receivable by a recipient destination having capability to authenticate the signature and conversant in the predetermined protocol.
2 Assignments
0 Petitions
Accused Products
Abstract
In a networked computer environment, a client is unencumbered from signature generating components, yet conversant to transmit signature-based documents in a signature-based metalanguage such as XML. The nonsigning client/user invokes a signature from a signature server to send a payload of data in a signed message format to a recipient also conversant in the metalanguage, according to the metalanguage format. The nonsigning client receives a signature block including a signature value from the server. The client identifies a payload for transmission according to the metalanguage. Employing the metalanguage interpreter in client, the client stores the payload data in the signature block without disrupting the signature and the data it covers in the signature block. The nonsigning client the sends the resulting signature message including the payload data and the signature value, in the metalanguage format, to the recipient destination conversant in the metalanguage. Accordingly, the nonsigning client employs signature-based messages without the encumbrance of cryptographic components.
21 Citations
28 Claims
-
1. A method for transmitting data according to a signature-based protocol comprising:
-
generating, at a server and in response to a request from a nonsigning client device, a signature corresponding to a signature block having a covered data portion and an information object portion, the signature computed only on data in the covered data portion such that payload data is not included in computing the signature, the server conversant in a predetermined protocol and the signature and signature block conformant with the predetermined protocol; storing, at the server, the signature in the signature block, the signature covering the covered data portion and the information object portion remaining independent of the signature; transmitting from the server to the nonsigning client device, the signature block, the nonsigning client device conversant in the predetermined protocol and unable to generate the signature in the signature block, the signature block further operable to store, in the information object portion, payload data in a nondestructive manner so as to preserve the covered data portion and corresponding signature generated by the server without regenerating the signature, the covered data portion remaining unwritten by the nonsigning client device; and storing, at the nonsigning client device, payload data in the information object portion, the signature block receivable by a recipient destination having capability to authenticate the signature and conversant in the predetermined protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for transmitting data from a nonsigning client device according to a signature-based protocol comprising:
-
receiving, at a nonsigning client device, a signature block and a signature corresponding to the signature block generated by a server in response to a request from the nonsigning client device, the signature block having an information object portion and a covered data portion corresponding to the signature, the signature computed only on data in the covered data portion such that payload data is not included in computing the signature, the nonsigning client device unable to compute the signature and conversant in a predetermined protocol, the signature and signature block being conformant with the predetermined protocol; storing, at the nonsigning client device and in the information object portion of the signature block, payload data in a nondestructive manner so as to preserve the covered data portion and the corresponding signature generated by the server without regenerating the signature, the signature covering the covered data portion and the information object portion remaining independent of the signature, the covered data portion remaining unwritten by the nonsigning client device; and transmitting, from the nonsigning client device to a recipient destination conversant in the predetermined protocol, the signature block according the predetermined protocol, the information object portion included in the signature block according to the predetermined protocol, the signature block including the public key corresponding to a private key employed in generating the signature, the included public key thus providing a self-authentication message for delivery to the recipient destination. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A data communications device for transmitting data according to a signature-based protocol comprising:
-
a cryptographic engine operable to generate, by a server in response to a request from a nonsigning client device, a signature corresponding to a signature block, the signature block having a covered data portion and an information object portion, the signature computed only on data in the covered data portion such that payload data is not included in computing the signature, the server conversant in a predetermined protocol and the signature and signature block being conformant with the predetermined protocol; a metalanguage processor conversant in the predetermined protocol and operable to store the signature in the signature block, the signature block further including a signature value portion, the metalanguage processor further operable to store, in the signature value portion, authentication indicators according to the predetermined protocol, wherein storing further comprise storing the signature in the signature value portion; and an interface in the data communications device operable to transmit, according to the predetermined protocol, the signature block to the nonsigning client device conversant in the predetermined protocol and unencumbered by signature generation operability, the metalanguage processor being further operable to generate the signature block having the information object portion, the information object portion further operable for storing the payload data at the nonsigning client device, the signature block further operable to receive and store, in the information object portion, payload data in a nondestructive manner so as to preserve the covered data portion and corresponding signature generated by the server without regenerating the signature, the signature block being a script having fields defined by a predetermined metalanguage syntax, the metalanguage syntax defining the position of the covered data portion and corresponding signature, the signature block receivable by a recipient device conversant in the predetermined metalanguage syntax for decoding the message. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A computer program product having an encoded set of processor based instructions defined as computer program code on a computer readable storage medium operable to store computer program logic embodied in computer program code encoded thereon for transmitting data from a nonsigning client device according to a signature-based protocol comprising:
-
computer program code for receiving, at the nonsigning client device, a signature block and a signature corresponding to the signature block generated by a server in response to a request from the nonsigning client device, the signature block having an information object portion and a covered data portion corresponding to the signature, the signature computed only on data in the covered data portion such that payload data is not included in computing the signature, the receiving nonsigning client device conversant in a predetermined protocol and the signature and signature block being conformant with the predetermined protocol; computer program code for storing, in the information object portion of the signature block, payload data in a nondestructive manner so as to preserve the covered data portion and the corresponding signature generated by the server without regenerating the signature, the covered data portion remaining unwritten by the nonsigning client device, wherein storing in the information object portion further comprises storing the payload data in the information object portion at the nonsigning client device, the nonsigning client device being unencumbered by signature generation operability; and computer program code for transmitting, according to the predetermined protocol, the signature block to a recipient destination conversant in the predetermined protocol, the information object portion included in the signature block according to the predetermined protocol, wherein the signature block further includes a signature value portion, the signature value portion operable to store the signature as an authentication indicator according to the predetermined protocol, wherein storing further comprises storing the signature in the signature value portion, the signature covering the covered data portion and the information object portion remaining independent of the signature, the signature block being a script having fields defined by a predetermined metalanguage syntax, the metalanguage syntax defining the position of the covered data portion and corresponding signature, the signature block receivable by a recipient device conversant in the predetermined metalanguage syntax for decoding the message.
-
-
27. A method for transmitting data in conformance with a signature-based protocol comprising:
-
transmitting, from a nonsigning client device to a server, a request for a signature block operable to store signature based data corresponding to a predetermined protocol; generating, at the server, a signature block having a covered data portion corresponding to a signature and an information object portion for storing payload data independent of the signature; computing, at the server, a signature based only on the covered data portion such that payload data is not included in computing the signature; storing, at the server, the computed signature in the signature block; transmitting, from the server to the nonsigning client device, the signature block, the nonsigning client device conversant in the predetermined protocol and unable to compute and authenticate the signature; populating, at the nonsigning client device, the information object portion of the signature block with payload data without destroying and regenerating the signature, the information object portion independent of the signature generated by the server, the populating preserving the covered data portion and the corresponding computed signature according to the predetermined protocol such that the populating is not included in computing the signature, the covered data portion remaining unwritten by the nonsigning client device; and transmitting, from the nonsigning client device to a destination, the signature block, the destination operable to (i) receive and authenticate the signature and corresponding covered data portion and (ii) receive the payload data in the information object portion. - View Dependent Claims (28)
-
Specification