Techniques for attesting to content

US 7,574,479 B2
Filed: 01/24/2006
Issued: 08/11/2009
Est. Priority Date: 01/24/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method implemented in a computer-readable medium and to execute on a computer for performing the method, comprising:

receiving content in a message from a sender;

acquiring a signed version of a message digest for the content, wherein the signed version was signed by an identity service on behalf of the sender indicating that content of the message was attested to by the identity service via the signature, a presence of the signature from the identity service serves as an attestation that the content is from the sender;

validating the signed version of the message digest; and

processing policy in response to validating the signed version of the message digest.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for attesting to content received from an author (sender) are provided. A sender'"'"'s content is represented by a message digest. The message digest is signed by an identity service. The signed message digest represents an attestation as to the authenticity of the content from the sender. The sender transmits the signed message digest and content in a message to a recipient. The recipient verifies the signature and message digest to authenticate the content from the sender.

63 Citations

View as Search Results

25 Claims

1. A computer-implemented method implemented in a computer-readable medium and to execute on a computer for performing the method, comprising:
- receiving content in a message from a sender;
  
  acquiring a signed version of a message digest for the content, wherein the signed version was signed by an identity service on behalf of the sender indicating that content of the message was attested to by the identity service via the signature, a presence of the signature from the identity service serves as an attestation that the content is from the sender;
  
  validating the signed version of the message digest; and
  
  processing policy in response to validating the signed version of the message digest.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein acquiring further includes identifying a name of a service provider that provided the signed version of the message digest from metadata associated with the message digest.
  - 3. The method of claim 1, wherein validating further includes reproducing an independent version of the message digest and comparing that independent version to the acquired version, and if equal and if a signature associated with the signed message digest is verified, then determining the content from the sender is authenticated.
  - 4. The method of claim 1 further comprising, requesting a different identity service to assist in validating the signed version of the message digest, wherein the different identity service interacts with the identity service that originally signed the message digest on behalf of the sender.
  - 5. The method of claim 1, wherein processing policy further includes adding the identity service associated with the signature of the signed version of the message digest to a list of trusted identity services after the signed version of the message digest is validated.
  - 6. The method of claim 1, wherein processing policy further includes notifying a sender if the signed version of the message digest is not validated indicating the content has been tampered with.
  - 7. The method of claim 1, wherein processing policy further includes logging the signature.

8. A computer-implemented method implemented in a computer-readable medium and to execute on a computer for performing the method, comprising:
- submitting content to an identity service, wherein the identity service generates and supplies a message digest for the content;
  
  receiving an authorship attestation certification (AAC) from the identity service for the content, the AAC includes a signature of the identity service along with the message digest; and
  
  sending the content and the AAC to a recipient as a message.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 further comprising, authenticating to the identity service before submitting the content.
  - 10. The method of claim 8 further comprising, sending the message using a protocol associated with at least one of Multipurpose Internet Mail Extension (MIME), Secure MIME (S/MIME), Transmission Control Protocol (TCP), and Really Simple Syndication (RSS).
  - 11. The method of claim 8 further comprising, sending the message as at least one of an electronic mail (email) transaction, an instant messaging (IM) transaction, and a text message transaction.
  - 12. The method of claim 8, wherein receiving further includes receiving the AAC with additional metadata that includes usage limitations for the content.

13. A computer-implemented method implemented in a computer-readable medium and to execute on a computer for performing the method, comprising:
- receiving content from a sender, and generating a message digest from the content;
  
  generating a signature for the message digest, the signature provided on behalf of the sender to verify that the sender created the content and the signature is for an identity service acting on behalf of sender;
  
  supplying the signature and the message digest back to the sender, wherein the sender uses the message digest and the signature to attest to the authenticity of the content as being from the sender via the signature of the identity service.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13 further comprising, authenticating the sender before receiving the message digest.
  - 15. The method of claim 13 further comprising, augmenting the signature and message digest with metadata that includes at least one of usage limitations, attributes associated with the sender, identifiers associated with policy, and identifiers associated with the signature.
  - 16. The method of claim 13, wherein supplying further includes supplying the signature and message digest as a Security Assertion Markup Language (SAML) assertion.
  - 17. The method of claim 13 further comprising, receiving the signature and the message digest from a recipient that the sender sent the content to and verifying the signature for the recipient to authenticate the content.
  - 18. The method of claim 13, receiving the signature and the message digest from a different identity service on behalf of a recipient that the sender sent the content to and verifying the signature on behalf of the different identity service.

19. A computer-implemented system to be processed by one or more computers, comprising:
- an Authorship Attestation Certificate (AAC) implemented in a computer-readable medium; and
  
  an identity service implemented in a computer-readable medium and to be processed by a computer, wherein the identity service is to create the AAC on behalf of a sender of content in response to a message digest for that content, and wherein the AAC is a signed copy of the message digest, signed by the identity service on behalf of the sender with a signature of the identity service and the signature is used by the sender to attest that the content originates from the sender, and wherein the identity service is to supply the AAC back to the sender.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The system of claim 19, wherein the identity service augments the AAC with metadata and the metadata includes at least one of references to the identity service, attributes of the sender and usage limitations with respect to the content.
  - 21. The system of claim 19, wherein the AAC is supplied by the identity service to the sender as an assertion, and the assertion is relied upon by one or more recipients for purposes of authenticating the content.
  - 22. The system of claim 19, wherein the AAC and content are to be supplied by the sender to one or more recipients as at least one of an electronic mail (email) message, an instant message (IM), and a text message.
  - 23. The system of claim 19, wherein the identity service is to subsequently verify the signature of the AAC on behalf of one or more recipients.
  - 24. The system of claim 19, wherein the identity service is to subsequently verify the signature of the AAC on behalf of one or more different identity services communicating with one or more recipients.
  - 25. The system of claim 19, wherein the AAC is to be tagged with the content of a message within at least one of a Multipurpose Internet Mail Extensions (MIME) protocol, Secure MIME (S/MIME) protocol, Really Simple Syndication (RSS) protocol, Transmission Control Protocol (TCP), Extensible Markup Language (XML), and Standard Generalized Markup Language (SGML).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Burch, Lloyd Leon, Morris, Cameron Craig, Kinser, Stephen Hugh
Primary Examiner(s)
Meky; Moustafa M

Application Number

US11/338,393
Publication Number

US 20070174406A1
Time in Patent Office

1,295 Days
Field of Search

709200-207, 713/155, 713/156, 713/176, 713/180, 713/181, 713/182, 713161-166
US Class Current

709/207
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 21/645   using a third party

G06F 2221/2115   Third party

Techniques for attesting to content

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for attesting to content

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links