Method and system for authenticating messages exchanged in a communications system

US 7,634,280 B2
Filed: 02/02/2006
Issued: 12/15/2009
Est. Priority Date: 02/17/2005
Status: Active Grant

First Claim

Patent Images

1. In a communications system supporting the exchange of messages, a method for authenticating messages, comprising the step of:

receiving a first message to be authenticated from a message sender to a signature generator entity in the communication system, wherein the signature generator entity is a computer program executed by a processor of a computer system coupled to the communication system;

the processor that executes the signature generator entity generating a signature with respect to the received first message, the signature being dependent on the message sender, wherein said signature comprises a first-level key and a second-level key, wherein the first-level key is determined by information regarding the message sender, and wherein the second-level key is determined by information regarding the signature generator entity;

sending back to the message sender an authenticated first message, the authenticated first message including the generated signature;

forwarding the authenticated first message from the message sender to a message recipient;

receiving, from the message recipient, a second message that requests verifying the forwarded first message;

sending the received second message to a signature verifier entity for a verification outcome of the first message;

receiving the verification outcome from the signature verifier entity that had verified the validity of the signature in the authenticated first message; and

notifying the message recipient of the verification outcome.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a communications system supporting the exchange of messages, a method for authenticating messages, comprising: having a message sender send a message to be authenticated to a signature generator entity in the communications system; having the signature generator entity generate a signature with respect to the received message, the signature being dependent on the message sender; having the signature generator entity send back to the message sender an authenticated message, the authenticated message including the generated signature; having the message sender forward the authenticated message to a message recipient; having the message recipient send the received message to a signature verifier entity in the communications system; having the signature verifier entity verify the validity of the signature, and notifying the message recipient of an outcome of the validity verification.

Citations

19 Claims

1. In a communications system supporting the exchange of messages, a method for authenticating messages, comprising the step of:
- receiving a first message to be authenticated from a message sender to a signature generator entity in the communication system, wherein the signature generator entity is a computer program executed by a processor of a computer system coupled to the communication system;
  
  the processor that executes the signature generator entity generating a signature with respect to the received first message, the signature being dependent on the message sender, wherein said signature comprises a first-level key and a second-level key, wherein the first-level key is determined by information regarding the message sender, and wherein the second-level key is determined by information regarding the signature generator entity;
  
  sending back to the message sender an authenticated first message, the authenticated first message including the generated signature;
  
  forwarding the authenticated first message from the message sender to a message recipient;
  
  receiving, from the message recipient, a second message that requests verifying the forwarded first message;
  
  sending the received second message to a signature verifier entity for a verification outcome of the first message;
  
  receiving the verification outcome from the signature verifier entity that had verified the validity of the signature in the authenticated first message; and
  
  notifying the message recipient of the verification outcome.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the signature generator entity includes the signature verifier entity.
  - 3. The method according to claim 2, wherein the message includes a textual message.
  - 4. The method of claim 1, wherein the communications system includes a wireless communications network.
  - 5. The method according to claim 4, wherein the communications system supports a messaging service, particularly a Short Messaging Service (SMS), and the message to be authenticated includes an SMS message.
  - 6. The method of claim 5, further comprising generating the first-level key based on a user-related key (Uka) based on a timestamp and user data, wherein the timestamp represents a point of time when the signature is generated, and wherein the user data describe a sender user who is associated with the message sender, the user data comprising subscription information that the sender user had provided and had been stored in a subscriber users database coupled to the signature generator entity.
  - 7. The method of claim 6, further comprising having the sender user providing to the signature generator entity a personal identification code (PINa), and having the signature generator entity authenticate the sender user based on the provided personal identification code by generating the first-level key based on the user-related key (Uka) based on the timestamp, the user data, and the personal identification code (PINa).
  - 8. The method of claim 7, further comprising the sender user placing the personal identification code in the SMS message to be authenticated.
  - 9. The method of claim 8, further comprising the signature generator entity utilizing the personal identification code to obtain the user-related key.
  - 10. The method of claim 9, further comprising having the signature generator entity generating said signature by applying a cryptographic hash function to the message to be authenticated, using the user-related key.
  - 11. The method of claim 10, further comprising generating the second-level key of the signature by applying a cryptographic hash function or a digesting function to data comprising an identifier for the signature generator entity, a timestamp for a point of time when said generating is performed, and a random number for security.
  - 12. The method of claim 11, further comprising the signature verifier entity verifying the validity of the signature includes generating a signature of the message using the sender user-related key, and comparing the generated signature with the signature included in the message received from the recipient.
  - 13. A communications network comprising a message authenticator system, the message authenticator system comprising:
    - a processor and a computer readable storage medium coupled to the processor, said computer readable storage medium containing instructions that when executed by the processor implement the method of claim 12.

14. A system for authenticating messages, comprising:
- a processor and a computer readable storage medium coupled to the processor, said computer readable storage medium containing instructions that when executed by the processor implement authenticating messages in the communication system, said authenticating comprising;
  
  receiving a first message to be authenticated from a message sender to a signature generator entity in the communication system, wherein the signature generator entity is a computer program executed by a processor of a computer system coupled to the communication system;
  
  the signature generator entity generating a signature with respect to the received first message, the signature being dependent on the message sender, wherein said signature comprising a first-level key and a second-level key, wherein the first-level key is determined by information regarding the message sender, and wherein the second-level key is determined by information regarding the signature generator entity;
  
  sending back to the message sender an authenticated first message, the authenticated first message including the generated signature;
  
  forwarding the authenticated first message from the message sender to a message recipient;
  
  receiving, from the message recipient, a second message that requests verifying the forwarded first message;
  
  sending the received second message to a signature verifier entity for a verification outcome of the first message;
  
  receiving the verification outcome from the signature verifier entity that had verified the validity of the signature in the authenticated first message; and
  
  notifying the message recipient of the verification outcome.

15. In a communications system supporting the exchange of messages, a method for authenticating messages, comprising the steps of:
- sending a message to be authenticated from a message sender to a signature generator entity in the communication system, the signature generator entity generating a signature with respect to the received message, the signature being dependent on the message sender, and sending back to the message sender an authenticated message, the authenticated message including the generated signature;
  
  forwarding the authenticated message from the message sender to a message recipient;
  
  sending the received message from the message recipient to a signature verifier entity; and
  
  the signature verifier entity verifying the validity of the signature, and notifying the message recipient of an outcome of the validity verification,wherein the communications system includes a wireless communications network,wherein the communications system supports a messaging service, particularly a Short Messaging Service (SMS), and the message to be authenticated includes an SMS message,wherein said generating further comprising generating the signature based on a user-related key (Uka),wherein said method further comprises having a sender user providing to the signature generator entity a personal identification code (PINa), and having the signature generator entity authenticate the sender user based on the provided personal identification code,wherein said method further comprises the sender user placing the personal identification code in the SMS message to be authenticated,wherein said method further comprises the signature generator entity utilizing the personal identification code to obtain the user-related key,wherein said method further comprises having the signature generator entity generating said signature by applying a cryptographic hash function to the message to be authenticated, using the user-related key, andwherein said method further comprises utilizing a signature generator entity-related key in addition to the user-related key for generating the signature, by applying a cryptographic hash function or a digesting function.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the step of the signature verifier entity verifying the validity of the signature includes generating a signature of the message using the sender user-related key, and comparing the generated signature with the signature included in the message received from the recipient.
  - 17. A communications network supporting a messaging system, a message authenticator system comprising means adapted for carrying out the method of claim 16.
  - 18. A message authentication service for authenticating messages comprising implementing the method of claim 16 in the communication system.
  - 19. A Web service for implementing the message authentication service according to claim 18.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Modeo, Leonardo
Primary Examiner(s)
D AGOSTA, STEPHEN M

Application Number

US11/346,109
Publication Number

US 20060183489A1
Time in Patent Office

1,412 Days
Field of Search

455/410, 455/411, 455/418, 455/466, 705/16, 705/44, 705/71, 705/72, 705/76, 713/155, 713/156, 713/168, 713170-171, 713175-176, 713/182, 713/185
US Class Current

455/466
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/084   using delegated authorisati...

H04W 4/14   Short messaging services, e...

Method and system for authenticating messages exchanged in a communications system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating messages exchanged in a communications system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links