Method, system, network and computer program product for securing administrative transactions over a network

US 7,636,848 B2
Filed: 11/27/2003
Issued: 12/22/2009
Est. Priority Date: 11/27/2003
Status: Active Grant

First Claim

Patent Images

1. A method of arranging communication between an administrator device and an administered device in a network, comprising:

arranging said communication in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device, each said message having associated a respective digitally signed receipt;

configuring said originator device not to send a new item toward said recipient device in the absence of a respective digitally signed receipt for a previously sent item;

detecting, at said originator device, that a respective digitally signed receipt item from said recipient device failed to reach the originator device within a given time period after a message item was issued by said originator device; and

asking said recipient device for a signed statement indicating at least one of a last message item received and a last message item sent by said recipient device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

Citations

26 Claims

1. A method of arranging communication between an administrator device and an administered device in a network, comprising:
- arranging said communication in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device, each said message having associated a respective digitally signed receipt;
  
  configuring said originator device not to send a new item toward said recipient device in the absence of a respective digitally signed receipt for a previously sent item;
  
  detecting, at said originator device, that a respective digitally signed receipt item from said recipient device failed to reach the originator device within a given time period after a message item was issued by said originator device; and
  
  asking said recipient device for a signed statement indicating at least one of a last message item received and a last message item sent by said recipient device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising storing with at least one of the administrator device and the administered device, a history record of communication items exchanged therebetween, the history record being agreed upon and signed by both the administrator device and the administered device.
  - 3. The method of claim 1, further comprising carrying out at said originator device a session closing step mentioning at least one of a last message item received and a last message item sent by said recipient device.
  - 4. The method of claim 1, further comprising keeping with said originator device an indication of an on-going communication session as a pending session until a signed receipt item is received from said recipient device.
  - 5. The method of claim 1, further comprising inserting in said communication items, payload data and administrative commands accompanied by respective digital signatures.
  - 6. The method of claim 1, further comprising causing said recipient device to verify digital signatures for validity.
  - 7. The method of claim 1, further comprising creating, by at least one of the administrator device and the administered device, digital signatures, wherein the digital signatures are under the full control of the at least one of the administrator device and the administered device that created the digital signatures.
  - 8. The method of claim 1, further comprising associating secure digital signature evidence with said digitally signed messages and receipts.
  - 9. The method of claim 8, wherein said secure digital signature evidence is in the form of RSA class digital signatures.
  - 10. The method of claim 1, further comprising arranging communication between a set of administrator devices and a given administered device and permitting at least one administrator device in said set to hide its identity to said administered device.
  - 11. The method of claim 10, further comprising hiding the identity of said at least one administrator device to said administered device by using at least one of group signatures or pseudonym digital certificates.
  - 12. The method of claim 10, further comprising resuming a session interrupted in the absence of a receipt provided by said at least one administrator hiding its identity to a message sent by said given administered device, wherein said session is resumed by said at least one administrator hiding its identity.

13. A system comprising an administrator device and an administered device in a network, said administrator device and administered device being configured for communication in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device, each said message having associated a respective digitally signed receipt, and wherein said originator device is configured to:
- not send a new item toward said recipient device in the absence of a respective digitally signed receipt for a previously sent item;
  
  detect that a respective digitally signed receipt item from said recipient device failed to reach the originator device within a given time period after a message item was issued by said originator device; and
  
  ask said recipient device for a signed statement indicating at least one of a last message item received and a last message item sent by said recipient device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, further comprising data items stored with at least one of said administrator device and said administered device, and comprising a history record of communication items exchanged therebetween, said history record being agreed upon and signed by both said administrator device and said administered device.
  - 15. The system of claim 13, wherein said originator device is configured for carrying out a session closing step mentioning at least one of a last message item received and a last message item sent by said recipient device.
  - 16. The system of claim 13, wherein said originator device is configured for keeping an indication of an on-going communication session as a pending session until a signed receipt item is received from said recipient device.
  - 17. The system of claim 13, wherein said originator device is configured for inserting in said communication items payload data and administrative commands accompanied by respective digital signatures.
  - 18. The system of claim 13, wherein said recipient device is configured for verifying said digital signatures for validity.
  - 19. The system of claim 13, comprising means for creating, by at least one of the administrator device and the administered device, digital signatures, wherein the digital signatures are under the full control of the at least one of the administrator device and the administered device that created the digital signatures.
  - 20. The system of claim 13, wherein secure digital signature evidence is associated with said digitally signed messages and receipts.
  - 21. The system of claim 20, wherein said secure digital signature evidence is in the form of RSA class digital signatures.
  - 22. The system of claim 13, comprising a set of administrator devices and a given administered device, wherein at least one administrator device in said set is configured to hide its identity to said administered device.
  - 23. The system of claim 22, wherein said at least one administrator device is configured for hiding its identity to said administered device by using at least one of group signatures or pseudonym digital certificates.
  - 24. The system of claim 22, wherein said at least one administrator hiding its identity is configured for resuming a session interrupted in the absence of a receipt provided by said at least one administrator hiding its identity to a message sent by said given administered device.

25. A communication network comprising an administrator device and an administered device in a network, said administrator device and administered device being configured for communication in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device, each said message having associated a respective digitally signed receipt, and wherein said originator device is configured to:
- not send a new item toward said recipient device in the absence of a respective digitally signed receipt for a previously sent item;
  
  detect that a respective digitally signed receipt item from said recipient device failed to reach the originator device within a given time period after a message item was issued by said originator device; and
  
  ask said recipient device for a signed statement indicating at least one of a last message item received and a last message item sent by said recipient device.

26. A computer program product, loadable in the memory of at least one computer, and comprising software code portions capable of performing the steps of a method of arranging communication between an administrator device and an administered device in a network, the method comprising:
- arranging said communication in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device, each said message having associated a respective digitally signed receipt;
  
  configuring said originator device not to send a new item toward said recipient device in the absence of a respective digitally signed receipt for a previously sent item;
  
  detecting, at said originator device, that a respective digitally signed receipt item from said recipient device failed to reach the originator device within a given time period after a message item was issued by said originator device; and
  
  asking said recipient device for a signed statement indicating at least one of a last message item received and a last message item sent by said recipient device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
De Lutiis, Paolo, Caprella, Ettore Elio, Leone, Manuel, Zaccone, Pier Luigi
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US10/580,438
Publication Number

US 20070071241A1
Time in Patent Office

2,217 Days
Field of Search

713/176, 713/157, 713/178, 713/180
US Class Current

713/176
CPC Class Codes

H04L 41/28   Restricting access to netwo...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Method, system, network and computer program product for securing administrative transactions over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, network and computer program product for securing administrative transactions over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links