Method and a system for securing processing of an order by a mobile agent within a network system

US 7,778,931 B2
Filed: 05/18/2007
Issued: 08/17/2010
Est. Priority Date: 05/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for securing processing of an order by a mobile agent from a first server (S_o) within a network system with a plurality of servers (S_o, S_i, . . . S_n), wherein the mobile agent passes through at least two of the servers, and wherein each of the plurality of servers has a corresponding pair of a public key (KS_o, . . . ,KS_i, . . . , KS_n) and a private key (PKS_o, . . . ,PKS_i, . . . , PKS_n), and wherein any one of the at least two servers the mobile agent is currently stored on is called herein the i'"'"'th server, the method comprising:

assigning a unique number (r0) to the mobile agent, using the first server (S_o),encrypting the unique number (r0) with the private key (PKS_o) of the first server (S_o), at the first server, thus forming an agent specific initialisation number (C_o) as a first checksum (C_o) for a sequence of checksums (C_o, . . . ,C_i, . . . ,C_n) to be individually computed by the at least two servers of the plurality of servers (S_o, S₁, . . . , S_n),sending the mobile agent together with its initialisation number (C_o) through the at least two servers of the plurality of servers (S_o, S₁, . . . , S_n), thereby processing the order,encrypting, at the i'"'"'th server, the initialisation number (C_o) together with data (X_i) collected by the agent when passing the i'"'"'th server, using the i'"'"'th server'"'"'s private key (PKS_i),computing, at the i'"'"'th server, a new server specific checksum (C_i) of the sequence of checksums (C_o, . . . ,C_i, . . . ,C_n), using the public key (KS_o) of the first server (S_o) and the checksum (C_i−

1) computed by the server (S_i−

1) from which the i'"'"'th server receives the mobile agent, andsending the mobile agent further to the next server (S_i+1) of the at least two servers of the plurality of servers (S_o, S₁, . . . ,S_n).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present description refers to a method for securing processing of an order by a mobile agent from a first server (S_o) within a network system with a plurality of servers (S_o, S₁, . . . ,S_n), at least a number of which the mobile agent has to pass according to an appropriate succession, wherein each of the plurality of servers has a pair of a public key (KS_o, . . . ,KS_i, . . . , KS_n) and a private key (PKS_o, . . . ,PKS_i, . . . , PKS_n) associated therewith, respectively, the method comprising, starting from any one of the number of servers the mobile agent has to pass, called herein the i'"'"'th server at least the steps of receiving the mobile agent which has been prepared by the first server by choosing a unique number (r0) and assigning it to the mobile agent, encoding the chosen unique number (r0) with the private key (PKS_o) of the first server (S_o), thus forming an agent specific initialisation number (C_o) as basis for a sequence of checksums (C_o, . . . ,C_i, . . . ,C_n) to be computed successively by the number of servers (S_o, S₁, . . ., S_n), sending the mobile agent together with its initialisation number (C_o) on its route through the network system for processing the order passing thereby the number of servers (S_o, S₁, . . . ,S_n) successively, and initiating each server (S₁, . . . ,S_n) from which the mobile agent intends to take data with it when passing that server to encode the initialisation number (C_o) together with the data with the respective server'"'"'s private key (PKS₁, . . . ,PKS_i, . . . , PKS_n) and to compute therewith a new server specific checksum (C₁, . . . ,C_i, . . . ,C_n) using the public key (KS_o) of the first server (S_o) and the checksum (C_o, . . . ,C_i, . . . ,C_n−1) computed by the server (S_o, . . . ,S_n−1) right before in the succession.

20 Citations

View as Search Results

8 Claims

1. A method for securing processing of an order by a mobile agent from a first server (S_o) within a network system with a plurality of servers (S_o, S_i, . . . S_n), wherein the mobile agent passes through at least two of the servers, and wherein each of the plurality of servers has a corresponding pair of a public key (KS_o, . . . ,KS_i, . . . , KS_n) and a private key (PKS_o, . . . ,PKS_i, . . . , PKS_n), and wherein any one of the at least two servers the mobile agent is currently stored on is called herein the i'"'"'th server, the method comprising:
- assigning a unique number (r0) to the mobile agent, using the first server (S_o),encrypting the unique number (r0) with the private key (PKS_o) of the first server (S_o), at the first server, thus forming an agent specific initialisation number (C_o) as a first checksum (C_o) for a sequence of checksums (C_o, . . . ,C_i, . . . ,C_n) to be individually computed by the at least two servers of the plurality of servers (S_o, S₁, . . . , S_n),sending the mobile agent together with its initialisation number (C_o) through the at least two servers of the plurality of servers (S_o, S₁, . . . , S_n), thereby processing the order,encrypting, at the i'"'"'th server, the initialisation number (C_o) together with data (X_i) collected by the agent when passing the i'"'"'th server, using the i'"'"'th server'"'"'s private key (PKS_i),computing, at the i'"'"'th server, a new server specific checksum (C_i) of the sequence of checksums (C_o, . . . ,C_i, . . . ,C_n), using the public key (KS_o) of the first server (S_o) and the checksum (C_i−
  
  1) computed by the server (S_i−
  
  1) from which the i'"'"'th server receives the mobile agent, andsending the mobile agent further to the next server (S_i+1) of the at least two servers of the plurality of servers (S_o, S₁, . . . ,S_n).
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein the data the mobile agent collects from the i'"'"'th server is encrypted by the public key (KS_o) of the first server (S_o).
  - 3. The method according to claim 1, wherein the sequence of checksums is defined by the following functional rule:
    - C_i={C_i−
      
      1,, [X_i,[r0]PKS_o]PKS_i,S_i}KS_owherein C_iis the i'"'"'th checksum, X_iis the data from the i'"'"'th server, r0 is the unique number, PKS_ois the private key of the first server, KS_ois the public key of the first server, PKS_iis the private key of the i'"'"'th server, S_iis a code number of the i'"'"'th server, i is a positive integer value.
  - 4. The method according to claim 1, wherein the unique number (r0) is a process identification number.
  - 5. The method according to claim 1, wherein each checksum (C_i) is used to be deflated by the first server for verifying the respective keys on the data thus checking the unaffected processing of the order when the mobile agent returns back to the first server (S_o).

6. A network system programmed for providing a secure processing of an order by a mobile agent from a first server, the first server (S_o) having a pair of a private key (PKS_o) and a public key (KS_o), the mobile agent being associated with a unique number (r0) encrypted with said private key (PKS_o) of the first server (S_o) to form an agent-specific initialization number (C_o), the network system further comprising;
- a plurality of servers (S_o, S₁, . . . , S_n) including the first server (S_o), at least two of which the mobile agent traverses during the processing of the order, wherein each of the plurality of servers (S_o, S₁, . . . , S_n) has a corresponding pair of a public key (KS_o, . . . , KS_i, . . . , KS_n) and a private key (PKS_o, . . . , PKS_i, . . . , PKS_n), and wherein a second server (S₁) is programmed to encrypt the agent-specific initialization number (C_o) and any data collected from the second server (S₁) with the private key (PKS₁) of the second server (S₁) and the public key of the first server (S_o) to form a first server-specific checksum, and wherein each subsequent server of the network system is programmed to further encrypt the first server-specific checksum and any data the mobile agent collects when passing each subsequent server using each subsequent server'"'"'s private key to thereby compute a new server specific checksum using the public key of the first server and the server-specific checksum computed by a preceding server from which each subsequent server receives the mobile agent.

7. A mobile agent including computer-readable instructions recorded on a non-transitory computer-readable storage medium, the mobile agent being from a first server (S_o) providing a secure processing of an order within a network system with a plurality of servers (S_o, . . . , S_i, . . . , S_n.), at least two of which the mobile agent traverses during the processing, wherein each of the plurality of servers (S_o, . . . , S_i, . . . , S_n) has a pair of a public key (KS_o, . . . , KS_i, . . . , KS_n) and a private key (PKS_o, . . . , PKS_i, . . . , PKS_n), and wherein the mobile agent gets, when starting processing the order, associated with a unique number (rO), which is encrypted with the private key (PKS_o) of the first server (S_o) thus forming an agent specific initialisation number (C_o) as a first checksum (C_o) for a sequence of checksums (C_o, . . . , C_i, . . . , C_n) to be individually computed by each server of the at least two servers while the mobile agent is stored thereon, each checksum being further encoded by the public key (KS_o) of the first server (S_o).

8. A computer program product for securing processing of an order by a mobile agent from a first server (S_o) within a network system with a plurality of servers (S_o, S_i, . . . , S_n), two of which the mobile agent traverses during the processing, wherein each of the plurality of servers has a pair of a public key (KS_o, . . . ,KS_i, . . . , KS_n) and a private key (PKS_o,. . . , PKS_i, . . . , PKS_n), with reference to any one of the number of servers the mobile agent has to pass, called herein the i'"'"'th server, the computer program product embodied on a non-transitory computer-readable storage medium and including a computer program stored on the non-transitory computer-readable storage medium with a program code which, when executed by one of the at least two servers, is suitable to cause the one of the at least two servers to:
- assign a unique number (r0) to the mobile agent, using the first server (S_o),encrypt the unique number (r0) with the private key (PKS_o) of the first server (S_o), at the first server, thus forming an agent specific initialisation number (C_o) as a first checksum (C_o) for a sequence of checksums (C_o, . . . ,C_i, . . . ,C_n) to be individually computed by the at least two servers of the plurality of servers (S_o, S₁, . . . ,S_n),send the mobile agent together with its initialisation number (C_o) through the at least two servers of the plurality of servers (S_o, S₁, . . . , S_n) thereby processing the order,encrypt, at the i'"'"'th server, the initialisation number (C_o) together with data (X_i) collected by the agent when passing the i'"'"'th server, using the i'"'"'th server'"'"'s private key (PKS_i),compute, at the i'"'"'th server, a new server specific checksum (C_i) of the sequence of checksums (C_o, . . . ,C_i, . . . ,C_n), using the public key (KS_o) of the first server (S_o) and the checksum (C_i−
  
  1) computed by the server (S_i−
  
  1) from which the i'"'"'th server receives the mobile agent, andsend the mobile agent further to the next server (S_i+1) of the at least two servers of the plurality of servers (S_o, S₁, . . . , S_n).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Rits, Maarten E.
Primary Examiner(s)
Fischer; Andrew J.
Assistant Examiner(s)
DEGA, MURALI K

Application Number

US11/804,648
Publication Number

US 20070286424A1
Time in Patent Office

1,187 Days
Field of Search

705 1- 80
US Class Current

705/64
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 2209/84   Vehicles

H04L 9/3236   using cryptographic hash fu...

Method and a system for securing processing of an order by a mobile agent within a network system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and a system for securing processing of an order by a mobile agent within a network system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links