Method and system for securely managing application transactions using cryptographic techniques

US 7,941,668 B2
Filed: 07/10/2006
Issued: 05/10/2011
Est. Priority Date: 07/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securely managing application transactions using cryptographic techniques to provide data integrity, entity authentication, and data confidentiality, said method comprising:

if a data package is received from an application device, then;

a) generating an outbound trusted transaction,b) if said outbound trusted transaction is not canonical to a network, translating said outbound trusted transaction into a message format canonical to said network, andc) sending said outbound trusted transaction to said network;

if an inbound trusted transaction is received from a network, then;

a) validating said inbound trusted transaction,b) if said data package is not canonical to said application device, translating said data package into a message format canonical to said application device, andc) delivering said data package of said inbound trusted transaction to said application device;

administering an audit log for each generated and each validated trusted transaction;

managing each generated and each validated trusted transaction; and

wherein each trusted transaction is a data structure comprising;

a data package, said data package being in plaintext or ciphertext;

a header for identifying attributes of said data package, said header comprising;

a transaction code that is a globally-unique, infinitely expandable and infinitely extensible object identifier,a transaction number for matching request and response data packages, anda transaction route identifying the sender of the data package, the receiver of the data package, and any intermediaries;

a trailer for confirming the identity of an originator of the data package and providing data confidentiality of said data package; and

an integrity object for providing content integrity of said data package to a provable point in time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for secure managing transactions between application devices over a network. The present invention provides a method and system for receiving data from an application device, such as computer workstation, ATM, credit card point-of-sale terminal, or application software, and transferring that data securely over a network to a recipient application device. The method and system provide secure cryptographic key and enterprise management of embedded, standalone and tightly coupled information assurance components.

65 Citations

View as Search Results

13 Claims

1. A method for securely managing application transactions using cryptographic techniques to provide data integrity, entity authentication, and data confidentiality, said method comprising:
- if a data package is received from an application device, then;
  
  a) generating an outbound trusted transaction,b) if said outbound trusted transaction is not canonical to a network, translating said outbound trusted transaction into a message format canonical to said network, andc) sending said outbound trusted transaction to said network;
  
  if an inbound trusted transaction is received from a network, then;
  
  a) validating said inbound trusted transaction,b) if said data package is not canonical to said application device, translating said data package into a message format canonical to said application device, andc) delivering said data package of said inbound trusted transaction to said application device;
  
  administering an audit log for each generated and each validated trusted transaction;
  
  managing each generated and each validated trusted transaction; and
  
  wherein each trusted transaction is a data structure comprising;
  
  a data package, said data package being in plaintext or ciphertext;
  
  a header for identifying attributes of said data package, said header comprising;
  
  a transaction code that is a globally-unique, infinitely expandable and infinitely extensible object identifier,a transaction number for matching request and response data packages, anda transaction route identifying the sender of the data package, the receiver of the data package, and any intermediaries;
  
  a trailer for confirming the identity of an originator of the data package and providing data confidentiality of said data package; and
  
  an integrity object for providing content integrity of said data package to a provable point in time.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method for securely managing application transactions, as recited in claim 1, wherein said generating step comprises:
    - if said data package is not in canonical format, translating said data package to a canonical format;
      
      generating a header according to predetermined management parameters;
      
      generating an identity object of said trailer for said data package according to said predetermined management parameters;
      
      generating an encryption object of said trailer and encrypting said data package according to said predetermined management parameters; and
      
      generating a trusted time stamp according to said predetermined management parameters.
  - 3. A method for securely managing application transactions, as recited in claim 1, wherein said validating step comprises:
    - if said inbound trusted transaction is not in a canonical format, translating said inbound trusted transaction into a canonical format;
      
      validating a trusted time stamp of said inbound trusted transaction according to said predetermined management parameters;
      
      processing an encryption object of said trailer and decrypting a data package of said inbound trusted transaction according to said predetermined management parameters;
      
      validating an identity object of said trailer according to said predetermined management parameters; and
      
      processing a header of said inbound trusted transaction according to predetermined management parameters.
  - 4. A method for securely managing application transactions, as recited in claim 1, wherein said administering step comprises:
    - generating an audit record for each inbound and outbound trusted transaction, according to the method of claim 2, wherein said data package of said audit record is a trusted transaction and wherein said predetermined management parameters are selected from a group of predetermined audit management parameters;
      
      adding said audit record to a data package of said audit log, said audit log being a trusted transaction;
      
      recreating said audit log according to the method specified in claim 2;
      
      recording said audit log to permanent storage;
      
      responding to any trusted transaction that requests a specific audit record of said audit log;
      
      responding to any trusted transaction that requests said audit log; and
      
      for each alarm event, generating an audit alarm according to the method of claim 2 and sending said audit alarm to an application device through said network according to said predetermined audit management parameters.
  - 5. A method for securely managing application transactions, as recited in claim 1, wherein said managing step comprises:
    - for each undelivered trusted transaction, creating an audit record of said undelivered trusted transaction according to the method of claim 1, and sending a message to an application device, said message indicating the undelivered status of said trusted transaction;
      
      for each undelivered data package, creating an audit record of said undelivered data package according to the method of claim 4;
      
      for each timed-out transaction;
      
      creating an audit record of said timed-out transaction according to the method of claim 4;
      
      if said timed-out transaction was delivered to said network, sending a data package to an application device, said data package indicating the timed-out status of said trusted transaction;
      
      if said timed-out transaction was delivered to said application device, sending a trusted transaction to said network, said trusted transaction indicating the timed-out status thereof;
      
      detecting a late trusted transaction and creating an audit record of said late trusted transaction according to the method of claim 4; and
      
      detecting a late data package and creating an audit record of said late trusted transaction according to the method of claim 4.
  - 6. The data structure of claim 1 wherein said integrity object comprises a Time Stamp Token as defined in American National Standard X9.95-2005 Trusted Time Stamp.
  - 7. The data structure of claim 1 wherein said trailer further comprises:
    - a SignedData object as defined by one of X9.73 or X9.96 CMS standards with detached data; and
      
      an EnvelopedData object as defined by one of X9.73 or X9.96 CMS with detached data.

8. A system for securely managing application transactions using cryptographic techniques to provide data integrity, entity authentication, and data confidentiality, said system comprising:
- a data storage for storing trusted transactions;
  
  a unit interface driver for receiving a data package from and providing a data package to an application device;
  
  a unit interface process being connected to said unit interface driver for receiving data packages therefrom generating outbound trusted transaction based thereon, and for placing trusted transactions into and retrieving data packages from said data storage;
  
  a network interface driver for receiving a trusted transaction from and sending a trusted transaction to a network, said network interface driver being connected to said data storage for the provision of trusted transactions thereto and retrieval of trusted transactions therefrom;
  
  a network interface process connected to said network interface driver for validating an inbound trusted transaction, and placing data packages into and retrieving trusted transactions from said data storage;
  
  an audit logging process connected to said unit interface process and said network interface process for administering an audit log of each generated and validated trusted transaction,managing means for managing each generated trusted transaction and each validated trusted transaction, and processing errors, said managing means being connected to said unit interface driver, said network interface driver, said unit interface process, and said network interface process;
  
  wherein each trusted transaction is a data structure comprising;
  
  a data package, said data package being in plaintext or ciphertext;
  
  a header for identifying attributes of said data package, said header comprising;
  
  a transaction code that is a globally-unique, infinitely expandable and infinitely extensible object identifier,a transaction number for matching request and response data packages, anda transaction route identifying the sender of the data package, the receiver of the data package, and any intermediaries;
  
  a trailer for confirming the identity of an originator of the data package and providing data confidentiality of said data package; and
  
  an integrity object for providing content integrity of said data package to a provable point in time.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8 further comprising:
    - a unit translator process connected to said unit interface process and said unit interface driver for translating canonically-formatted data packages to an alien format prior to delivery of said data packages to an application device, and for translating received data packages into a canonical format and providing said translated data packages to said unit interface process; and
      
      a network translator process connected to said network interface process and said network interface driver for translating canonically-formatted trusted transactions to an alien format prior to delivery of said trusted transactions to a network and for translating received trusted transactions into a canonical format from an alien format and providing said translated received trusted transactions to said network interface process.
  - 10. The system of claim 8 wherein said managing means further comprises:
    - a network post process connected to said network interface driver and said network interface process for creating an audit record of undelivered trusted transactions and sending a message to a unit interface process indicating an undelivered status; and
      
      a unit post process connected to said unit interface driver and said unit interface process for creating an audit record of undelivered data packages;
      
      a queue process connected to said unit interface process and said network interface process for detecting late data packages and late trusted transactions and creating audit records thereof; and
      
      a timed out process connected to said unit interface process and said network interface process for sending a trusted transaction to one of an application device and a network that indicates the timed-out status of the transaction, said timed out process being connected to said queue process for creating an audit record of timed-out transactions.
  - 11. The system of claim 10 further comprising:
    - a unit translator process connected to said unit interface process and said unit interface driver for translating canonically-formatted data packages to an alien format prior to delivery of said data packages to an application device, and for translating received data packages into a canonical format and providing said translated data packages to said unit interface process; and
      
      a network translator process connected to said network interface process and said network interface driver for translating canonically-formatted trusted transactions to an alien format prior to delivery of said trusted transactions to a network and for translating received trusted transactions into a canonical format from an alien format and providing said translated received trusted transactions to said network interface process.
  - 12. The system of claim 8 wherein said integrity object comprises a Time Stamp Token as defined in American National Standard X9.95-2005 Trusted Time Stamp.
  - 13. The system of claim 8 wherein said trailer further comprises:
    - a SignedData object as defined by one of X9.73 or X9.96 CMS standards with detached data; and
      
      an EnvelopedData object as defined by one of X9.73 or X9.96 CMS with detached data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innové LLC
Original Assignee
Innové LLC
Inventors
Stapleton, Jeff J., Morrison, Bradley L., Werschky, Arnold G.
Primary Examiner(s)
Truong; Thanhnga B

Application Number

US11/483,915
Publication Number

US 20070011459A1
Time in Patent Office

1,765 Days
Field of Search

713/178, 705/64, 709/236
US Class Current

713/178
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 9/3297   involving time stamps, e.g....

Method and system for securely managing application transactions using cryptographic techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securely managing application transactions using cryptographic techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links