Methods and apparatus for verifying a purported user identity

US 8,452,966 B1
Filed: 10/26/2005
Issued: 05/28/2013
Est. Priority Date: 10/26/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a destination computerized device, content comprising a first electronic signature and an electronic address, wherein the electronic address in the content identifies that the content was sent from a content sender associated with the electronic address, wherein the electronic address is used in delivering electronic messages to the content sender;

sending a request, from the destination computerized device to the electronic address of the content sender, that a second electronic signature be applied to verification data, wherein the request comprises the verification data;

receiving, at the destination computerized device, a response comprising the second electronic signature; and

comparing, via the destination computerized device, the first electronic signature to the second electronic signature to confirm that the content was sent from the content sender associated with the electronic address.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system verifies an identity of a content sender by receiving content purporting to originate from a content sender, and performing a validation of the content to determine a purported identity of the content sender. The system prepares and transfers verification data to an address associated with the purported identity of the content sender. In response to transferring the verification data, the system receives a verification response to the verification data, and performs a validation of the verification response to verify the purported identity of the content sender.

29 Citations

View as Search Results

22 Claims

1. A method comprising:
- receiving, at a destination computerized device, content comprising a first electronic signature and an electronic address, wherein the electronic address in the content identifies that the content was sent from a content sender associated with the electronic address, wherein the electronic address is used in delivering electronic messages to the content sender;
  
  sending a request, from the destination computerized device to the electronic address of the content sender, that a second electronic signature be applied to verification data, wherein the request comprises the verification data;
  
  receiving, at the destination computerized device, a response comprising the second electronic signature; and
  
  comparing, via the destination computerized device, the first electronic signature to the second electronic signature to confirm that the content was sent from the content sender associated with the electronic address.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the content comprises a certificate, wherein the certificate comprises the first electronic signature and the electronic address.
  - 3. The method of claim 2 wherein the certificate further comprises a public key for decrypting the first electronic signature.
  - 4. The method of claim 2 wherein the electronic address is obtained from the certificate upon validating the certificate with a public key.
  - 5. The method of claim 1 further comprising verifying that the electronic address to which the request was sent is the same as the electronic address from which the response was received to validate that the content was sent from the content sender associated with the electronic address identified in the content.
  - 6. The method of claim 1 wherein the verification data comprises a first nonce and the response comprises a second nonce.
  - 7. The method of claim 1 wherein the verification data is generated at the destination computerized device, the verification data comprising at least one of a nonce, a timestamp, or a globally unique identifier.

8. A method comprising:
- receiving, at a destination computerized device, content comprising a first electronic signature and an electronic address, wherein the electronic address in the content identifies that the content was sent from an electronic account associated with the electronic address, wherein the electronic address is used in delivering electronic messages to the electronic account;
  
  sending a request, from the destination computerized device to the electronic address associated with the electronic account, that a second electronic signature be applied to verification data, wherein the request comprises the verification data;
  
  receiving, at the destination computerized device, a response comprising the second electronic signature; and
  
  comparing, via the destination computerized device, the first electronic signature to the second electronic signature to confirm that the content was sent from the electronic account associated with the electronic address.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 wherein the content comprises a certificate, wherein the certificate comprises the first electronic signature and the electronic address.
  - 10. The method of claim 9 wherein the certificate further comprises a public key for decrypting the first electronic signature.
  - 11. The method of claim 8 further comprising verifying that the electronic address to which the request was sent is the same as the electronic address from which the response was received to validate that the content was sent from the electronic account associated with the electronic address identified in the content.
  - 12. The method of claim 8 wherein the verification data comprises a first nonce and the response comprises a second nonce.

13. A non-transitory computer readable storage medium encoded with computer programming logic that when executed on a processor in a computerized device produces an identity verifying application that verifies an identity of a content sender by causing the computerized device to perform the operations comprising:
- receiving, at a destination computerized device, content comprising a first electronic signature and an electronic address, wherein the electronic address in the content identifies that the content was sent from the content sender associated with the electronic address, wherein the electronic address is used in delivering electronic messages to the content sender;
  
  sending a request, from the destination computerized device to the electronic address of the content sender, that a second electronic signature be applied to verification data, wherein the request comprises the verification data;
  
  receiving, at the destination computerized device, a response comprising the second electronic signature; and
  
  comparing, via the destination computerized device, the first electronic signature to the second electronic signature to confirm that the content was sent from the content sender associated with the electronic address.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer readable storage medium of claim 13 wherein the content comprises a certificate, wherein the certificate comprises the first electronic signature and the electronic address.
  - 15. The non-transitory computer readable storage medium of claim 14 wherein the certificate further comprises a public key for decrypting the first electronic signature.
  - 16. The non-transitory computer readable storage medium of claim 13 further comprising verifying that the electronic address to which the request was sent is the same as the electronic address from which the response was received to validate that the content was sent from the content sender associated with the electronic address identified in the content.
  - 17. The non-transitory computer readable storage medium of claim 13 wherein the verification data comprises a first nonce and the response comprises a second nonce.

18. A non-transitory computer readable storage medium encoded with computer programming logic that when executed on a processor in a computerized device produces an identity verifying application that verifies an identity of an electronic account by causing the computerized device to perform the operations comprising:
- receiving, at a destination computerized device, content comprising a first electronic signature and an electronic address, wherein the electronic address in the content identifies that the content was sent from the electronic account associated with the electronic address, wherein the electronic address is used in delivering electronic messages to the electronic account;
  
  sending a request, from the destination computerized device to the electronic address associated with the electronic account, that a second electronic signature be applied to verification data, wherein the request comprises the verification data;
  
  receiving, at the destination computerized device, a response comprising the second electronic signature; and
  
  comparing, via the destination computerized device, the first electronic signature to the second electronic signature to confirm that the content was sent from the electronic account associated with the electronic address.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The non-transitory computer readable storage medium of claim 18 wherein the content comprises a certificate, wherein the certificate comprises the first electronic signature and the electronic address.
  - 20. The non-transitory computer readable storage medium of claim 19 wherein the certificate further comprises a public key for decrypting the first electronic signature.
  - 21. The non-transitory computer readable storage medium of claim 18 further comprising verifying that the electronic address to which the request was sent is the same as the electronic address from which the response was received to validate that the content was sent from the electronic account associated with the electronic address identified in the content.
  - 22. The non-transitory computer readable storage medium of claim 18 wherein the verification data comprises a first nonce and the response comprises a second nonce.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Petersen, Scott E., Le, William
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
SHEHNI, GHAZAL B

Application Number

US11/258,744
Time in Patent Office

2,771 Days
Field of Search

713/170, 713/201, 713/168, 713176-180, 705/75, 707/10
US Class Current

713/176
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2151   Time stamp

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Methods and apparatus for verifying a purported user identity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for verifying a purported user identity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links