Electronic signature validation systems and methods for asynchronous environments

US 8,479,003 B2
Filed: 08/21/2006
Issued: 07/02/2013
Est. Priority Date: 08/21/2006
Status: Active Grant

First Claim

Patent Images

1. An electronic signature validation system, said system comprising:

at least one onboard computer system (OCS), wherein the OCS is a subsystem removable from at least one control system configured as part of a mobile vehicle the OCS including;

a signature generator module configured to assist in generating a digital signature for a communication being sent by the OCS to at least one central computer system (CCS) located remotely from the at least one OCS, wherein the signature generator module receives user information;

a cryptographic module in communication with the signature generator module configured to;

receive the user information from the signature generator module;

generate a cryptographic hash;

create the digital signature by signing the cryptographic hash based on the user information received from the signature generator module; and

receive a dynamic certificate that is supplied to the OCS by an entity remote from the OCS that is operating the system, and that uniquely identifies the OCS that has generated the communication and the mobile vehicle that the OCS is located on;

the at least one remote CCS configured to receive the signed cryptographic hash that forms the digital signature, and to receive the dynamic certificate from the at least one OCS via a wireless, asynchronous communications link, the at least one CCS comprising;

a user database having stored thereon user account information for all users authorized to digitally sign messages transmitted from the at least one OCS to the at least one CCS, via the asynchronous communications link; and

a signature validator module configured to check the dynamic certificate against a certificate authority to validate the dynamic certificate and to validate the digital signature against all authorized users stored in the user database.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for non-real-time validation of an electronically signed message transmitted via an asynchronous communications link is provided. The method includes creating an electronic message comprising an electronically signed data entry created by executing a secure data application first portion (SDA1) module hosted by a mobile system. The method additionally includes passing the message to a communications management function first portion (CMF1) module via a synchronous interface. The CMF1 module is hosted by the mobile system. The method further includes transmitting the message from the CMF1 module to a communications management function second portion (CMF2) module in a temporally delayed manner using an asynchronous communications link. The CMF2 module is hosted by a central computer system (CCS) located remotely from the mobile system. The method further yet includes validating the electronically signed entry in a temporally delayed manner utilizing a user database. The user database is hosted by the CCS and has stored thereon user account information for all users authorized to electronically sign entries transmitted from the mobile system to the CCS. The user account information includes user information and/or user personal identification numbers (PINs) for each authorized user.

12 Citations

View as Search Results

24 Claims

1. An electronic signature validation system, said system comprising:
- at least one onboard computer system (OCS), wherein the OCS is a subsystem removable from at least one control system configured as part of a mobile vehicle the OCS including;
  
  a signature generator module configured to assist in generating a digital signature for a communication being sent by the OCS to at least one central computer system (CCS) located remotely from the at least one OCS, wherein the signature generator module receives user information;
  
  a cryptographic module in communication with the signature generator module configured to;
  
  receive the user information from the signature generator module;
  
  generate a cryptographic hash;
  
  create the digital signature by signing the cryptographic hash based on the user information received from the signature generator module; and
  
  receive a dynamic certificate that is supplied to the OCS by an entity remote from the OCS that is operating the system, and that uniquely identifies the OCS that has generated the communication and the mobile vehicle that the OCS is located on;
  
  the at least one remote CCS configured to receive the signed cryptographic hash that forms the digital signature, and to receive the dynamic certificate from the at least one OCS via a wireless, asynchronous communications link, the at least one CCS comprising;
  
  a user database having stored thereon user account information for all users authorized to digitally sign messages transmitted from the at least one OCS to the at least one CCS, via the asynchronous communications link; and
  
  a signature validator module configured to check the dynamic certificate against a certificate authority to validate the dynamic certificate and to validate the digital signature against all authorized users stored in the user database.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the at least one OCS comprises a secure data application first portion (SDA1) module and a communications management function first portion (CMF1) module that synchronously interfaces with the SDA1.
  - 3. The system of claim 2, wherein the at least one CCS further comprises:
    - a secure data application second portion (SDA2) module;
      
      a communications management function second portion (CMF2) module that synchronously interfaces with the SDA1; and
      
      wherein the signature validator module asynchronously interfaces with the SDA2.
  - 4. The system of claim 3, wherein the at least one CCS further comprises a user name and personal identification number (PIN) retrieval module that asynchronously interfaces with the signature validator module and is configured to retrieve user information and PINs from the user database and asynchronously transmit the user information and PINs to the signature validator module to validate the digital signature.

5. A method for validation of a digitally signed message transmitted via an asynchronous communications link, said method comprising:
- in a mobile vehicle, creating an electronic message comprising a digitally signed data entry by executing a secure data application first portion (SDA1) module configured in an onboard computer system (OCS) being a removable subsystem of a control system configured as part of the mobile vehicle, the digitally signed data entry forming a digital signature on the data entry using user information and including a hardware electronic certificate supplied by a remote operator of the mobile vehicle, where the hardware certificate uniquely identifies the mobile vehicle and the OCS being operated from the control system configured as part of the mobile vehicle;
  
  a remotely located central computer system (CCS), where the electronic message is communicated from the mobile vehicle to the CCS;
  
  passing the electronic message, comprising the digitally signed data entry and hardware certificate, to a communications management function first portion (CMF1) module via a synchronous interface, the CMF1 module configured in the OCS;
  
  transmitting the electronic message, comprising the digitally signed data entry and the hardware certificate, from the CMF1 module to a communications management function second portion (CMF2) module in a time delayed manner using an asynchronous communications link, the CMF2 module configured in the CCS located remotely from the OCS; and
  
  validating the electronic message, wherein validating the electronic message comprises;
  
  validating the digitally signed data entry in a time delayed manner utilizing a user database to compare the digitally signed data entry, wherein the user database is stored in the CCS, and wherein the user database stores user account information for all users authorized to digitally sign data entries transmitted from the OCS to the CCS, the user account information comprising at least one of user information and a user personal identification number (PIN) for each authorized user of the OCS; and
  
  validating the hardware certificate against a certificate authority to validate the hardware certificate.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5, wherein digitally signing the entry comprises entering the user account information specific to a user that is executing the SDA1 to create digital signature used to digitally sign the entry, the user account information specific to the user comprising at least one of user information specific to the user and a PIN specific to user.
  - 7. The method of claim 6, wherein creating the electronic message further comprises storing the entry and the user account information in an SDA1 database included in the SDA1 module.
  - 8. The method of claim 6, wherein validating the digitally signed entry comprises:
    - passing the received electronic message from the CMF2 module to a secure data application second portion (SDA2) module configured in the CCS, via a synchronous interface; and
      
      passing the electronic message from the SDA2 module to a signature validator module, via a synchronous interface, to validate the digital signature, the signature validator module configured in the CCS.
  - 9. The method of claim 8, wherein validating the digitally signed entry comprises evoking a user specific information and PIN retrieval (USIPR) module, configured in the CCS, to access the user database to verify that the user account information is included in the digital signature.
  - 10. The method of claim 5, wherein creating the electronic message further comprises passing the digitally signed entry to a signature generator module and a cryptographic functions module via synchronous interfaces to convert the digitally signed entry to a formatted data string that forms the electronic message and is interpretable by the CMF1 module, the signature generator module and the cryptographic functions module configured in the OCS.
  - 11. The method of claim 10, wherein converting the digitallly signed entry to a formatted data string comprises encrypting the formatted data string.
  - 12. The method of claim 5, wherein transmitting the message from the CMF1 module to the CMF2 module in a time delayed manner, comprises transmitting the message using an encrypted asynchronous communications link between the CMF1 module and the CMF2 module.

13. A method for temporally delayed validation of an digitally signed message transmitted from an onboard computer system (OCS) being operated on an aircraft to a remotely located central computer system (CCS) via an asynchronous communications link, said method comprising:
- creating an electronic message comprising digitally signed data entry, wherein the digitally signed data entry forms a digital signature on the data entry using user information and including a hardware electronic certificate supplied by a remote operator of the aircraft, wherein the hardware electronic certificate uniquely identifies both the aircraft and the OCS operated from the aircraft and the digitally signed data entry further being created by executing a secure data application first portion (SDA1) module configured in the OCS operating in the aircraft, wherein the OCS is a removable subsystem of a control system configured as part of the aircraft, and the electronic message comprising the electronically digitally signed data entry and the hardware electronic certificate being communicated from the aircraft to the remotely located CCS;
  
  passing the electronic message, comprising the digitally signed data entry and electronic certificate, to a communications management function first portion (CMF1) module via a synchronous interface, the CMF1 module configured in the OCS operating on the aircraft;
  
  transmitting the electronic message, comprising the digitally signed data entry and the hardware electronic certificate from the CMF1 module to a communications management function second portion (CMF2) module in a time delayed manner using an asynchronous communications link, the CMF2 module configured in the CCS located remotely from the aircraft;
  
  validating the electronic message, wherein validating the electronic message comprises;
  
  validating the digitally signed data entry in a time delayed manner utilizing a user database to compare the digitally signed data entry, wherein the user database is stored in the CCS, and wherein the user database stores user account information for all users authorized to digitally sign entries transmitted from the aircraft to the CCS, the user account information comprising at least one of user information and a user personal identification number (PIN) for each one of a plurality of authorized users of the OCS; and
  
  validating the electronic certificate against a certificate authority to validate the hardware electronic certificate.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein digitally signing the digitally signed data entry comprises entering the user account information specific to a user that is executing the SDA1 to create the digital signature used to digitally sign the digitally signed entry, the user account information being specific to the user and comprising at least one of user information specific to the user and a PIN specific to the user.
  - 15. The method of claim 14, wherein validating the electronically signed data entry comprises:
    - passing the received electronic message from the CMF2 module to a secure data application second portion (SDA2) module configured in the CCS, via a synchronous interface; and
      
      passing the electronic message from the SDA2 module to a signature validator module, via a synchronous interface, to validate the digital signature, the signature validator module being configured in the CCS.
  - 16. The method of claim 15, wherein validating the digitally signed data entry comprises evoking a user specific information and PIN retrieval (USIPR) module, hosted by the CCS, to access the user database to verify that the user account information included in the digital signature is valid.
  - 17. The method of claim 13, wherein creating the electronic message further comprises passing the digitally signed data entry to a signature generator module and a cryptographic functions module via synchronous interfaces to convert the digitally signed data entry to a formatted data string that forms the electronic message and is interpretable by the CMF1 module, the signature generator module and the cryptographic functions module configured in the OCS on the aircraft.
  - 18. The method of claim 17, wherein the hardware electronic certificate resides on the aircraft and hosts the SDA1 module, the hardware electronic certificate including a dynamic certificate that contains the identification number of the aircraft on which the OCS resides.
  - 19. The method of claim 17, wherein converting the digitally signed data entry to a formatted data string comprises encrypting the formatted data string.
  - 20. The method of claim 17, wherein converting the digitally signed data entry to a formatted data string comprises formatting the electronic message to include a personal digital certificate specific to the user using the signature generator module.
  - 21. The method of claim 13, wherein transmitting the message from the CMF1 module to the CMF2 module in a time delayed manner, comprises transmitting the message using an encrypted asynchronous communications link between the CMF1 module and the CMF2 module.
  - 22. The method of claim 13, further comprising permanently maintaining a list of transactions representing all actions against the SDA1 module an SDA1 database included in the SDA1 module.
  - 23. The method of claim 22, wherein the list of transactions includes a date and a time the digital signature was generated and applied to the digitally signed data entry.
  - 24. The method of claim 13, wherein passing the electronic message to the CMF1 module via a synchronous interface comprises checking the integrity of the electronic message using the CMF1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Yukawa, Steven J., Jain, Rajit, Anstey, Timothy W., Allen, David L.
Primary Examiner(s)
Khoshnoodi, Nadia

Application Number

US11/507,144
Publication Number

US 20080046962A1
Time in Patent Office

2,507 Days
Field of Search

None
US Class Current

713/176
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04W 4/12   Messaging; Mailboxes; Annou...

Electronic signature validation systems and methods for asynchronous environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Electronic signature validation systems and methods for asynchronous environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others