Compact attribute for cryptographically protected messages
First Claim
1. A method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and
validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and associated method for verifying a signature of a signed message having a compact attribute. Components of the compact attribute of the signed message appear in a predefined order within the compact attribute, and are identified by an object identifier associated with the compact attribute. A processing flag and a security assertion are among the components of the compact message. The processing flag directs rules to process the security assertion. The security assertion is made by an authority trusted by both a sender and a recipient of the signed message. The recipient validates the signature of the signed message based on the processing flag and the security assertion recovered from the compact attribute.
-
Citations
20 Claims
-
1. A method for verifying a signature of a signed message, said method comprising:
-
receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient; recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product comprising:
- a computer readable storage device having a computer readable program code embodied therein, said computer readable program code containing instructions that perform a method for verifying a signature of a signed message, said method comprising;
receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient; recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion. - View Dependent Claims (7, 8, 9, 10)
- a computer readable storage device having a computer readable program code embodied therein, said computer readable program code containing instructions that perform a method for verifying a signature of a signed message, said method comprising;
-
11. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for verifying a signature of a signed message, said method comprising:
-
receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient; recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein the code in combination with the computing system is capable of performing a method for verifying a signature of a signed message, said method comprising:
-
receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient; recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion. - View Dependent Claims (17, 18, 19, 20)
-
Specification