Electronic signing methods, systems, and apparatus
First Claim
Patent Images
1. An apparatus comprising:
- a communication interface configured to physically locally connect the apparatus to a host computer; and
a data processing component adapted to provide a cryptographic processing result generated by cryptographically combining a cryptographic secret key with first input data;
wherebythe apparatus is adapted to present itself to said host computer, when it is connected to said host computer by the communication interface, as a mass storage device that an application on the host computer can access through a standard mass storage access mechanism for exchanging files;
the apparatus is adapted to generate an output file and the communication interface is adapted to return the output file to said host computer over said communication interface whereby said output file comprises the cryptographic processing result, and said host computer obtains said output file by reading said output file from the apparatus over said communication interface through a mechanism for reading files of said standard mass storage access mechanism; and
the apparatus is further adapted to generate a one-time password whereby said one-time password is comprised in said result of said cryptographically combining of said cryptographic secret key with said first input data and whereby said first input data comprises a dynamic variable; and
(1) whereby the apparatus further comprises a clock and said dynamic variable is based on a time value provided by the clock;
or(2) whereby the apparatus further comprises a first memory component to store a second variable and the apparatus is further adapted to determine a value of said dynamic variable as a function of said stored second variable and to update and store the value of the second variable when the value of the second variable has been used for said combining.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus, and systems for generating digital signatures are disclosed. An apparatus may present itself to a host computer as a mass storage device to provide cryptographic processing results through a standard mass storage access mechanism for exchanging files.
-
Citations
33 Claims
-
1. An apparatus comprising:
-
a communication interface configured to physically locally connect the apparatus to a host computer; and a data processing component adapted to provide a cryptographic processing result generated by cryptographically combining a cryptographic secret key with first input data;
wherebythe apparatus is adapted to present itself to said host computer, when it is connected to said host computer by the communication interface, as a mass storage device that an application on the host computer can access through a standard mass storage access mechanism for exchanging files; the apparatus is adapted to generate an output file and the communication interface is adapted to return the output file to said host computer over said communication interface whereby said output file comprises the cryptographic processing result, and said host computer obtains said output file by reading said output file from the apparatus over said communication interface through a mechanism for reading files of said standard mass storage access mechanism; and the apparatus is further adapted to generate a one-time password whereby said one-time password is comprised in said result of said cryptographically combining of said cryptographic secret key with said first input data and whereby said first input data comprises a dynamic variable; and (1) whereby the apparatus further comprises a clock and said dynamic variable is based on a time value provided by the clock;
or(2) whereby the apparatus further comprises a first memory component to store a second variable and the apparatus is further adapted to determine a value of said dynamic variable as a function of said stored second variable and to update and store the value of the second variable when the value of the second variable has been used for said combining. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for obtaining a digital signature over an electronic input file for use with an apparatus comprising a communication interface configured to physically locally connect the apparatus to a host computer, a user output interface for presenting outputs to a user of said apparatus, and a user input interface for capturing inputs from said user,
whereby the apparatus is adapted: -
to present itself to said host computer, when the apparatus is connected to said host computer, as a mass storage device that an application on the host computer can access through a standard mass storage access mechanism for reading and saving files; to receive said input file from said host computer over said communication interface; to recognize a format of at least one of a plurality of possible file type formats of said input file; to read said at least some contents of said input file; to present said at least some contents to said user by said user output interface; to capture from said user by said user input interface at least one of an approval or a rejection by said user of said at least some contents presented to the user; to generate said digital signature over said input file by applying to said input file a digital signature algorithm that is parameterized by a secret signature key; to generate and return an output file to said host computer over said communication interface whereby said output file comprises said digital signature over said input file; whereby at least one of the generation of said digital signature or the generation and return of said output file comprising said digital signature is conditional on the apparatus obtaining said approval; the method comprising the steps of; making at said host computer a connection with said apparatus; sending at said host computer said input file to the apparatus over said communication interface by saving the input file to the mass storage device presented by the apparatus using a method for saving files of said standard mass storage access mechanism; obtaining at said host computer said output file from the apparatus over said communication interface by reading the output file using a method for reading files of said standard mass storage access mechanism; retrieving said digital signature from said output file. - View Dependent Claims (18)
-
-
19. A system for generating a digital signature over an electronic input file comprising:
-
a host computer comprising a data processing component for running software applications, a connection mechanism for removably connecting at least one external peripheral device to the host computer said host computer adapted to; support a class of mass storage devices; recognize devices that are connected to said host computer through said connection mechanism as belonging to said class of mass storage devices if said devices advertise themselves as belonging to said class when they are connected to said host computer; support a standard mass storage access mechanism for reading and saving files to mass storage devices connected to the host computer through said connection mechanism and recognized by the host computer as belonging to said class of mass storage devices; offer said software applications a first method of said standard mass storage access mechanism to read files from said mass storage devices and a second method of said standard mass storage access mechanism to save files to said mass storage devices; the system further comprising; a signature apparatus comprising a communication interface configured to physically locally connect the signature apparatus to said host computer by said connection mechanism, a user output interface for presenting outputs to a user of said apparatus, and a user input interface for capturing inputs from said user, whereby said signature apparatus is adapted; to present itself to said host computer, when the signature apparatus is connected to said host computer, as belonging to said class of mass storage; to receive said input file from said host computer over said communication interface; to recognize a format of at least one of a plurality of possible file type formats of said input file; to read at least some contents of said input file; to present said at least some contents to said user by said user output interface; to capture from said user by said user input interface at least one of an approval or a rejection by said user of said at least some contents presented to the user; to generate said digital signature over said input file by, applying to said input file a digital signature algorithm that is parameterized by a secret signature key; to generate and return an output file to said host computer over said communication interface whereby said output file comprises said digital signature over said input file, whereby at least one of said generation of said digital signature or said generation and return of said output file comprising said digital signature is conditional on the apparatus obtaining said approval; and whereby; said signature apparatus is connected to said host computer through said communication interface and said connection mechanism; and said host computer is running a signature application adapted to; send said input file to the signature apparatus over said communication interface by saving the input file to the apparatus using said second method of said standard mass storage access mechanism for saving files; obtain at said host computer said output file from the signature apparatus over said communication interface by reading the output file using said first method of said standard mass storage access mechanism. - View Dependent Claims (20)
-
-
21. An apparatus comprising:
-
a communication interface configured to physically locally connect the apparatus to a host computer; and a data processing component adapted to provide a cryptographic processing result generated by cryptographically combining a cryptographic secret key with first input data; whereby the apparatus is adapted to present itself to said host computer, when it is connected to said host computer by the communication interface, as a mass storage device that an application on the host computer can access through a standard mass storage access mechanism for exchanging files; and the apparatus is adapted to generate an output file and the communication interface is adapted to return the output file to said host computer over said communication interface whereby said output file comprises the cryptographic processing result, and said host computer obtains said output file by reading said output file from the apparatus over said communication interface through a host computer mechanism for reading files of said standard mass storage access mechanism; and whereby the apparatus is further adapted to generate a digital signature over at least some contents of an input file whereby; said communication interface is further adapted to receive said input file from said host computer whereby said host computer sends the input file to the apparatus over said communication interface by saving the input file to the mass storage device presented by the apparatus through a host computer mechanism for saving files of said standard mass storage access mechanism; said first input data are based on a value that represents said at least some contents of the input file; and said digital signature is comprised in said result of said cryptographically combining of said cryptographic secret key with said first input data; and the apparatus further comprising a user output interface for presenting outputs to a user of said apparatus and a user input interface for capturing inputs from said user;
the apparatus further adapted to;recognize a format of at least one of a plurality of possible file type formats of said input file; read said at least some contents of said input file; present said at least some contents to said user by said user output interface; and capture from said user by said user input interface at least one of an approval or a rejection by said user of said at least some contents presented to the user; whereby said cryptographically combining of the secret key with the first data or said returning of the output file comprising the result of said cryptographically combining is conditional on the apparatus obtaining said approval. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification