System and method for secure unidirectional messaging
First Claim
1. A computer program product for use in conjunction with a computer system having a server and a client, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for secure unidirectional messaging, the program module including instructions for;
A. extracting, by the sender, an appropriate public key and matching destination address of a Recipient from a storage means that is trusted and has been verified;
B. extracting, by the sender, the senders own private signing key and certificate chain from a trusted storage means;
C. passing, by the sender, that extracted public key and matching destination address and private signing key and certificate chain information, and the data of the message along with the Recipient'"'"'s public enveloping key, and a fresh random data encryption key and fresh random OAEP padding seed to the Signed-Inside-Enveloped-Data cryptographic primitive to construct a secure unidirectional message;
D. sending, by the sender, the constructed secure unidirectional message;
E. receiving, by the Recipient, the message;
F. extracting, by the Recipient, its own private key from a secure storage means and decrypting the public key encryption;
G. extracting, by the Recipient, the data encryption key, and decrypting the data which is digitally signed; and
H. verifying the signature of the data and the certificate chain of the Sender;
I. wherein this is done using the same cryptographic primitive that is the same as the cryptographic primitive used with at least a secure session protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
System, method, signal, operating model, and computer program for electronic messaging. Systems and method for providing security for communication of electronic messages, interactive sessions, software downloads, software upgrades, and other content from a source to a receiving device as well as signals used for such communications. Systems, methods, signals, device architectures, data formats, and computer program structures for providing authentication, integrity, confidentiality, non-repudiation, replay protection, and other security properties while minimizing the network bandwidth, computational resources, and manual user interactions required to install, enable, deploy and utilize these security properties. System, device, method, computer program, and computer program product for searching and selecting data and control elements in message procedural/data sets for automatic and complete portrayal of message to maintain message intent. System, device, method, computer program, and computer program product for adapting content for sensory and physically challenged persons using embedded semantic elements in a procedurally based message file.
190 Citations
22 Claims
-
1. A computer program product for use in conjunction with a computer system having a server and a client, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for secure unidirectional messaging, the program module including instructions for;
A. extracting, by the sender, an appropriate public key and matching destination address of a Recipient from a storage means that is trusted and has been verified;
B. extracting, by the sender, the senders own private signing key and certificate chain from a trusted storage means;
C. passing, by the sender, that extracted public key and matching destination address and private signing key and certificate chain information, and the data of the message along with the Recipient'"'"'s public enveloping key, and a fresh random data encryption key and fresh random OAEP padding seed to the Signed-Inside-Enveloped-Data cryptographic primitive to construct a secure unidirectional message;
D. sending, by the sender, the constructed secure unidirectional message;
E. receiving, by the Recipient, the message;
F. extracting, by the Recipient, its own private key from a secure storage means and decrypting the public key encryption;
G. extracting, by the Recipient, the data encryption key, and decrypting the data which is digitally signed; and
H. verifying the signature of the data and the certificate chain of the Sender;
I. wherein this is done using the same cryptographic primitive that is the same as the cryptographic primitive used with at least a secure session protocol.
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for secure unidirectional messaging, the program module including instructions for;
-
2. A hardware architecture neutral and operating system neutral and network transport neutral method for secure unidirectional messaging using less software code and network bandwidth than conventional systems, said method comprising:
-
A. extracting, by the sender, an appropriate public key and matching destination address of a Recipient from a storage means that is trusted and has been verified;
B. extracting, by the sender, the sender'"'"'s own private signing key and certificate chain from a trusted storage means;
C. passing, by the sender, that extracted public key and matching destination address and private signing key and certificate chain information, and the data of the message along with the Recipient'"'"'s public enveloping key, and a fresh random data encryption key and fresh random OAEP padding seed to the Signed-Inside-Enveloped-Data cryptographic primitive to construct a secure unidirectional message;
D. sending, by the sender, the constructed secure unidirectional message;
E. receiving, by the Recipient, the message;
F. extracting, by the Recipient, its own private key from a secure storage means and decrypting the public key encryption;
G. extracting, by the Recipient, the data encryption key, and decrypting the data which is digitally signed; and
H. verifying the signature of the data and the certificate chain of the Sender;
I. wherein this is done using the same cryptographic primitive that is the same as the cryptographic primitive used with at least a secure session protocol. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22)
-
-
17. A method for secure unidirectional messaging from a sender to a recipient, said method comprising:
-
obtaining, by the sender, a public key and destination address of a message recipient and the senders own private signing key and certificate chain from one or more trusted source;
passing, by the sender, the extracted public key and matching destination address and private signing key and certificate chain information, and the data of an intended message along with the recipient'"'"'s public enveloping key and a random data encryption key and random padding seed to a cryptographic primitive; and
constructing, by the sender, a secure unidirectional message there from.
-
Specification