IMPLEMENTING NONREPUDIATION AND AUDIT USING AUTHENTICATION ASSERTIONS AND KEY SERVERS

US 20040151323A1
Filed: 11/25/2003
Published: 08/05/2004
Est. Priority Date: 04/25/2000
Status: Active Grant

First Claim

Patent Images

1. A method for a transaction source and a transaction target to exchange a transaction that cannot be repudiated, the method comprising:

(a) receiving a first request for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;

(b) verifying said source authentication assertion;

(c) storing said transaction identifier and information from said source authentication assertion, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction;

(d) providing said transaction identifier in reply to said first request so that the transaction and said transaction identifier can be sent to the transaction target;

(e) receiving a second request for a decryption key to decrypt the transaction once it has been received by the transaction target, wherein said second request includes said transaction identifier and a target authentication assertion;

(f) verifying said target authentication assertion;

(g) storing information from said target authentication assertion with the transaction identifier; and

(h) providing said decryption key in reply to said second request so that the transaction can be decrypted, thereby establishing information making the transaction target unable to plausibly repudiate being a recipient of the transaction.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system (410) wherewith sources (414) and targets (416) employ a key server (420) to exchange transactions (424). A first request to the key server includes a source assertion (422) from an authentication authority (418), and optionally a key (430). The key server provides a transaction ID (428), and the key if not already provided, in reply to this request. The key server stores the transaction ID and source assertion. The source encrypts the transaction and sends it with the transaction ID to the targets. A second request to the key server includes a target assertion and the transaction ID. The key server provides the key in reply to this request. The key server also stores the target assertion in association with the transaction ID. The respective assertions then establish the source and targets of the transaction in a manner that cannot plausibly be repudiated.

115 Citations

View as Search Results

27 Claims

1. A method for a transaction source and a transaction target to exchange a transaction that cannot be repudiated, the method comprising:
- (a) receiving a first request for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
  
  (b) verifying said source authentication assertion;
  
  (c) storing said transaction identifier and information from said source authentication assertion, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction;
  
  (d) providing said transaction identifier in reply to said first request so that the transaction and said transaction identifier can be sent to the transaction target;
  
  (e) receiving a second request for a decryption key to decrypt the transaction once it has been received by the transaction target, wherein said second request includes said transaction identifier and a target authentication assertion;
  
  (f) verifying said target authentication assertion;
  
  (g) storing information from said target authentication assertion with the transaction identifier; and
  
  (h) providing said decryption key in reply to said second request so that the transaction can be decrypted, thereby establishing information making the transaction target unable to plausibly repudiate being a recipient of the transaction.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said step (d) includes also providing an encryption key to encrypt the transaction.
  - 3. The method of claim 1, the method further comprising:
    - (i) receiving an information request for source information about the transaction source, wherein said information request includes said transaction identifier;
      
      (j) retrieving at least some of said information from said source authentication assertion stored in said step (c) with said transaction identifier and determining said source information therefrom; and
      
      (k) providing said source information in reply to said information request.
  - 4. The method of claim 1, the method further comprising:
    - (i) receiving an information request for target information, wherein said information request includes said transaction identifier and information identifying the transaction target;
      
      (j) determining if said information identifying the transaction target matches with any said information from said target authentication assertion stored with the transaction identifier stored in said step (g) and determining said target information therefrom; and
      
      (k) providing said target information in reply to said information request.

5. A method for establishing a transaction as nonrepudiate able by a transaction source that is the origin of the transaction, the method comprising:
- (a) receiving a request for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
  
  (b) verifying said source authentication assertion;
  
  (c) storing said transaction identifier and information from said source authentication assertion; and
  
  (d) providing said transaction identifier in reply to said request, thereby establishing information making the transaction source unable to plausibly repudiate being the origin of the transaction.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The method of claim 5, wherein said step (d) includes also providing an encryption key to encrypt the transaction.
  - 7. The method of claim 5, the method further comprising:
    - (e) receiving an information request for source information about the transaction source, wherein said information request includes said transaction identifier;
      
      (f) retrieving at least some of said information from said source authentication assertion stored in said step (c) with said transaction identifier and determining said source information therefrom; and
      
      (g) providing said source information in reply to said information request.
  - 8. The method of claim 7, wherein said source information indicates who the transaction source actually is.
  - 9. The method of claim 7, wherein:
    - said information request received in said step (e) also includes information identifying a party believed to be the transaction source; and
      
      said source information provided in said step (g) indicates merely whether said party is the transaction source, thereby responding to said information request without specifically identifying the transaction source.
  - 10. The method of claim 7, wherein:
    - said step (c) includes also storing a decryption key usable to decrypt the transaction; and
      
      said step (g) includes also providing said decryption key, thereby facilitating decryption of the transaction by a party making said information request even when said party is not the transaction source or a target of the transaction.
  - 11. The method of claim 7, wherein:
    - said information request received in said step (e) also includes the transaction; and
      
      said step (g) includes decrypting the transaction before providing said source information in reply to said information request.
  - 12. The method of claim 11, wherein:
    - said information request received in said step (e) also includes information identifying a party believed to be the transaction source; and
      
      said source information provided in said step (g) indicates merely whether said party is the transaction source, thereby responding to the second request without specifically identifying the transaction source.
  - 13. The method of claim 11, wherein said step (g) includes also providing the transaction in decrypted form in said reply to said information request, thereby facilitating a party making said information request being able to confirm the content of the transaction even when said party is not the transaction source or a target of the transaction.

14. A method for establishing a transaction as nonrepudiate able by a transaction target that is a recipient of the transaction, wherein a transaction identifier identifying the transaction and a decryption key usable to decrypt the transaction have been pre-stored, the method comprising:
- (a) receiving a request for the decryption key, wherein said request includes the transaction identifier and a target authentication assertion;
  
  (b) verifying said target authentication assertion;
  
  (c) storing information from said target authentication assertion with the transaction identifier; and
  
  (d) providing the decryption key in reply to said request, thereby establishing information making the transaction target unable to plausibly repudiate being a recipient of the transaction.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, the method further comprising:
    - (e) receiving an information request for target information, wherein said information request includes said transaction identifier and information identifying the transaction target;
      
      (f) retrieving at least some of said information from said target authentication assertion stored in said step (c) with said transaction identifier and determining said target information therefrom; and
      
      (g) providing said target information in reply to said information request.
  - 16. The method of claim 15, wherein:
    - said step (g) includes also providing said decryption key, thereby facilitating decryption of the transaction by a party making said information request even when said party is not the transaction source or a transaction target.
  - 17. The method of claim 15, wherein:
    - said information request received in said step (e) also includes the transaction; and
      
      said step (g) includes decrypting the transaction before providing said identity information.
  - 18. The method of claim 17, wherein said step (g) includes also providing the transaction in decrypted form in said reply to said information request, thereby facilitating a party making said information request being able to confirm the content of the transaction even when said party is not the transaction source or a transaction target.

19. A system for a transaction source and a transaction target to exchange a transaction that cannot be repudiated, comprising:
- a computerized key server;
  
  said key server suitable for receiving a first request via a network for a transaction identifier to identify the transaction, wherein said first request includes a source authentication assertion;
  
  said key server suitable for receiving a second request via said network for a decryption key usable to decrypt the transaction, wherein said second request includes said transaction identifier and a target authentication assertion;
  
  said key server suitable for verifying said source authentication assertion and said target authentication assertion;
  
  said key server suitable for storing said transaction identifier, information from said source authentication assertion, and information from said target authentication in association in a database;
  
  said key server suitable for providing a first reply to said first request via said network that includes said transaction identifier; and
  
  said key server suitable for providing a second reply to said second request via said network that includes said decryption key, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction and also making the transaction target unable to plausibly repudiate once it is provided said decryption key.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, wherein said key server is further suitable for providing an encryption key to encrypt the transaction in said first reply.
  - 21. The system of claim 19, wherein:
    - said key server is further suitable for receiving an information request for source information about the transaction source, wherein said information request includes said transaction identifier;
      
      said key server is further suitable for retrieving said information from said source authentication assertion stored with said transaction identifier from said database and determining said source information therefrom; and
      
      said key server is further suitable for providing said source information in reply to said information request.
  - 22. The system of claim 19, wherein:
    - said key server is further suitable for receiving an information request for target, wherein said information request includes said transaction identifier and information identifying the transaction target;
      
      said key server is further suitable for determining if said information identifying the transaction target matches with any said information from said target authentication assertion stored with the transaction identifier and determining said target information therefrom; and
      
      said key server is further suitable for providing said target information in reply to said information request.

23. A system for establishing a transaction as nonrepudiate able by a transaction source that is the origin of the transaction, comprising:
- a computerized key server;
  
  said key server suitable for receiving a request via a network for a transaction identifier to identify the transaction, wherein said request includes a source authentication assertion;
  
  said key server suitable for verifying said source authentication assertion;
  
  said key server suitable for storing said transaction identifier and information from said source authentication assertion in a database; and
  
  said key server suitable for providing a reply via said network that includes said transaction identifier, thereby establishing information making the transaction source unable to plausibly repudiate once it encrypts and sends the transaction.
- View Dependent Claims (24, 25)
- - 24. The system of claim 23, wherein said key server is further suitable for providing an encryption key to encrypt the transaction in said reply.
  - 25. The system of claim 23, wherein:
    - said key server is further suitable for receiving an information request for source information about the transaction source, wherein said information request includes said transaction identifier;
      
      said key server is further suitable for retrieving information from said source authentication assertion stored with said transaction identifier from said database, and determining said source information therefrom; and
      
      said key server is further suitable for providing said source information in reply to said information request.

26. A system for establishing a transaction as nonrepudiate able by a transaction target that is a recipient of the transaction, wherein a transaction identifier identifying the transaction and a decryption key usable to decrypt the transaction have been pre-stored in a database, comprising:
- a computerized key server;
  
  said key server suitable for receiving a request via a network for the decryption key, wherein said request includes the transaction identifier and a target authentication assertion;
  
  said key server suitable for verifying said target authentication assertion;
  
  said key server suitable for storing information from said target authentication assertion with the transaction identifier in the database; and
  
  said key server suitable for providing a reply via said network that includes the decryption key, thereby establishing information making the transaction target unable to plausibly repudiate.
- View Dependent Claims (27)
- - 27. The system of claim 26, wherein:
    - said key server is further suitable for receiving an information request for target information, wherein said information request includes said transaction identifier and information identifying the transaction target;
      
      said key server is further suitable for retrieving at least some of said information from said target authentication assertion stored with said transaction identifier and determining said target information therefrom; and
      
      said key server is further suitable for providing said target information in reply to said information request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Secure Data In Motion, Inc. (Proofpoint Incorporated)
Inventors
Olkin, Terry M., Moreh, Jahanshah

Granted Patent

US 7,376,835 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/280
CPC Class Codes

G06Q 20/401   Transaction verification

H04L 51/23   Reliability checks, e.g. ac...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

IMPLEMENTING NONREPUDIATION AND AUDIT USING AUTHENTICATION ASSERTIONS AND KEY SERVERS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

IMPLEMENTING NONREPUDIATION AND AUDIT USING AUTHENTICATION ASSERTIONS AND KEY SERVERS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links