Portable security transaction protocol
First Claim
1. A computer-implemented method for providing message authenticity for a message by an originating user to a recipient'"'"'s computer, the method comprising the steps of:
- accepting, through the recipient'"'"'s computer, from the originating user;
(i) an encrypted authenticator component comprising authentication data and a user authentication key, wherein the user authentication key is displayed on an external device of the user,(ii) a message integrity component, and(iii) an encrypted key management component;
decrypting the key management component, through the recipient'"'"'s computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key;
decrypting the authenticator component, through the recipient'"'"'s computer, using the key which decrypts the user authentication key;
authenticating the user, through the recipient'"'"'s computer, using the authentication data;
accepting, through the recipient'"'"'s computer, a message comprising message data from the originating user'"'"'s computer; and
validating the message integrity component through the recipient'"'"'s computer using the message integrity key and the message data, thereby validating the message.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc. In general, the first data item will be a short alphanumeric string and the second data item will generally be much larger, e.g., a 128 bit sequence to be used principally for data authentication. According to another aspect of the present invention, consequential evidence of the transaction may be secured to provide after-the-fact evidence of the transaction. This evidence can include a message written to a tamper-resistant log record, the message including the transaction information, the first data item, the second item, and an identifier for the originating user, as well as other information. At a subsequent point, the transaction can be shown to have been sent by the originating user and received by the intended recipient, by consulting the log record. Preferably, the validity of the transaction would be ascertained by an independent, mutually trusted third party.
670 Citations
24 Claims
-
1. A computer-implemented method for providing message authenticity for a message by an originating user to a recipient'"'"'s computer, the method comprising the steps of:
-
accepting, through the recipient'"'"'s computer, from the originating user; (i) an encrypted authenticator component comprising authentication data and a user authentication key, wherein the user authentication key is displayed on an external device of the user, (ii) a message integrity component, and (iii) an encrypted key management component; decrypting the key management component, through the recipient'"'"'s computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key; decrypting the authenticator component, through the recipient'"'"'s computer, using the key which decrypts the user authentication key; authenticating the user, through the recipient'"'"'s computer, using the authentication data; accepting, through the recipient'"'"'s computer, a message comprising message data from the originating user'"'"'s computer; and validating the message integrity component through the recipient'"'"'s computer using the message integrity key and the message data, thereby validating the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for providing message authenticity for a message sent by an originating user to a recipient, comprising:
-
a computer-readable memory that stores, from the originating user, a message and a user authentication key used for authentication credentials representing the originating user and a message integrity key used for providing message integrity, wherein the user authentication key and the message integrity key are encrypted; and a processor communicatively coupled to the computer-readable memory, the processor programmed to perform actions by the recipient, comprising; accepting from the originating user; (i) an encrypted authenticator component comprising authentication data and a user authentication key which is displayed on an external device of the user, (ii) a message integrity component, and (iii) an encrypted key management component; decrypting the key management component, through the recipient'"'"'s computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key; decrypting the authenticator component using the key which decrypts the user authentication key; authenticating the user using the authentication data; accepting a message comprising message data from the originating user'"'"'s computer; and validating the message integrity component through the recipient'"'"'s computer using the message integrity key and the message data, thereby validating the message. - View Dependent Claims (20, 21)
-
-
22. A program storage device readable by a machine, tangibly embodying a program of instructions executable on the machine to perform method steps for providing end-to-end message authenticity for a message sent by an originating user to a recipient, the method steps, performed by the recipient, comprising:
-
accepting from the originating user; (i) an encrypted authenticator component comprising authentication data and a user authentication key which is displayed on an external device of the user, (ii) a message integrity component, and (iii) an encrypted key management component; decrypting the key management component, through the recipient'"'"'s computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key; decrypting the authenticator component using the key which decrypts the user authentication key; authenticating the user using the authentication data; accepting a message comprising message data from the originating user'"'"'s computer; and validating the message integrity component through the recipient'"'"'s computer using the message integrity key and the message data, thereby validating the message. - View Dependent Claims (23, 24)
-
Specification