Compact attribute for cryptographically protected messages

US 8,782,397 B2
Filed: 01/06/2011
Issued: 07/15/2014
Est. Priority Date: 01/06/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for verifying a signature of a signed message, said method comprising:

receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;

recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and

validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and associated method for verifying a signature of a signed message having a compact attribute. Components of the compact attribute of the signed message appear in a predefined order within the compact attribute, and are identified by an object identifier associated with the compact attribute. A processing flag and a security assertion are among the components of the compact message. The processing flag directs rules to process the security assertion. The security assertion is made by an authority trusted by both a sender and a recipient of the signed message. The recipient validates the signature of the signed message based on the processing flag and the security assertion recovered from the compact attribute.

38 Citations

View as Search Results

20 Claims

1. A method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and
  
  validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is valid; and
      
      after said determining that the signature of the signed message is valid, accepting the signature of the signed message as valid.
  - 3. The method of claim 1, said validating comprising:
    - determining that the key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 4. The method of claim 1, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 5. The method of claim 1, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is invalid; and
      
      after said determining that the signature of the signed message is invalid, rejecting the signature of the signed message as invalid.

6. A computer program product comprising:
- a computer readable storage device having a computer readable program code embodied therein, said computer readable program code containing instructions that perform a method for verifying a signature of a signed message, said method comprising;
  
  receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and
  
  validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product of claim 6, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is valid; and
      
      after said determining that the signature of the signed message is valid, accepting the signature of the signed message as valid.
  - 8. The computer program product of claim 6, said validating comprising:
    - determining that the key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 9. The computer program product of claim 6, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 10. The computer program product of claim 6, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is invalid; and
      
      after said determining that the signature of the signed message is invalid, rejecting the signature of the signed message as invalid.

11. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and
  
  validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer system of claim 11, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is valid; and
      
      after said determining that the signature of the signed message is valid, accepting the signature of the signed message as valid.
  - 13. The computer system of claim 11, said validating comprising:
    - determining that the key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 14. The computer system of claim 11, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 15. The computer system of claim 11, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is invalid; and
      
      after said determining that the signature of the signed message is invalid, rejecting the signature of the signed message as invalid.

16. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein the code in combination with the computing system is capable of performing a method for verifying a signature of a signed message, said method comprising:
- receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising a plurality of content types, the content types appearing in a predefined order within the compact attribute, the content types being collectively identified by a single object identifier associated with the compact attribute, the compact attribute comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient;
  
  recovering the content types of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving, wherein said parsing comprises utilizing the predefined order of the content types within the compact attribute; and
  
  validating whether the signature of the signed message is valid based on the processing flag and the security assertion, wherein said validating comprises determining, via use of the rules, either that a key used in signing the security assertion identifies, or that the key does not identify, the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The process of claim 16, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is valid; and
      
      after said determining that the signature of the signed message is valid, accepting the signature of the signed message as valid.
  - 18. The process of claim 16, said validating comprising:
    - determining that the key used in signing the security assertion does not identify the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion; and
      
      rejecting the signature of the signed message as invalid.
  - 19. The process of claim 16, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      determining that a signature of the security assertion is invalid subsequent to determining that the key identifies the trusted authority; and
      
      rejecting the signature of the signed message as invalid.
  - 20. The process of claim 16, said validating comprising:
    - determining that the key used in signing the security assertion identifies the authority trusted by both the sender and the recipient as a result of examining the key used in signing the security assertion;
      
      after said determining that the key identifies the trusted authority, ascertaining that a signature of the security assertion is valid;
      
      after said ascertaining that the signature of the security assertion is valid, determining that the signature of the signed message is invalid; and
      
      after said determining that the signature of the signed message is invalid, rejecting the signature of the signed message as invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Arnold, Todd W., Griffin, Phillip H.
Primary Examiner(s)
Perungavoor, Venkat
Assistant Examiner(s)
RUPRECHT, CHRISTOPHER S

Application Number

US12/985,419
Publication Number

US 20120179903A1
Time in Patent Office

1,286 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

H04L 9/321 involving a third party or ...

H04L 9/3247 involving digital signatures

Compact attribute for cryptographically protected messages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Compact attribute for cryptographically protected messages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links