[go: up one dir, main page]

WO1998013970A1 - Systeme et procede de transfert securise de texte en clair d'un premier emplacement a un second emplacement - Google Patents

Systeme et procede de transfert securise de texte en clair d'un premier emplacement a un second emplacement Download PDF

Info

Publication number
WO1998013970A1
WO1998013970A1 PCT/US1997/017420 US9717420W WO9813970A1 WO 1998013970 A1 WO1998013970 A1 WO 1998013970A1 US 9717420 W US9717420 W US 9717420W WO 9813970 A1 WO9813970 A1 WO 9813970A1
Authority
WO
WIPO (PCT)
Prior art keywords
client station
station
clearing
identification information
client
Prior art date
Application number
PCT/US1997/017420
Other languages
English (en)
Inventor
Jon W. Parsons
Gary L. Anderson
Original Assignee
Wallenstein & Wagner, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wallenstein & Wagner, Ltd. filed Critical Wallenstein & Wagner, Ltd.
Priority to AU45999/97A priority Critical patent/AU4599997A/en
Publication of WO1998013970A1 publication Critical patent/WO1998013970A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering

Definitions

  • the present invention relates to data transfer via a data transport network (the Network) , such as a TCP/IP network.
  • the TCP/IP network may be SMTP
  • the present invention relates more particularly to a system and method which provides authentication, non-repudiation, message integrity, confidentia- lity, and time/date stamping of such data transfer.
  • a network such as an SMTP capable transport over a TCP/IP network.
  • the system comprises a first client station at the first location a second client station at the second location and a clearing station storing key encryption identification information for the second client station.
  • Means are provided for communicatively coupling each of the stations to the network.
  • To transfer the plaindata means associated with the first client station requests the second client station key encryption identification information from the clearing station via the network.
  • Means responsive to the first client station request transfers the second client station key encryption identification information from the clearing station to the first client station via the network.
  • Means associated with the first client station encrypts the plaindata to form cipherdata utilizing the second client station key encryption identification information. Means then transfers the cipherdata from the first client station to the second client station via the network.
  • Means transfers transmit confirmation information from the first client station to the clearing station.
  • the transmit confirmation information indicates to the clearing station that the first client station transmitted the cipherdata to the second client station.
  • Means associated with the second client station decrypts the received cipherdata, and means transfers acknowledgement informa- tion from the second client station to each of the first client station and the clearing station.
  • the acknowledgement information confirms to the first client station and the clearing station that the second client station received the message.
  • the clearing station stores key encryption identification information for the first client station and that the system includes means associated with the second client station for requesting the first client station public key encryption identification information from the clearing station and means responsive to the request for transferring the first client station public key encryption identification information to the second client station.
  • the transmit confirmation information comprises a message number uniquely relating to the plaindata.
  • the transmit confirmation information comprises a digest of the plaindata.
  • the transmit confirmation information comprises the entire plaindata.
  • the clearing station includes means for providing an audit report of messages sent from the first client station to the second client station.
  • the system includes encryption key management, including means for updating encryption identification information.
  • Figure 1 is a block diagram of a first embodiment of the present invention
  • Figure 2 is a block diagram of an expanded embodiment of the present invention
  • FIG. 3 is a block diagram of a still further expanded embodiment of the present invention.
  • This invention is susceptible of embodiments in many different forms, there is shown in the drawings and will herein be described in detail, preferred embodiments of the invention with the understanding that the present disclosure is to be considered as an exemplification of the principles of the invention and is not intended to limit the broad aspects of the invention to the embodiments illustrated.
  • a system, generally designated 10, for secure- ly transferring plaindata from a first location 12 to a second location 14 is disclosed in Figure 1.
  • plaindata means data in its state prior to encryption.
  • plaindata is unencrypted, although it is conceivable that encrypted data could be subject to further encryption, and thus such encrypted data would be plaindata.
  • the plaindata is first encapsulated, using a conventional MIME header and trailer.
  • the encapsulated plaindata is then transferred via a data transport network, such as a TCP/IP (Transport Control Protocol/Internet Protocol) network, re- ferred to herein as internet 16.
  • the network may be SMTP (Simple Mail Transport Protocol) , or conventional e-mail) .
  • the plaindata can be transferred via HTTP (Hypertext Transport Protocol) , FTP (File Transfer Protocol) , direct IP socket connections, or the like.
  • the system comprises a first client station 18 at the first location and a second client station 20 at the second location.
  • the first client sta- tion 18 and the second client station 20 are anticipated to be conventional personal computers, or PC's, having respective modems (not specifically shown) connected to a conventional telephone network.
  • the connection to the telephone network may be direct, or over a network such as a local area networ .
  • the system 10 further includes a clearing station 24.
  • the clearing station 24 can also be a conventional PC having a modem connecting the clearing station 24 via a telephone network to the internet 16.
  • the first number is commonly referred to as a public key and the second number is commonly referred to as a private key.
  • An entity maintains its private key private, as the name suggests, and makes its public key known to those needing it. If the first entity is to send plaindata to a second entity, the first entity encrypts the plaindata into cipherdata using the second entity's public key. The second entity then decrypts the received cipherdata into plaindata using its own private key. Thus once plaindata is encrypted with the second entity's public key, only the holder of the second entity's private key can decrypt the cipherdata.
  • a more complete discussion of data encryption schemes can be found in Computer Communication Security, by Warwick Ford, Prentiss-Hall, 1994. Another reference is Applied Cryptography, by Bruce Schneier, published by Counterpane Systems, Oak Park, IL.
  • the clearing station 24 stores key encryption identification information for the second client station.
  • the key encryption identification infor- mation would be the second client station's only key, if symmetric encoding was being utilized, or the key encryption identification information would be the second client station's public key, if asymmetric encoding was being utilized.
  • each of the stations 18, 20, 24 is communicatively coupled to the internet 16.
  • Soft- ware operable by the first client station 18 causes the first client station 18 to contact the clearing station 24 via the internet 16 and requests the second client station key encryption identification information from the clearing station 24.
  • the clearing station 24 automatically responds to the first client station request and transfers the second client station key encryption identification information from the clearing station 24 to the first client station 18 via the internet 16.
  • the first client station 18 then encrypts the plaindata to be sent to the second client station 20 to form cipherdata. This encryption utilizes the second client station key encryption identification information.
  • the first client station 18 then automatically transfers the cipherdata from the first client station 18 to the second client station 20 via the internet 16.
  • the first client station 18 automatically transfers transmit confirmation information from the first client station 18 to the clearing station 24.
  • the transmit confirmation information indicates to the clearing station 24 that the first client station 18 transmitted the cipherdata to the second client station 20.
  • the second client station 20 After the second client station 20 receives the cipherdata from the first client station 18, the second client station utilizes conventional software to decrypt the received cipherdata. In addition, the second client station 20 automatically transfers acknowledgement information from the second client 20 station to each of the first client station 18 and the clearing station 24. The acknowledgement information confirms to the first client station 18 and the clearing station 24 that the second client station 20 received the plain- data. This provides for bi-lateral non-repudiation of the message.
  • the clearing station 24 stores key encryption identification information for the first client station 18. Accordingly the second client station 20 would automatically request the first client station key encryption identification information from the clearing station 24 and the clearing station 24 would respond to the request and transfer the first client station key encryption identification information to the second client station 20. The second client station 20 would use the first client station key encryption identification information to unencrypt the message digest of the cypherdata from the first client station 18. The first client station key encryption identification information is also used by the second client station 20 to encrypt any plaindata the second client station 20 would- send in response to the first client station 18.
  • the transmit confirmation information may comprise a message number uniquely relating to the plaindata. Alternatively the transmit confirmation information may comprise a digest of the plaindata. Still alternatively, the transmit confirmation information may comprise the entire plaindata.
  • the key identification information stored at the clearing station 24, and hence provided to the client stations can be updated. Additionally, the key identification information stored at the clearing station 24, and hence provided to the client stations, can be automatically updated on a periodic basis .
  • the clearing station 24 providing an audit report of messages sent from the first client station 18 to the second client station 20.
  • a digital certificate can be used with asymmetric encryption to authenticate both that the identified sender is in fact the true sender and that the message was not altered.
  • the sender utilizes a "hashing algorithm" (typically either MD-3 or MD-5 protocols) to transform plaindata to be sent into a "message digest.”
  • the "message digest” is then encrypted by the sender using the sender's private key.
  • the encrypted message digest is called the digital certificate, and is attached to the encrypted message and sent to the receiver.
  • the receiver uses the receiver's private key to decrypt the encrypted message.
  • the receiver also uses the sen- der's public key to decrypt the encrypted message digest, and then uses the hashing function to reform the decrypted message digest to the original message. If the message as reformed from the message digest is the same as the decrypted message as sent, then one knows that the true sender sent the message .
  • a certificate authority 34 such as Verisign, Inc., of Mountain View, California, creates and manages digital certificates and signatures.
  • Verisign, Inc. of Mountain View, California.
  • the particulars of a certificate authority are discussed by Ford, referenced above.
  • first and second clearing stations 24, 24', and their respective first, second, third and fourth client stations 18, 20, 18', 20' are interconnected by an internet connection between the respective clearing stations 24, 24' .
  • the first client station 18 of the first clearing station 24 desires to transfer plaindata to the fourth client station 20' of the second clearing station 24'
  • the first client station 18 requests the key identification information of the fourth client station 20' via the first and second clearing stations 24, 24' .
  • both clearing stations are required to get the key identification information to the first client station 24.
  • the plaindata is transferred as discussed above, utilizing the first clearing station for verification.
  • first and second clearing stations 24, 24', and their respective first, second, third and fourth client stations 18, 20, 18', 20' are interconnected by a commerce broker 36 between the respective clearing stations 24, 24'.
  • the commerce broker 36 is utilized when a direct connection between clearing stations is not desired, such as when a bank's computer and a bulletin board service are each "clearing stations", and the bank does not want a direct connection with the bulletin board service. Accordingly, a mutually trusted entity is selected to act as the commerce broker 36.
  • the system 10 operates in conjunction with conventional Windows ® based software products, such as accounting systems, spreadsheets, word processing, inventory control, e-mail, or the like, using Windows ® API (application program interface) .
  • Windows ® API application program interface

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un système permettant le transfert sécurisé de texte (10) en clair d'un premier emplacement (12) à un second emplacement (14). Ce système comporte un premier ordinateur (18) au premier emplacement (12) et un second ordinateur (20) au second emplacement (14), le premier ordinateur (18) et le second ordinateur (20) étant connectés à Internet (16). Par l'intermédiaire d'Internet (16), lesdits ordinateurs sont connectés à une station (24) de compensation et en dernier ressort à une autorité (34) d'authentification. De plus, lesdits ordinateurs sont connectés par l'intermédiaire d'Internet (16) à une passerelle (31) de réseau privé, à un réseau (32) privé à valeur ajoutée, et à un client (30) de réseau à valeur ajoutée existant.
PCT/US1997/017420 1996-09-26 1997-09-26 Systeme et procede de transfert securise de texte en clair d'un premier emplacement a un second emplacement WO1998013970A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU45999/97A AU4599997A (en) 1996-09-26 1997-09-26 A system and method for securely transferring plaindata from a first location to a second location

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US72165496A 1996-09-26 1996-09-26
US08/721,654 1996-09-26

Publications (1)

Publication Number Publication Date
WO1998013970A1 true WO1998013970A1 (fr) 1998-04-02

Family

ID=24898776

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/017420 WO1998013970A1 (fr) 1996-09-26 1997-09-26 Systeme et procede de transfert securise de texte en clair d'un premier emplacement a un second emplacement

Country Status (2)

Country Link
AU (1) AU4599997A (fr)
WO (1) WO1998013970A1 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000008909A3 (fr) * 1998-08-13 2000-11-16 Ibm Systeme pour suivre l'utilisation de contenus electroniques par un utilisateur final
US6389403B1 (en) 1998-08-13 2002-05-14 International Business Machines Corporation Method and apparatus for uniquely identifying a customer purchase in an electronic distribution system
US6611812B2 (en) 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US6834110B1 (en) 1999-12-09 2004-12-21 International Business Machines Corporation Multi-tier digital TV programming for content distribution
US6859791B1 (en) 1998-08-13 2005-02-22 International Business Machines Corporation Method for determining internet users geographic region
US6959288B1 (en) 1998-08-13 2005-10-25 International Business Machines Corporation Digital content preparation system
US6978375B1 (en) 2000-09-08 2005-12-20 International Business Machines Corporation System and method for secure authentication of external software modules provided by third parties
US6983371B1 (en) 1998-10-22 2006-01-03 International Business Machines Corporation Super-distribution of protected digital content
AU2003227202B2 (en) * 1998-08-13 2006-08-10 Wistron Corporation System for Tracking End-user Electronic Content Usage
US7110984B1 (en) 1998-08-13 2006-09-19 International Business Machines Corporation Updating usage conditions in lieu of download digital rights management protected content
US7277870B2 (en) 1999-12-09 2007-10-02 International Business Machines Corporation Digital content distribution using web broadcasting services

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4182933A (en) * 1969-02-14 1980-01-08 The United States Of America As Represented By The Secretary Of The Army Secure communication system with remote key setting
US4578532A (en) * 1981-06-11 1986-03-25 Siemens Aktiengesellschaft Method and apparatus for code transmission
US4866707A (en) * 1987-03-03 1989-09-12 Hewlett-Packard Company Secure messaging systems
US5146497A (en) * 1991-02-27 1992-09-08 Motorola, Inc. Group rekey in a communication system
US5150408A (en) * 1991-02-27 1992-09-22 Motorola, Inc. Key distribution communication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4182933A (en) * 1969-02-14 1980-01-08 The United States Of America As Represented By The Secretary Of The Army Secure communication system with remote key setting
US4578532A (en) * 1981-06-11 1986-03-25 Siemens Aktiengesellschaft Method and apparatus for code transmission
US4866707A (en) * 1987-03-03 1989-09-12 Hewlett-Packard Company Secure messaging systems
US5146497A (en) * 1991-02-27 1992-09-08 Motorola, Inc. Group rekey in a communication system
US5150408A (en) * 1991-02-27 1992-09-22 Motorola, Inc. Key distribution communication system

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6859791B1 (en) 1998-08-13 2005-02-22 International Business Machines Corporation Method for determining internet users geographic region
US7206748B1 (en) 1998-08-13 2007-04-17 International Business Machines Corporation Multimedia player toolkit for electronic content delivery
US6345256B1 (en) 1998-08-13 2002-02-05 International Business Machines Corporation Automated method and apparatus to package digital content for electronic distribution using the identity of the source content
US6389538B1 (en) 1998-08-13 2002-05-14 International Business Machines Corporation System for tracking end-user electronic content usage
US6389403B1 (en) 1998-08-13 2002-05-14 International Business Machines Corporation Method and apparatus for uniquely identifying a customer purchase in an electronic distribution system
US6398245B1 (en) 1998-08-13 2002-06-04 International Business Machines Corporation Key management system for digital content player
US6418421B1 (en) 1998-08-13 2002-07-09 International Business Machines Corporation Multimedia player for an electronic content delivery system
US6574609B1 (en) 1998-08-13 2003-06-03 International Business Machines Corporation Secure electronic content management system
US6587837B1 (en) 1998-08-13 2003-07-01 International Business Machines Corporation Method for delivering electronic content from an online store
AU763380B2 (en) * 1998-08-13 2003-07-24 Level 3 Communications, LLC. System for tracking end-user electronic content usage
US6611812B2 (en) 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US7590866B2 (en) 1998-08-13 2009-09-15 International Business Machines Corporation Super-distribution of protected digital content
US6263313B1 (en) 1998-08-13 2001-07-17 International Business Machines Corporation Method and apparatus to create encoded digital content
US7487128B2 (en) 1998-08-13 2009-02-03 International Business Machines Corporation Updating usage conditions in lieu of download digital rights management protected content
WO2000008909A3 (fr) * 1998-08-13 2000-11-16 Ibm Systeme pour suivre l'utilisation de contenus electroniques par un utilisateur final
US6959288B1 (en) 1998-08-13 2005-10-25 International Business Machines Corporation Digital content preparation system
AU2003227202B2 (en) * 1998-08-13 2006-08-10 Wistron Corporation System for Tracking End-user Electronic Content Usage
US7110984B1 (en) 1998-08-13 2006-09-19 International Business Machines Corporation Updating usage conditions in lieu of download digital rights management protected content
SG130009A1 (en) * 1998-08-13 2007-03-20 Ibm System for tracking end-user electronic content usage
US7269564B1 (en) 1998-08-13 2007-09-11 International Business Machines Corporation Method and apparatus to indicate an encoding status for digital content
US6983371B1 (en) 1998-10-22 2006-01-03 International Business Machines Corporation Super-distribution of protected digital content
US7277870B2 (en) 1999-12-09 2007-10-02 International Business Machines Corporation Digital content distribution using web broadcasting services
US6834110B1 (en) 1999-12-09 2004-12-21 International Business Machines Corporation Multi-tier digital TV programming for content distribution
US6978375B1 (en) 2000-09-08 2005-12-20 International Business Machines Corporation System and method for secure authentication of external software modules provided by third parties
US7500109B2 (en) 2000-09-08 2009-03-03 International Business Machines Corporation System and method for secure authentication of external software modules provided by third parties

Also Published As

Publication number Publication date
AU4599997A (en) 1998-04-17

Similar Documents

Publication Publication Date Title
US10693531B2 (en) Secure end-to-end transport through intermediary nodes
US6988199B2 (en) Secure and reliable document delivery
Zhou et al. Evidence and non-repudiation
JP3745228B2 (ja) 機密性、保全性、および発信源認証性を備えたメッセージ識別
US5978918A (en) Security process for public networks
US5509071A (en) Electronic proof of receipt
US8301892B2 (en) Secure instant messaging system
JP4913044B2 (ja) ネットワークを用いて送り側と受け側との間でデータを暗号化し移送する方法
US8824674B2 (en) Information distribution system and program for the same
US20060053280A1 (en) Secure e-mail messaging system
CA2295150A1 (fr) Transmission de donnees
CN1316147A (zh) 在连接到互联网的移动通信系统中用户信息的保密装置及其方法
CN1747379B (zh) 加密设备
WO1998013970A1 (fr) Systeme et procede de transfert securise de texte en clair d'un premier emplacement a un second emplacement
WO2001030016A2 (fr) Procede permettant d'empecher des parties de denoncer apres coup une transaction executee avec une tierce partie de confiance
JP2000031957A (ja) 通信システム
EP1437024B1 (fr) Procede et dispositif pour reseau de telecommunications
Al-Hammadi et al. Certified exchange of electronic mail (CEEM)
WO2001025883A2 (fr) Procede permettant d'empecher des parties executant une transaction de se dedire par la suite sans tierce partie de confiance
JP2005217808A (ja) 情報処理装置及び電子文章の封印方法
EP1357697B1 (fr) Communication sécurisée via l'Internet
JP3796528B2 (ja) 内容証明を行う通信システムおよび内容証明サイト装置
WO2002046861A2 (fr) Systemes et procedes permettant de communiquer dans un environnement commercial
KR20030012165A (ko) 이메일 시스템 기반의 문서 수발신 서비스 제공 시스템 및그 방법
WO2005053254A1 (fr) Modele de message securise

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1998515986

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA