WO2002048848A2 - Method and appartus for delegating digital signatures to a signature server - Google Patents
Method and appartus for delegating digital signatures to a signature server Download PDFInfo
- Publication number
- WO2002048848A2 WO2002048848A2 PCT/US2001/048266 US0148266W WO0248848A2 WO 2002048848 A2 WO2002048848 A2 WO 2002048848A2 US 0148266 W US0148266 W US 0148266W WO 0248848 A2 WO0248848 A2 WO 0248848A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- signature server
- item
- server
- signature
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 50
- 238000013475 authorization Methods 0.000 claims description 21
- 230000007246 mechanism Effects 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 7
- 238000012217 deletion Methods 0.000 claims 1
- 230000037430 deletion Effects 0.000 claims 1
- 230000004044 response Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 17
- 230000008520 organization Effects 0.000 description 12
- 230000008859 change Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Definitions
- the present invention relates to providing security in distributed computer systems. More specifically, the present invention relates to a method and an apparatus for delegating operations involved in providing digital signatures to a digital signature server.
- Digital signatures have the potential to revolutionize electronic commerce. By using digital signatures it is possible to provide support for non-repudiation of transactions that take place across a network. It is also possible to facilitate strong authentication between unknown parties in a transaction.
- the current model requires the existing certificate to be revoked because the existing certificate was attached to a certain authorization level. Because people frequently change their roles, this can increase the overhead of the public key infrastructure (PKI) management system.
- PKI public key infrastructure
- authorization is controlled by the application server, which means that the authorization database at the remote server has to be kept up to date with changes within the enterprise. Controlling authorization at the application server is error- prone, and the application server is difficult to keep in sync all the time. Furthermore, a person's authorization changes not only, when the person leaves the company, but also when the person's role changes within the company. Even, when the person's role does not change within the company, some of the person's authorization levels may change.
- One embodiment of the present invention provides a system that facilitates delegating operations involved in providing digital signatures to a signature server.
- the system operates by receiving a request for a digital signature from a user at the signature server, wherein the request includes an item to be signed on behalf of the user by the signature server.
- the system looks up a private key for the user at the signature server, and signs the item with the private key.
- the system returns the signed item to the user, so that the user can send the signed item to the recipient.
- the system authenticates the user prior to signing the item.
- the system determines whether the user is authorized to sign the item prior to signing the item. In a variation on this embodiment, this involves looking up an authorization for the user based upon an identifier for the user as well as an identifier for an application to which the user will send the signed item. In a variation on this embodiment, the system determines whether the user is authorized to sign the item by communicating with an authority server that is separate from the signature server.
- the system upon receiving a request from an authorized entity to add a new user, the system generates a key pair for the new user.
- This key pair includes a new user private key and a new user public key.
- the system communicates with a certification authority to obtain a certificate for the new user based on the key pair.
- the system stores the certificate and the key pair for the new user in a location that is accessible by the signature server to enable the signature server to sign items on behalf of the new user.
- the system upon receiving a request from an authorized entity to delete an old user, notifies a certification authority to revoke a certificate for the old user.
- the system also removes the private key for the old user from the signature server, so that the signature server can no longer sign items on behalf of the old user.
- the system additionally archives the request and the signed item at the signature server either directly, or by sending the signed item to an archive server.
- the signature server thus facilitates a centralized repository for signed transactions.
- the present invention keeps the authorization functions within the organization instead of pushing the authorization functions out to an application server, which may reside outside the organization.
- FIG. 1 illustrates a distributed computer system in accordance with an embodiment of the present invention.
- FIG. 2 illustrates the process of creating a digital signature through a signature server in accordance with an embodiment of the present invention.
- FIG. 3 illustrates the process of initializing a key for a user at a signature server in accordance with an embodiment of the present invention.
- FIG. 4 illustrates the process of deleting a user from a signature server in accordance with an embodiment of the present invention.
- FIG. 5 illustrates the process of delegating certificate verification to a signature server in accordance with an embodiment of the present invention.
- a computer readable storage medium which may be any device or medium that can store code and/or data for use by a computer system.
- the transmission medium may include a communications network, such as the Internet.
- FIG. 1 illustrates a distributed computing system 100 in accordance with an embodiment of the present invention.
- Distributed computing system 100 includes network 130, which couples together server 132, certification authority 134, signature server and clients 102-104.
- Network 130 can generally include any type of wire or wireless communication channel capable of coupling together computing nodes. This includes, but is not limited to, a local area network, a wide area network, or a combination of networks. In one embodiment of the present invention, network 130 includes the Internet.
- Server 132 can generally include any computational node including a mechanism for servicing requests from clients 102-104 for computational and/or data storage resources.
- Server 132 includes an application with which clients 102-104 communicate. During some of these communications, clients 102-104 send data items to application 133, wherein the data items are digitally signed as is discussed below with reference to FIGs. 2-5.
- Signature server 140 can generally include any computational node including a mechanism for servicing requests from clients 102-104 to perform operations related to digital signatures.
- Signature server 140 includes a database 142 for storing keys and certificates 144 related to digital signatures, as well as an archival store 146 for storing a record of operations performed by signature server 140.
- Database 142 can also store authorization policies 147 for signature server 140.
- a digital signature is typically created by "signing" a data item with a private key belonging to a user. This signature can then be verified with a corresponding public key belonging to the user. This public key is typically propagated within a "certificate" that is signed by a chain of one or more certification authorities leading to a trust anchor.
- Certification authority 134 is an independent entity that verifies the identity of users and grants credentials for use by various entities coupled to network 130.
- providing security for signatures in signature server 140 can be accomplished through the same mechanisms that are used to provide security in a certification authority. For example, this may involve encrypting private keys so they cannot be easily stolen from signature server 140. Also note that it is generally easier to protect keys stored within a single signature server than information distributed throughout computer systems on intranet 136.
- Clients 102-104 can generally include any node on a network including computational capability and including a mechanism for communicating across network 130.
- Clients 102-104 include browsers 112-114, which can generally include any type of web browser capable of viewing a web site, such as the INTERNET
- Client 102 is operated by a user 105 and receives a form 151 from server 132.
- Form 151 includes a number of fields, including an identifier for an item, a description, a quantity and a price.
- Form 151 additionally includes a "buy" button, which can be selected by user 105 to buy the item.
- Form 151 additionally includes a placeholder for signature 152, which is later generated by using a private key belonging to user 105 to sign form 151. Note that signature 152 is created by signature server 140.
- Intranet 136 couples together a number of entities belonging to organization
- clients 102-104 including clients 102-104, signature server 140, human resources (HR) system
- Intranet 136 can generally include any type of wire or wireless communication channel capable of coupling together computing nodes within organization 101. This includes, but is not limited to, a local area network, a wide area network, or a combination of networks. Note that organization 101 can include any type of organization, such as a corporation or a government agency.
- HR system 141 is operated by a human resources department within an organization. An authorized person using HR server 141 can issue commands to signature server 140 to initialize keys for a new member of organization 101, or to remove an entry for a member who leaves organization 101.
- Authority server 143 is used to keep track of which members of organization
- authority server 143 may also have a database 148 for storing authorization policies 149.
- signature server 140 can itself store some authorization policy information, or signature server 140 can access authorization policy information from some other central repository or a directory service, such as a director service implemented through the lightweight directory access protocol (LDAP).
- LDAP lightweight directory access protocol
- FIG. 2 illustrates the process of creating a digital signature through signature server 140 in accordance with an embodiment of the present invention.
- client 102 receives a form 151 from application 133 within server 132 (step 202).
- Client 102 then allows user 105 to fill in form 151, and to submit form 151 (step 204).
- client 102 sends form 151 along with an identifier for application 133 and an identifier for user 105 to signature server 140 (step 206).
- signature server 140 authenticates user 105 by using any one of a number of well-known authentication techniques, such as by using the secure sockets layer (SSL) protocol with client side authentication, by using a password, by using a secure identifier, or by using a one-time password (step 208).
- SSL secure sockets layer
- the system determines whether user 105 is authorized to sign form 151 (step 210). This may involve communicating with a separate authority server 143, which accesses a set of rules or a policy to determine whether user 105 is authorized to sign form 151 with a specific private key.
- Another option is to allow signature server 140 to refer to its own database 142 or to a directory service such as LDAP or X.500 to retrieve authorization information.
- the authority need not be limited to specifying which forms the user can sign, but can also specify the limits under which the user can sign within a given form. For example, a user may only be allowed to sign transactions up to a $5000 limit.
- signature server 140 looks up the user's key pair in database 142 (step 212). This may involve selecting an appropriate key pair to use based upon the identifier for user 105 and an identifier for application 133. For example, a key pair belonging to user 105 may be selected for applications 133, and a key pair belonging to organization 101 may be used for other applications. It is also possible to share the same key pair amongst multiple users.
- Signature server 140 then signs form 151 on behalf of user 105 (step 214), and optionally archives the result of the signing in database 142 (step 216).
- signature server 140 returns the signed form 151 to user 105 on client
- step 2128 This allows user 105 to return to form, complete with inputted data and signature to application 133 on server 132 (step 220).
- FIG. 3 illustrates the process of initializing a key for user 105 at signature server 140 in accordance with an embodiment of the present invention.
- the system starts by receiving a request for an authorized entity to add a new user to signature server 140 (step 302).
- an HR representative operating HR server 141 can submit a request to add a new employee to signature server 140.
- Signature server 140 then generates a new private key/public key pair for the new user (step 304).
- signature server 140 communicates with certification authority 134 to obtain a certificate for the new public key (step 306).
- signature server 140 stores the key pair and the certificate for the new user in database 142 (step 308). This enables signature server 140 to subsequently sign data items on behalf of the new user.
- FIG. 4 illustrates the process of deleting a user from a signature server in accordance with an embodiment of the present invention.
- the system starts by receiving a request for an authorized entity to remove a user from signature server 140 (step 402).
- an HR representative operating HR server 141 can submit a request to remove user 105 from signature server 140 when user 105 leaves organization 101.
- Signature server 140 then notifies certification authority 134 to revoke the certificate for user 105 (step 404). This typically involves adding the certificate to a certificate revocation list.
- signature server 140 removes the private key for user 105 from database 142 (step 406). Note that this ensures that the private key for user 105 can no longer be used by user 105, because user 105 never actually accessed the private key before it was deleted.
- FIG. 5 illustrates the process of delegating the certificate verification to signature server 140 in accordance with an embodiment of the present invention.
- client 102 receives a data item along with a corresponding signature and a corresponding certificate (step 502).
- Client 102 uses the public key embedded within the certificate to check the signature (step 504), and subsequently sends the certificate to signature server 140 to verify the certificate (step 506).
- signature server 140 verifies the certificate by communicating with certification authority 134, if necessary, to determine whether the certificate has been revoked (step 508).
- signature server 140 notifies client 102 of whether or not the certificate is valid (step 510). Note that above-described process facilitates delegating the certificate revocation checking mechanism and the policy enforcement mechanism to a centralized server instead of depending upon each individual client machine associated with the enterprise.
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU3662202A AU3662202A (en) | 2000-12-15 | 2001-12-11 | Method and appartus for delegating digital signatures to a signature server |
JP2002550495A JP4283536B2 (en) | 2000-12-15 | 2001-12-11 | Method and apparatus for delegating a digital signature to a signature server |
CA2426828A CA2426828C (en) | 2000-12-15 | 2001-12-11 | Method and apparatus for delegating digital signatures to a signature server |
EP01986160.8A EP1402330B1 (en) | 2000-12-15 | 2001-12-11 | Method and appartus for delegating digital signatures to a signature server |
AU2002236622A AU2002236622B2 (en) | 2000-12-15 | 2001-12-11 | Method and appartus for delegating digital signatures to a signature server |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/741,691 US7210037B2 (en) | 2000-12-15 | 2000-12-15 | Method and apparatus for delegating digital signatures to a signature server |
US09/741,691 | 2000-12-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002048848A2 true WO2002048848A2 (en) | 2002-06-20 |
WO2002048848A3 WO2002048848A3 (en) | 2003-12-24 |
Family
ID=24981762
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/048266 WO2002048848A2 (en) | 2000-12-15 | 2001-12-11 | Method and appartus for delegating digital signatures to a signature server |
Country Status (6)
Country | Link |
---|---|
US (1) | US7210037B2 (en) |
EP (1) | EP1402330B1 (en) |
JP (1) | JP4283536B2 (en) |
AU (2) | AU2002236622B2 (en) |
CA (1) | CA2426828C (en) |
WO (1) | WO2002048848A2 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1629629A1 (en) * | 2003-05-15 | 2006-03-01 | Dean Joseph Whitmore | Method and system for digitally signing electronic documents |
GB2434947A (en) * | 2006-02-02 | 2007-08-08 | Identum Ltd | Decrypting web mail session key/signing document at trusted third party server so that recipient private key is not used at vulnerable computer |
WO2009053849A2 (en) * | 2007-07-30 | 2009-04-30 | Avoco Secure Limited | Method and apparatus for digital certification of documents |
EP2066070A1 (en) * | 2006-09-20 | 2009-06-03 | Fujitsu Limited | Information processor and information management method |
US7725723B2 (en) | 2001-08-10 | 2010-05-25 | Peter Landrock | Data certification method and apparatus |
ITVR20090044A1 (en) * | 2009-04-01 | 2010-10-02 | Aliaslab S P A | METHOD AND SYSTEM TO CARRY OUT THE QUALIFIED ELECTRONIC SIGNATURE IN REMOTE MODE |
EP2874094A1 (en) * | 2013-11-14 | 2015-05-20 | Software602 a.s. | Data authorization method |
WO2016201352A1 (en) * | 2015-06-10 | 2016-12-15 | Arris Enterprises Llc | Code signing system with machine to machine interaction |
Families Citing this family (81)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7039807B2 (en) * | 2001-01-23 | 2006-05-02 | Computer Associates Think, Inc. | Method and system for obtaining digital signatures |
US7152048B1 (en) * | 2002-02-07 | 2006-12-19 | Oracle International Corporation | Memphis: multiple electronic money payment highlevel integrated security |
GB0217610D0 (en) * | 2002-07-30 | 2002-09-11 | Security & Standards Ltd | An electronic sealing and registration method for electronic transaction |
AU2003248959A1 (en) * | 2002-07-30 | 2004-02-16 | Security And Standards Limited | Electronic sealing for electronic transactions |
US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
US7660989B2 (en) * | 2002-11-26 | 2010-02-09 | Rpost International Limited | System for, and method of, authenticating an electronic message to a recipient |
JP4585189B2 (en) * | 2003-09-19 | 2010-11-24 | 富士通株式会社 | Electronic signature assigning apparatus, electronic signature assigning method, and electronic signature assigning program |
US7930412B2 (en) * | 2003-09-30 | 2011-04-19 | Bce Inc. | System and method for secure access |
US7966493B2 (en) * | 2003-11-18 | 2011-06-21 | Oracle International Corporation | Method of and system for determining if an electronic signature is necessary in order to commit a transaction to a database |
US20050108211A1 (en) * | 2003-11-18 | 2005-05-19 | Oracle International Corporation, A California Corporation | Method of and system for creating queries that operate on unstructured data stored in a database |
US7694143B2 (en) * | 2003-11-18 | 2010-04-06 | Oracle International Corporation | Method of and system for collecting an electronic signature for an electronic record stored in a database |
US7600124B2 (en) * | 2003-11-18 | 2009-10-06 | Oracle International Corporation | Method of and system for associating an electronic signature with an electronic record |
US8782020B2 (en) * | 2003-11-18 | 2014-07-15 | Oracle International Corporation | Method of and system for committing a transaction to database |
US7698558B2 (en) * | 2003-11-21 | 2010-04-13 | Rpost International Limited | System for, and method of, providing the transmission, receipt and content of an e-mail message |
US8656039B2 (en) | 2003-12-10 | 2014-02-18 | Mcafee, Inc. | Rule parser |
US7984175B2 (en) | 2003-12-10 | 2011-07-19 | Mcafee, Inc. | Method and apparatus for data capture and analysis system |
US7899828B2 (en) * | 2003-12-10 | 2011-03-01 | Mcafee, Inc. | Tag data structure for maintaining relational data over captured objects |
US20050131876A1 (en) * | 2003-12-10 | 2005-06-16 | Ahuja Ratinder Paul S. | Graphical user interface for capture system |
US7774604B2 (en) * | 2003-12-10 | 2010-08-10 | Mcafee, Inc. | Verifying captured objects before presentation |
US8548170B2 (en) * | 2003-12-10 | 2013-10-01 | Mcafee, Inc. | Document de-registration |
US7814327B2 (en) * | 2003-12-10 | 2010-10-12 | Mcafee, Inc. | Document registration |
US7860243B2 (en) * | 2003-12-22 | 2010-12-28 | Wells Fargo Bank, N.A. | Public key encryption for groups |
US8139770B2 (en) | 2003-12-23 | 2012-03-20 | Wells Fargo Bank, N.A. | Cryptographic key backup and escrow system |
US7930540B2 (en) * | 2004-01-22 | 2011-04-19 | Mcafee, Inc. | Cryptographic policy enforcement |
US20050240765A1 (en) * | 2004-04-22 | 2005-10-27 | International Business Machines Corporation | Method and apparatus for authorizing access to grid resources |
US8312262B2 (en) * | 2004-04-30 | 2012-11-13 | Qualcomm Incorporated | Management of signing privileges for a cryptographic signing service |
CA2471055A1 (en) * | 2004-06-16 | 2005-12-16 | Qualtech Technical Sales Inc. | A network security enforcement system |
US7962591B2 (en) * | 2004-06-23 | 2011-06-14 | Mcafee, Inc. | Object classification in a capture system |
JP2006050504A (en) * | 2004-08-09 | 2006-02-16 | Canon Inc | Image processing device and method thereof |
US20060041507A1 (en) * | 2004-08-13 | 2006-02-23 | Sbc Knowledge Ventures L.P. | Pluggable authentication for transaction tool management services |
US8560534B2 (en) | 2004-08-23 | 2013-10-15 | Mcafee, Inc. | Database for a capture system |
US7949849B2 (en) * | 2004-08-24 | 2011-05-24 | Mcafee, Inc. | File system for a capture system |
GB0419479D0 (en) * | 2004-09-02 | 2004-10-06 | Cryptomathic Ltd | Data certification methods and apparatus |
US8694788B1 (en) * | 2005-04-29 | 2014-04-08 | Progressive Casualty Insurance Company | Security system |
US8295492B2 (en) * | 2005-06-27 | 2012-10-23 | Wells Fargo Bank, N.A. | Automated key management system |
US8305398B2 (en) * | 2005-07-01 | 2012-11-06 | Microsoft Corporation | Rendering and compositing multiple applications in an interactive media environment |
US8799757B2 (en) * | 2005-07-01 | 2014-08-05 | Microsoft Corporation | Synchronization aspects of interactive multimedia presentation management |
US7941522B2 (en) * | 2005-07-01 | 2011-05-10 | Microsoft Corporation | Application security in an interactive media environment |
US8108787B2 (en) | 2005-07-01 | 2012-01-31 | Microsoft Corporation | Distributing input events to multiple applications in an interactive media environment |
US8656268B2 (en) | 2005-07-01 | 2014-02-18 | Microsoft Corporation | Queueing events in an interactive media environment |
US8020084B2 (en) * | 2005-07-01 | 2011-09-13 | Microsoft Corporation | Synchronization aspects of interactive multimedia presentation management |
US7600127B2 (en) * | 2005-07-13 | 2009-10-06 | Lenovo Singapore Pte. Ltd | System and method for ISO image update and ISO image deconstruction into modular components |
US7907608B2 (en) | 2005-08-12 | 2011-03-15 | Mcafee, Inc. | High speed packet capture |
US7818326B2 (en) * | 2005-08-31 | 2010-10-19 | Mcafee, Inc. | System and method for word indexing in a capture system and querying thereof |
US7730011B1 (en) | 2005-10-19 | 2010-06-01 | Mcafee, Inc. | Attributes of captured objects in a capture system |
US7657104B2 (en) * | 2005-11-21 | 2010-02-02 | Mcafee, Inc. | Identifying image type in a capture system |
US8234494B1 (en) * | 2005-12-21 | 2012-07-31 | At&T Intellectual Property Ii, L.P. | Speaker-verification digital signatures |
US8504537B2 (en) | 2006-03-24 | 2013-08-06 | Mcafee, Inc. | Signature distribution in a document registration system |
US20070226504A1 (en) * | 2006-03-24 | 2007-09-27 | Reconnex Corporation | Signature match processing in a document registration system |
US7689614B2 (en) * | 2006-05-22 | 2010-03-30 | Mcafee, Inc. | Query generation for a capture system |
US7958227B2 (en) | 2006-05-22 | 2011-06-07 | Mcafee, Inc. | Attributes of captured objects in a capture system |
US8010689B2 (en) * | 2006-05-22 | 2011-08-30 | Mcafee, Inc. | Locational tagging in a capture system |
US20080016357A1 (en) * | 2006-07-14 | 2008-01-17 | Wachovia Corporation | Method of securing a digital signature |
US20090003588A1 (en) * | 2007-06-26 | 2009-01-01 | John Gordon Ross | Counter Sealing Archives of Electronic Seals |
US20090006842A1 (en) * | 2007-06-26 | 2009-01-01 | John Gordon Ross | Sealing Electronic Data Associated With Multiple Electronic Documents |
US20090006258A1 (en) * | 2007-06-26 | 2009-01-01 | John Gordon Ross | Registration Process |
US20090006860A1 (en) * | 2007-06-26 | 2009-01-01 | John Gordon Ross | Generating multiple seals for electronic data |
US8205242B2 (en) | 2008-07-10 | 2012-06-19 | Mcafee, Inc. | System and method for data mining and security policy management |
US9253154B2 (en) | 2008-08-12 | 2016-02-02 | Mcafee, Inc. | Configuration management for a capture/registration system |
US8850591B2 (en) | 2009-01-13 | 2014-09-30 | Mcafee, Inc. | System and method for concept building |
US8706709B2 (en) | 2009-01-15 | 2014-04-22 | Mcafee, Inc. | System and method for intelligent term grouping |
US8473442B1 (en) | 2009-02-25 | 2013-06-25 | Mcafee, Inc. | System and method for intelligent state management |
US8447722B1 (en) | 2009-03-25 | 2013-05-21 | Mcafee, Inc. | System and method for data mining and security policy management |
US8667121B2 (en) | 2009-03-25 | 2014-03-04 | Mcafee, Inc. | System and method for managing data and policies |
US8621208B1 (en) * | 2009-07-06 | 2013-12-31 | Guoan Hu | Secure key server based file and multimedia management system |
US8806615B2 (en) | 2010-11-04 | 2014-08-12 | Mcafee, Inc. | System and method for protecting specified data combinations |
US8646062B2 (en) | 2010-11-09 | 2014-02-04 | International Business Machines Corporation | Remote authentication based on challenge-response using digital certificates |
US8971539B2 (en) * | 2010-12-30 | 2015-03-03 | Verisign, Inc. | Management of SSL certificate escrow |
FR2980011B1 (en) * | 2011-09-09 | 2015-12-11 | Dictao | METHOD FOR IMPLEMENTING, FROM A TERMINAL, CRYPTOGRAPHIC DATA OF A USER STORED IN A REMOTE DATABASE |
US20130246431A1 (en) | 2011-12-27 | 2013-09-19 | Mcafee, Inc. | System and method for providing data protection workflows in a network environment |
US9021255B1 (en) * | 2012-06-29 | 2015-04-28 | Emc Corporation | Techniques for multiple independent verifications for digital certificates |
US9424432B2 (en) * | 2012-09-20 | 2016-08-23 | Nasdaq, Inc. | Systems and methods for secure and persistent retention of sensitive information |
GB2515057B (en) * | 2013-06-12 | 2016-02-24 | Cryptomathic Ltd | System and Method for Obtaining a Digital Signature |
EP3022865B1 (en) * | 2013-07-17 | 2020-08-19 | Emerging Sense, Affärsutveckling AB | Selective revocation of certificates |
JP6659220B2 (en) * | 2015-01-27 | 2020-03-04 | ルネサスエレクトロニクス株式会社 | Communication device, semiconductor device, program and communication system |
JP2016163198A (en) * | 2015-03-03 | 2016-09-05 | 日本電気株式会社 | File management device, file management system, file management method, and file management program |
JP2017085368A (en) * | 2015-10-28 | 2017-05-18 | 株式会社オートネットワーク技術研究所 | Communication system and communication method |
FR3046271B1 (en) * | 2015-12-28 | 2018-10-19 | Bull Sas | SECOND DYNAMIC AUTHENTICATION OF AN ELECTRONIC SIGNATURE USING SECURE HARDWARE MODULE |
JP6571890B1 (en) * | 2019-01-21 | 2019-09-04 | Gmoグローバルサイン株式会社 | Electronic signature system, certificate issuing system, certificate issuing method and program |
JP6465426B1 (en) * | 2018-07-20 | 2019-02-06 | Gmoグローバルサイン株式会社 | Electronic signature system, certificate issuing system, key management system, and electronic certificate issuing method |
US10535062B1 (en) * | 2019-03-20 | 2020-01-14 | Capital One Services, Llc | Using a contactless card to securely share personal data stored in a blockchain |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1030282A1 (en) | 1997-09-02 | 2000-08-23 | Cadix Inc. | Digital signature generating server and digital signature generating method |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2874916B2 (en) * | 1989-11-21 | 1999-03-24 | 株式会社東芝 | Portable encryption key storage device |
US6237096B1 (en) * | 1995-01-17 | 2001-05-22 | Eoriginal Inc. | System and method for electronic transmission storage and retrieval of authenticated documents |
US6219423B1 (en) | 1995-12-29 | 2001-04-17 | Intel Corporation | System and method for digitally signing a digital agreement between remotely located nodes |
GB9608696D0 (en) | 1996-04-26 | 1996-07-03 | Europ Computer Ind Res | Electronic copy protection mechanism |
JPH1032570A (en) * | 1996-07-15 | 1998-02-03 | N T T Data Tsushin Kk | Electronic signature system |
US6023509A (en) | 1996-09-30 | 2000-02-08 | Intel Corporation | Digital signature purpose encoding |
US6253323B1 (en) * | 1996-11-01 | 2001-06-26 | Intel Corporation | Object-based digital signatures |
US6035402A (en) * | 1996-12-20 | 2000-03-07 | Gte Cybertrust Solutions Incorporated | Virtual certificate authority |
US6513116B1 (en) * | 1997-05-16 | 2003-01-28 | Liberate Technologies | Security information acquisition |
JPH10336172A (en) * | 1997-06-04 | 1998-12-18 | Kyushu Syst Joho Gijutsu Kenkyusho | Managing method of public key for electronic authentication |
ATE347200T1 (en) | 1997-07-24 | 2006-12-15 | Tumbleweed Comm Corp | ELECTRONIC MAIL FIREWALL WITH ENCRYPTION/DECRYPTION USING STORED KEYS |
US6370249B1 (en) * | 1997-07-25 | 2002-04-09 | Entrust Technologies, Ltd. | Method and apparatus for public key management |
JPH1188322A (en) * | 1997-09-02 | 1999-03-30 | Kiyadeitsukusu:Kk | Digital signature generation method |
JPH1188321A (en) * | 1997-09-02 | 1999-03-30 | Kiyadeitsukusu:Kk | Digital signature generation server |
US6233577B1 (en) * | 1998-02-17 | 2001-05-15 | Phone.Com, Inc. | Centralized certificate management system for two-way interactive communication devices in data networks |
US6073242A (en) * | 1998-03-19 | 2000-06-06 | Agorics, Inc. | Electronic authority server |
US6363479B1 (en) * | 1998-07-22 | 2002-03-26 | Entrust Technologies Limited | System and method for signing markup language data |
US6829712B1 (en) * | 1998-10-27 | 2004-12-07 | Sprint Communications Company L.P. | Object-based security system |
US6643774B1 (en) * | 1999-04-08 | 2003-11-04 | International Business Machines Corporation | Authentication method to enable servers using public key authentication to obtain user-delegated tickets |
US6853988B1 (en) * | 1999-09-20 | 2005-02-08 | Security First Corporation | Cryptographic server with provisions for interoperability between cryptographic systems |
AU7596200A (en) * | 1999-09-20 | 2001-04-24 | Ethentica, Inc. | Electronic commerce with cryptographic authentication |
US7391865B2 (en) * | 1999-09-20 | 2008-06-24 | Security First Corporation | Secure data parser method and system |
WO2002023796A1 (en) * | 2000-09-11 | 2002-03-21 | Sentrycom Ltd. | A biometric-based system and method for enabling authentication of electronic messages sent over a network |
JP2002169466A (en) * | 2000-12-01 | 2002-06-14 | Mitsubishi Electric Corp | Server system, application terminal and computer readable recording medium recorded with program |
-
2000
- 2000-12-15 US US09/741,691 patent/US7210037B2/en not_active Expired - Lifetime
-
2001
- 2001-12-11 EP EP01986160.8A patent/EP1402330B1/en not_active Expired - Lifetime
- 2001-12-11 JP JP2002550495A patent/JP4283536B2/en not_active Expired - Lifetime
- 2001-12-11 WO PCT/US2001/048266 patent/WO2002048848A2/en active IP Right Grant
- 2001-12-11 CA CA2426828A patent/CA2426828C/en not_active Expired - Lifetime
- 2001-12-11 AU AU2002236622A patent/AU2002236622B2/en not_active Expired
- 2001-12-11 AU AU3662202A patent/AU3662202A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1030282A1 (en) | 1997-09-02 | 2000-08-23 | Cadix Inc. | Digital signature generating server and digital signature generating method |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7725723B2 (en) | 2001-08-10 | 2010-05-25 | Peter Landrock | Data certification method and apparatus |
US8549308B2 (en) | 2001-08-10 | 2013-10-01 | Cryptomathic Ltd. | Data certification method and system |
US8078879B2 (en) | 2001-08-10 | 2011-12-13 | Cryptomathic A/S | Data certification method and apparatus |
EP1629629A4 (en) * | 2003-05-15 | 2008-12-31 | Dean Joseph Whitmore | Method and system for digitally signing electronic documents |
EP1629629A1 (en) * | 2003-05-15 | 2006-03-01 | Dean Joseph Whitmore | Method and system for digitally signing electronic documents |
GB2434947B (en) * | 2006-02-02 | 2011-01-26 | Identum Ltd | Electronic data communication system |
GB2434947A (en) * | 2006-02-02 | 2007-08-08 | Identum Ltd | Decrypting web mail session key/signing document at trusted third party server so that recipient private key is not used at vulnerable computer |
EP2066070A1 (en) * | 2006-09-20 | 2009-06-03 | Fujitsu Limited | Information processor and information management method |
EP2066070A4 (en) * | 2006-09-20 | 2013-09-25 | Fujitsu Ltd | Information processor and information management method |
WO2009053849A3 (en) * | 2007-07-30 | 2009-06-25 | Avoco Secure Ltd | Method and apparatus for digital certification of documents |
WO2009053849A2 (en) * | 2007-07-30 | 2009-04-30 | Avoco Secure Limited | Method and apparatus for digital certification of documents |
ITVR20090044A1 (en) * | 2009-04-01 | 2010-10-02 | Aliaslab S P A | METHOD AND SYSTEM TO CARRY OUT THE QUALIFIED ELECTRONIC SIGNATURE IN REMOTE MODE |
WO2010112981A3 (en) * | 2009-04-01 | 2011-02-17 | Aliaslab S.P.A. | Method and system to effect a qualified electronic signature in remote mode |
EP2874094A1 (en) * | 2013-11-14 | 2015-05-20 | Software602 a.s. | Data authorization method |
WO2016201352A1 (en) * | 2015-06-10 | 2016-12-15 | Arris Enterprises Llc | Code signing system with machine to machine interaction |
US10284376B2 (en) | 2015-06-10 | 2019-05-07 | Arris Enterprises Llc | Code signing system with machine to machine interaction |
Also Published As
Publication number | Publication date |
---|---|
EP1402330B1 (en) | 2017-07-26 |
US7210037B2 (en) | 2007-04-24 |
CA2426828A1 (en) | 2002-06-20 |
WO2002048848A3 (en) | 2003-12-24 |
EP1402330A2 (en) | 2004-03-31 |
CA2426828C (en) | 2011-01-25 |
US20020078355A1 (en) | 2002-06-20 |
JP4283536B2 (en) | 2009-06-24 |
AU3662202A (en) | 2002-06-24 |
JP2005502217A (en) | 2005-01-20 |
AU2002236622B2 (en) | 2007-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1402330B1 (en) | Method and appartus for delegating digital signatures to a signature server | |
AU2002236622A1 (en) | Method and appartus for delegating digital signatures to a signature server | |
US7050589B2 (en) | Client controlled data recovery management | |
US5968177A (en) | Method and apparatus for processing administration of a secured community | |
US9544297B2 (en) | Method for secured data processing | |
US5982898A (en) | Certification process | |
JP3505058B2 (en) | Network system security management method | |
US8831992B2 (en) | Apparatus and method for facilitating cryptographic key management services | |
US7150038B1 (en) | Facilitating single sign-on by using authenticated code to access a password store | |
US8499147B2 (en) | Account management system, root-account management apparatus, derived-account management apparatus, and program | |
US20020032665A1 (en) | Methods and systems for authenticating business partners for secured electronic transactions | |
US20060080546A1 (en) | System and method for regulating access to objects in a content repository | |
US7028181B1 (en) | System and method for efficient and secure revocation of a signature certificate in a public key infrastructure | |
JP2003234736A (en) | Public key infrastructure token issuance and binding | |
BRPI0304267B1 (en) | METHOD AND SYSTEM FOR PROCESSING CERTIFICATE REVOKING LISTS IN AN AUTHORIZATION SYSTEM | |
US20210288974A1 (en) | Access token for a verifiable claim | |
KR100561629B1 (en) | Integrated Security Information Management System and Its Method | |
Chalaemwongwan et al. | A practical national digital ID framework on blockchain (NIDBC) | |
US20020194471A1 (en) | Method and system for automatic LDAP removal of revoked X.509 digital certificates | |
US8205254B2 (en) | System for controlling write access to an LDAP directory | |
Yeh et al. | Applying lightweight directory access protocol service on session certification authority | |
Au et al. | Cross-domain one-shot authorization using smart cards | |
Low et al. | Self authenticating proxies | |
Petrlic et al. | KerberSSIze Us: Providing Sovereignty to the People | |
Curry | Trusted Public-Key Infrastructures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2426828 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002550495 Country of ref document: JP |
|
REEP | Request for entry into the european phase |
Ref document number: 2001986160 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001986160 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002236622 Country of ref document: AU |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWP | Wipo information: published in national office |
Ref document number: 2001986160 Country of ref document: EP |
|
WWG | Wipo information: grant in national office |
Ref document number: 2002236622 Country of ref document: AU |