Processing

Please wait...

Settings

Settings

1. WO2000042492 - SECURITY ENFORCEMENT FOR ELECTRONIC DATA

Publication Number WO/2000/042492
Publication Date 20.07.2000
International Application No. PCT/US2000/000716
International Filing Date 12.01.2000
Chapter 2 Demand Filed 10.08.2000
IPC
G06F 1/00 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
1Details not covered by groups G06F3/-G06F13/82
G06F 21/00 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
H04L 9/32 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
G06F 21/64
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
64Protecting data integrity, e.g. using checksums, certificates or signatures
G06F 2221/2151
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2151Time stamp
H04L 2209/56
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
56Financial cryptography, e.g. electronic payment or e-cash
H04L 2209/603
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
60Digital content management, e.g. content distribution
603Digital right managament [DRM]
H04L 63/0823
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
0823using certificates
H04L 63/12
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
12Applying verification of the received information
Applicants
  • MICROSOFT CORPORATION [US/US]; One Microsoft Way Redmond, WA 98052, US
Inventors
  • DANIELI, Damon, V.; US
Agents
  • VIKSNINS, Ann, S.; Schwegman, Lundberg, Woessner & Kluth P.O. Box 2938 Minneapolis, MN 55402, US
Priority Data
09/229,42713.01.1999US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) SECURITY ENFORCEMENT FOR ELECTRONIC DATA
(FR) MISE EN OEUVRE DE DISPOSITIONS DE SECURITE POUR DONNEES ELECTRONIQUES
Abstract
(EN)
Security services and policy enforcement for electronic data is provided through a series of transactions among a server and clients using electronic security certificates. A first client generates a digest from the electronic data using a one-way hashing algorithm, and submits a security certificate request containing the digest to a trusted arbitrator server, where the request is time stamped and logged. The trusted arbitrator authenticates the first client's credentials, digitally signs the digest, creates and registers the security certificate with digest information, and returns the security certificate to the first client. The first client combines the electronic data with the security certificate to create a distribution unit. A second client acquires the distribution unit, extracts the certificate security certificate, generates a digest from the data using same hashing algorithm, and either compares the computed digest with the signed digest in the security certificate, or submits a validation request containing the security certificate serial number and digest to the trusted arbitrator server. If the digest from the second client matches the logged digest from the first client, the electronic data is valid. Depending on the certificate type and policy level, the trusted arbitrator server provides other services to the clients, such as notification of updates to the data, notification of improper user of the data, and payment for the use of the data.
(FR)
L'invention concerne la mise en oeuvre de services et de politique de sécurité pour données électroniques, par une série de transactions entre un serveur et des clients utilisant des certificats de sécurité électroniques. Un premier client établit un résumé de données électroniques au moyen d'un algorithme de calcul d'adresses, puis il soumet une demande de certificat de sécurité contenant ce résumé à un serveur d'arbitrage fiable, où la demande est horodatée et enregistrée. Le serveur authentifie les éléments d'identité du premier client, signe numériquement le résumé, crée et enregistre le certificat de sécurité au moyen de l'information de résumé, et renvoie le certificat au premier client, lequel combine les données électroniques et le certificat pour établir une unité de distribution. Un second client acquiert l'unité de distribution, extrait le certificat de sécurité, établit un résumé à partir des données en utilisant le même algorithme de calcul d'adresses, et compare le résumé établi avec le résumé signé dans le certificat ou soumet une demande de validation contenant le numéro de série du certificat et le résumé au serveur d'arbitrage fiable. Si le résumé du second client correspond au résumé enregistré du premier client, les données électroniques sont valables. En fonction du type de certificat et du niveau de politique de sécurité, le serveur assure d'autres services aux clients comme la notification des mises à jour de données, la notification d'utilisation impropre des données et le paiement relatif à l'utilisation des données.
Latest bibliographic data on file with the International Bureau