최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0882527 (2004-07-01) |
등록번호 | US-8190893 (2012-05-29) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 39 인용 특허 : 476 |
A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is le
A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc. In general, the first data item will be a short alphanumeric string and the second data item will generally be much larger, e.g., a 128 bit sequence to be used principally for data authentication. According to another aspect of the present invention, consequential evidence of the transaction may be secured to provide after-the-fact evidence of the transaction. This evidence can include a message written to a tamper-resistant log record, the message including the transaction information, the first data item, the second item, and an identifier for the originating user, as well as other information. At a subsequent point, the transaction can be shown to have been sent by the originating user and received by the intended recipient, by consulting the log record. Preferably, the validity of the transaction would be ascertained by an independent, mutually trusted third party.
1. A computer-implemented method for providing message authenticity for a message by an originating user to a recipient's computer, the method comprising the steps of: accepting, through the recipient's computer, from the originating user: (i) an encrypted authenticator component comprising authenti
1. A computer-implemented method for providing message authenticity for a message by an originating user to a recipient's computer, the method comprising the steps of: accepting, through the recipient's computer, from the originating user: (i) an encrypted authenticator component comprising authentication data and a user authentication key, wherein the user authentication key is displayed on an external device of the user,(ii) a message integrity component, and(iii) an encrypted key management component;decrypting the key management component, through the recipient's computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key;decrypting the authenticator component, through the recipient's computer, using the key which decrypts the user authentication key;authenticating the user, through the recipient's computer, using the authentication data;accepting, through the recipient's computer, a message comprising message data from the originating user's computer; andvalidating the message integrity component through the recipient's computer using the message integrity key and the message data, thereby validating the message. 2. The method of claim 1, wherein the message integrity key is not derivable from the user authentication key. 3. The method of claim 1, wherein the external device is an authentication token. 4. The method of claim 3, wherein information obtained from the authentication token contributes to the user authentication key exclusively. 5. The method of claim 3, wherein the authentication token is a one-way authentication token. 6. The method of claim 1, wherein the user authentication key includes one or more of a sequence of digits corresponding to those displayed on the external device. 7. The method of claim 6, wherein the external device is not electronically connected to a computer system. 8. The method of claim 6, wherein the number of digits of the sequence of digits is less than ten. 9. The method of claim 8, wherein the entropy of the message integrity key is 80 bits or greater. 10. The method of claim 6, wherein the number of digits of the sequence of digits is less than twenty-one. 11. The method of claim 10, wherein the entropy of the message integrity key is 80 bits or greater. 12. The method of claim 1, wherein the user authentication key is inaccessible to an entity authorized to process a transaction related to the message. 13. The method of claim 1, further including the step of providing consequential evidence, wherein providing consequential evidence includes writing a message to a log record, the message including a transaction information, the authenticator component, the message integrity component, the key management component, and an identifier for the originating user. 14. The method of claim 13, wherein the step of providing consequential evidence further includes consulting the log record for one or more of the transaction information, the authenticator component, the message integrity component, the key management component, and the identifier for the originating user. 15. The method of claim 14, wherein the consulting of the log record is performed to validate the message authenticity of the message included in the log record. 16. The method of claim 15, wherein the log record is sent to a trusted third party to validate the log record. 17. The method of claim 1, further comprising: providing anti-replay protection to the message. 18. The method of claim 17, wherein the message integrity component comprises a unique nonce and the anti-replay protection is provided using the unique nonce. 19. A system for providing message authenticity for a message sent by an originating user to a recipient, comprising: a computer-readable memory that stores, from the originating user, a message and a user authentication key used for authentication credentials representing the originating user and a message integrity key used for providing message integrity, wherein the user authentication key and the message integrity key are encrypted; anda processor communicatively coupled to the computer-readable memory, the processor programmed to perform actions by the recipient, comprising:accepting from the originating user:(i) an encrypted authenticator component comprising authentication data and a user authentication key which is displayed on an external device of the user,(ii) a message integrity component, and(iii) an encrypted key management component;decrypting the key management component, through the recipient's computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key;decrypting the authenticator component using the key which decrypts the user authentication key;authenticating the user using the authentication data;accepting a message comprising message data from the originating user's computer; andvalidating the message integrity component through the recipient's computer using the message integrity key and the message data, thereby validating the message. 20. The system of claim 19, wherein the processor is further programmed to perform the action of providing anti-replay protection to the message. 21. The system of claim 20, wherein the message integrity component comprises a unique nonce and the anti-replay protection is provided using the unique nonce. 22. A program storage device readable by a machine, tangibly embodying a program of instructions executable on the machine to perform method steps for providing end-to-end message authenticity for a message sent by an originating user to a recipient, the method steps, performed by the recipient, comprising: accepting from the originating user:(i) an encrypted authenticator component comprising authentication data and a user authentication key which is displayed on an external device of the user,(ii) a message integrity component, and(iii) an encrypted key management component;decrypting the key management component, through the recipient's computer, to yield (a) a key which decrypts the user authentication key and (b) a message integrity key, wherein the entropy of the user authentication key is less than the entropy of the message integrity key;decrypting the authenticator component using the key which decrypts the user authentication key;authenticating the user using the authentication data;accepting a message comprising message data from the originating user's computer; andvalidating the message integrity component through the recipient's computer using the message integrity key and the message data, thereby validating the message. 23. The program storage device of claim 22, wherein the program of instructions further comprise instructions for providing anti-replay protection to the message. 24. The program storage device of claim 23, wherein the message integrity component comprises a unique nonce and the anti-replay protection is provided using the unique nonce.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.