[go: up one dir, main page]

WO2003081840A1 - Procede et systeme associes a un echange de message de non repudiation - Google Patents

Procede et systeme associes a un echange de message de non repudiation Download PDF

Info

Publication number
WO2003081840A1
WO2003081840A1 PCT/GB2003/000965 GB0300965W WO03081840A1 WO 2003081840 A1 WO2003081840 A1 WO 2003081840A1 GB 0300965 W GB0300965 W GB 0300965W WO 03081840 A1 WO03081840 A1 WO 03081840A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication method
message identifier
communicates
communication
encrypted
Prior art date
Application number
PCT/GB2003/000965
Other languages
English (en)
Inventor
Melih Abdulhayoglu
Original Assignee
Melih Abdulhayoglu
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Melih Abdulhayoglu filed Critical Melih Abdulhayoglu
Priority to AU2003214390A priority Critical patent/AU2003214390A1/en
Publication of WO2003081840A1 publication Critical patent/WO2003081840A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to methods of communication and to communication systems.
  • M represents an original message
  • H represents a one way digest function such as a hash. Where different hash functions are used, these are distinguished as HI, H2 etc. For convenience the one-way digest functions are agreed between the parties.
  • Kr represents a release key used to decrypt an encrypted message M. Often this will also be the encryption key.
  • K represents a symmetric key.
  • Kl is a first symmetric key, K2 a second symmetric key etc.
  • Xpk represents a public key using user X's key.
  • Xsk represents a private key using user X's key.
  • Xsig (M) is X's digital signature of message M ie Xsk(H(M) ) .
  • A is a message originator/sender.
  • B is a message recipient.
  • T is a third party trusted transaction authority.
  • R is a transaction record.
  • K(M) is a message encrypted using a key K.
  • Bpk (Asi (K( ) ) ) is a message encrypted using a key K, taking a hash of K(M) , which is further encrypted using a secret key of A and finally encrypted using a public key of B.
  • any such method and system should have the following properties:
  • a sender (A) must have some way of proving that a recipient (B) received the message, should B later try to deny it .
  • B must have some way of proving that B could not read the message, should A later try to claim that B could do so. In some methods and systems it is enough for just one of the criteria to be satisfied.
  • a certified e-mail delivery communication method and system is suggested in "A Certified E-mail Protocol" by Bruce Schneier and James Riordan available at www. counterpane . com/certified-email .pdf .
  • A chooses a random key Kr and sends to B the encrypted message Kr (M) .
  • B sends to A a digitally signed message requesting A to publish the key for the received encrypted message, the hash of which is H(Kr(M)) by date D at location , which is a public record.
  • A publishes the pair H(Kr(M)) and Kr in L on or before date D.
  • B retrieves the key, Kr from L and decrypts the message.
  • location L will be a newspaper, . a world-wide web kiosk service or a Usenet newsgroup.
  • This method has the disadvantages that it involves an unnecessary number of process steps, B has to break the method to refuse delivery and the use of a public location for key release storage is potentially unreliable.
  • a communication method comprising a sender (A) sending to a recipient (B) a digital communication (M) encrypted with an encryption for which there is a release key (Kr) and a message identifier, the recipient communicating the message identifier to a third party (T) , the third party verifying the message identifier and communicating the release key (Kr) to the recipient for the recipient to decrypt the encrypted digital communication (Kr(M)).
  • the release key is generated as a session key.
  • the message identifier comprises a one-way function of predetermined data, which suitably is at least part of the encrypted message.
  • the message identifier is encrypted.
  • the message identifier sent from A to B is encrypted by a session key (K2) and the session key is communicated to B encrypted by B's public key (Bpk(K2)) .
  • the communication from A to B includes a digital signature from A.
  • the digital signature comprises Ask(H(K2)).
  • A communicates the message identifier to T in encrypted form.
  • A communicates to T Ask(H (Kr (M) ) ) .
  • A' s communication to T comprises a digital signature.
  • the digital signature comprises Ask(H(Kl)).
  • A communicates Tpk(Kl) to T.
  • the message identifier sent from B to T is generated by an operation carried out on the communication received by B from A.
  • the message identifier sent from A to B comprises Hl(Kr(M)) .
  • the message identifier sent from B to T comprises H2(Kr( ) wherein H1 ⁇ H2.
  • A communicates the release key (Kr) to T.
  • the communication of Kr is encrypted.
  • A communicates to T Bpk(Kr) .
  • A communicates to T Kl(Bpk(Kr) ) .
  • B communicates a message identifier to T with a digital signature.
  • the digital signature comprises Bsk(H (Kr (M) ) ) .
  • T communicates to B Bpk(Kr) .
  • T communicates to B Bpk(Kr) .
  • A communicates a message identifier to a transaction record.
  • B communicates a message identifier to a transaction record.
  • T communicates the encryption key (Kr) to a transaction record.
  • Kr the encryption key
  • T communicates an encrypted version of the encryption key to the transaction record.
  • the message identifier used between A and B differs from that used between A and T and B and T.
  • the message identifier used between A and T corresponds to that used between B and T.
  • H(Kr(M)) is the message identifier, which is generated by B .
  • the transaction record is time stamped to produce a time stamp record.
  • the time stamp record is published.
  • a communication system comprising a senders computer node, a recipients computer node and a third party computer node, which computer nodes are in communication via a distributed electronic network and configured to operate according to the method of the first aspect of the invention.
  • the message (M) may be data in any form eg financial or database data, as well as letters.
  • PKI public key infrastructure
  • RSA public key infrastructure
  • recognised digest function such as a hash.
  • the hash is a one-way function.
  • Figure 1 shows a schematic functional illustration of a protocol, method and system according to an embodiment of the present invention.
  • Figure 2 shows a schematic functional illustration of a protocol, method and system according to a second embodiment of the present invention.
  • Figure 3 shows a schematic functional illustration of a protocol, method and system according to another embodiment of the present invention.
  • Trent (T) is used as a trusted third party.
  • the operations of A, B and T are carried out on respective computer nodes 2, 4, 6 connected by a distributed electronic network such as the internet.
  • T maintains a TCP/IP server at computer node 6, typically using an ORACLE (trade mark) database.
  • the database provides user, account, financial, configuration and transaction details to the transaction server 6.
  • the operations on computer nodes 2, 4, 6 are carried out automatically by software thereon.
  • a given user may set options within the software enabling them to have the opportunity to refuse to accept communications and/or to authorise the onward transmission of data.
  • the digital message will be an e-mail message.
  • step 1 A transmits to T a message packet comprising:
  • A sends to T a session key (Kl) encrypted sub-packet message including the release key (Kr) for the message (M) , encrypted by B's public key and Kl, and a digital signature (AskHl (Kr (M) ) ) of the encrypted message (Kr(M)) .
  • A also sends T a digital signature of Kr for verification purposes.
  • A sends to T Tpk(Kl) to enable T to decrypt Kl therefrom using Tsk, thereby enabling T to decrypt message sub-packet la.
  • T can verify A as the source of the communication by verifying the digital signature of this step lc.
  • A sends to B a message packet comprising the following elements :
  • A sends to B K2(Kr(M), H2(Kr(M)), H2 (Kr) ) .
  • B has the encrypted message (Kr(M)), but needs the encryption key K2 to obtain Kr (M) and release key Kr to obtain the message M.
  • A sends to B Bpk(K2) thus enabling B with its secret key Bsk to obtain K2 , thereby enabling it access to Kr(M), to H2(Kr(M)) and to H2 (Kr) .
  • B can use H2(Kr(M)) -from step 2a- to verify the integrity of the received Kr(M) .
  • A sends to B Ask(H2(K2)) as a digital signature hash of K2 enabling B to verify that the message originates from A.
  • A sends to a transaction record (R) the following message:
  • the transaction record can, therefore, using A' s public key Apk obtain Hl(Kr(M)) and HI (Kr) as message identifiers and also by deriving this from use of A' s public key Apk, R (or anyone checking R) can verify that this originates from A.
  • B generates Hl(Kr(M) from the decrypted Kr (M) . If necessary information about which hash to use can be communicated to B via an open channel . B sends to T a message packet consisting of Bsk (HI (Kr (M) ) ) . Thus using B's public key (Bpk) T can obtain the message identifier Hl(Kr(M)).
  • B also transmits to T Bsk(Hl (Kr) ) to T as a Kr verification.
  • T first verifies that the Hl(Kr(M)) received from A matches the Hl(Kr(M)) received from B. Only if the two match does T proceed as follows:
  • T sends to B a message packet comprising the following elements :
  • T sends to B Bpk(Kr).
  • T sends to BTskHl (Bpk (Kr) ) .
  • B can use its own secret key (Bsk) to obtain the release key (Kr) , which release key can be used to decrypt the encrypted message (Kr(M)) to obtain the original message (M) .
  • B can verify the release key is correct by generating H2 (Kr) and comparing that with the H2 (Kr) received originally from A.
  • Tsk HI (Bpk (Kr) )
  • B sends Bsk (HI (Kr (M) ) ) to the transaction record R.
  • B sends Bsk HI (Kr) ) to the transaction record R.
  • the transaction record can verify that it has received from both A and B message identifiers in digested hash form.
  • B can only have obtained the hash digests from A which confirms both B's receipt of the message and A's transmission thereof.
  • T sends to the transaction record Bpk(Kr) .
  • A can refer to the transaction record showing B has sent Hl(Kr(M)) to R, B can only have generated Hl(Kr(M)) if he has received Kr(M) .
  • A can also show B was able to read Kr (M) because B has sent HI (Kr) to R, and B can only have generated Hl(Kr) if he has received Kr.
  • the fact that Hl(Kr(M)) and HI (Kr) are both encrypted by Bsk shows they can only have been sent by B.
  • the message M can be validated to A by virtue of A's transmission to R of Ask (Hl(Kr(M)), Hl(Kr)). Without this data in the transaction record, B can deny readability of message M.
  • T can obtain Kl, giving it access to Kr, Ask (HI (Kr (M) ) ) and Ask (HI (Kr) ) .
  • A sends to B the encrypted message Kr (M) .
  • A sends to B Asig(Kr(M. Using Apk, B can generate H (Kr) .
  • A sends to B Asig (Transaction) as a message verifier.
  • A sends to the transaction record R a message consisting of: Asig(Kr( ), Asig(Kr)).
  • B transmits to T: Bsig (Kr (M) ) .
  • B transmits to T Bsig(Kr) as a verifier.
  • T first confirms that the H (Kr(M)) received from B, having been decrypted using Bpk, matches the H (Kr(M)) received from A in step 1 above. If so:
  • T transmits to B Bpk(Kr) .
  • B can use Bsk to obtain Kr which in turn it can use to decrypt Kr(M) .
  • T transmits Tsi (Bpk (Kr) ) as a verifier.
  • B transmits to R Bsig(Kr(M), Bsig(Kr)) to enable message verification.
  • T transmits to R Kr.
  • Kr may be encrypted using A or B's public key, or another agreed encryption.
  • Verification is carried out as for the Figure 1 embodiment .
  • the method of Figure 3 can also be used in the situation in which B originally does not have a certificate but upon receipt of the original message from A can obtain a certificate for use in the subsequent steps of the method.
  • a time stamp of the transaction record can be generated to enable verification of the transaction record.
  • A, B, T and R will be computer nodes and that some or all of the steps 1-7 may be automated thereby.
  • the transaction record will be at and controlled by T, a trusted third party or certification authority. It can, however, be maintained by another party (not A, B or T) .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé de communication comprenant un expéditeur (A) qui envoie à un destinataire (B) une communication numérique (M) chiffrée par un moyen de chiffrement pour lequel existent une clé de libération (Kr) et un identifiant de message. Selon ce procédé, le destinataire envoie ledit identifiant de message à une tierce partie (T) qui vérifie celui-ci et qui envoie ladite clé de libération (Kr) audit destinataire pour que ce dernier déchiffre la communication numérique chiffrée (Kr(M)).
PCT/GB2003/000965 2002-03-19 2003-03-07 Procede et systeme associes a un echange de message de non repudiation WO2003081840A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003214390A AU2003214390A1 (en) 2002-03-19 2003-03-07 Method and system relating to a non-repudiation message exchange

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0206429A GB0206429D0 (en) 2002-03-19 2002-03-19 Improvements in and relating to communication methods and systems
GB0206429.3 2002-03-19

Publications (1)

Publication Number Publication Date
WO2003081840A1 true WO2003081840A1 (fr) 2003-10-02

Family

ID=9933257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2003/000965 WO2003081840A1 (fr) 2002-03-19 2003-03-07 Procede et systeme associes a un echange de message de non repudiation

Country Status (3)

Country Link
AU (1) AU2003214390A1 (fr)
GB (1) GB0206429D0 (fr)
WO (1) WO2003081840A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100191964A1 (en) * 2009-01-26 2010-07-29 Qualcomm Incorporated Communications methods and apparatus for use in communicating with communications peers
US20160134593A1 (en) * 2014-11-12 2016-05-12 Yaron Gvili Manicoding for communication verification
US9886573B2 (en) 2015-08-06 2018-02-06 Red Hat, Inc. Non-repudiation of broadcast messaging

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134326A (en) * 1996-11-18 2000-10-17 Bankers Trust Corporation Simultaneous electronic transactions
EP1300980A1 (fr) * 2001-10-02 2003-04-09 Institut Eurecom G.I.E. Procès pour garantir la non-répudiation de la réception d'un message dans le contexte d'une transaction électronique

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134326A (en) * 1996-11-18 2000-10-17 Bankers Trust Corporation Simultaneous electronic transactions
EP1300980A1 (fr) * 2001-10-02 2003-04-09 Institut Eurecom G.I.E. Procès pour garantir la non-répudiation de la réception d'un message dans le contexte d'une transaction électronique

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HERDA S: "Non-repudiation: Constituting evidence and proof in digital cooperation", COMPUTER STANDARDS AND INTERFACES, ELSEVIER SEQUOIA. LAUSANNE, CH, vol. 17, no. 1, 1995, pages 69 - 79, XP004046750, ISSN: 0920-5489 *
LIEW C-C ET AL: "Non-Repudiation in an agent-based electronic commerce system", PROCEEDINGS. INTERNATIONAL WORKSHOP ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, XX, XX, 1 September 1999 (1999-09-01), pages 864 - 868, XP002164806 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100191964A1 (en) * 2009-01-26 2010-07-29 Qualcomm Incorporated Communications methods and apparatus for use in communicating with communications peers
US9118699B2 (en) * 2009-01-26 2015-08-25 Qualcomm Incorporated Communications methods and apparatus for use in communicating with communications peers
US20170359316A1 (en) * 2014-11-12 2017-12-14 Yaron Gvili Manicoding for communication verification
CN107113179A (zh) * 2014-11-12 2017-08-29 亚伦.吉利 用于通信验证的多重编码
US9749297B2 (en) * 2014-11-12 2017-08-29 Yaron Gvili Manicoding for communication verification
EP3219050A4 (fr) * 2014-11-12 2017-11-29 Yaron Gvili Manicodage pour vérifier des communications
US20160134593A1 (en) * 2014-11-12 2016-05-12 Yaron Gvili Manicoding for communication verification
US9961050B2 (en) 2014-11-12 2018-05-01 Yaron Gvili Manicoding for communication verification
US20180255031A1 (en) * 2014-11-12 2018-09-06 Yaron Gvili Manicoding for communication verification
EP3627797A1 (fr) * 2014-11-12 2020-03-25 Yaron Gvili Manicodage pour une vérification d'accès
US11388152B2 (en) 2014-11-12 2022-07-12 Yaron Gvili Manicoding for communication verification
US11848920B2 (en) 2014-11-12 2023-12-19 Yaron Gvili Manicoding for communication verification
US9886573B2 (en) 2015-08-06 2018-02-06 Red Hat, Inc. Non-repudiation of broadcast messaging
US10181025B2 (en) 2015-08-06 2019-01-15 Red Hat, Inc. Non-repudiation of broadcast messaging
US10783236B2 (en) 2015-08-06 2020-09-22 Red Hat, Inc. Non-repudiation of broadcast messaging

Also Published As

Publication number Publication date
GB0206429D0 (en) 2002-05-01
AU2003214390A1 (en) 2003-10-08

Similar Documents

Publication Publication Date Title
Adams et al. Internet X. 509 public key infrastructure certificate management protocol (CMP)
US6161181A (en) Secure electronic transactions using a trusted intermediary
US8560655B2 (en) Methods and apparatus for controlling the transmission and receipt of email messages
US6199052B1 (en) Secure electronic transactions using a trusted intermediary with archive and verification request services
US6145079A (en) Secure electronic transactions using a trusted intermediary to perform electronic services
US7146009B2 (en) Secure electronic messaging system requiring key retrieval for deriving decryption keys
US20010037453A1 (en) Secure electronic transactions using a trusted intermediary with non-repudiation of receipt and contents of message
US20030115456A1 (en) Customizable public key infrastructure and development tool for same
US20050044369A1 (en) Electronic document management system
US20030196080A1 (en) Secure communication via the internet
Adams et al. Internet X. 509 Public Key Infrastructure data validation and certification server protocols
EP2372947A1 (fr) Procédé de transmission numérique sécurisée et traçable et enveloppe
WO2002017553A2 (fr) Appareil et procedes utilises pour le transfert securise de donnees electroniques
Adams et al. Rfc2510: internet x. 509 public key infrastructure certificate management protocols
US8782406B2 (en) Secure digital communications
JP2000196583A (ja) 同報通信システム
Moberg et al. MIME-based secure peer-to-peer business data interchange using HTTP, Applicability Statement 2 (AS2)
WO2001030016A2 (fr) Procede permettant d'empecher des parties de denoncer apres coup une transaction executee avec une tierce partie de confiance
WO1998013970A1 (fr) Systeme et procede de transfert securise de texte en clair d'un premier emplacement a un second emplacement
JP2000031957A (ja) 通信システム
WO2003081840A1 (fr) Procede et systeme associes a un echange de message de non repudiation
WO2001025883A2 (fr) Procede permettant d'empecher des parties executant une transaction de se dedire par la suite sans tierce partie de confiance
EP1357697B1 (fr) Communication sécurisée via l'Internet
Brockhaus et al. RFC 9810: Internet X. 509 Public Key Infrastructure--Certificate Management Protocol (CMP)
Vandenwauver et al. Securing internet electronic mail

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP