69
`
`I
`
`EP0946022A2
`
`70
`
`16
`
`15
`
`. The procedure at NbkePAT. MergePAT and
`[0317]
`TransP/ii’ is similar to that descrbed above with refer-
`ence to Fig. 21, except that the AID should be replaced
`by the link information of the AID and the AID list shoutd
`be replaced by the link specifying AID list. Also. the pro-
`cedure of SpfrtPAT is similar to that described above
`with reference to H9. 22, except that the AID should be
`replaced by the fink information at the AID and the AID
`list should be replaced by the link spedlying AID list.
`[0318] Here. in the procedures of Fig. 21 and Fig. 2,
`the link specifying AID list generation is canried out
`acoordng to Fig. 49 as follows. Namely. a buffer length
`is determined first (step $9011) and a butter is gener-
`ated (step S9012). Then. the link information of the
`holder AID is copied to a vacant region of the generated
`bufler (sttp S9017). That, the link irrtonnation ol the
`member AID is copied to a vacant region olthe resulting
`bufler (step 59018). and it the next merrber AID exists
`(stq) S9015 YES). the stq) S9018 is repeated.
`.
`[0319] Next. the deternination of the link inlomiation
`at the holder AID will be descrtsed. Each or the Make-
`PAT. the MengePAT. the SpIitPAT, and the TransPAToom-
`wands is defined to have two or more arguments. where
`AID. PAT. or Enabler can be specified as an argument.
`In this case. the PAT procesang device specifies the link
`information ottheholderAlDotthe P/fitobeouuautted
`after executing each oorrvnand according to the follow-
`ing rules
`
`* Case at the MakePAT:
`For the MakePAT command. it is defined that
`AlDs are to be specified for thefirst argument to the
`N—thargumenl(N=2.3. -------~ )andEna—
`blers are to be specified tor the N+1-th and subse-
`quent arguments. For example.
`they can be
`as follows.
`
`- - - - - - - -, AIDN.
`MakePAT AID‘, AIDE,
`Enabler
`of
`AID2.
`Enabler
`ot
`AID1.
`-- - -- -- -,Enab|erotAIDN
`
`The PAT processing device interprets the link
`information of AID ot the first argument of the Make-
`PAT command as the link intormation the holder
`AID.
`
`Only when one of the Emblers ol the N+1-th
`and subsequent arguments corresponds to the AID
`of the tirst argument. the PAT processing device
`specifies the link information at this AID (that is the
`link information at the AID of the first argument) as
`the link intomtation of the holder AID at the PAT to
`be outputted alter arecuting the MakePAT com-
`rnand.
`
`50
`
`' Case of the MergePAT:
`For the MergePAT command. it is defined that
`PATs are to be specified for thefirst argument to the
`N-thangument(N=2.3. -- ------)andEna-
`bler is to be specified for the N+1-th argument
`
`Nan1ely.theycanbespecifiedasiollows.
`
`MergePAT PAT, PAT-2 - - - ~ - - - - PAT" Ena-
`HeroIAID
`
`The PAT prncessingdevice irlterprets the link
`irrtonnationottliel'olderAlDotthePATotthefrst
`argumentotthe MergePAToommand asthe link
`irrforrnationoltheholderAlDotll'iePAl'tobeout-
`|:1rttedafteexecutingtheMergeFA'l’oomrrar\d.
`OrilywhentheEnablerol1heN+1-thargument
`correspondstotheho&1erAIDotthePATofthef‘Ist
`argument.thePAT processing device specifies the
`Iinkiritorrriationoltl'iisAlD(tl1atistl'ielinkirrtorma-
`tionoftheholdeI'AIDqftt'iePATofthefirstargu-
`merIt)astheEnkintnrmafionallheholderAlDot
`the PATtobeoutputted atter executing theMerge~
`PATcomrrand.
`-
`CaseotthaSpli1PAT:
`FortheSplitPAToonimand.itisdefmedthat
`PATistobeq>ea'fiedtorthetirstargurneI'n.asetof
`meorrnoreAlDsgmuped’rngetherbysorriepre-
`sorbedsynt:ols($sumedtnbeparentheses0in
`this example) aretobesaeoifiedtortheseoond
`argumenttotheN-thargurnenl(N=3.4.
`--------).andEnabIerisl:obespea‘fiedtor
`tl'ieN+1—tl1argu:neratNarn«w.ttieycanbesper:i—
`fiedasfofiows
`
`(N021
`spmr Pm (N011)
`(NDN1 NDN2
`AioW)enauerorAID
`
`-N922)
`
`The Pltfproceséng device interprets the link
`intomiationottheholderAlDotthePATolthefist
`wgLIrIentcltheSpIitPATconrrrar1dastl1elir1I<‘nior-
`n'ationatthehoUerAlDotthePATtobeoutpulted
`after executing the SpIitPAT command.
`Only whentheEnablerolthe N+1-th argument
`correspcn<:lstotheholderAlDolthePKl'olthefirst
`argument.thePAT processing devicespecifiesthe
`link intorrnationolthis AID (thatisthe link informa-
`lior1ottheholderAIDdtheFAl'otthetirstargu-
`merit)asthe§nkirdom'iatioriotthehoIderAlDof
`thePKl'tobeoutputted after executing lheSpl‘rtPAl'
`command.
`-
`CaseoltheTransPAT:
`For the TransF'AT command. it is defined
`PATs aretobespecifiedforthelirst argumenland
`tl1eseoondargument,anAlDistobespeoitiedlor
`the third argument. and Enablers are to be speci-
`fiedforthe fourth argument and the fifth argument.
`Namelyflteycanbespecifiedasfollowa
`
`TransPAT PAT, PAT2 AID Enabler of AID1 Ena-
`bler of AID-2
`
`The PAT processing device interprets the link
`
`Petitioner Apple Inc. — Exhibit 1024, p. 3001
`
`Petitioner Apple Inc. - Exhibit 1024, p. 3001
`
`

`
`71
`
`EP0946022A2
`
`72
`
`irrforniatiortotAlDotthetl1irdargurnerrtastl1elirtk
`informationotlhe hclderAlDotthePATtobeout-
`
`putled atter executing the TransPAT command pro
`v'Ktaitfatthelir1kintormatiortotAlDotthethird
`argument ot the TransPATcommandiscontained in
`the PATof the secmd argument
`Ontywhenthe Enabletotthetourthargurnent
`corresponds to both the PAT ot the first argument
`and the PATotthesecondargumentand the Ena-
`bler otthefilth argumentoonapondstothe AID of
`the third argument.
`the PAT processing device
`ssedties the link information of the AID of the third
`argument as the link infomntion of the holder AID
`otthe PAT to beoutputted atter executing the Tram-
`PAT command.
`Next. the determination ot the link intormations
`ofthe merrberAlDswill bedescribed Thedefini-
`tions of the MakePAT, the MergePAT, the Sp§tPAT,
`andlheTransPATcommandsareasdescrioed
`above. The PA!‘ processing device specifies the link
`intormationsofthememberAlDsofthe PATtobe
`oulputted atter executing each command according
`to be following rules.
`Case of the MakePAT:
`Onlywhenthelinkinformaticnoltheholder
`AlDotthe Pkftobeoutputted after executingthe
`MekePAT command is tonmllydetermined, the PAT
`procesdng darice interprets all the link informa-
`tionsoftheAlDsofthesecondandsubsequent
`angurnerrtsottheMakePATconmar\dasthelink
`intornationsotthememberAlDsofthe PATtobe
`oulputted after executing the MalaePAT command.
`The HAT processing device specifies only the
`link intornrations at those AlDs among all the AlDs
`of the second and stbsequent arguments which
`correqaond to the Enablers specified by the N-r-1-th
`and subsequent arguments as the link inforrmtions
`ofthe member AIDs ot the PAT to be oulputted alter
`atecuting the MakePAT command.
`Case of the MergePAT:
`Only when the link intornation at the holder
`AJDotthePAl'tcbeoutputted aherexeculingthe
`MergePAT command is formally determined, the
`PAT processing dalice specifies the link interma-
`tions ot the member AlDs of all the PATs specified
`by the first to N-th arguments of the MergePAT as
`the link intcrmalions ot the member AlDs of the PAT
`to be outputted after executing the MergePAT com-
`mand.
`Case of the SplitPAT:
`Only when the link intormation of the holder
`AID of the PAT to be outputted after executing the
`SplitPAT command is lormally determined. the PAT
`processing device specifies the link inlormation of
`the member AID at the PAT specified by the first
`argument of the SplrtPAT conmand as the link infor-
`mation ofthe menber AID of the PAT to be output-
`ted after executing the SplitPAT commend. At this
`
`10
`
`15
`
`37
`
`poirlt.fl1elirtkirttt:rntatiortsotthemerr1:erAlDsare
`dstrbuted intod‘rlfererttPATsh'Iur1itsotpareI'lthe-
`ses(). Forexarrplejnthethseot:
`
`AlDa)
`(AIDZ1
`(AID11)
`SplitPAT Mr
`........ (Nam Alum ........
`AIDMQ EmtiaotAlD
`
`(AlD2, AIDZ2) and
`the lirit intormatiars ot (Alon),
`(AIDN1 AIDN2 - - - - - - - - AlDNM)nfllbethelirrkintnt-
`nationsofthemen'berAlDsolditterentPATshavinga
`oommonlinklrrlcnnationolholderAlD.
`'
`CasedTransPAT:
`Onty when the fink information of the holder
`AlDotthePKl'tobeoulputtedalteratearlirrgthe
`TrartsPATcontrnandistormatlydeterm'ned,thePAr
`processingdevicespet:’tiesallthelir:kirttcI'nlatims
`otthemenberAIDs remaining after excludingthe
`linkintohnatior1otthernerrt:aAlDthatissched-
`uledtobeanewholderAlDtromafltheEnkirrtor-
`matiorxsotthenrermer'AlDsotltrePATspeo§‘redby
`thetirstargtrrrrerItofttreTrartsPItl’corrIhar1dar1d
`tt-rerrrrl<irltorn1aticrIsotthememberAlDsottt-rePAl’
`aJeciliedbyttnewondarvgurrra'ttestl'refir1kir1tor-
`naticnsotthemenberAlDsotlhePATtobeout—
`pirttedatterexeoutingthaTrar'IsPATcon1rnand.
`TheveriflcaliorrotttreproperrressotttreErta-
`bler in this sarenth embodiment is the same as
`desa'i)edabowawitttreier'e1cetnFig.24.Also.this
`veriticafionotthepnpernessotttreEnabIer'iscon1-
`mor1tofl'teMatePlW.lheMergePAT.tf1eSpitPAT
`andlheTra1sPA[
`
`Next. the Qhfll enbotiment at the snail
`[0320]
`access oorttru scheme acconcing to the present ‘twen-
`tion will be @oribed in detaiL
`[0321]
`Irrttiseigtrttterrbofirrrerrtttieoloisghrenby
`a real entail address.
`-
`[0322]
`The PAT ’s an intcrnation comprising two or
`more real email addresseslheholderindex. thevafidity
`period, the transter control flag and the PAT processing
`device identilier (or the identifier ot the PAT processing
`obiectonthenetwork). whichissigned usingaseaet
`keyotthe PATprocessingdevice(orthe Pkrprocessing
`obiect on the network).
`[OQ3]
`Here. one of the real entail addresses is a
`holder email address of this PAT, where the change of
`the information contained inthePATsuchasan adwfion
`of entail azktress to the PAT. a deletion of ermit address
`from the PAT. a change of the validity period in the PAT,
`achangeotthetranstercorrtroltlagvalueinthe PKT.
`etc., can be made by presenting the holder email
`adzlress and an Enabler containing the holder email
`address to the PAT processing device (or the PAT
`processing obiecton the network).
`[0324] On the other hand. the email addresses other
`than the holder email address that are contained in the
`PAT are all member enail addresses. where a change
`
`Petitioner Apple Inc. — Exhibit 1024, p. 3002
`
`Petitioner Apple Inc. - Exhibit 1024, p. 3002
`
`

`
`73
`
`EP0946022A2
`
`74
`
`of the information contained in the PAT cannot be rnade
`even when the member email address and an Enabler
`containing the menber email address are presented to
`the PAT processing delice (or the PAT processing object
`on the network).
`[0325] The holder index is a numerical data for identi-
`fying the holder errail acktress. which is defined to take
`a value 1 when the holder email acflress is a top email
`address in the entail address fist formed from the holder
`email adciess and the member email addreses, a
`value 2 when the holder email address is a second
`email aldressfrornthetqtxafttteerrtailaddresslist. or
`a value n when the holder email address is an n—th email
`address from the top of the errail address list
`[0326] The transfer control flag value is defined totake
`eithero or 1.
`[0327] Theholderemailaddressisdetinedtobeareal
`
`email addresswhid1iswrittenataposrtJon'‘
`spedied by
`the holder index in the email arklress list The member
`email addresses are ‘defined to be all
`the email
`addresses other than the holder email address.
`[0328]
`The validity period is defined by any one or
`oombinatior1otlhenuntberoltimeslorwlid1thePATis
`available. the absolute time (UTC) by which the PAT
`becomes unavailable.'the absolute time (UTC) by which
`the PAT becomes available. and the relative time (life-
`time) since the PAT becomes available until it becomes
`unavailatie.
`
`[0329] The identifier olthe PAT processing device (or
`thePATprocessing objedmfltenetworlqisdefinedes
`aserial numberotthe PATprocessingdevice(or and‘.is-
`-tinguishedrrarrleottl'lePA‘l'processingobje'r:lontl1e
`network). The secret key oi the PAT processing device
`(orthe Pltrprocessing object on the network) is defined
`to be uniquely corresponéng to the identifier.
`_
`[0330] Also. in this eighth embodiment. an Enabler is
`defined as an identilier corresponrfing to the real email
`- address. The Enabler is an irttonnation comprising a
`character string uniquely indicating that it is an Enabler
`and a real email acklress itself, which is signed using the
`secret key of the PAT processing device or the PAT
`processing object on the network
`[0331] The generation of the PAT in this eighth embod-
`iment is carried out as follows.
`[0332] Here. a directory will be descrbed as an exam-
`ple of the PAT processing rbject on the network The
`directory nnnages the real email address and the dis-
`closed intorrnation of the user in correspondence. and
`outputs the PAT upon receiving the search conditions
`presented from an arbitrary user.
`[0333] The user transnits the real email address and
`the search conditions to the directory. Then, the direc-
`tory acquires all
`the real email acktrmes which
`uniquely correspond to the disclosed inlormation that
`satisfies these search conditions. Then. the directory
`generates a real email artlress list from the real email
`address of the user who presented the search condi-
`tions and all the real errail addresses acquired as a
`
`10
`
`15
`
`25
`
`40
`
`50
`
`55
`
`seardt result Themthedirectoryappendstheholder
`index value. the nfrdity period value. the transter control
`thgvalue.andtl1edisfinguishednameottttedirectory
`tottterealernaiaddtessllstl-‘nafiy.thedirectorysigrts
`theresultingdatarsingasecretlrayafthedlrectnry,
`andtransrrritsitesthePATtothet.lserwhopreset1ted
`thesearchcondtions
`‘
`[0334] Ne:t.theemai|messcontrolinthiseighth
`embodimentistarriedoutastollows.
`[D335] Thesendaspecifieslherealenafladdressof
`the sender in From: line. ant "[PA‘l]@[real danain of
`sender]"inTo:lineofamai!.
`[0336] Thescsaorpiresanmlallreceivedbyan
`MTA(Mesage Trans!erAgent)sud1asSM'l'P(Sin'ple
`MailTrarrslerProtoool),and¢:arriesouttl1eautherrtir:a-
`tionbythefollowingprocedure
`
`(1)ThesignatureotthePRTisverifiedusingthe
`pr.bliclaeyotthePAT.
`_
`WhenthePl-Tlfistoundtohavebeenaltered.
`theerrIailisd'rscardedardtheprocessingistern1i-
`nated
`.
`when the PAT is found to rave been not
`altered. thetotlowingproceséng (2) is exeaned.
`(2)‘l11esearchis<:arriedoutbypresartingthe
`sender‘srealemailaddrestothePRI’.
`When a real enail addres that completely_
`matr:t1eswitt1tt1eserI1er'srealerrxailarttre$isrlot
`corllairtedirttl1ePA‘|'.theerI1ailisdscardedarldthe
`processingisterrrirated.
`when a rut arw aidress that completely
`matches with thesenders real email address is
`oorrtair'ledirlthePAT.tl1eltlowingprocessing(3)is
`executed
`(8)The\alirityperiodvalueotttlePATisaratuated.
`W'henthePAl'isotnsidethevalidityperiod.the
`email is distarded and the processing is termi-
`nated
`'
`WhenthePAT is withinthevalidityperiod. the
`tollovvingprocr-zssing(4)iserewted.
`(4)Whetherornottoautt1enticatethesenderis
`determined by referring to the transfer control flag
`value of the PAT.
`Whenthevalueist.thechaI|engeIresporrse
`authentication between the S08 and the sender is
`canried out, and the signatureolthe sender is veri-
`tied. Vllhenthesignatureisvafidtherecipientis
`specified and the PAT is attached. when the signa-
`ture is invalid.
`the email
`is discarded and the
`processing is terminated.
`Whenthevalueis0.therec‘pientisspea'fied
`and the PAT is attached withwt erecuting the chal-
`lengelrespmse
`
`[0337] Anexernplary challengdrespcnse authentica-
`tion between the SOS and the sender in this eight
`, embodiment can be carried out as follows
`[0338]
`First, the SOS generates an arbitrary informa-
`
`Petitioner Apple Inc. — Exhibit 1024, p. 3003
`
`Petitioner Apple Inc. - Exhibit 1024, p. 3003
`
`

`
`75
`
`EP0946022A2
`
`76
`
`tionsucl1asatimestarrip.toriaran'ple.er1dtransnits
`the generated intormation to the sender.
`[0339] Then. the sender generates the secret key and
`theptbfickey. signsthereoeived information usingthe
`secretkey, ardtransmitsitalongwiththepublickey.
`[0310]
`The SCS then verifies the signatue of the
`received information using the public key presented
`from the sender. When the sigrature is valid. the recipi-
`ent is spedfied ard the PAT is attached When the sig-
`nature is invalid.
`the errnil
`is disrarded and the
`processing is terminated.
`[0341] The specifying of the recipient and the attach-
`ing at the PAT atthe SCS in this eighth anbodiment can
`be carried out as tollows.
`[0342]
`First, the SCS carries out the search by pre-
`sentingthesendersreal email addresstothePAT,soas
`toacquireallthereal email addresseswhichdonot
`oonpletely match the senders real anail address.
`Then, all these acquired real errail addresses are spec-
`ified as recipient‘: real email addresses.
`[0343] Next. the SCS attaches the PATto an arbitrary
`positionintheemaiiin ordertotransmitthe PATtoall
`the recipient's email addressessoastobeableto reat-
`ize the bidirectional communications Finafly. the SOS
`gives the email to the MTA
`[0344] The receiving refusal with respect tothe PAT at
`the SCS in this eighth embodiment can be carried out
`as follows.
`
`Receiving refusal setting: The bidirectional
`[0345]
`authenticationiscarriedoutbyarlarbilrarymeans
`betweentheuserandtheSCS5.Then,theusertrans-
`mits a registration command. his/her own real email
`addrem. and arbitrary PATs to the SCS 5. Then. the
`SCS 5 next verifies the signature at each received PAT
`using a public key of the ADS. Those PATs with the
`invalid signature are discarded by the SCS 5. When the
`signature is valid. the SCS 5 carries out the search by
`presenting the received real entail address to each PAT.
`For each at those PATs which contain the real email
`address that completely matches with the received real
`email address. the SOS 5 presents the registration com-
`mandandthe PATtothe storagedevicesucmhatthe
`PAT is registered into the storage device. Those PATs
`whidi do not contain the real email address that com-
`pletely matches with the received real email address
`are discarded by the SCS 5 without storing them into
`the storage device.
`[0346] Receiving refusal execution: The SCS 5 carries
`out the search by presenting the PAT to the storage
`device. when a PAT that oonpletely matches the pre-
`sented PAT is registered in the storage device. the mail
`is discarded. When a PAT that completely matches the
`presem PAT is not registered in the storage device. the
`mail is not discarded.
`
`Receiving refusal cancellation: The bidirec-
`[0347]
`tional authentication is carried out by an arbitrary
`means between the user and the SCS 5. Then. the user
`presents his/her own real email address to the SOS 5.
`
`Then.lheSCS5r1extpresentsthepresentedrealernail
`acktressasaseardiconcitiontottiestoragedeviceand
`acquire all the PATs that contain the presented real
`email addre$.andlhen rresettsallthe amuired PATs
`totheuser.Then.theuserselectsal|thePATstorvvhid'i
`thereceivingretusalistobe%etledbyreterringtoalI
`thePATspresentedlromtheSCS5.andtransrnitsall
`theselectedPATsalor1gwitt'Iadetetioncomrrandtothe
`Scsslhonreoeivingthedeletionoonmaridandall
`thePKI'storwl1id1tl1ereceiving rettsalistobecan
`celled,theSCS5presentsthedeletioncommandand
`all the PATs received truth the user to the storage
`derioesuohthatallthereceived PATsare cleletedtrom
`thestoragedevice.
`[0348] TheeditirigotthePATinthiseightherrbodi-
`mentrztnbemrriedoutastollows
`
`‘lheMakePA‘|'.theMergePRl'. the SptitPKl'.and
`[0349]
`theTrer1sPK|'processir1gsft:thePATusingrealen1ail
`addressesasitselementscanbeotiainedtromthethe
`MakePAT, the MergePAT.theSplitPAT.andtheTransPIu'
`proceshgs for the PAT t5'ng Alfls as its elements
`dscrbedabove.byrqb.cingtheAlDbythereaternail
`addressarIdlheEnabterolAlDbytheErtablerotrea|
`ermfladdres.
`a
`[0350] ANullqJe'atorisanintorrnahon‘ corrpnsrng‘'
`
`datawhictiisuriiqoelyirlrfitztir'igtltatitisNullar1dwhid1
`hasatornutottt1ereala1iaiad1iros.whid1issigned
`bythesecret|reyotthePKTprocessingdeviceorthe
`PATpi-ocessinadaiedorttheneturork
`[0351]
`S'¢rilarty.theGodoperatorisanintorna6ori
`oorr1prisingadahvmid1isur&}uelyir‘Idicati'tgtlBtitis
`GodarI1whid1l~matorrnatottt'ierealen'aila::lrtess.
`whichissignedbytheseaetkeyottheB$l'procesing
`derricerxthefitfgxooessirngwjedorittnertetwortc
`[0352] TheErrablerotN1£operatoI'isanir1torme.tior1
`composing" adatawhrch' isuniquely irIo’rcatmg' thatitis
`EndJterandtheNuiIrx>erattxitsell.vvhir:hissignedtry
`thesecretkeyotthePATprocessingdeviceorthePAT
`proce$ingobiectonthenetworK
`[0358]
`The processings involving the Nul operator
`ardthefiodoperatorcanbeobtainedtromthe
`processingsforthePAT isingAlDsasitselements
`desa'ibedabove_byredaa'rI_;]theAlDbytherealeI1tail
`address.'the EnablerotAlD bythe Enabler of real email
`address. the Null-AlDbythe Null operator.theGod-AID
`by the God operator. and the Enabler of Null-AID by the
`Enabler ot Null operator.
`[0354] As described, according to the present inven-
`tion,aPATisusedforverityingtheacoessrightofa
`sender and the email access control among users is
`caniedoutwhen the verification resultisvalidsothatit
`becomes possible to disclose the information indicative
`of characteristics of a user while concealing the true
`identification of a user and canying out communications
`appropriatety according to this disclosed intorrmtion
`while preventing conventionally possible attacl-6 from a
`third person. In adtition. even when a recipient receives
`an attack from a sender who maliciously utilizes the
`
`10
`
`15
`
`50
`
`39
`
`Petitioner Apple Inc. — Exhibit 1024, p. 3004
`
`Petitioner Apple Inc. - Exhibit 1024, p. 3004
`
`

`
`77
`
`A
`
`EPO946022A2
`
`'
`
`7e
`
`anonymity. chrnages at a recipient due to that attack
`can be minimized.
`
`, Also, amording to the present invention,_the
`[0355]
`generation and the content change of the pasonalized
`aocastidcetcanbemadebytheinitiativeotauserby
`using an AID asdgned to each user and an Enabler
`defined in correspondence to the AID, so that
`it
`becomes possble to appropriately nnnage information
`suchasthalotapointoicontactoleach merrberotthe
`group communication (mailing list. etc.) which changes
`dynarnically.
`[0356] Also, according tothe present invention. a Null-
`AID and an Erabler of Null-AID can be introduced in
`ordertorarryoutthegenerationofanew PAT(Make-
`PAT) and the merging at PATs (MergePAT) without giv-
`ing the merrber AlD and the Enabler afthe member AID
`tothe holderotlhe PAT. sothatitbeoomespossbleto
`prevent the pretending using the member AID.
`[0357]
`Also, acmrding to the present invention. the
`Null-AID can be used only as the holder AID of the PAT
`(the Null—A|D cannot be used as the merrber AID), that
`S
`A‘Dmel.n&n,
`' ' ' ' ‘ ‘ ‘ ‘ _
`AlDme,m,9,N > is allowed. but PAT<AlDhdde,
`| AIDNM.
`AlD,mm,,.,1. AlD,,,,,,,,,,,g.
`' ’ ‘ ‘ ‘ ‘ ’ ‘.
`>
`is not allowai, so thatthe holder oi PAT<AID,.,.de, | AID-
`member
`cannot pl'xIJC€
`PAT<AiDN|_m 1
`>
`from this PAT<Aroh,,.,,,, 1 Ain,,,,,,,,,e, > as long as the
`holderdoesnotknow EnablerurArD,m,,,,
`[0358]
`Also. according to the present invention, a
`.God~AlDcanbeirrtroducedinordertosetuparead
`onlyattributetothe PAl',sotha1itbeoomespossbleto
`tbrthepartioipantsinthegroupcommunication.
`[0359]
`Also, according to the present invention. the
`link information for uniquely specifying the 'AlD can be
`introduced and the PAT can be given in terms of the link
`information such that the PAT does not contain the AID
`itself. sotlat itbecomespossibleto realizethe receiving
`refusal function without using the AID itself.
`[0360]
`it is to be noted that. besides those already
`mentioned above, many modifications and variations at
`theabove ernbodimentsmeybemadewithoutdepart-
`ingtromthenovelandadvantageousfeaturesofthe
`present invention. Accordingly, all such modifications
`and variations are intended to be included within the
`scope of the appended claims.
`
`Claims
`
`1. A method of email access control, comprising the
`steps of:
`
`receiving a personalized access ticket contain-
`ing a sender's identification and a rec‘pient’s
`identification in correspordence. which is pre-
`serttedbyasertderwhowishestoserdan
`anail to a recipient so as to specify the recipi-
`ent as an intended destination ofthe entail, at a
`sewre communication service tor connecting
`
`communications betweenthe senderand the
`receivenand
`controllirg aoceses between the sender and
`therecipientbyverifyinganacoessrightotthe
`senderwith respecttothe reobient accorfitg
`tothepersonalizedacoesstickelatthesecure
`
`10
`
`15
`
`20
`
`35
`
`2. The method of claim 1, wheein at the contmllmg
`step the secure communiratbn service authenti-
`cates the personalized access ticket presented by
`l.’nesender.andre!usesadeliveryottheemail
`when the persoralized access ticket presented by
`the sender has been altered.
`
`3. Themettrodotdaimzwtiereinflwepersortafized
`accessticketissignedbyasecretkeyofasecure
`processing devicewhich issuedthepersonalized
`aocessticlcet.arIdattt1ecor1trolfirrgstepthesecure
`
`izedacoesstidtetbyverilyirigasigrtatttreottlie
`secure processing device it
`the personalized
`aocessticketusingaputalickeyotthasecure
`prooessingdevice.
`
`4. Themethodotclaimtwhereinatthereceiving
`step the secure communication service also
`reca'vesthesender‘sider:t§icaticnpresentedby
`thesenderalorrgvn'ttrthapersmafzedaoces
`tioket.andattt'iecorItrottingstq3theseourecom-
`rrunimtionservioe::t1eds\vl1ethea'theserIder‘s
`idea'ttificafi<:rtpreser1tedbyttIeseru$eriscornair1ed
`inthepersoralizedaocestidretpresentedbythe
`senda.andrdusesadeliveryottheana'lwtIer1
`thesendersideritifxztimpreseiatedbythesender
`isnotcontainedinthe-personatizedaccesslicket
`presentedbythesender.
`
`5. The method ot claim 1. wherein the personalized
`axx:essticketalsocontainsavalirfrtyperiodindicat-
`ingaperiodtorwhidithepersonalizedaocess
`ticlcetisvalid.andatthecor1tmliir1gsteptl'resecure
`cormrunirzztion service draws the vafioity period
`contained in he personaized access ticket pre-
`sentedbythesenderendretusesadeliveryofthe
`email when the persoralized aoce§ ticket pre-
`-serrtedbythesenderoontainstheiralidityperiod
`thathes alreedybeen expired.
`
`6. The methodofclairns. wherein the validity period
`otthepersonalizedacoessfidretissetbyatnrsted
`third party.
`
`55
`
`7. The method of claim 1. turther comprising the step
`of:
`
`issuing the personalized access ticket to the
`sender at a directory service tor managing an
`
`Petitioner Apple Inc. — Exnhibit 1024, p. 3005
`
`Petitioner Apple Inc. - Exhibit 1024, p. 3005
`
`

`
`79
`
`EP094-6022A2
`
`80
`
`Airterrtificationofeacttregistrarttartdacfiwosed
`irrformatiortofeachregistrarttwlrichhasa
`tower secrecy thanapersonatinformation, ina
`state which is accessibtetor search by unspec-
`ilied many.
`in response to search conditions
`specified by the sender. by using an identifica-
`tion of a registrant whose disclosed information
`matches the search conditions as the recipi-
`ent's identification and the senda‘s identifica-
`tion specified by the sender along with the
`search
`-
`
`Themethodotctairn1,furthercorrtprisingthestqr
`of:
`
`registering in advance the personalized awess
`ticket containing an identification of a saecitic
`userfrornwhichadeliveryotenaflstoas>e-
`citic registrant is to be refused as the sender's
`identification and an
`of the spe
`citic registrant as the recipients 'rder1tification,
`at the secure communication service;
`whereinthecontnotling stepthesecurecom
`munication service refuses a delivery at the
`errail from the sender when the personalized
`access ticket presented by the sender is regis-
`tered therein in advance atthe registering step
`
`The rnethodot claim 8. further comprising the step
`at
`
`deleting the personalized access ticket regis-
`tered at the secure corrmunication service
`upon request from the specific reg'strant who
`registered the personalized access ticket at the
`registering step.
`
`10. The method of ctaim 1. wherein the personalized
`ewess ticket also contains a transfer control flag
`indicatfing whether or not the sender shoutd be
`authenticated by the secure communication serv-
`ice. and at the controlling step. when the transfer ~
`control flag contained in the personalized access
`ticket indicates that the sender should be authenti-
`cated. the secure communication service authenti-
`cates the sender's identification presented by the
`sender and refuses a defrveryot the ermit when an
`authentication of the sender's
`fails.
`
`11.
`
`12.
`
`The method at claim 10, wherein the authentication
`of the sender's identification is realized by a chat-
`lengelresponse procedure between the sender and
`the secure communication service.
`
`The method of claim ‘to, wherein the transfer con-
`trol flag of the personalized access ticket is set by a
`trusted thirdparty.
`
`13.
`
`14.
`
`I0
`
`15
`
`15.
`
`Themethodofctaim1,whaeinthesender’s‘ztenti-
`flca1ionahdthereoipiertt’sideI'ttit'tw1ionintt'teper-
`somlized access tidtet are given by real email
`addreaesotthesenderandtherecipient
`
`Themev1odofdaim1,whereirrthesender‘sider1ti-
`ticatior1arrdtt'rerea‘pienfsidartrtix2tionintheper-
`sonalizedaccessticketaregivenbyanorrymous
`identifications of the sender and the redpierrt.
`wt-:e'eanerIonyrnousiderrtiTrr2tjortoteadrr.iser'
`oorrtainsatIeastonefragmerItofanotficialidentiti-
`catiorrofeadruserbywhidteachuserisuniquely
`iderttifiable'byacertifir:ationauthority.
`
`The method ct claim 14, wherein the anonymous
`iderrtificafiar1otead1rser'sartinfornatiortoontain-
`ingtheatleastonetragmentoftheoffia'aJidentiti-
`cation of each user which is signed by the
`oertifi<zti<x1auttu:rityusirtgase¢:retkeyoftttecer-
`
`16.
`
`1 7.
`
`Themethodotctaim 14,whereintheotfidal identi-
`frtztiortotaact1trserisact'aracter'stringu1iquety
`a$igrtedtoear:trLserbythece‘tifx:atior1euthority
`at-ztaputlictreyoteadtusawhichar'es‘gr1edbya
`secretlaeyofthecertifuationaufhority.
`
`Themethodofctaimt4,furthacorrprisingthestq)
`of:
`
`an identity at the
`prdaabitistirally
`senderbyreconstmctingtheotficial identifia-
`tiortottl'eserI$erbyir.rdgirtgidentityofeptr.n-al-
`itydautyrrursderetsotthesertder
`containedinaptualityotpersonaEzedacce$
`tidcetsusedbythesenda.
`
`18.
`
`Themettndotctaimt,whereina.nanonymous
`_iderttificatior1oteacturserthatconta.insatIeastor1e
`fragmentotanotfrcial identiticationofeach Lserby
`which each user is uniqudy identithble by a certifi-
`cationeuthorityandalinkirrforrmtionofeech
`anonymous identification by which each anony-
`mous
`tan be uniquely identified are
`defined. and the senders identification and the
`recipient's identification in the personalized access
`ticketaregivenbyalinkintormationotthe anony-
`mous identification at the sender and a link informa-
`tion of the anonymous identification of the redpient
`
`19.
`
`The method of claim 1. wherein the link information
`of each anonymous identification is an iderrttfier
`uniquely assigned to each anonymous identifica-
`tion by the certification authority.
`
`20. The method of ctairn 18. further comprising the step
`of:
`
`41
`
`Petitioner Apple Inc. — Exhibit 1024, p. 3006
`
`Petitioner Apple Inc. - Exhibit 1024, p. 3006
`
`

`
`81
`
`EP0946022A2
`
`82
`
`alizedaccessticlets..adiangingotthehot:le.roi
`tl1epersonarizedaocesstictcet.d'rangingotavalid-
`ityperiodotthepersonalizedaocessfidcet.anda
`changingotatranstercorrh'olflagolthepersonal-
`izedacoessticket.
`
`Themethodotdaim26.vohereinaspecialidertfiti—
`rationarrdaspecialeriatnieroorrespondirrgtottie
`specialidentificafionwhidiareknowntoallusers
`aredefnedsudittntthegewerationotanewper-'
`sonalized access ticket and the changing of the
`hotderotthepersona§zeda<:cesstici<etranbecar-
`riedoutbytheholdaotthepersonalizedaccess
`ticketbyusingthespecialidentificationandthe
`specialerrab|erwitlioutus'nganenahlerotamern-
`
`10
`
`15
`
`p
`
`robabilistically identifying an" identity of the
`sender by reconstructing the otticial identifia-
`tion 01 the sender by judging identity ot a plural-
`ityofanonymous identifirntionsolthe sander
`corresponding to the link information contained
`in a plurality oi personalized access tickets
`used by the sender.
`
`21.
`
`The method oi claim 1, wherein the personalized
`access ticket contains a single senders identifica-
`tion and a single recipient's identification in 1-to-1
`conespondeme.
`
`22 The method ol claim 1, wherein the personalized
`access ticket wntains a single sender's identr'fica—
`tion am a plurality of recipient's iderrtiticatiorrs in 1-
`to-N correspondence. where N is an integer greater
`than 1.
`
`23. The method olclaimzz. wherein one
`among the single satders identilication and the
`plurality at recipient's identilirations is a holder
`identificationforidentifying ahdderottttepersorak
`ized access ticket while other identifications among
`the single senders iieritiiirzlion art! the plurality of
`recipients identifirations are member identifica-
`tiorisioriderrtiiyingmerrrbersofagrouptowhich
`the holder belongs
`
`24. The method of claim 23. further comprising the step
`of.
`
`issuing an identification or each user and an
`embieroftheir.terttificatior1oteachuserirtdi-
`eating a -right to orange the personalized
`access ticket containing the identification of
`each useras the holder identification, to each
`
`user at a certification authority,‘such that pre-
`scribed processing at the personalized access .
`ticketcan be carried outat a secure processing
`deviceonlybyauserwhopresented boththe
`holder identification contained in the personal-
`ized access ticket am the enabler wrreswd
`ing to the holder identification to the secure
`processing device.
`
`45
`
`25. The method at claim 24. wherein the certification
`authority issues the enabler oi the identification of
`each user