System and method to enable PKI- and PMI-based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added
First Claim
1. A method for establishing secure communication between a plurality of devices, each device including a hardware processor and associated memory, the method comprising:
- receiving a first unique identification and a first cryptographic key by a first device, and a second unique identification and a second cryptographic key by a second device;
producing a digital certificate using the first and second unique identifications and the first and second cryptographic keys, or a reference to the first and second unique identifications and the first and second cryptographic keys;
authenticating a communication line between the first device and the second device by issuing the digital certificate to the communication line to establish a secure communication line between the first device and the second device; and
authenticating each of the plurality of devices using a unique identification or a cryptographic key of said each of the plurality of devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.
-
Citations
15 Claims
-
1. A method for establishing secure communication between a plurality of devices, each device including a hardware processor and associated memory, the method comprising:
-
receiving a first unique identification and a first cryptographic key by a first device, and a second unique identification and a second cryptographic key by a second device; producing a digital certificate using the first and second unique identifications and the first and second cryptographic keys, or a reference to the first and second unique identifications and the first and second cryptographic keys; authenticating a communication line between the first device and the second device by issuing the digital certificate to the communication line to establish a secure communication line between the first device and the second device; and authenticating each of the plurality of devices using a unique identification or a cryptographic key of said each of the plurality of devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification