Umethod, system and program for managing relationships among entities to exchange encryption keys for use in providing access and authorization to resources

US 20010020228A1
Filed: 03/22/2001
Published: 09/06/2001
Est. Priority Date: 07/09/1999
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing access to resources, comprising:

exchanging encryption keys among a first entity, second entity, third entity, and a fourth entity, wherein each entity has one relationship with one other entity, and wherein the encryption keys are exchanged pursuant to the relationships; and

encrypting with the encryption keys electronic messages concerning digital enrollments to provide to the first entity, wherein the digital enrollment is associated with at least one digital ticket that authorizes access to a resource managed by the fourth entity, wherein presentation of the digital enrollment causes the presentation of one digital ticket associated with the digital enrollment to authorize the first entity to access the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method, system, and program for managing access to resources. Encryption keys are exchanged among a first entity, second entity, third entity, and a fourth entity. Each entity has one relationship with one other entity and the encryption keys are exchanged pursuant to the relationships. Electronic messages are encrypted with the encryption keys concerning digital enrollments to provide to the first entity. The digital enrollment is associated with at least one digital ticket that authorizes access to a resource managed by the fourth entity. Presentation of the digital enrollment causes the presentation of one digital ticket associated with the digital enrollment to authorize the first entity to access the resource.

Citations

31 Claims

1. A method for managing access to resources, comprising:
- exchanging encryption keys among a first entity, second entity, third entity, and a fourth entity, wherein each entity has one relationship with one other entity, and wherein the encryption keys are exchanged pursuant to the relationships; and
  
  encrypting with the encryption keys electronic messages concerning digital enrollments to provide to the first entity, wherein the digital enrollment is associated with at least one digital ticket that authorizes access to a resource managed by the fourth entity, wherein presentation of the digital enrollment causes the presentation of one digital ticket associated with the digital enrollment to authorize the first entity to access the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first entity and the second entity have a first relationship such that the first entity is associated with the second entity and wherein the second entity and third entity have a second relationship through which entities associated with the second entity can access resources managed by the fourth entity.
  - 3. The method of claim 2, wherein the third entity and fourth entity have a third relationship through which the fourth entity makes managed resources available to entities designated by the third entity.
  - 4. The method of claim 3, wherein exchanging the encryption keys further comprises:
    - transmitting, with the fourth entity, the fourth entity encryption key to the third entity;
      
      transmitting, with the third entity, the third entity and fourth entity encryption keys to the second entity after receiving the fourth entity encryption key from the fourth entity; and
      
      transmitting, with the second entity, the second entity, third entity, and fourth entity encryption keys to the first entity after receiving the third entity and fourth entity encryption keys from the third entity.
  - 5. The method of claim 3, wherein exchanging the encryption keys further comprises:
    - transmitting, with the first entity, the first entity encryption key to the second entity;
      
      transmitting, with the second entity, the first entity and second entity encryption keys to the third entity after receiving the fist entity encryption key from the first entity; and
      
      transmitting, with the third entity, the first entity, second entity, and third entity encryption keys to the first entity after receiving the first and second entity encryption keys from the second entity.
  - 6. The method of claim 1, further comprising:
    - using, with the second entity, the first entity encryption key received during the exchange of encryption keys to encrypt a message including at least one digital enrollment to the first entity that the first entity can use to access the resource; and
      
      using, with the first entity, the second entity encryption key received during the exchange of encryption keys to decrypt the message received from the second entity providing the digital enrollment.
  - 7. The method of claim 6, further comprising:
    - using, with the second entity, the second entity encryption key to encrypt the message including the digital enrollment before encrypting the message with the first entity encryption key.
  - 8. The method of claim 1, further comprising:
    - using, with the first entity, the encryption key of the fourth entity received during the exchange of encryption keys to encrypt a message including the digital enrollment to access the resource managed by the fourth entity; and
      
      using, with the fourth entity, the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital enrollment.
  - 9. The method of claim 1, wherein exchanging the encryption keys further comprises exchanging the encryption keys with a fifth entity, further comprising:
    - maintaining, with the fifth entity, a mapping of digital enrollment to associated digital tickets;
      
      using, with the first entity, the encryption key of the fifth entity received during the exchange of encryption keys to encrypt a message including the digital enrollment to transmit to the fifth entity;
      
      using, with the fifth entity, the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital enrollment;
      
      processing the mapping to determine the digital tickets associated with the received enrollment; and
      
      using, with the fifth entity, the first entity encryption key received during the exchange of encryption keys to encrypt a message including the digital tickets to transmit to the first entity to use to access the resource from the fourth entity.
  - 10. The method of claim 9, further comprising:
    - using, with the first entity, the encryption key of the fourth entity received during the exchange of encryption keys to encrypt a message including the digital ticket received from the fifth entity to send to the fourth entity; and
      
      using, with the fourth entity, the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital tickets;
      
      granting, with the fourth entity, the first entity access to the resource if the digital ticket included in the decrypted message authorizes access to the resource.
  - 11. The method of claim 1, wherein the resource consists of a resource that is a member of the set of resources comprising:
    - data, computer programs, and control of an electromechanical machine.

12. A system for managing access to resources, comprising:
- means for exchanging encryption keys among a first entity, second entity, third entity, and a fourth entity, wherein each entity has one relationship with one other entity, and wherein the encryption keys are exchanged pursuant to the relationships; and
  
  means for encrypting with the encryption keys electronic messages concerning digital enrollments to provide to the first entity, wherein the digital enrollment is associated with at least one digital ticket that authorizes access to a resource managed by the fourth entity, wherein presentation of the digital enrollment causes the presentation of one digital ticket associated with the digital enrollment to authorize the first entity to access the resource.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein the first entity and the second entity have a first relationship such that the first entity is associated with the second entity and wherein the second entity and third entity have a second relationship through which entities associated with the second entity can access resources managed by the fourth entity.
  - 14. The system of claim 13, wherein the third entity and fourth entity have a third relationship through which the fourth entity makes managed resources available to entities designated by the third entity.
  - 15. The system of claim 14, wherein the means for exchanging the encryption keys further performs:
    - transmitting, with the fourth entity, the fourth entity encryption key to the third entity;
      
      transmitting, with the third entity, the third entity and fourth entity encryption keys to the second entity after receiving the fourth entity encryption key from the fourth entity; and
      
      transmitting, with the second entity, the second entity, third entity, and fourth entity encryption keys to the first entity after receiving the third entity and fourth entity encryption keys from the third entity.
  - 16. The system of claim 14, wherein the means for exchanging the encryption keys further performs:
    - transmitting, with the first entity, the first entity encryption key to the second entity;
      
      transmitting, with the second entity, the first entity and second entity encryption keys to the third entity after receiving the fist entity encryption key from the first entity; and
      
      transmitting, with the third entity, the first entity, second entity, and third entity encryption keys to the first entity after receiving the first and second entity encryption keys from the second entity.
  - 17. The system of claim 12, further comprising:
    - means for using, with the second entity, the first entity encryption key received during the exchange of encryption keys to encrypt a message including at least one digital enrollment to the first entity that the first entity can use to access the resource; and
      
      means for using, with the first entity, the second entity encryption key received during the exchange of encryption keys to decrypt the message received from the second entity providing the digital enrollment.
  - 18. The system of claim 17, further comprising:
    - means for using, with the second entity, the second entity encryption key to encrypt the message including the digital enrollment before encrypting the message with the first entity encryption key.
  - 19. The system of claim 12, further comprising:
    - means for using, with the first entity, the encryption key of the fourth entity received during the exchange of encryption keys to encrypt a message including the digital enrollment to access the resource managed by the fourth entity; and
      
      means for using, with the fourth entity, the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital enrollment.
  - 20. The system of claim 12, wherein the means for exchanging the encryption keys further performs exchanging the encryption keys with a fifth entity, further comprising:
    - means for maintaining, with the fifth entity, a mapping of digital enrollment to associated digital tickets;
      
      means for using, with the first entity, the encryption key of the fifth entity received during the exchange of encryption keys to encrypt a message including the digital enrollment to transmit to the fifth entity;
      
      means for using, with the fifth entity, the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital enrollment;
      
      means for processing the mapping to determine the digital tickets associated with the received enrollment; and
      
      means for using, with the fifth entity, the first entity encryption key received during the exchange of encryption keys to encrypt a message including the digital tickets to transmit to the first entity to use to access the resource from the fourth entity.
  - 21. The system of claim 20, further comprising:
    - means for using, with the first entity, the encryption key of the fourth entity received during the exchange of encryption keys to encrypt a message including the digital ticket received from the fifth entity to send to the fourth entity; and
      
      means for using, with the fourth entity, the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital tickets; and
      
      means for granting, with the fourth entity, the first entity access to the resource if the digital ticket included in the decrypted message authorizes access to the resource.
  - 22. The system of claim 12, wherein the resource consists of a resource that is a member of the set of resources comprising:
    - data, computer programs, and control of an electromechanical machine.

23. An article of manufacture including code executed by a first entity, second entity, third entity, and fourth entity to manage access to a resource, comprising:
- code executed by the first, second, third, and fourth entities to receive encryption keys of all the other entities wherein each entity has one relationship with one other entity, and wherein the encryption keys are exchanged pursuant to the relationships; and
  
  code executed by the first entity to receive electronic messages concerning digital enrollments encrypted with the encryption keys of at least one of the first, second, and third entities, wherein the digital enrollment is associated with at least one digital ticket that authorizes access to a resource managed by the fourth entity, wherein presentation of the digital enrollment causes the presentation of one digital ticket associated with the digital enrollment to authorize the first entity to access the resource.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The article of manufacture of claim 23, wherein the first entity and the second entity have a first relationship such that the first entity is associated with the second entity and wherein the second entity and third entity have a second relationship through which entities associated with the second entity can access resources managed by the fourth entity.
  - 25. The article of manufacture of claim 24, wherein the third entity and fourth entity have a third relationship through which the fourth entity makes managed resources available to entities designated by the third entity.
  - 26. The article of manufacture of claim 23, further comprising:
    - code executed by the second entity to use the first entity encryption key received during the exchange of encryption keys to encrypt a message including at least one digital enrollment to the first entity that the first entity can use to access the resource; and
      
      code executed by the first entity to use the second entity encryption key received during the exchange of encryption keys to decrypt the message received from the second entity providing the digital enrollment.
  - 27. The article of manufacture of claim 26, further comprising:
    - code executed by the second entity to use the second entity encryption key to encrypt the message including the digital enrollment before encrypting the message with the first entity encryption key.
  - 28. The article of manufacture of claim 23, further comprising:
    - code executed by the first entity to use the encryption key of the fourth entity received during the exchange of encryption keys to encrypt a message including the digital enrollment to access the resource managed by the fourth entity; and
      
      code executed by the fourth entity to use the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital enrollment.
  - 29. The article of manufacture of claim 23, wherein exchanging the encryption keys further comprises exchanging the encryption keys with a fifth entity, further comprising:
    - code executed by the fifth entity to maintain a mapping of digital enrollments to associated digital tickets;
      
      code executed by the first entity to use the encryption key of the fifth entity received during the exchange of encryption keys to encrypt a message including the digital enrollment to transmit to the fifth entity;
      
      code executed by the fifth entity to use the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital enrollment;
      
      code executed by the fifth entity to process the mapping to determine the digital tickets associated with the received enrollment; and
      
      code executed by the fifth entity to use the first entity encryption key received during the exchange of encryption keys to encrypt a message including the digital tickets to transmit to the first entity to use to access the resource from the fourth entity.
  - 30. The article of manufacture of claim 29, further comprising:
    - code executed by the first entity to use the encryption key of the fourth entity received during the exchange of encryption keys to encrypt a message including the digital ticket received from the fifth entity to send to the fourth entity; and
      
      code executed by the fourth entity to use the first entity encryption key received during the exchange of encryption keys to decrypt the message received from the first entity providing the digital tickets; and
      
      code executed by the fourth entity to grant the first entity access to the resource if the digital ticket included in the decrypted message authorizes access to the resource.
  - 31. The article of manufacture of claim 23, wherein the resource consists of a resource that is a member of the set of resources comprising:
    - data, computer programs, and control of an electromechanical machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Cantu, Arthur, Gladney, Henry Martin

Application Number

US09/814,624
Publication Number

US 20010020228A1
Time in Patent Office

Days
Field of Search
US Class Current

705/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

Umethod, system and program for managing relationships among entities to exchange encryption keys for use in providing access and authorization to resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Umethod, system and program for managing relationships among entities to exchange encryption keys for use in providing access and authorization to resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links