System and method for specifying security, privacy, and access control to information used by others
First Claim
1. A method for issuing an electronic document comprising:
- establishing a grantor certified reference, a requestor certified reference, and access control rules for said requestor; and
incorporating said grantor certified reference, said requester certified reference, and said access control rules in the electronic document digitally signed by said grantor, wherein said grantor grants access to information stored in a computer system owned by another party to said requester.
2 Assignments
0 Petitions
Accused Products
Abstract
A grantor issues a trustable electronic document for the benefit of a requester. The requestor may be able to get the benefits specified by the electronic document through access controls located at the service or information origin. A request digitally signed by a requestor is received. The digitally signed request contains the electronic document digitally signed by the grantor. The electronic document also contains a grantor certified reference, a requester certified reference, and access control rules for the requester. The request is validated using the requestor certified reference and the access control rules for the requestor.
117 Citations
42 Claims
-
1. A method for issuing an electronic document comprising:
-
establishing a grantor certified reference, a requestor certified reference, and access control rules for said requestor; and
incorporating said grantor certified reference, said requester certified reference, and said access control rules in the electronic document digitally signed by said grantor, wherein said grantor grants access to information stored in a computer system owned by another party to said requester. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for accessing information comprising:
-
receiving an electronic document digitally signed by a grantor, said electronic document having a grantor certified reference, a requester certified reference, and access control rules for said requester; and
appending a digitally signed request for access to the information to said electronic document by said requester, wherein said grantor grants access to information stored in a computer system owned by the third party to said requestor. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for validating access to information comprising:
-
receiving a request digitally signed by a requester, said digitally signed request having an electronic document digitally signed by a grantor, said electronic document having a grantor certified reference, a requestor certified reference, access control ru for said requester; and
validating said request using said requester certified reference and said access control rules for said requester, wherein said grantor grants access to information stored in a computer system owned by the third party to said requester. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for validating access to information comprising:
-
providing an electronic document having a requestor certified reference, a grantor certified reference, at least one access rule digitally signed by a grantor, and a request digitally signed by said requestor;
validating said electronic document using said requestor certified reference, said grantor certified reference and said at least one access rule, wherein said grantor grants access to information stored in a computer system owned by another party to said beneficiary.
-
-
30. A method for validating access to information comprising:
-
providing an electronic document which contains means to check the identity of a requester, at least one access rule digitally signed by a grantor, and a request digitally signed by said requester;
validating said request using said identity and said access rules, wherein said grantor grants access to information stored in a computer system owned by another party to said beneficiary.
-
-
31. An apparatus for issuing an electronic document comprising:
-
means for establishing a grantor certified reference, a requestor certified reference, and access control rules for said requestor; and
means for incorporating said grantor certified reference, said requester certified reference, and said access control rules in the electronic document digitally signed by said grantor, wherein said grantor grants access to information stored in a computer system owned by another party to said requester.
-
-
32. An apparatus for accessing information comprising:
-
means for receiving an electronic document digitally signed by a grantor, said electronic document having a grantor certified reference, a requester certified reference, and access control rules for said requester; and
means for appending a digitally signed request for access to the information to said electronic document by said requester, wherein said grantor grants access to information stored in a computer system owned by the third party to said requester.
-
-
33. An apparatus for validating access to information comprising:
-
means for receiving a request digitally signed by a requester, said digitally signed request having an electronic document digitally signed by a grantor, said electronic document having a grantor certified reference, a requestor certified reference, access control rules for said requester; and
means for validating said request using said requester certified reference and said access control rules for said requester, wherein said grantor grants access to information stored in a computer system owned by the third party to said requestor.
-
-
34. An apparatus for validating access to information comprising:
-
means for providing an electronic document having a requester certified reference, a grantor certified reference, at least one access rule digitally signed by a grantor, and a request digitally signed by said requestor;
means for validating said electronic document using said requester certified reference, said grantor certified reference and said at least one access rule, wherein said grantor grants access to information stored in a computer system owned by another party to said beneficiary.
-
-
35. An apparatus for validating access to information comprising:
-
means for providing an electronic document which contains means to check the identity of a requester, at least one access rule digitally signed by a grantor, and a request digitally signed by said requestor;
means for validating said request using said identity and said access rules, wherein said grantor grants access to information stored in a computer system owned by another party to said beneficiary.
-
-
36. A program storage device readable by a machine, tangibly embodying a program of instructions readable by the machine to perform a method for issuing an electronic document, the method comprising:
-
establishing a grantor certified reference, a requester certified reference, and access control rules for said requester; and
incorporating said grantor certified reference, said requestor certified reference, and said access control rules in the electronic document digitally signed by said grantor, wherein said grantor grants access to information stored in a computer system owned by another party to said requestor.
-
-
37. A program storage device readable by a machine, tangibly embodying a program of instructions readable by the machine to perform a method for access information, the method comprising:
-
receiving an electronic document digitally signed by a grantor, said electronic document having a grantor certified reference, a requestor certified reference, and access control rules for said requestor; and
appending a digitally signed request for access to the information to said electronic document by said requestor, wherein said grantor grants access to information stored in a computer system owned by the third party to said requestor.
-
-
38. A program storage device readable by a machine, tangibly embodying a program of instructions readable by the machine to perform a method for validating access to information, the method comprising:
-
receiving a request digitally signed by a requester, said digitally signed request having an electronic document digitally signed by a grantor, said electronic document having a grantor certified reference, a requester certified reference, access control rules for said requestor; and
validating said request using said requestor certified reference and said access control rules for said requestor, wherein said grantor grants access to information stored in a computer system owned by the third party to said requestor.
-
-
39. A program storage device readable by a machine, tangibly embodying a program of instructions readable by the machine to perform a method for validating access to information, the method comprising:
-
providing an electronic document having a requester certified reference, a grantor certified reference, at least one access rule digitally signed by a grantor, and a request digitally signed by said requester;
validating said electronic document using said requestor certified reference, said grantor certified reference and said at least one access rule, wherein said grantor grants access to information stored in a computer system owned by another party to said requestor.
-
-
40. A program storage device readable by a machine, tangibly embodying a program of instructions readable by the machine to perform a method for validating access to information, the method comprising:
-
providing an electronic document which contains means to check the identity of a requester, at least one access rule digitally signed by a grantor, and a request digitally signed by said requestor;
validating said request using said identity and said access rules, wherein said grantor grants access to information stored in a computer system owned by another party to said requester.
-
-
41. An electronic document comprising:
-
a requestor certified reference;
at least one access rule; and
a grantor digital signature coupled to said requester certified reference and said at least one access rule, wherein said grantor grants access to information stored in a computer system owned by another party to said requester. - View Dependent Claims (42)
-
Specification