Web environment access control
First Claim
1. An access control system in a web environment;
- having pre-encrypted files on a web server;
decryption keys provided to authorised users;
and a trusted user proxy for controlling file access and decrypting files received.
1 Assignment
0 Petitions
Accused Products
Abstract
An access control system and method in a web environment having pre-encrypted files on a web server decryption keys provided to authorised users and a trusted user proxy for controlling file access and decrypting files received, in which files are encrypted using a file key (FK), and the FK is encrypted using a Group Encryption Key (GEK), and the user proxy has a Group Decryption Key (GDK) to decrypt the FK and the file. Each encrypted file is labelled with an Access Control Expression (ACE) which indicates which users or groups of users are authorised to decrypt and observe the file; this provides a secure client server system having pre-encrypted documents on the web-server, released to a decryption proxy on the client side, which controls access to, and decrypts the documents the client is allowed to see.
-
Citations
33 Claims
-
1. An access control system in a web environment;
-
having pre-encrypted files on a web server;
decryption keys provided to authorised users;
and a trusted user proxy for controlling file access and decrypting files received. - View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 29)
-
-
24. A method of access control in a web environment, including;
-
pre-encrypting files on a web server and providing a decryption key to authorised users;
controlling access and effecting decryption by means of a trusted user proxy - View Dependent Claims (30, 31, 32)
-
-
25. A method of restricting access to files to a limited number of groups of users across a computer network by means of encrypting the files by means of a File Key (FK), encrypting the FK by means of a Group Encryption Key, and providing only the limited number of groups with a means of decrypting the FK.
-
26. A method of controlling access to secure information in a distributed system having a server side including a web server and a server browser, and a client side including a browser and a user proxy including;
-
labelling each file with an Access Control Expression (ACE), which indicates which users are permitted to observe the file;
a file encryption key (FK) is generated and used to encrypt the file;
the encrypted file is provided with a header containing information including the ACE enabling authorised users to decrypt the encrypted file;
a group encryption key (GEK) is generated for defined groups of authorised users;
a GEK encrypts the FK and adds it to the file header;
placing on the web server the encrypted file, unencrypted information relating to the file, a header file containing Group ID, the FK in GEK, and the ACE;
delivering to the users proxy a group decryption key (GDK) user retrieves file and proxy examines incoming encrypted file ACE in the header to see how or if decryption can take place;
users group decryption key (GDK) is used to decrypt the files data key (FK) from the header;
the file is then decrypted using the File key FK, the decrypted file is delivered to client side web browser - View Dependent Claims (27)
-
-
28. A method as previously claimed in which the access controls are set on user operating system so that proxy but not application software has access to the file containing group keys (GK);
-
33. A system and method of controlling access to web environments substantially as herein described.
Specification