Ad hoc secure access to documents and services
First Claim
1. A method for a first user to provide secure access to electronic documents or services stored on a document server located on a network to a second user, where the first user is a registered user of the document server and the second user is not a registered user of the document server, and where both the first user, the second user, and the document server have each associated therewith a public key that is associated with a corresponding private key, the method performed on the document server comprising:
- exchanging public keys with the first user to establish a first secure session;
receiving from the first user a request to list a file directory;
authenticating the first user'"'"'s access to the file directory using credentials provided by the first user when the first secure session is established;
transmitting to the first user a listing of the file directory over the first secure session;
the listing identifying a set of paths to content available on the document server;
exchanging public keys with the second user to establish a second secure session;
receiving from the second user a request for access to selected content on the document server;
the request for access including a token identifier that is recorded at the document server and associated with a path from the set of paths to the selected content available on the document server;
authenticating the request for access using;
(a) the public key of the second user received from the second user while establishing the second secure session, and (b) a digital signature signed using the private key of the first user that is a signed cryptographic digest of the public key of the second user and other information relating to the request for access to the selected document content on the document server; and
providing the second user with access to the selected content over the second secure session if the request for access is authenticated.
8 Assignments
0 Petitions
Accused Products
Abstract
A document server residing on a network behind a firewall provides secure access to documents or services residing thereon. A first user outside the firewall communicates with the document server over an established first secure session to generate a token in a database of tokens on the document server. The first user digitally signs the public key of a second user and an identifier of the token. The first user transmits a URL token to the second user that identifies the location of the document server and the token identifier. When the second user outside the firewall redeems the URL token at the document server, the document server and the second user establish a second secure session. The document server authenticates the URL token against the second secure session before providing the second user with access to the document or service.
-
Citations
20 Claims
-
1. A method for a first user to provide secure access to electronic documents or services stored on a document server located on a network to a second user, where the first user is a registered user of the document server and the second user is not a registered user of the document server, and where both the first user, the second user, and the document server have each associated therewith a public key that is associated with a corresponding private key, the method performed on the document server comprising:
-
exchanging public keys with the first user to establish a first secure session;
receiving from the first user a request to list a file directory;
authenticating the first user'"'"'s access to the file directory using credentials provided by the first user when the first secure session is established;
transmitting to the first user a listing of the file directory over the first secure session;
the listing identifying a set of paths to content available on the document server;
exchanging public keys with the second user to establish a second secure session;
receiving from the second user a request for access to selected content on the document server;
the request for access including a token identifier that is recorded at the document server and associated with a path from the set of paths to the selected content available on the document server;
authenticating the request for access using;
(a) the public key of the second user received from the second user while establishing the second secure session, and (b) a digital signature signed using the private key of the first user that is a signed cryptographic digest of the public key of the second user and other information relating to the request for access to the selected document content on the document server; and
providing the second user with access to the selected content over the second secure session if the request for access is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An article of manufacture for use in a machine, comprising:
-
a memory;
instructions stored in the memory for a method in which a first user provides secure access to electronic documents or services stored on a document server located on a network to a second user, where the first user is a registered user of the document server and the second user is not a registered user of the document server, and where both the first user, the second user, and the document server have each associated therewith a public key that is associated with a corresponding private key, the method comprising;
exchanging public keys with the first user to establish a first secure session;
receiving from the first user a request to list a file directory;
authenticating the first user'"'"'s access to the file directory using credentials provided by the first user when the first secure session is established;
transmitting to the first user a listing of the file directory over the first secure session;
the listing identifying a set of paths to content available on the document server;
exchanging public keys with the second user to establish a second secure session;
receiving from the second user a request for access to selected content on the document server;
the request for access including a token identifier that is recorded at the document server and associated with a path from the set of paths to the selected content available on the document server;
authenticating the request for access using;
(a) the public key of the second user received from the second user while establishing the second secure session, and (b) a digital signature signed using the private key of the first user that is a signed cryptographic digest of the public key of the second user and other information relating to the request for access to the selected document content on the document server; and
providing the second user with access to the selected content over the second secure session if the request for access is authenticated. - View Dependent Claims (14, 15, 16)
-
-
17. A document server for performing a method in which a first user provides secure access to electronic documents or services stored on the document server located on a network to a second user, where the first user is a registered user of the document server and the second user is not a registered user of the document server, and where both the first user, the second user, and the document server have each associated therewith a public key that is associated with a corresponding private key, the document server comprising:
-
a memory for storing instructions; and
a processor coupled to the memory for executing the instructions of the document server;
the processor in executing the instructions;
exchanging public keys with the first user to establish a first secure session;
receiving from the first user a request to list a file directory;
authenticating the first user'"'"'s access to the file directory using credentials provided by the first user when the first secure session is established;
transmitting to the first user a listing of the file directory over the first secure session;
the listing identifying a set of paths to content available on the document server;
exchanging public keys with the second user to establish a second secure session;
receiving from the second user a request for access to selected content on the document server;
the request for access including a token identifier that is recorded at the document server and associated with a path from the set of paths to the selected content available on the document server;
authenticating the request for access using;
(a) the public key of the second user received from the second user while establishing the second secure session, and (b) a digital signature signed using the private key of the first user that is a signed cryptographic digest of the public key of the second user and other information relating to the request for access to the selected document content on the document server; and
providing the second user with access to the selected content over the second secure session if the request for access is authenticated. - View Dependent Claims (18, 19, 20)
-
Specification