Multiple level access system
First Claim
1. In a multi-level access system, a method of securing an object at a multiple-level access level, comprising:
- receiving, from a user, a profile key encryption key corresponding to the multiple-level access level;
selecting an object to secure;
selecting a profile associated with the user, wherein the profile includes a domain value, an encrypted profile encryption key, and a credential, wherein the credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier;
selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier;
generating a working key, including generating a random value, and binding at least the domain value and the random value together to form the working key;
encrypting the object with the working key;
generating a random value encryption key, including decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value;
encrypting the random value with at least the random value encryption key; and
providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of securing an object at an access level includes selecting a profile for a user, including a credential having an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. A working key is generated by binding a domain value with a random value. The object is encrypted with the working key. A random value encryption key is generated based on the shared value by decrypting the credential public key encryption key with the profile key encryption key, decrypting the credential public key with the credential public key encryption key, generating an ephemeral key pair, and generating a shared value based on the ephemeral private key and the credential public key. The random value is encrypted with the random value encryption key, and the encrypted object, the ephemeral public key, and the encrypted random value are provided for an authorized recipient.
-
Citations
7 Claims
-
1. In a multi-level access system, a method of securing an object at a multiple-level access level, comprising:
-
receiving, from a user, a profile key encryption key corresponding to the multiple-level access level;
selecting an object to secure;
selecting a profile associated with the user, wherein the profile includes a domain value, an encrypted profile encryption key, and a credential, wherein the credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier;
selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier;
generating a working key, including generating a random value, and binding at least the domain value and the random value together to form the working key;
encrypting the object with the working key;
generating a random value encryption key, including decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value;
encrypting the random value with at least the random value encryption key; and
providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification