×

Multiple level access system

  • US 20040254882A1
  • Filed: 06/16/2004
  • Published: 12/16/2004
  • Est. Priority Date: 01/30/2001
  • Status: Active Grant
First Claim
Patent Images

1. In a multi-level access system, a method of securing an object at a multiple-level access level, comprising:

  • receiving, from a user, a profile key encryption key corresponding to the multiple-level access level;

    selecting an object to secure;

    selecting a profile associated with the user, wherein the profile includes a domain value, an encrypted profile encryption key, and a credential, wherein the credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier;

    selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier;

    generating a working key, including generating a random value, and binding at least the domain value and the random value together to form the working key;

    encrypting the object with the working key;

    generating a random value encryption key, including decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value;

    encrypting the random value with at least the random value encryption key; and

    providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×