Methods and apparatus managing secure collaborative transactions
First Claim
1. A method for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising the steps of:
- (a) prior to performing collaborative transactions, selecting a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
(b) if a level of security selected in step (a) requires protecting the authenticity and integrity of delta messages, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and
(c) if a level of security selected in step (a) requires protecting the confidentiality of delta messages, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
2 Assignments
0 Petitions
Accused Products
Abstract
Different levels of security are provided in a security system so that users can decide the security level of their own communications. Users can choose a low level of security and maintain the security overhead as low as possible. Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telespace. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called “tribes” can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides. METHOD AND APPARATUS FOR MANAGING SECURE COLLABORATIVE TRANSACTIONS
99 Citations
29 Claims
-
1. A method for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising the steps of:
-
(a) prior to performing collaborative transactions, selecting a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
(b) if a level of security selected in step (a) requires protecting the authenticity and integrity of delta messages, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and
(c) if a level of security selected in step (a) requires protecting the confidentiality of delta messages, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Apparatus for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising
a mechanism controlled by the user and operable prior to performing collaborative transactions, which selects a level of security that determines whether authenticity and integrity and confidentiality of delta messages shall be protected; -
a protocol engine that cooperates with the security level selecting mechanism and protects the authenticity and integrity of delta messages by, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and
wherein the protocol engine protects the confidentiality of delta messages by, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
-
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and
program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key. - View Dependent Claims (26, 27, 28)
-
-
29. A computer data signal embodied in a carrier wave for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, the computer data signal comprising:
-
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and
program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
-
Specification