Object access level

US 20060053285A1
Filed: 07/29/2005
Published: 03/09/2006
Est. Priority Date: 07/29/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system for regulating access to information of different levels of sensitivity, the system comprising:

an input configured to receive authentication information from a user; and

a processor configured to;

produce a first token key;

encrypt a read-write portion of a first cryptographic key associated with a first sensitivity level using the first token key;

encrypt the first token key using first authentication information associated with the first sensitivity level;

produce a second token key by applying a one-way function to the first token key;

encrypt a read-write portion of a second cryptographic key associated with a second sensitivity level using the first token key, the second sensitivity level being lower than the first sensitivity level; and

encrypt the second token key using second authentication information associated with the second sensitivity level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for regulating access to information of different levels of sensitivity includes an input configured to receive authentication information from a user, and a processor configured to: produce a first token key; encrypt a read-write portion of a first cryptographic key associated with a first sensitivity level using the first token key; encrypt the first token key using first authentication information associated with the first sensitivity level; produce a second token key by applying a one-way function to the first token key; encrypt a read-write portion of a second cryptographic key associated with a second sensitivity level using the first token key, the second sensitivity level being lower than the first sensitivity level; and encrypt the second token key using second authentication information associated with the second sensitivity level.

62 Citations

View as Search Results

14 Claims

1. A system for regulating access to information of different levels of sensitivity, the system comprising:
- an input configured to receive authentication information from a user; and
  
  a processor configured to;
  
  produce a first token key;
  
  encrypt a read-write portion of a first cryptographic key associated with a first sensitivity level using the first token key;
  
  encrypt the first token key using first authentication information associated with the first sensitivity level;
  
  produce a second token key by applying a one-way function to the first token key;
  
  encrypt a read-write portion of a second cryptographic key associated with a second sensitivity level using the first token key, the second sensitivity level being lower than the first sensitivity level; and
  
  encrypt the second token key using second authentication information associated with the second sensitivity level.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein the processor is further configured to:
    - decrypt the first token key using the first authentication information; and
      
      decrypt the read-write portion of the first cryptographic key using the decrypted first token key.
  - 3. The system of claim 2 wherein the processor is further configured to:
    - decrypt the second token key using less than all of the first authentication information; and
      
      decrypt the read-write portion of the second cryptographic key using the decrypted second token key.

4. A computer program product for regulating access to information of different levels of sensitivity, the computer program product comprising computer-readable instructions configured to cause a computer to:
- receive authentication information from a user;
  
  produce a first token key;
  
  encrypt a read-write portion of a first cryptographic key associated with a first sensitivity level using the first token key;
  
  encrypt the first token key using first authentication information associated with the first sensitivity level;
  
  produce a second token key by applying a one-way function to the first token key;
  
  encrypt a read-write portion of a second cryptographic key associated with a second sensitivity level using the first token key, the second sensitivity level being lower than the first sensitivity level; and
  
  encrypt the second token key using second authentication information associated with the second sensitivity level.
- View Dependent Claims (5, 6)
- - 5. The computer program product of claim 4 further comprising instructions configured to cause the computer to:
    - decrypt the first token key using the first authentication information; and
      
      decrypt the read-write portion of the first cryptographic key using the decrypted first token key.
  - 6. The computer program product of claim 5 further comprising instructions configured to cause the computer to:
    - decrypt the second token key using less than all of the first authentication information; and
      
      decrypt the read-write portion of the second cryptographic key using the decrypted second token key.

7. A method of controlling access to sensitive information, the method comprising:
- obtaining a first token key;
  
  receiving first authentication information associated with a first sensitivity level and second authentication information associated with a second sensitivity level that is lower than the first sensitivity level and thus indicative of less-sensitive information;
  
  encrypting a read-write portion of a first cryptographic key associated with the first sensitivity level using the first token key;
  
  encrypting the first token key using the first authentication information;
  
  producing a second token key by applying a first one-way function to the first token key;
  
  encrypting a read-write portion of a second cryptographic key associated with a second sensitivity level using the first token key; and
  
  encrypting the second token key using second authentication information associated with the second sensitivity level.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7 further comprising:
    - producing a third token key by applying a second one-way function to the second token key;
      
      receiving third authentication information associated with a third sensitivity level that is lower than the second sensitivity level;
      
      encrypting a read-write portion of a third cryptographic key associated with the third sensitivity level using the third token key; and
      
      encrypting the third token key using the third authentication information.
  - 9. The method of claim 8 wherein the first one-way function is a cryptographic hashing function and the second one-way function is the same function.
  - 10. The method of claim 8 wherein the second authentication information and the third authentication information are portions of the first authentication information.
  - 11. The method of claim 10 wherein receiving the second authentication information and receiving the first authentication information are included in receiving the first authentication information.
  - 12. The method of claim 8 further comprising:
    - re-receiving the second authentication information; and
      
      inhibiting access to the first token key.
  - 13. The method of claim 12 further comprising:
    - decrypting the second token key using the re-received second authentication information; and
      
      decrypting the read-write portion of the second cryptographic key using the decrypted second token key.
  - 14. The method of claim 8 further comprising:
    - re-receiving the first authentication information;
      
      decrypting the first token key using the first authentication information;
      
      decrypting the read-write portion of the first cryptographic key using the decrypted first token key;
      
      decrypting the second token key using a portion of the re-received first authentication information; and
      
      decrypting the read-write portion of the second cryptographic key using the decrypted second token key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infoassure Incorporated
Original Assignee
Infoassure Incorporated
Inventors
Lightburn, James G., Kimmel, Wayne R., Kimmel, Gerald D., Domangue, Ersin L., Adamouski, Francis J.

Application Number

US11/193,595
Publication Number

US 20060053285A1
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/105   Multiple levels of security

H04L 9/088   Usage controlling of secret...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Object access level

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Object access level

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links