System and method for secure publication of online content

US 20060122936A1
Filed: 12/06/2004
Published: 06/08/2006
Est. Priority Date: 12/06/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer controlled method for controlling access to data on a server comprising steps of:

maintaining a data association at said server between a recipient and said data;

activating a link at a client by said recipient to access said data;

maintaining an identity association between a public key and said recipient;

establishing an encrypted data path between said client and said server;

authenticating said recipient responsive to said identity association; and

transferring said data across said encrypted data path responsive to said data association.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When content publishers announce the availability of new content to one or more recipients, a content server automatically authorizes only those recipients of the announcement to have access to the new content. The authentication of clients is managed in an automated and user-friendly fashion. This may include instantaneous issuance of certificates, as well as quick revocation of certificates should they have been issued to the wrong individual. Quick revocation is facilitated by the fact that identities are associated with public keys in an online database where the association can quickly be undone, rather than in the certificates themselves as is traditionally the case.

Citations

21 Claims

1. A computer controlled method for controlling access to data on a server comprising steps of:
- maintaining a data association at said server between a recipient and said data;
  
  activating a link at a client by said recipient to access said data;
  
  maintaining an identity association between a public key and said recipient;
  
  establishing an encrypted data path between said client and said server;
  
  authenticating said recipient responsive to said identity association; and
  
  transferring said data across said encrypted data path responsive to said data association.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - sending a message to the recipient, the message including the link to said data.
  - 3. The method of claim 2, further comprising:
    - establishing the data association responsive to said message.
  - 4. The method of claim 2, further comprising:
    - receiving said message at said client.
  - 5. The method of claim 1, further comprising:
    - generating, at said client, a key pair including the public key and a private key, responsive to said activating; and
      
      transmitting the public key to said server.
  - 6. The method of claim 5, further comprising:
    - generating, at said server, the identity association between said recipient and said public key responsive to said transmitting.

7. A computer controlled method for controlling access to data comprising steps of:
- maintaining a data association between a recipient and said data;
  
  maintaining an identity association between a public key and said recipient;
  
  establishing an encrypted data path responsive to a communication request;
  
  authenticating said recipient responsive to said identity association; and
  
  sending said data across said encrypted data path responsive to said data association.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, further comprising:
    - sending a message to the recipient, the message including a link to said data.
  - 9. The method of claim 8, further comprising:
    - establishing the data association responsive to said message.
  - 10. The method of claim 8, further comprising:
    - receiving said message by said recipient.
  - 11. The method of claim 7, said maintaining an identity association further comprising:
    - receiving the public key from the recipient; and
      
      generating, at said server, the identity association between said recipient and said public key responsive to said receiving.
  - 12. The method of claim 11, further comprising:
    - transmitting a certificate to said recipient responsive to said generating.
  - 13. The method of claim 12, further comprising:
    - installing the certificate at a client of the recipient.

14. A computer-readable medium encoded with processing instructions for implementing a method, performed by a computer, the method comprising:
- maintaining a data association between a recipient and said data;
  
  maintaining an identity association between a public key and said recipient;
  
  establishing an encrypted data path responsive to a communication request;
  
  authenticating said recipient responsive to said identity association; and
  
  sending said data across said encrypted data path responsive to said data association.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer-readable medium of claim 14, said method further comprising:
    - sending a message to the recipient, the message including a link to said data.
  - 16. The computer-readable medium of claim 15, said method further comprising:
    - establishing the data association responsive to said message.
  - 17. The computer-readable medium of claim 15, said method further comprising:
    - causing a communications mechanism of the recipient to receive said message.
  - 18. The computer-readable medium of claim 14, said method further comprising:
    - receiving the public key from the recipient; and
      
      generating the identity association between said recipient and said public key from the recipient.
  - 19. The computer-readable medium of claim 18, said method further comprising:
    - transmitting a certificate to said recipient.
  - 20. The computer-readable medium of claim 19, said method further comprising:
    - causing an installation mechanism of the recipient to install the certificate.

21. An apparatus comprising:
- a storage mechanism configured to maintain a data association between a recipient and data, and to maintain an identity association between a public key and said recipient;
  
  an encryption mechanism configured to establish an encrypted data path responsive to a communication request;
  
  an authentication mechanism configured to authenticate said recipient responsive to said identity association; and
  
  a communications mechanism configured to send said data across said encrypted data path responsive to said data association.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PARC Management LLC, Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Balfanz, Dirk

Application Number

US11/005,858
Publication Number

US 20060122936A1
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

System and method for secure publication of online content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure publication of online content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links