Controlling access to information on a network using an extended network universal resource locator

US 20070022052A1
Filed: 06/30/2006
Published: 01/25/2007
Est. Priority Date: 12/23/1999
Status: Active Grant

First Claim

Patent Images

1-14. -14. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for controlling access to information on a network where a first network entity receives a message requesting access to stored information via a network communication. The received message includes a first component encrypted with a first crypto-key associated with the first network entity and a second component encrypted with a second crypto-key associated with a second network entity such that both can be decrypted by the first network entity. The second network entity controls access to the network by the user. After receiving the message, the first network entity decrypts the first component and the second component and then transmits the stored information to the user based on the content of the first component and the second component.

Citations

42 Claims

1-14. -14. (canceled)

15. A method comprising:
- receiving via a network communication, by a first network entity that controls access to stored information, a message requesting access to the stored information, wherein the message includes a first component and a second component, wherein the first component is encrypted with a first crypto-key associated with the first network entity that can be decrypted by the first network entity, wherein the second component is encrypted with a second crypto-key associated with a second network entity that controls access to the network by the user and wherein the second component can be decrypted by the first network entity;
  
  decrypting, by the first network entity, the received encrypted first component and the received encrypted second component; and
  
  transmitting the stored information to the user based at least in part on the decrypted first component and the decrypted second component of the received message requesting access to the stored information.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 16. The method according to claim 15, wherein the first crypto-key is a symmetric crypto-key.
  - 17. The method according to claim 16, wherein the symmetric crypto-key is known only to the first network entity.
  - 18. The method according to claim 15, wherein the second crypto-key is a public crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 19. The method according to claim 15, wherein the received message is associated with a network address for the stored information.
  - 20. The method according to claim 15, wherein the decrypted first component includes user identity information and integrity information associated with the user identity information.
  - 21. The method according to claim 20, wherein the decrypted first component further includes an identifier associated with the stored information.
  - 22. The method according to claim 20, wherein the integrity information includes a hash of the user identity information.
  - 23. The method according to claim 15, wherein the second network entity is a network portal.
  - 24. The method according to claim 15, further comprising:
    - validating at least one of the decrypted first component and the decrypted second component of the received message requesting access to the stored information, wherein transmission of the stored information is based at least in part on the validated decrypted first component and the validated decrypted second component.
  - 25. The method according to claim 24, wherein the decrypted first component includes user identity information and integrity information associated with the user identity information;
    - and validation of the decrypted first component includes verifying that the integrity information corresponds to the user identity information, wherein user identity information corresponds to at least one portion of the requested stored information.
  - 26. The method according to claim 25, wherein the decrypted first component is signed with a digital signature and wherein validation of the decrypted first component further includes verifying the digital signature.
  - 27. The method according to claim 24, wherein the decrypted second component includes voucher information;
    - and validation of the decrypted second component includes verifying that the voucher information indicates that the second network entity has authenticated the user.
  - 28. The method according to claim 24, wherein validation of the decrypted second component includes confirming the identity of the requester of the stored information.
  - 29. The method according to claim 24, wherein validation of the decrypted second component includes verifying the digital signature of the decrypted second component.
  - 30. The method according to claim 24, wherein the decrypted second component includes a timestamp;
    - and validation of the decrypted second component includes verifying that the message was received by the first network entity within a predefined time interval beginning at a time represented by the timestamp.
  - 31. The method according to claim 15, wherein the received message requesting access to the stored information also includes a third component, wherein the third component is encrypted with a third crypto-key associated with a third network entity that has an association with a service provider, and wherein the third component can be decrypted by the first network entity, and further comprising:
    - decrypting, by the first network entity, the received encrypted third component;
      
      wherein transmission of the stored information to the user is also based at least in part on the decrypted third component.
  - 32. The method according to claim 31, wherein the third crypto-key is a public crypto-key of a joint private-public crypto-key pair associated with the third network entity.
  - 33. The method according to claim 31, wherein the third component includes relationship information indicative of a relationship between the third network entity and the first network entity and relationship information indicative of a relationship between the third network entity and the second network entity.
  - 34. The method according to claim 33, wherein the relationship information indicative of the relationship between the third network entity and the first network entity indicates that the user identity information and the integrity information were received by the third network entity from the first network entity;
    - and the relationship information indicative of the relationship between the third network entity and the second network entity indicates that the user identity information and the integrity information were transmitted by the third network entity to the second network entity.
  - 35. The method according to claim 31, further comprising:
    - validating the decrypted third component of the received message requesting access to the stored information, wherein transmission of the stored information to the user is based on the validated decrypted third component.
  - 36. The method according to claim 33, wherein validating the decrypted third component of the received message requesting access to the stored information includes confirming the indicated relationship between the third network entity and the first network entity and the indicated relationship between the third network entity and the second network entity.
  - 37. The method according to claim 36, wherein the decrypted third component is signed with a digital signature, and validation of the decrypted third component further includes verifying the digital signature.

38. A system for providing access to information stored on a network, comprising:
- a data store, wherein the data store contains information associated with a user; and
  
  a network device, wherein the network device is configured to;
  
  receive, via a network communication, a message requesting access to the stored information, wherein the message has an encrypted first component and an encrypted second component, wherein the first component is encrypted with a first crypto-key associated with the first network entity that can be decrypted by the first network entity, wherein the second component is encrypted with a second crypto-key associated with a second network entity that controls access to the network by the user and wherein the second component can be decrypted by the first network entity, decrypt the received encrypted first component and the received encrypted second component, and transmitting the stored information to the user based the decrypted first component and the decrypted second component of the received message requesting access to the stored information.
- View Dependent Claims (39, 40, 41, 42)
- - 39. The system according to claim 38, wherein the network device is further configured to validate at least one of the decrypted first component and the decrypted second component of the received message requesting access to the stored information, wherein transmission of the stored information is based at least in part on the validated decrypted first component and the validated decrypted second component.
  - 40. The system according to claim 38, wherein the network device is further configured to validate the decrypted first component and the decrypted second component of the received message requesting access to the stored information;
    - and the network device transmits the stored information to the user based on the validation of both the decrypted first component and the decrypted second component.
  - 41. The system according to claim 38, wherein the received message requesting access to the stored information also has a third component, wherein the third component is encrypted with a third crypto-key associated with a third network entity that has an association with the user, and wherein the third component can be decrypted by the first network entity, wherein the network device is further configured to decrypt the received encrypted third component;
    - and wherein the transmission of the stored information to the user is also based at least in part on the decrypted third component.
  - 42. The system according to claim 41, wherein the network device is further configured to validate the decrypted third component of the received message requesting access to the stored information;
    - and wherein transmission of the stored information to the user is based on the validated decrypted third component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Checkfree Corporation (Fiserv Incorporated)
Original Assignee
Checkfree Corporation (Fiserv Incorporated)
Inventors
Ganesan, Ravi, Lewis, Matt, Hobday, Kenneth

Granted Patent

US 7,426,638 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/40
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2115   Third party

G06Q 20/00   Payment architectures, sche...

G06Q 20/085   involving remote charge det...

G06Q 20/102   Bill distribution or payments

G06Q 20/14   specially adapted for billi...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

H04L 2463/102   applying security measure f...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

Controlling access to information on a network using an extended network universal resource locator

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to information on a network using an extended network universal resource locator

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links