Method of providing secure access to computer resources
First Claim
1. A method of providing varying levels of secure access to computer resources on a first computer or computer network having at least one user or group of users, the method comprising:
- a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
c) for each user or group of users, checking the identity against a list of accounts associated with that user or group of users and determining whether at least one list of accounts contains the identity;
d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
e) for an authenticated identity, selecting a particular user or group of users it desires to access resources from over the secure connection;
f) for a selected user or group of users, checking whether the authenticated identity is on its list of accounts;
g) for a desired resource associated with the selected user or group of users, checking an access control list to determine the level of secure access to be provided to the requester or group of requesters for that resource, the level of secure access determined based upon both the selected user or group of users and the authenticated identity; and
, h) providing the pre-determined level of secure access to the resource over the secure connection.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of providing varying levels of secure access to computer resources. A certificate is used to identify a particular data requester and the certificate is authenticated using asymmetrical encryption techniques, such as public-private key pairs. One or more trust authorities may be consulted to ascribe a trust level to the certificate, which is an indication of the veracity of the identity of the data requester. Individual system users may set differing levels of access to a number of shared system resources for a particular data requester. The authenticated and verified data requester is then provided with the pre-set level of access to the desired shared resource. The level of access to a particular shared system resource therefore depends upon the user the data is being accessed through, the authenticated identity of the data requester, and their ascribed trust level. The shared resource may comprise data and/or an application module that is accessed or executed through a secure symmetric encryption tunnel.
-
Citations
20 Claims
-
1. A method of providing varying levels of secure access to computer resources on a first computer or computer network having at least one user or group of users, the method comprising:
-
a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
c) for each user or group of users, checking the identity against a list of accounts associated with that user or group of users and determining whether at least one list of accounts contains the identity;
d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
e) for an authenticated identity, selecting a particular user or group of users it desires to access resources from over the secure connection;
f) for a selected user or group of users, checking whether the authenticated identity is on its list of accounts;
g) for a desired resource associated with the selected user or group of users, checking an access control list to determine the level of secure access to be provided to the requester or group of requesters for that resource, the level of secure access determined based upon both the selected user or group of users and the authenticated identity; and
,h) providing the pre-determined level of secure access to the resource over the secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of providing varying levels of secure access to computer resources on a first computer or computer network, the method comprising:
-
a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
c) checking the identity against a list of accounts on the first computer or computer network and determining whether the list of accounts contains the identity;
d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
e) ascribing a level of trust to an authenticated identity based upon one or more trust tables;
f) checking an access control list for the resource to determine the level of secure access to be provided to the requester or group of requesters, the level of secure access depending upon both the authenticated identity and the level of trust; and
,g) providing the pre-determined level of secure access to the resource over the secure connection. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method of providing varying levels of secure access to computer resources on a first computer or computer network having at least one user or group of users, the method comprising:
-
a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
c) for each user or group of users, checking the identity against a list of accounts associated with that user or group of users and determining whether at least one list of accounts contains the identity;
d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
e) ascribing a level of trust to an authenticated identity based upon one or more trust tables;
f) for the authenticated identity, selecting a particular user or group of users it desires to access resources from over the secure connection;
g) for a selected user or group of users, checking whether the authenticated identity is on its list of accounts;
h) for a desired resource associated with the selected user or group of users, checking an access control list to determine the level of secure access to be provided to the requester or group of requesters for that resource, the level of secure access determined based upon the selected user or group of users, the authenticated identity and the level of trust; and
,i) providing the pre-determined level of secure access to the resource over the secure connection.
-
Specification