Method of providing secure access to computer resources

US 20070101400A1
Filed: 10/31/2005
Published: 05/03/2007
Est. Priority Date: 10/31/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing varying levels of secure access to computer resources on a first computer or computer network having at least one user or group of users, the method comprising:

a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;

b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;

c) for each user or group of users, checking the identity against a list of accounts associated with that user or group of users and determining whether at least one list of accounts contains the identity;

d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;

e) for an authenticated identity, selecting a particular user or group of users it desires to access resources from over the secure connection;

f) for a selected user or group of users, checking whether the authenticated identity is on its list of accounts;

g) for a desired resource associated with the selected user or group of users, checking an access control list to determine the level of secure access to be provided to the requester or group of requesters for that resource, the level of secure access determined based upon both the selected user or group of users and the authenticated identity; and

, h) providing the pre-determined level of secure access to the resource over the secure connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing varying levels of secure access to computer resources. A certificate is used to identify a particular data requester and the certificate is authenticated using asymmetrical encryption techniques, such as public-private key pairs. One or more trust authorities may be consulted to ascribe a trust level to the certificate, which is an indication of the veracity of the identity of the data requester. Individual system users may set differing levels of access to a number of shared system resources for a particular data requester. The authenticated and verified data requester is then provided with the pre-set level of access to the desired shared resource. The level of access to a particular shared system resource therefore depends upon the user the data is being accessed through, the authenticated identity of the data requester, and their ascribed trust level. The shared resource may comprise data and/or an application module that is accessed or executed through a secure symmetric encryption tunnel.

136 Citations

20 Claims

1. A method of providing varying levels of secure access to computer resources on a first computer or computer network having at least one user or group of users, the method comprising:
- a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
  
  b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
  
  c) for each user or group of users, checking the identity against a list of accounts associated with that user or group of users and determining whether at least one list of accounts contains the identity;
  
  d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
  
  e) for an authenticated identity, selecting a particular user or group of users it desires to access resources from over the secure connection;
  
  f) for a selected user or group of users, checking whether the authenticated identity is on its list of accounts;
  
  g) for a desired resource associated with the selected user or group of users, checking an access control list to determine the level of secure access to be provided to the requester or group of requesters for that resource, the level of secure access determined based upon both the selected user or group of users and the authenticated identity; and
  
  , h) providing the pre-determined level of secure access to the resource over the secure connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, wherein, after determining the level of secure access to be provided to the requester or group of requesters, the method further comprises sending an encrypted response from the first computer or computer network over the secure connection, the response encrypted using a private key associated with the first computer or computer network.
  - 3. The method according to claim 2, wherein the encrypted response is decrypted by the second computer or computer network using a public key corresponding to the private key used to encrypt the response.
  - 4. The method according to claim 2, wherein the response is encrypted using a private key of the selected user or group of users.
  - 5. The method according to claim 4, wherein the encrypted response is decrypted by the second computer or computer network using a public key of the selected user or group of users.
  - 6. The method according to claim 2, wherein step a) further comprises transmitting a first data string from the first computer or computer network to the second computer or computer network via the secure connection.
  - 7. The method according to claim 6, wherein the authentication package comprises a second data string and a hash of a combination of the symmetric encryption key and the first data string.
  - 8. The method according to claim 7, wherein the encrypted response comprises a hash of a combination of the symmetric encryption key and the second data string.
  - 9. The method according to claim 7, wherein the first and second data strings are randomly generated.
  - 10. The method according to claim 1, wherein the symmetric encryption key is generated by both the first computer or computer network and the second computer or computer network using a Diffie-Hellman key exchange algorithm.
  - 11. The method according to claim 1, wherein, in step b), a hash of a certificate corresponding to the identity of the data requester or group of data requesters is provided to the first computer or computer network over the secure connection.
  - 12. The method according to claim 1, wherein a listing of available resources associated with the selected user or group of users is only accessible by the requester or group of requesters following step f).
  - 13. The method according to claim 1, wherein the desired resource comprises data specific to the user or group of users.
  - 14. The method according to claim 1, wherein the desired resource comprises an executable module.

15. A method of providing varying levels of secure access to computer resources on a first computer or computer network, the method comprising:
- a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
  
  b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
  
  c) checking the identity against a list of accounts on the first computer or computer network and determining whether the list of accounts contains the identity;
  
  d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
  
  e) ascribing a level of trust to an authenticated identity based upon one or more trust tables;
  
  f) checking an access control list for the resource to determine the level of secure access to be provided to the requester or group of requesters, the level of secure access depending upon both the authenticated identity and the level of trust; and
  
  , g) providing the pre-determined level of secure access to the resource over the secure connection.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method according to claim 15, wherein the method further comprises updating the level of trust on at least one trust table.
  - 17. The method according to claim 15, wherein at least one trust table is located on a third computer or computer network.
  - 18. The method according to claim 17, wherein the trust table on the third computer network is accessed over a second secure connection.
  - 19. The method according to claim 15, wherein the trust table comprises trust information provided by a plurality of users or groups of users.

20. A method of providing varying levels of secure access to computer resources on a first computer or computer network having at least one user or group of users, the method comprising:
- a) establishing a secure connection between a second computer or computer network and the first computer or computer network using a common symmetric encryption key, the second computer or computer network having at least one data requester or group of data requesters;
  
  b) providing an identity and an authentication package of the requester or group of requesters to the first computer or computer network over the secure connection, the authentication package encrypted using a private key of the requester or group of requesters;
  
  c) for each user or group of users, checking the identity against a list of accounts associated with that user or group of users and determining whether at least one list of accounts contains the identity;
  
  d) authenticating the identity by decrypting the authentication package using a public key associated with the identity;
  
  e) ascribing a level of trust to an authenticated identity based upon one or more trust tables;
  
  f) for the authenticated identity, selecting a particular user or group of users it desires to access resources from over the secure connection;
  
  g) for a selected user or group of users, checking whether the authenticated identity is on its list of accounts;
  
  h) for a desired resource associated with the selected user or group of users, checking an access control list to determine the level of secure access to be provided to the requester or group of requesters for that resource, the level of secure access determined based upon the selected user or group of users, the authenticated identity and the level of trust; and
  
  , i) providing the pre-determined level of secure access to the resource over the secure connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Overcow Corporation
Original Assignee
Overcow Corporation
Inventors
Freeman, James, Woolcox, Scott, Nijkamp, Robert

Application Number

US11/261,601
Publication Number

US 20070101400A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 9/0841   involving Diffie-Hellman or...

Method of providing secure access to computer resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of providing secure access to computer resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links