System and method for accessing information resources using cryptographic authorization permits
First Claim
Patent Images
1. A node for an information system, comprising:
- a separation kernel (SK) that defines a plurality of partitions on the node, wherein at least one partition has one or more subjects and at least one other partition has one or more resources; and
one or more authorities that each sign a corresponding cryptographic authorization permit (CAP) to authorize a subject in the at least one partition to access a resource in the at least one other partition.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority.
26 Citations
20 Claims
-
1. A node for an information system, comprising:
-
a separation kernel (SK) that defines a plurality of partitions on the node, wherein at least one partition has one or more subjects and at least one other partition has one or more resources; and one or more authorities that each sign a corresponding cryptographic authorization permit (CAP) to authorize a subject in the at least one partition to access a resource in the at least one other partition. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In an information system, a node associated with one or more channels comprising:
-
a partitioning communication system (PCS) that separates the one or more channels from each other; a separation kernel (SK) running on the node that creates a plurality of partitions, wherein at least one partition on the node communicates messages over the one or more channels based on a channel access privilege; and one or more authorities that each sign a cryptographic authorization permit (CAP) to authorize the channel access privilege. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A secure information system, comprising:
-
a first node that is partitioned by a first separation kernel to a plurality of first partitions and a second node that is partitioned by a second separation kernel to a plurality of second partitions; one or more channels for communicating messages between the first node and second node; a partitioning communication system (PCS) that separates the one or more channels from each other, wherein at least one of the plurality of first partitions on the first node communicates messages over the one or more channels based on a first channel access privilege and at least one of the plurality of second partitions on the second node communicates messages over the one or more channels based on a second channel access privilege; and one or more authorities that each sign a cryptographic authorization permit (CAPs) to authorize the first and second channel access privileges. - View Dependent Claims (17, 18, 19, 20)
-
Specification