OFFLINE CONSUMPTION OF PROTECTED INFORMATION
First Claim
1. In a computing environment comprising a consuming user, publishing user, and a policy server, a method for the consuming user to access protected information originated by the publishing user, the method comprising:
- maintaining a private key store of at least one private key corresponding to the consuming user;
receiving protected information originated by the publishing user, wherein the protected information is encrypted using a symmetric key;
the consuming user accessing a usage policy for the protected information, the usage policy containing an encrypted version of the symmetric key, the encrypted version of the symmetric key encrypted using a public key corresponding to a specific private key maintained in the private key store;
the consuming user locally checking the usage policy to determine that the encrypted version of the symmetric key is encrypted with the public key corresponding to the specific private key maintained in the private key store corresponding to the consuming user, without communication to the policy server; and
in response to a determination that the symmetric key has been encrypted with the public key, the consuming user;
using the specific private key to decrypt the symmetric key contained in the usage policy; and
subsequently using the symmetric key to decrypt the protected information such that the protected information is accessed without communication to the policy server.
2 Assignments
0 Petitions
Accused Products
Abstract
The offline consumption and publication of protected information in a networked environment. The offline consumption of protected information is accomplished by having the consuming user maintain a store of asymmetric encryption keys. The protected information is encrypted by the publishing user using a symmetric key and the symmetric key is then encrypted using a public asymmetric key associated with the consuming user. The consuming user received the protected information and a usage policy containing the encrypted symmetric key. The consuming user verifies that it can decrypt the symmetric key using a private asymmetric key maintained by the consumer. The user then decrypts the symmetric key and accesses the content of the protected information.
-
Citations
20 Claims
-
1. In a computing environment comprising a consuming user, publishing user, and a policy server, a method for the consuming user to access protected information originated by the publishing user, the method comprising:
-
maintaining a private key store of at least one private key corresponding to the consuming user; receiving protected information originated by the publishing user, wherein the protected information is encrypted using a symmetric key; the consuming user accessing a usage policy for the protected information, the usage policy containing an encrypted version of the symmetric key, the encrypted version of the symmetric key encrypted using a public key corresponding to a specific private key maintained in the private key store; the consuming user locally checking the usage policy to determine that the encrypted version of the symmetric key is encrypted with the public key corresponding to the specific private key maintained in the private key store corresponding to the consuming user, without communication to the policy server; and in response to a determination that the symmetric key has been encrypted with the public key, the consuming user; using the specific private key to decrypt the symmetric key contained in the usage policy; and subsequently using the symmetric key to decrypt the protected information such that the protected information is accessed without communication to the policy server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computing environment comprising a consuming user and a publishing user, a method for the publishing user to publish protected information for consumption by the consuming user, the method comprising:
-
maintaining a store of public asymmetric keys associated with potential consuming users and groups of users; encrypting the protected information using a symmetric content key; prior to publishing the protected information, determining that the store of public asymmetric keys contains a particular public asymmetric key associated with the consuming user; and in response to a positive determination that the store of public asymmetric keys contains the particular public asymmetric key associated with the consuming user, encrypting the symmetric content key utilizing the public asymmetric key associated with the consuming user; and adding the encrypted symmetric content key to a usage policy for the protected information. - View Dependent Claims (10, 11, 12, 13)
-
-
14. In a computing environment comprising a consuming user and a publishing user, a system for the consuming user to access protected information originated by the publishing user, the system comprising:
-
a processor executing computer-executable instructions; and a computer-readable storage media storing the computer-executable instructions, wherein the computer-executable instructions cause the system to perform a method when executed, the method comprising; maintaining a private key store of at least one private key corresponding to the consuming user; receiving protected information originated by the publishing user, wherein the protected information is encrypted using a symmetric key; the consuming user accessing a usage policy for the protected information, the usage policy containing an encrypted version of the symmetric key, the encrypted version of the symmetric key encrypted using a public key corresponding to a specific private key maintained in the private key store; the consuming user locally checking the usage policy to determine that the encrypted version of the symmetric key is encrypted with the public key corresponding to the specific private key maintained in the private key store corresponding to the consuming user, without communication to the policy server; and in response to a determination that the symmetric key has been encrypted with the public key, the consuming user; using the specific private key to decrypt the symmetric key contained in the usage policy; and subsequently using the symmetric key to decrypt the protected information such that the protected information is accessed without communication to the policy server. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification