METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE

US 20100332834A1
Filed: 06/30/2009
Published: 12/30/2010
Est. Priority Date: 06/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining a first authorization key for a user and a second authorization key for a resource;

encrypting the resource with the second authorization key;

encrypting the second authorization key with the first authorization key;

initiating distribution of the encrypted second authorization key with the encrypted resource over a network;

initiating caching the encrypted second authorization key with the encrypted resource in a cache in the network; and

initiating transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

18 Citations

View as Search Results

20 Claims

1. A method comprising:
- determining a first authorization key for a user and a second authorization key for a resource;
  
  encrypting the resource with the second authorization key;
  
  encrypting the second authorization key with the first authorization key;
  
  initiating distribution of the encrypted second authorization key with the encrypted resource over a network;
  
  initiating caching the encrypted second authorization key with the encrypted resource in a cache in the network; and
  
  initiating transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, further comprising:
    - decrypting the encrypted second authorization key with the first authorization key; and
      
      decrypting the encrypted resource with the decrypted second authorization key.
  - 3. A method according to claim 1, wherein the at least one entity includes at least one of an owner of the resource, a contact of the owner, or a social group the owner belongs to.
  - 4. A method according to claim 1, further comprising:
    - categorizing a plurality of resources by at least one of a data size, an access frequency, a modification frequency, an auditing requirement, or a combination thereof, anddetermining a threshold value within each category for the caching step to apply to the resources,wherein the caching step is applied to resources that meet the threshold values within the respective category, andthe encrypted second authorization key with the encrypted resource remain cached when the resources remain meeting the threshold value in the respective category.
  - 5. A method according to claim 1, further comprising:
    - encrypting a text known to the authorized entity with the second authorization key;
      
      initiating distribution of the encrypted text with the encrypted second authorization key and the encrypted resource over the network;
      
      initiating caching the encrypted text with the encrypted second authorization key and the encrypted resource in the cache;
      
      initiating transmission of the cached and encrypted text with the cached and encrypted second authorization key and the cached and encrypted resource from the cache to the authorized entity;
      
      decrypting the encrypted second authorization key with the first authorization key;
      
      decrypting the encrypted text with the decrypted second authorization key; and
      
      when the decrypted text matches with the text known to the authorized entity, decrypting the encrypted resource with the decrypted second authorization key.
  - 6. A method according to claim 3, further comprising:
    - removing one authorized entity to prevent subsequent transmission of the cached and encrypted second authorization key as well as the cached and encrypted resource from the cache.
  - 7. A method according to claim 3, wherein members of the social group share an identical first authorization key specific for the social group.

8. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,wherein the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  determine a first authorization key for a user and a second authorization key for a resource;
  
  encrypt the resource with the second authorization key;
  
  encrypt the second authorization key with the first authorization key;
  
  initiate distribution of the encrypted second authorization key with the encrypted resource over a network;
  
  initiate caching the encrypted second authorization key with the encrypted resource in a cache in the network; and
  
  initiate transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. An apparatus of claim 8, wherein the apparatus is further caused to:
    - decrypt the encrypted second authorization key with the first authorization key; and
      
      decrypt the encrypted resource with the decrypted second authorization key.
  - 10. An apparatus of claim 8, wherein the at least one entity includes at least one of an owner of the resource, a contact of the owner, or a social group the owner belongs to.
  - 11. An apparatus of claim 8, wherein the apparatus is further caused to:
    - categorize a plurality of resources by at least one of a data size, an access frequency, a modification frequency, an auditing requirement, or a combination thereof,determine threshold values within each category for the caching step to apply to the resources; and
      
      cache resources that meet the threshold values in the respective category,wherein the encrypted second authorization key with the encrypted resource remain cached when the resources remain meeting the threshold values in the respective category.
  - 12. An apparatus of claim 8, wherein the apparatus is further caused to:
    - encrypt a text known to the authorized entity with the second authorization key;
      
      initiate distribution of the encrypted text with the encrypted second authorization key and the encrypted resource over the network;
      
      initiate cache the encrypted text with the encrypted second authorization key and the encrypted resource in the cache;
      
      initiate transmission of the cached and encrypted text with the cached and encrypted second authorization key and the cached and encrypted resource from the cache to the authorized entity;
      
      decrypt the encrypted second authorization key with the first authorization key;
      
      decrypt the encrypted text with the decrypted second authorization key; and
      
      when the decrypted text matches with the text known to the authorized entity, decrypting the encrypted resource with the decrypted second authorization key.
  - 13. An apparatus of claim 10, wherein the apparatus is further caused to:
    - remove one authorized entity to prevent subsequent transmission of the cached and encrypted second authorization key as well as the cached and encrypted resource from the cache.
  - 14. An apparatus of claim 10, wherein members of the social group share an identical first authorization key specific for the social group.

15. A computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to perform at least the following:
- determining a first authorization key for a user and a second authorization key for a resource;
  
  encrypting the resource with the second authorization key;
  
  encrypting the second authorization key with the first authorization key;
  
  initiating distribution of the encrypted second authorization key with the encrypted resource over a network;
  
  initiating caching the encrypted second authorization key with the encrypted resource in a cache in the network; and
  
  initiating transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A computer-readable storage medium of claim 15, wherein the apparatus is caused to further perform:
    - decrypting the encrypted second authorization key with the first authorization key; and
      
      decrypting the encrypted resource with the decrypted second authorization key.
  - 17. A computer-readable storage medium of claim 15, wherein the at least one entity includes at least one of an owner of the resource, a contact of the owner, or a social group the owner belongs to.
  - 18. A computer-readable storage medium of claim 15, wherein the apparatus is caused to further perform:
    - categorizing a plurality of resources by at least one of a data size, an access frequency, a modification frequency, an auditing requirement, or a combination thereof,determining a threshold value within each category for the caching step to apply to the resources; and
      
      caching resources that meet the threshold value in the respective category,wherein the encrypted second authorization key with the encrypted resource remain cached when the resources remain meeting the threshold value in the respective category.
  - 19. A computer-readable storage medium of claim 15, wherein the apparatus is caused to further perform:
    - encrypting a text known to the authorized entity with the second authorization key;
      
      initiating distribution of the encrypted text with the encrypted second authorization key and the encrypted resource over the network;
      
      initiating caching the encrypted text with the encrypted second authorization key and the encrypted resource in the cache;
      
      initiating transmission of the cached and encrypted text with the cached and encrypted second authorization key and the cached and encrypted resource from the cache to the authorized entity;
      
      decrypting the encrypted second authorization key with the first authorization key;
      
      decrypting the encrypted text with the decrypted second authorization key; and
      
      when the decrypted text matches with the text known to the authorized entity, decrypting the encrypted resource with the decrypted second authorization key.
  - 20. A computer-readable storage medium of claim 17, wherein the apparatus is caused to further perform:
    - removing one authorized entity to prevent subsequent transmission of the cached and encrypted second authorization key as well as the cached and encrypted resource from the cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Vepsalainen, Ari M., Vimpari, Markku Kalevi, Laitinen, Pekka, Fu, Yan, Aarnio, Ari Antero

Granted Patent

US 8,458,799 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links