METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS

US 20120084566A1
Filed: 05/11/2011
Published: 04/05/2012
Est. Priority Date: 10/04/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing secure access to network resources, the method comprising:

defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key;

providing a service key to a client computing device, the service key useable to establish a secure connection to a service enclave, the service enclave including an authorization server; and

transmitting from the authorization server, for each community of interest including an identified user of the client computing device;

an identity of a customer enclave; and

a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for providing secure access to network resources are disclosed. A method includes defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key. The method includes providing a service key to a client computing device that is useable to establish a secure connection to a service enclave including an authorization server. The method also includes transmitting from the authorization server, for each community of interest including an identified user of the client computing device, an identity of a customer enclave and a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave.

72 Citations

View as Search Results

22 Claims

1. A method of providing secure access to network resources, the method comprising:
- defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key;
  
  providing a service key to a client computing device, the service key useable to establish a secure connection to a service enclave, the service enclave including an authorization server; and
  
  transmitting from the authorization server, for each community of interest including an identified user of the client computing device;
  
  an identity of a customer enclave; and
  
  a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein providing a service key to the client computing device comprises loading the service key from a registry of the client computing device.
  - 3. The method of claim 1, further comprising transmitting from the authorization server, for each community of interest including an identified user of the client computing device, one or more filters associated with the community of interest, the one or more filters defining access permissions associated with the user of the client computing device.
  - 4. The method of claim 3, wherein each of the one or more filters is associated with a key from among the one or more keys.
  - 5. The method of claim 1, wherein the user of the client computing device is identified by credentials associated with the user.
  - 6. The method of claim 5, wherein the credentials include a cryptographically signed certificate associated with the user.
  - 7. The method of claim 1, further comprising establishing a secure connection between one or more of the computing resources in the customer enclave and the client computing device, the secure connection using a key from among the one or more keys to split and encrypt, and thereby exchange, randomly-generated session key information which is then used to split and encrypt data transmitted between the client computing device and the one or more computing resources.
  - 8. The method of claim 1, wherein the provisioning utility executes from a computing system within the service enclave.
  - 9. The method of claim 1, wherein each community of interest includes one or more user groups.
  - 10. The method of claim 1, further comprising authorizing the user at the authorization server based on an identity of the user.
  - 11. The method of claim 10, wherein authorizing the user is prerequisite to transmitting the one or more keys and the identity of each of the one or more customer enclave(s) from the authorization server to the client computing device.

12. A system for providing secure access to network resources, the system comprising:
- a provisioning utility defining one or more communities of interest, each community of interest including one or more users and associated with a key;
  
  an authorization server configured to establish a secure connection to a client computing device using a service key, and, upon authorizing a user at the client computing device, transmit to the client computing device, for each community of interest including an identified user of the client computing device;
  
  an identity of a customer enclave; and
  
  a key associated with a community of interest including the identified user of the client computing device, the community of interest including computing resources included in the customer enclave.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the authorization server is further configured to, upon authorizing a user at the client computing device, transmit to the client computing device, for each community of interest including an identified user of the client computing device one or more filters associated with the community of interest, the one or more filters defining access permissions associated with the user of the client computing device.
  - 14. The system of claim 13, wherein the one or more keys and one or more filters allow the client computing device to establish a secure connection to the customer enclave.
  - 15. The system of claim 12, wherein the one or more customer enclave identities, one or more keys, and optionally one or more filters are included in the XML transmission from the authorization server.
  - 16. The system of claim 12, further comprising a customer enclave including one or more computing resources configurable to establish a secure connection to a client computing device, the secure connection using a key from among the one or more keys to split and encrypt, and thereby exchange, randomly-generated session key information which is then used to split and encrypt data transmitted between the client computing device and the one or more computing resources.
  - 17. The system of claim 12, wherein each community of interest includes one or more user groups.
  - 18. The system of claim 12, further comprising a client computing device storing the service key and a location of a service enclave including the authorization server in a registry entry.
  - 19. The system of claim 12, wherein the authorization server is configured to authorize users based on a username and password associated with each user.
  - 20. The system of claim 19, wherein authorizing the user is prerequisite to transmitting the one or more keys and identity of the customer enclave from the authorization server to the client computing device.

21. A computer-readable medium comprising computer executable instructions which, when executed, cause a distributed computing system to perform a method of providing secure access to network resources, the method comprising:
- defining in a provisioning utility one or more communities of interest, each community of interest including one or more users, or groups of users, and associated with a key;
  
  providing a service key to a client computing device, the service key useable to establish a secure connection to a service enclave, the service enclave including an authorization server; and
  
  transmitting from the authorization server, for each community of interest including an identified user of the client computing device;
  
  an identity of a customer enclave; and
  
  a key associated with a community of interest including the identified user of the client computing device, the community of interest including computing resources included in the customer enclave.
- View Dependent Claims (22)
- - 22. The computer-readable medium of claim 21, wherein the computer executable instructions further cause the distributed computing system to transmit from the authorization server, for each community of interest including an identified user of the client computing device, one or more filters associated with the community of interest, the one or more filters defining access permissions associated with the user of the client computing device

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edward Chin, Robert Alan Johnson, Ted Hingman
Original Assignee
Edward Chin, Robert Alan Johnson, Ted Hingman
Inventors
Chin, Edward, Johnson, Robert A., Hingman, Ted

Application Number

US13/105,141
Publication Number

US 20120084566A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/575   Secure boot

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links