METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE

US 20130254529A1
Filed: 04/30/2013
Published: 09/26/2013
Est. Priority Date: 06/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

encrypting a resource with a first authorization key;

encrypting the first authorization key with a second authorization key, the second authorization key being for a user entity; and

initiating a distribution of the encrypted resource with the encrypted first authorization key and information indicating the user entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

Citations

20 Claims

1. A method comprising:
- encrypting a resource with a first authorization key;
  
  encrypting the first authorization key with a second authorization key, the second authorization key being for a user entity; and
  
  initiating a distribution of the encrypted resource with the encrypted first authorization key and information indicating the user entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - encrypting data known to the user entity with the first authorization key, wherein the encrypted data is decrypted and the encrypted resource is decrypted when the decrypted data matches with the data known to the user entity.
  - 3. The method according to claim 2, wherein the distribution further includes the encrypted data, the encrypted first authorization key is decrypted with the second authorization key, the encrypted data is decrypted with the decrypted first authorization key, and the encrypted resource is decrypted with the decrypted first authorization key when the decrypted data matches with the data known to the user entity.
  - 4. The method according to claim 1, wherein the user entity is an owner of the resource, a contact of the owner, or a social group of the owner and wherein members of the social group share an identical second authorization key specific for the social group.
  - 5. The method according to claim 1, further comprising:
    - determining a third authorization key for a second user entity, wherein the encrypted first authorization key is further configured to be decrypted with the third authorization key and the information further indicates the second user entity.
  - 6. The method according to claim 1, wherein the distribution is to at least a server, the method further comprising:
    - initiating caching of the encrypted first authorization key with the encrypted resource in a cache of the server; and
      
      initiating transmission of the cached and encrypted first authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
  - 7. The method according to claim 6, further comprising:
    - initiating a distribution of an access rights filter (ARF) to the server, the ARF being configured to determine access rights of the at least one authorized entity according to one or more authorization keys, wherein the server determines access rights of the at least one authorized entity based on the ARF.

8. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code,wherein the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  encrypt a resource with a first authorization key;
  
  encrypt the first authorization key with a second authorization key, the second authorization key being for a user entity; and
  
  initiate a distribution of the encrypted resource with the encrypted first authorization key and information indicating the user entity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the apparatus is further caused to:
    - encrypt data known to the user entity with the first authorization key, wherein the encrypted data is decrypted and the encrypted resource is decrypted when the decrypted data matches with the data known to the user entity.
  - 10. The apparatus of claim 9, wherein the distribution further includes the encrypted data, the encrypted first authorization key is decrypted with the second authorization key, the encrypted data is decrypted with the decrypted first authorization key, and the encrypted resource is decrypted with the decrypted first authorization key when the decrypted data matches with the data known to the user entity.
  - 11. The apparatus of claim 8, wherein the user entity is an owner of the resource, a contact of the owner, or a social group of the owner and wherein members of the social group share an identical second authorization key specific for the social group.
  - 12. The apparatus of claim 8, wherein the apparatus is further caused to:
    - determine a third authorization key for a second user entity, wherein the encrypted first authorization key is further configured to be decrypted with the third authorization key and the information further indicates the second user entity.
  - 13. The apparatus of claim 8, wherein the distribution is to at least a server and the apparatus is further caused to:
    - initiate caching of the encrypted first authorization key with the encrypted resource in a cache of the server; and
      
      initiate transmission of the cached and encrypted first authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
  - 14. The apparatus of claim 13, wherein the apparatus is further caused to:
    - initiate a distribution of an access rights filter (ARF) to the server, the ARF being configured to determine access rights of the at least one authorized entity according to one or more authorization keys, wherein the server determines access rights of the at least one authorized entity based on the ARF.

15. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to perform at least the following:
- encrypting a resource with a first authorization key;
  
  encrypting the first authorization key with a second authorization key, the second authorization key being for a user entity; and
  
  initiating a distribution of the encrypted resource with the encrypted first authorization key and information indicating the user entity.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the apparatus is caused to further perform:
    - encrypting data known to the user entity with the first authorization key, wherein the encrypted data is decrypted and the encrypted resource is decrypted when the decrypted data matches with the data known to the user entity.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the distribution further includes the encrypted data, the encrypted first authorization key is decrypted with the second authorization key, the encrypted data is decrypted with the decrypted first authorization key, and the encrypted resource is decrypted with the decrypted first authorization key when the decrypted data matches with the data known to the user entity.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the user entity is an owner of the resource, a contact of the owner, or a social group of the owner and wherein members of the social group share an identical second authorization key specific for the social group.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the apparatus is caused to further perform:
    - determining a third authorization key for a second user entity, wherein the encrypted first authorization key is further configured to be decrypted with the third authorization key and the information further indicates the second user entity.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the distribution is to at least a server and the apparatus is caused to further perform:
    - initiating caching of the encrypted first authorization key with the encrypted resource in a cache of the server;
      
      initiating transmission of the cached and encrypted first authorization key with the cached and encrypted resource from the cache to at least one authorized entity; and
      
      initiating a distribution of an access rights filter (ARF) to the server, the ARF being configured to determine access rights of the at least one authorized entity according to one or more authorization keys, wherein the server determines access rights of the at least one authorized entity based on the ARF.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Fu, Yan, Vepsalainen, Ari M., Aarnio, Ari Antero, Vimpari, Markku Kalevi, Laitinen, Pekka Ilmani

Granted Patent

US 9,992,015 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links