SYSTEM AND METHOD FOR OBTAINING KEYS TO ACCESS PROTECTED INFORMATION

US 20140082354A1
Filed: 09/16/2013
Published: 03/20/2014
Est. Priority Date: 09/16/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a memory to store computer instructions; and

a processor in communication with the memory, wherein the processor, responsive to executing the computer instructions, performs operations comprising;

receiving a request to access information content from a file system;

identifying a network of software agents, each software agent configured to conduct a respective evaluation returning a respective portion of information;

requesting that each software agent in the network of software agents conducts its respective evaluation;

generating a key from the respective portions of information; and

accessing by the key, the information content from the file system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server uses an encryption key to decrypt authentication information thereby facilitating communication with network-accessible applications that may be remotely located from the server. Servers can also use encryption keys to decrypt files containing sensitive data. The encryption key is obtained by a collection of software agents, each providing a portion of information necessary for generating the encryption key. Each software agent performs a respective examination, the results of which determine whether the respective portion of information is valid or not. A complete encryption key can be obtained only when all of the contributing portions of information are valid.

Citations

20 Claims

1. A system comprising:
- a memory to store computer instructions; and
  
  a processor in communication with the memory, wherein the processor, responsive to executing the computer instructions, performs operations comprising;
  
  receiving a request to access information content from a file system;
  
  identifying a network of software agents, each software agent configured to conduct a respective evaluation returning a respective portion of information;
  
  requesting that each software agent in the network of software agents conducts its respective evaluation;
  
  generating a key from the respective portions of information; and
  
  accessing by the key, the information content from the file system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the network of agents are configured to perform tests on the system to determine whether the system is in a safe state.
  - 3. The system of claim 1, wherein the network of software agents makes the key from values returned as a result obtained by performance of a test.
  - 4. The system of claim 1, wherein the network of software agents is re-configurable according to a type of test performed.
  - 5. The system of claim 1, wherein the file system is encrypted, and a file-open command of an unencrypted file system initiates a procedure whereby a plurality of software agents of the network of software agents are called, the plurality of software agents providing respective portions of information.
  - 6. The system of claim 1, wherein requesting that each software agent conduct its respective evaluation occurs sequentially according to a predetermined chain of software agents of the network of software agents, each software agent of the chain of software agents passing its respective portion of information to a subsequent software agent of the chain of software agents.
  - 7. The system of claim 6, wherein a final software agent in the predetermined chain of software agents produces a key, which is a combination of the respective portions of information of preceding software agents of the predetermined chain of software agents.
  - 8. The system of claim 1, where each software agent of the network of software agents conducts a respective examination by using an authentication function comprising initially encrypted authentication functions that are decrypted just prior to being run.
  - 9. The system of claim 8, where the authentication function uses other software agents on other processors to conduct their examination.
  - 10. The system of claim 9, further comprising communication of code snippets from a calling software agent of the network of software agents to another software agent on other processors, wherein the other software agent receiving the code snippet executes the code snippet in memory immediately after receipt and returns a result to the calling software agent.

11. A method comprising:
- receiving, by a system comprising a processor, a request to access information content from a file system;
  
  identifying, by the system, a plurality of software agents, each software agent configured to conduct a respective evaluation returning a respective portion of information;
  
  requesting, by the system, that each software agent in the plurality of software agents conducts its respective evaluation;
  
  generating, by the system, a key from the respective portions of information; and
  
  accessing by the key, the information content from the file system.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein requesting that each software agent conduct its respective evaluation occurs sequentially according to a chain of software agents of the plurality of software agents, each software agent of the chain of the plurality of software agents passing its respective portion of information to a subsequent software agent of the chain of the plurality of software agents.
  - 13. The method of claim 12, wherein a final software agent in the chain of the plurality of software agents produces a key, which is a combination of the respective portions of information of the preceding software agents of the chain of the plurality of software agents.
  - 14. The method of claim 11, wherein each software agent of the plurality of software agents conducts a respective examination according to one or more authentication functions, wherein the one or more authentication functions are initially encrypted, the one or more authentication functions being decrypted at run time.
  - 15. The method of claim 14, wherein at least some of the one or more authentication functions conducts the respective examination using one or more other software agents on one or more other processors.
  - 16. The method of claim 15, further comprising communication of a code segment from a calling software agent of the plurality of software agents to another software agent on other processors, wherein the other software agent receiving the code segment executes the code segment in memory to produce a result and returns the result to the calling software agent.

17. A machine-readable storage device, comprising executable instructions which, responsive to being executed by at least one processor, cause the at least one processor to perform operations comprising:
- receiving a request to access information content from a file system;
  
  identifying a chain of software agents, each software agent configured to conduct a respective evaluation returning a respective portion of information;
  
  requesting that each software agent in the chain of software agents conduct its respective evaluation;
  
  generating a key from the respective portions of information; and
  
  accessing the information content from the file system.
- View Dependent Claims (18, 19, 20)
- - 18. The machine-readable storage device of claim 17, where each software agent of the chain of software agents conducts a respective examination by using initially encrypted authentication functions that are decrypted just-in-time when they are run.
  - 19. The machine-readable storage device of claim 18, where the initially encrypted authentication functions use other software agents on other processors to conduct their examination.
  - 20. The machine-readable storage device of claim 19, further comprising communicating a code segment from a calling software agent of the chain of software agents to another software agent on another processor, wherein the other software agent receiving the code segment executes the code segment to produce a result and returns the result to the calling software agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ANGEL Secure Networks, Inc.
Original Assignee
ANGEL Secure Networks, Inc.
Inventors
Smith, Benjamin, Sabin, Daniel, Smith, Fred Hewitt

Granted Patent

US 9,390,280 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 21/6218   to a system of files or obj...

G06F 2221/2125   Just-in-time application of...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0822   using key encryption key

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

SYSTEM AND METHOD FOR OBTAINING KEYS TO ACCESS PROTECTED INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR OBTAINING KEYS TO ACCESS PROTECTED INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links