System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added
First Claim
1. A system of communication comprising:
- a client app, a user facing domain, a key escrow domain, and an inviter-invitee protocol wherein the user facing domain securely relates to multiple parties via the client app and the key escrow domain authenticates secure lines of communication amongst the parties;
the said client app in claim 1 consisting of but not limited to a local key store module and a digital identity token;
the said user facing domain in claim 1 consisting of but not limited to a login interface on a server, hardware security module (hsm) and lightweight directory access protocol application (ldap) on a server;
the said key escrow domain consisting of consisting a registration authority, certificate authority, attribute authority (each installed on a server) and hardware security module (hsm);
the said initiation protocol in claim 1 consisting of multiple steps but not limited to sending an invitation, receiving the invitation, downloading the client app, installation and registration, authentication, and single or multiple key requests, creation, and exchanges;
the said invitation consisting of, but not limited to, a client app with digital identity token, e-mail address, designated attributes, authentication question, answer to authentication question, and a cryptographic digital signature.
0 Assignments
0 Petitions
Accused Products
Abstract
A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.
137 Citations
3 Claims
-
1. A system of communication comprising:
- a client app, a user facing domain, a key escrow domain, and an inviter-invitee protocol wherein the user facing domain securely relates to multiple parties via the client app and the key escrow domain authenticates secure lines of communication amongst the parties;
the said client app in claim 1 consisting of but not limited to a local key store module and a digital identity token; the said user facing domain in claim 1 consisting of but not limited to a login interface on a server, hardware security module (hsm) and lightweight directory access protocol application (ldap) on a server; the said key escrow domain consisting of consisting a registration authority, certificate authority, attribute authority (each installed on a server) and hardware security module (hsm); the said initiation protocol in claim 1 consisting of multiple steps but not limited to sending an invitation, receiving the invitation, downloading the client app, installation and registration, authentication, and single or multiple key requests, creation, and exchanges; the said invitation consisting of, but not limited to, a client app with digital identity token, e-mail address, designated attributes, authentication question, answer to authentication question, and a cryptographic digital signature. - View Dependent Claims (2, 3)
- a client app, a user facing domain, a key escrow domain, and an inviter-invitee protocol wherein the user facing domain securely relates to multiple parties via the client app and the key escrow domain authenticates secure lines of communication amongst the parties;
Specification