Distributed cryptographic object method

DC CAFC

US 5,680,452 A
Filed: 02/24/1995
Issued: 10/21/1997
Est. Priority Date: 10/18/1993
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for providing multi-level multimedia security in a data network, comprising:

a) accessing an object-oriented key manager;

b) selecting a first object to encrypt;

c) selecting a first label for the first object;

d) encrypting the first object;

e) labelling the encrypted first object;

f) displaying the first label as a header array;

g) reading the first object label;

h) determining access authorization based on the first object label; and

i) decrypting the first object if access authorization is granted.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system for increasing the security of a computer system, while giving an individual user a large amount of flexibility and power. To give users the most power and flexibility, a standard object that has the capability to embed objects is used. To allow users even more flexibility, a standard object tracking mechanism is used that allows users to distribute to other individuals multiple encrypted objects embedded in a single encrypted object. By effecting compartmentalization of every object by label attributes and algorithm attributes, multi-level multimedia security is achieved. Label attributes are used to restrict access to objects based on location, group, or other criteria and may specify personal access. Access type, such as read-only, write-only, and print-only may be specified. Nested embedded objects may be accessed directly through selection from a header array.

181 Citations

17 Claims

1. A method for providing multi-level multimedia security in a data network, comprising:
- a) accessing an object-oriented key manager;
  
  b) selecting a first object to encrypt;
  
  c) selecting a first label for the first object;
  
  d) encrypting the first object;
  
  e) labelling the encrypted first object;
  
  f) displaying the first label as a header array;
  
  g) reading the first object label;
  
  h) determining access authorization based on the first object label; and
  
  i) decrypting the first object if access authorization is granted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising embedding the encrypted first object in a second object after labelling the encrypted first object.
  - 3. The method of claim 2, further comprising:
    - a) selecting a second label for the second object;
      
      b) encrypting the second object;
      
      c) labelling the encrypted second object with a second object label; and
      
      d) incorporating the second label into the header array.
  - 4. The method of claim 3, further comprising:
    - a) reading the header array;
      
      b) determining access authorization based on the second object label; and
      
      c) decrypting the second object if access authorization is granted.
  - 5. The method of claim 4, further comprising presenting a representation of the first object only if access authorization is granted according to the second object label.
  - 6. The method of claim 2, wherein the encrypted first object is a printer object.
  - 7. The method of claim 1, wherein the first object is an application document, and further comprising:
    - a) creating the first object in an application prior to accessing the object-oriented key manager; and
      
      b) returning the encrypted first object to the application prior to reading the first object label.
  - 8. The method of claim 7, wherein access authorization is print-only authorization.
  - 9. The method of claim 1, further comprising:
    - a) compressing the first object prior to encrypting the first object; and
      
      b) decompressing the first object after decrypting the first object.
  - 10. The method of claim 1, further comprising:
    - a) compressing the first object immediately prior to encrypting the first object; and
      
      b) decompressing the first object immediately after decrypting the first object.
  - 11. The method of claim 1, further comprising:
    - a) arranging a plurality of encrypted objects such that at least some of the plurality of encrypted objects are embedded within others of the encrypted objects;
      
      b) selecting a label for each of at least some of the plurality of encrypted objects;
      
      c) labelling each of the plurality of encrypted objects for which a label was selected;
      
      d) incorporating each of the labels into the header array.
  - 12. The method of claim 11, further comprising:
    - a) reading a selected label;
      
      b) determining access authorization to the object associated with the selected label based on the selected label and further based on all labels associated with objects in which the associated object is embedded; and
      
      c) decrypting the associated object if access authorization is granted.
  - 13. The method of claim 1, wherein the header array is an access control list separate from the encrypted first object.

14. A system for providing multi-level multimedia security in a data network, comprising:
- A) digital logic means, the digital logic means comprising;
  
  1) a system memory means for storing data;
  
  2) an encryption algorithm module, comprising logic for converting unencrypted objects into encrypted objects, the encryption algorithm module being electronically connected to the system memory means for accessing data stored in the first system memory;
  
  3) means for arranging a plurality of encrypted objects such that at least some of the plurality of encrypted objects are embedded within others of the encrypted objects;
  
  4) an object labelling subsystem, comprising logic means for limiting object access, subject to label conditions of a selected object and further subject to conditions of all labels associated with objects in which the selected object is embedded, the object labelling subsystem being electronically connected to the system memory means for accessing data stored in the system memory means and the object labelling subsystem being further electronically connected to the encryption algorithm module to accept inputs from the encryption algorithm module;
  
  5) a decryption algorithm module, comprising logic for converting encrypted objects into unencrypted objects, the decryption algorithm module being electronically connected to the system memory means for accessing data stored in the system memory means; and
  
  6) an object label identification subsystem, comprising logic for limiting object access, subject to label conditions, the object label identification subsystem being electronically connected to the system memory means for accessing data stored in the system memory means and the object label identification subsystem being further electronically connected to the decryption algorithm module to accept inputs from the deception algorithm module.B) the encryption algorithm module working in conjunction with the object labelling subsystem to create an encrypted object such that the object label identification subsystem limits access to an encrypted object.
- View Dependent Claims (15, 16, 17)
- - 15. The system of claim 14, wherein the digital logic means further comprises means for accessing computer program applications stored in the system memory means.
  - 16. The system of claim 14, wherein one of the encrypted objects is a printer object.
  - 17. The system of claim 14, further comprising means for compressing one of the encrypted objects and means for decompressing one of the encrypted objects.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
TecSec, Incorporated
Original Assignee
TecSec, Incorporated
Inventors
Shanton, M. Greg
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/394,402
Time in Patent Office

970 Days
Field of Search

380/3, 380/4, 380/5, 380/9, 380/10, 380/23, 380/24, 380/25, 380/21, 380/49, 380/50, 380/28, 380/30, 380/43, 340/825.31, 340/825.34, 455/33, 455/3
US Class Current

713/167
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1491   in a hierarchical protectio...

G06F 21/10   Protecting distributed prog...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

Distributed cryptographic object method

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

181 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed cryptographic object method

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

181 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links