Method and apparatus for transmitting secured data
First Claim
Patent Images
1. A system, comprising:
- (a) a plurality of interconnected nodes;
(b) a distributed directory being accessed by the plurality of nodes;
(c) a plurality of objects in the distributed directory, each object having one or more associated attributes;
(d) an encryption system operative to encrypt data;
(e) a decryption system operative to decrypt data that has been encrypted by the encryption system,(f) an access control mechanism operative to control access to the distributed directory;
(g) encrypted data encrypted from secret data using the encryption system, said encrypted data being associated with an attribute of an object in the distributed directory, whereby the attribute is accessible to at least one of the nodes and access to the secret data is permitted if;
i. The access control mechanism permits the encrypted data associated with the attribute to be obtained, andii. Decryption information is presented for the decryption system to decrypt the encrypted data; and
(h) a replication system operative to replicate objects and attributes in the distributed directory from one node to at least one other node and thereby transmit the encrypted data from one node to at last one other node.
7 Assignments
0 Petitions
Accused Products
Abstract
A system for transmitting secured data is disclosed. A plurality of interconnected nodes access a distributed directory having a plurality of objects and attributes. An access control mechanism controls access to the distributed directory. An encryption system and a decryption system are used to encrypt and decrypt secret data. The resulting encrypted data is associated with an attribute of an object, whereby access to the secret data is permitted if (i) the access control mechanism permits access to the attribute, and (ii) decryption information is presented to the decryption system to decrypt the secret data.
109 Citations
29 Claims
-
1. A system, comprising:
-
(a) a plurality of interconnected nodes; (b) a distributed directory being accessed by the plurality of nodes; (c) a plurality of objects in the distributed directory, each object having one or more associated attributes; (d) an encryption system operative to encrypt data; (e) a decryption system operative to decrypt data that has been encrypted by the encryption system, (f) an access control mechanism operative to control access to the distributed directory; (g) encrypted data encrypted from secret data using the encryption system, said encrypted data being associated with an attribute of an object in the distributed directory, whereby the attribute is accessible to at least one of the nodes and access to the secret data is permitted if; i. The access control mechanism permits the encrypted data associated with the attribute to be obtained, and ii. Decryption information is presented for the decryption system to decrypt the encrypted data; and (h) a replication system operative to replicate objects and attributes in the distributed directory from one node to at least one other node and thereby transmit the encrypted data from one node to at last one other node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method in a computer system for transmitting and receiving secured information, comprising the steps of:
-
(a) encrypting secret data to create encrypted data; (b) associating the encrypted data with an attribute of an object in a distributed directory; (c) transmitting the encrypted data as a value of the attribute across the distributed directory by a replication system of the distributed directory; (d) accessing the attribute of the object; (e) retrieving the encrypted data; (f) decrypting the encrypted data; and (g) retrieving the secret data. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 21, 22, 23)
-
-
20. A computer readable medium, comprising a program capable of performing the step of:
-
(a) encrypting secret data to create encrypted data; (b) associating the encrypted data with an attribute of an object in a distributed directory; (c) transmitting the encrypted data as a value of the attribute across the distributed directory by a replication system of the distributed directory; (d) accessing the attribute of the object; (e) retrieving the encrypted data; (f) decrypting the encrypted data; and (g) retrieving the secret data.
-
-
24. A method in a computer system for transmitting secured data to a computer, comprising the steps of:
-
(a) accessing by the computer a distributed directory; (b) generating a private/public key pair; (c) publishing the public key; (d) generating secret data; (e) encrypting the secret data using the public key to create encrypted data; (f) associating the encrypted data with an attribute of an object in the distributed directory; (g) replicating the encrypted data as a value of the attribute to the computer by a replication system of the distributed directory; (h) accessing by the computer the encrypted data; and (i) decrypting the encrypted data using the private key. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification