Method and apparatus for transmitting secured data

US 6,029,247 A
Filed: 12/09/1996
Issued: 02/22/2000
Est. Priority Date: 12/09/1996
Status: Expired due to Term

First Claim

Patent Images

1. A system, comprising:

(a) a plurality of interconnected nodes;

(b) a distributed directory being accessed by the plurality of nodes;

(c) a plurality of objects in the distributed directory, each object having one or more associated attributes;

(d) an encryption system operative to encrypt data;

(e) a decryption system operative to decrypt data that has been encrypted by the encryption system,(f) an access control mechanism operative to control access to the distributed directory;

(g) encrypted data encrypted from secret data using the encryption system, said encrypted data being associated with an attribute of an object in the distributed directory, whereby the attribute is accessible to at least one of the nodes and access to the secret data is permitted if;

i. The access control mechanism permits the encrypted data associated with the attribute to be obtained, andii. Decryption information is presented for the decryption system to decrypt the encrypted data; and

(h) a replication system operative to replicate objects and attributes in the distributed directory from one node to at least one other node and thereby transmit the encrypted data from one node to at last one other node.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for transmitting secured data is disclosed. A plurality of interconnected nodes access a distributed directory having a plurality of objects and attributes. An access control mechanism controls access to the distributed directory. An encryption system and a decryption system are used to encrypt and decrypt secret data. The resulting encrypted data is associated with an attribute of an object, whereby access to the secret data is permitted if (i) the access control mechanism permits access to the attribute, and (ii) decryption information is presented to the decryption system to decrypt the secret data.

109 Citations

29 Claims

1. A system, comprising:
- (a) a plurality of interconnected nodes;
  
  (b) a distributed directory being accessed by the plurality of nodes;
  
  (c) a plurality of objects in the distributed directory, each object having one or more associated attributes;
  
  (d) an encryption system operative to encrypt data;
  
  (e) a decryption system operative to decrypt data that has been encrypted by the encryption system,(f) an access control mechanism operative to control access to the distributed directory;
  
  (g) encrypted data encrypted from secret data using the encryption system, said encrypted data being associated with an attribute of an object in the distributed directory, whereby the attribute is accessible to at least one of the nodes and access to the secret data is permitted if;
  
  i. The access control mechanism permits the encrypted data associated with the attribute to be obtained, andii. Decryption information is presented for the decryption system to decrypt the encrypted data; and
  
  (h) a replication system operative to replicate objects and attributes in the distributed directory from one node to at least one other node and thereby transmit the encrypted data from one node to at last one other node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A system as recited in claim 1, wherein the nodes are computers interconnected on a network.
  - 3. A system as recited in claim 2, wherein the network is a client/server network.
  - 4. A system as recited in claim 3, wherein at least one server in the client/server network is operating a foreign system.
  - 5. A system as recited in claim 4, further comprising a means for associating the secret data with an object in the foreign system.
  - 6. A system as recited in claim 1, wherein the encryption and decryption systems use private/public keys.
  - 7. A system as recited in claim 1, wherein the secret data comprises a password.
  - 8. A system as recited in claim 7, wherein the object is a user object and the password is associated with the user object.
  - 9. A system as recited in claim 1, wherein the access control mechanism comprises login security.
  - 10. A system as recited in claim 1, wherein the access control mechanism comprises directory security.
  - 11. A system as recited in claim 1, wherein the distributed directory is organized in partitions, and the replication of objects and attributes by the replication system is at least partially dependent upon the organization of the partitions.

12. A method in a computer system for transmitting and receiving secured information, comprising the steps of:
- (a) encrypting secret data to create encrypted data;
  
  (b) associating the encrypted data with an attribute of an object in a distributed directory;
  
  (c) transmitting the encrypted data as a value of the attribute across the distributed directory by a replication system of the distributed directory;
  
  (d) accessing the attribute of the object;
  
  (e) retrieving the encrypted data;
  
  (f) decrypting the encrypted data; and
  
  (g) retrieving the secret data.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 21, 22, 23)
- - 13. A method as recited in claim 12, wherein the secret data comprises a password.
  - 14. A method as recited in claim 13, wherein the steps of encrypting and decrypting involve the use of a private/public key pair.
  - 15. A method as recited in claim 12, wherein the step of accessing is enforced by the security of the distributed directory.
  - 16. A method as recited in claim 12, wherein the distributed directory operates on a client/server network.
  - 17. A method as recited in claim 16, wherein the secret data is being transmitted to a computer operating a foreign system.
  - 18. A method as recited in claim 17, further comprising the step of associating the secret data with an object in the foreign system.
  - 19. A computer readable medium containing a program capable of performing the method of claim 12.
  - 21. A computer readable medium as recited in claim 19, wherein the computer readable medium is a magnetic storage medium.
  - 22. A computer readable medium as recited in claim 19, wherein the computer readable medium is an optical storage medium.
  - 23. A computer readable medium as recited in claim 19, wherein the computer readable medium is an electronic storage medium.

20. A computer readable medium, comprising a program capable of performing the step of:
- (a) encrypting secret data to create encrypted data;
  
  (b) associating the encrypted data with an attribute of an object in a distributed directory;
  
  (c) transmitting the encrypted data as a value of the attribute across the distributed directory by a replication system of the distributed directory;
  
  (d) accessing the attribute of the object;
  
  (e) retrieving the encrypted data;
  
  (f) decrypting the encrypted data; and
  
  (g) retrieving the secret data.

24. A method in a computer system for transmitting secured data to a computer, comprising the steps of:
- (a) accessing by the computer a distributed directory;
  
  (b) generating a private/public key pair;
  
  (c) publishing the public key;
  
  (d) generating secret data;
  
  (e) encrypting the secret data using the public key to create encrypted data;
  
  (f) associating the encrypted data with an attribute of an object in the distributed directory;
  
  (g) replicating the encrypted data as a value of the attribute to the computer by a replication system of the distributed directory;
  
  (h) accessing by the computer the encrypted data; and
  
  (i) decrypting the encrypted data using the private key.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. A method as recited in claim 24, wherein the computer is operating a foreign system.
  - 26. A method as recited in claim 25, further comprising after step (i) the step of associating the secret data with an object in the foreign system.
  - 27. A method as recited in claim 26, wherein the secret data comprises a password.
  - 28. A method as recited in claim 26, wherein the object in the distributed directory and the object in the foreign system both represent a user.
  - 29. A computer readable medium containing a program capable of performing the method of claim 24.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Ferguson, Daniel T.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Shaw, Brian H.

Application Number

US08/762,561
Time in Patent Office

1,170 Days
Field of Search

395/187.01, 714/201, 714/202, 380/3, 380/4
US Class Current

726/5
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2107   File encryption

H04L 41/022   Multivendor or multi-standa...

H04L 41/046   comprising network manageme...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

Method and apparatus for transmitting secured data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for transmitting secured data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links