Method and apparatus for extending secure communication operations via a shared list

US 6,092,201 A
Filed: 01/27/1998
Issued: 07/18/2000
Est. Priority Date: 10/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for extending secure communication operation via a shared list, the method comprises the steps of:

a) determining whether shared list authorization is enabled;

b) when the shared list authorization is enabled, identifying at least one user to be added to the shared list to produce at least one identified user;

c) verifying trust with the at least one identified user; and

d) when the trust is established with the at least one identified user, adding secure communication parameters of the at least one identified user to the shared list.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for extending secure communication operations via shared lists is accomplished by creating a shared list in accordance with authorization parameters by one user and subsequently accessing the shared list via the authorization parameters by this and other users. To create the list, a user within the secured communication system determines whether it has been enabled, or authorized, to create a shared list. If so, the user identifies at least one other user to be added to the shared list. Having identified another user, the user creating the shared list verifies that the secure communication parameters (which includes a public key certificate of an end-user or of a certification authority) it has received regarding the another user is trustworthy. If the secure communication parameters are identified as trustworthy, the secure communication parameters of the another user are added to the shared list. To authenticate the shared list, the user creating the list digitally signs it. Once the shared list is created, other users, if authorized, may access the shared list to obtain certificates (e.g., encryption and/or signature verification certificates) of the users contained in the list.

Citations

29 Claims

1. A method for extending secure communication operation via a shared list, the method comprises the steps of:
- a) determining whether shared list authorization is enabled;
  
  b) when the shared list authorization is enabled, identifying at least one user to be added to the shared list to produce at least one identified user;
  
  c) verifying trust with the at least one identified user; and
  
  d) when the trust is established with the at least one identified user, adding secure communication parameters of the at least one identified user to the shared list.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the secure communication parameters includes at least one of an encryption certificate, a verification certificate, and certification authority verification certificate.
  - 3. The method of claim 1 further comprises at least one of signing the shared list by a user that created the shared list to certify the shared list and encrypting, the shared list based on encryption parameters of at least one authorized user.
  - 4. The method of claim 1 further comprises, within step (a), determining whether the user is authorized to create the share list by analyzing at least one of:
    - a certificate of a user, a list of authorized users, and a data transfer to the user.
  - 5. The method of claim 1 further comprises, when the at least one identified user is associated with a trusted third party, adding the encryption certificate, the verification certificate, and the associated certification authority verification certificate of the at least one identified user to the shared list.
  - 6. The method of claim 1 further comprises:
    - verifying entries in the shared list, wherein the verifying includes at least one of;
      
      determining revocation status and determining whether a validity period has expired; and
      
      updating the shared list when an entry in the shared list has at least one of a revocation status change and the validity period has expired.
  - 7. The method of claim 1 further comprises, within step (c), verifying the trust with the at least one identified user by at least one of:
    - i) obtaining the secure communication parameters from at least one of;
      
      a trusted user and a trusted locale,ii) verifying the secure communication parameters are within a validity period;
      
      iii) verifying that the secure communication parameters were signed by a trusted party;
      
      iv) determining revocation status of the associated authorities and certification authorities;
      
      v) determining revocation status of the at least one identified user;
      
      vi) determining appropriate key usage of the security information; and
      
      vii) determining policy compliance of creation, modification, and usage of the shared list.

8. A method for extending secure communication operation via a shared list, the method comprises the steps of:
- a) authorizing at least one of a plurality of users to process the shared list, wherein the shared list includes secure communication parameters of at least one user; and
  
  b) authorizing at least some of the plurality of users to utilize the shared list, wherein the authorizing includes at least one of;
  
  using the secure communication parameters of the at least one user and redistributing the shared list to another end user.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 further comprises, within step (a), authorizing the at least one of the plurality of users to sign the shared list, wherein the at least some of the plurality of users utilize a signature of the at least one of the plurality of users to authenticate the shared list.
  - 10. The method of claim 8 further comprises requiring the at least some of the plurality of users to validate entries in the shared list before using the secure communication parameters.
  - 11. The method of claim 8 further comprises preventing the at least some of the plurality of users from locally storing the shared list.
  - 12. The method of claim 8 further comprises authorizing the at least ore of the plurality of users to store the shared list on-line and authorizing the at least some of the plurality of users to access the shared list on-line.
  - 13. The method of claim 8 further comprises, within step (a), authorizing the at least one of the plurality of user to process the shared list by performing at least one of:
    - creating the shared list, adding entries to the shared list, deleting entries from the shared list, authorizing access to the shared list, redistributing the shared list, resigning the shared list, and authorizing modification of entries in the shared list.

14. A method for extending secure communication operation via a shared list, the method comprises the steps of:
- a) utilizing the shared list, wherein the shared list was created by at least one of a plurality of users and wherein the shared list includes secure communication parameters;
  
  b) verifying validity of the shared list; and
  
  c) when the shared list is valid, utilizing at least one entry in the shared list to process a secure communication.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 further comprises, within step (b), verifying signature of the at least one of the plurality of users to authenticate the shared list.
  - 16. The method of claim 14 further comprises at least one of:
    - selecting the shared list by a shared list name;
      
      accessing the shared list via a network connection;
      
      obtaining a list of users from the shared list name;
      
      accessing public key certificates for each user in the list of users;
      
      securing a message for each of the users based on public keys extracted from the public key certificates.
  - 17. The method of claim 14 further comprises determining whether the shared list is modifiable by another user;
    - andwhen the shared list is modifiable by the another user, modifying the list by the another user.

18. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to extend secure communication operation via a shared list, the digital storage medium comprises:
- first storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to determine whether shared list authorization is enabled;
  
  second storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to identify at least one user to be added to the shared list to produce at least one identified user when the shared list authorization is enabled;
  
  third storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to verify trust with the at least ore identified user; and
  
  fourth storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to add secure communication parameters of the at least one identified user to the shared list when the trust is established with the at least one identified user.
- View Dependent Claims (19, 20, 21)
- - 19. The digital storage medium of claim 18 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to perform at least one of sign the shared list by a user that created the shared list to certify the shared list and encrypt the shared list based on encryption parameters of at least one authorized user.
  - 20. The digital storage medium of claim 18 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to determine whether the user is authorized to create the shared list by analyzing at least one of:
    - a certificate of a user, a list of authorized users, and a data transfer to the user.
  - 21. The digital storage medium of claim 18 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to:
    - verify entries in the shared list, wherein the verifying includes at least one of determining revocation status and determining whether a validity period has expired; and
      
      update the shared list when an entry in the shared list has at least one of a revocation status change and the validity period has expired.

22. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to extend secure communication operation via a shared list, the digital storage medium comprises:
- first storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to authorize at least one of a plurality of users to process the shared list, wherein the shared list includes secure communication parameters of at least one user; and
  
  second storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to authorize at least some of the plurality of users to utilize the shared list, wherein the authorizing includes at least one of using the secure communication parameters of the at least one user and redistributing the shared list to another end user.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The digital storage medium of claim 22 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to authorize the at least one of the plurality of users to sign the shared list, wherein the at least some of the plurality of users utilize a signature of the at least one of the plurality of users to authenticate the shared list.
  - 24. The digital storage medium of claim 22 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to require the at least some of the plurality of users to validate entries in the shared list before using the secure communication parameters.
  - 25. The digital storage medium of claim 22 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to prevent the at least some of the plurality of users from locally storing the shared list.
  - 26. The digital storage medium of claim 22 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to authorize the at least one of the plurality of user to process the shared list by performing at least one of:
    - creating the shared list, adding entries to the shared list, deleting entries from the shared list, authorizing access to the shared list, redistributing the shared list, resigning the shared list, and authorizing modification of entries in the shared list.

27. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to extend secure communication operation via a shared list, the digital storage medium comprises:
- first storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to utilize the shared list, wherein the shared list was created by at least one of a plurality of users and wherein the shared list includes secure communication parameters;
  
  second storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to verify validity of the shared list;
  
  third storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to utilize at least one entry in the shared list to process a secure communication when the shared list is valid.
- View Dependent Claims (28, 29)
- - 28. The digital storage medium of claim 27 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to verify a signature of the at least one of the plurality of users to authenticate the shared list.
  - 29. The digital storage medium of claim 27 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to perform at least one of:
    - select the shared list by a shared list name;
      
      access the shared list via a network connection;
      
      obtain a list of users from the shared list name;
      
      access public key certificates for each user in the list of users;
      
      secure a message for each of the users based on public keys extracted from the public key certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Turnbull, James Arthur, Curry, Ian H., Van Oorschot, Paul C., Hillier, Stephen William
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/014,185
Time in Patent Office

903 Days
Field of Search

380/231, 380/232, 380/241, 380/278, 380/277, 713/155, 713/158, 713/168, 713/182, 713/201
US Class Current

726/4
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2117   User registration

G06F 2221/2145   Inheriting rights or proper...

H04L 2463/102   applying security measure f...

H04L 63/0272   Virtual private networks

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 9/3268   using certificate validatio...

Method and apparatus for extending secure communication operations via a shared list

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for extending secure communication operations via a shared list

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links