Secure server and method of operation for a distributed information system

US 6,105,131 A
Filed: 11/26/1997
Issued: 08/15/2000
Est. Priority Date: 06/13/1997
Status: Expired due to Term

First Claim

Patent Images

1. A secure distributed information system linking together at least one user terminal and at least one secure server comprising:

a. a network browser responsive to user input in each user terminal;

b. a connection secure server in the secure server responsive to the browser;

c. a storage device in the secure server for securely storing user data and processes in vaults accessible only by an authenticated user, the storage device being coupled to the connection secure server; and

program instructions stored in the storage device for managing processes in vaults.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure server in a secure distributed information system isolates interaction from terminals to specific personal vaults including and to only those personal vaults, creating a "virtual logon". The secure server includes a secure connection server coupled to the system and to a vault deposit server having personal vaults in which user specific vault processes execute on dedicated encrypted data, after authentication of the user by a vault supervisor. The supervisor forwards vault process results to the user through the browser.

Citations

15 Claims

1. A secure distributed information system linking together at least one user terminal and at least one secure server comprising:
- a. a network browser responsive to user input in each user terminal;
  
  b. a connection secure server in the secure server responsive to the browser;
  
  c. a storage device in the secure server for securely storing user data and processes in vaults accessible only by an authenticated user, the storage device being coupled to the connection secure server; and
  
  program instructions stored in the storage device for managing processes in vaults.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The secure distributed information system of claim 1 wherein the secure server further comprises:
    - (a) a virtual logon means for isolating interaction from user terminals to specific vaults and only to those specific vaults.
  - 3. The secure distributed information system of claim 2 wherein the secure server further comprises:
    - a. virtual logon means for providing virtual log-on using public-key based authentication.
  - 4. The secure distributed information system of claim 3 further comprising:
    - (a) means for storing key encrypted data and processes in vaults which are accessible only after virtual logon of the user.
  - 5. The secure distributed information system of claim 1 further comprising:
    - a. a registration authority terminal connected to the secure server, wherein the registration authority terminal processes certification requests from the user terminal and returns an approval or rejection to another vault in the vault deposit server by an authenticated user.
  - 6. The secure distributed information system of claim 1 further comprising:
    - (a) a service provider server connected to the secure server, wherein the secure server authenticates user terminal access to the service provider server.
  - 7. The secure distributed information system of claim 6 further comprising:
    - (a) a registration authority terminal connected to the secure server, wherein the registration authority terminal processes certification requests from the user terminal and returns an approval, that enables issuance of a certificate for the purpose of accessing the vaults.
  - 8. The secure distributed information system of claim 1 further comprising:
    - a. a certificate management connected to the secure server, wherein the certificate management system processes certification requests and certifies user public keys to access secure vaults and applications.
  - 9. The secure distributed information system of claim 1, wherein the storage device further comprises:
    - a. a vault process that manages the certification process including receiving registration authority approval notices when appropriate and requesting certification of user public key.

10. A secure distribute information system comprising:
- (a) a user access means for transmitting and receiving user data, access keys and certificates;
  
  (b) a storage means for storing data and processes, wherein the storage means is partitioned and access to a partition is granted only after partition specific authentication;
  
  (c) a interconnection means for linking the user access means and the storage means; and
  
  (d) a virtual logon means for isolating interaction from user access means to specific storage means and only to those specific storage means, the virtual logon means including automatic key and certificate authentication.

11. A method of providing access to information in a secure distributed information system comprising:
- (a) establishing personal vaults in a secure server, the personal vaults storing user data and processes accessible only by authenticated users;
  
  (b) searching the secure server for the desired data or processes using a browser responsive to user input at a user terminal;
  
  (c) requesting the browser provide access keys or certification associated with the personal vault that contains the desired data or process;
  
  (d) providing the access keys or certification resident in the user terminal associated with the personal vault;
  
  (e) authenticating the access keys or certification; and
  
  (f) providing access to the secure data or executing the secure process stored in the storage device.
- View Dependent Claims (12)
- - 12. The method of providing secure access to information of claim 11 wherein the step of providing access keys or certification further comprises:
    - (a) transmitting user specific information to the secure server;
      
      (b) evaluating the user information in the secure server for compliance with expected format;
      
      (c) transmitting the user information to a registration authority terminal;
      
      (d) evaluating the user information in the registration authority terminal for compliance with predefined criteria;
      
      (e) transmitting the certificate to the user terminal if the user information complies with the predefined criteria; and
      
      (f) storing the certificate in the user terminal for subsequent access to a personal vault protected by that certificate.

13. A secure distributed information system comprising:
- a. a secure server including a vault deposit server, a certificate management system and directory services;
  
  b. a computer network coupling the secure server to at least one user terminal and a registration authority terminal;
  
  c. means for storing user data and processes in a personal storage vault within the vault deposit server for access only to the user after authentication; and
  
  d. a vault process supervisor in the vault deposit server for managing user access to their personal storage vault; and
  
  the processes within the user personal storage vault.
- View Dependent Claims (14, 15)
- - 14. The secure distributed information system of claim 13 further comprising:
    - e. means for obtaining a digital certificate for a user from the certificate management system as authentication for user access to the personal storage vault.
  - 15. The secure distributed information system of claim 13 further comprising:
    - means for encrypting/decrypting data and processes within the user personal vault using public key infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Carroll, Robert B.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US08/980,022
Time in Patent Office

993 Days
Field of Search

380/258, 380/281, 380/283, 380/284, 713/155, 713/156, 713/161, 713/168, 713/169, 713/171, 713/201
US Class Current

713/155
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6245   Protecting personal data, e...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2149   Restricted operating enviro...

G06Q 20/04   Payment circuits

H04L 63/0823   using certificates cryptogr...

Secure server and method of operation for a distributed information system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Secure server and method of operation for a distributed information system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links