Access control and authorization system
First Claim
1. A process of securing an object, comprising:
- applying a cryptographic hash algorithm to the object to provide a hash value;
storing the hash value on a token;
generating a random key component;
combining a first plurality of key components to form a first key;
encrypting the object using the first key;
combining a second plurality of key components to form a second key;
encrypting the random key component using the second key to form an encrypted key component;
encrypting the hash value according to a digital signature algorithm using a user private key, to provide a digital signature;
encrypting the hash value according to a user algorithm using the first key;
forming a header including information that can be used to decrypt the encrypted object, wherein the information includes the user algorithm, the encrypted key component, and decrypt read credentials;
encrypting the header; and
adding the encrypted header to the encrypted object;
wherein the first plurality of key components includes the random key component, and the second plurality of key components does not include the random key component.
1 Assignment
0 Petitions
Accused Products
Abstract
A process of encrypting an object includes applying a hash algorithm to the object, generating a random number, combining a first plurality of splits including the random number to form a working split, encrypting the object using the working split, combining a second plurality of splits not including the random number to form a value, encrypting the random number using the value, encrypting the hashed object according to a signature algorithm using a user private key, encrypting the hashed object according to a selected algorithm using the working split as a key, forming a header including information that can be used to decrypt the object, encrypting the header, and adding the encrypted header to the encrypted object. The pluralities of splits include a fixed split, a variable split, and a label split corresponding to a selected label. The header includes the encrypted random number, a label, and a digital signature.
-
Citations
10 Claims
-
1. A process of securing an object, comprising:
-
applying a cryptographic hash algorithm to the object to provide a hash value;
storing the hash value on a token;
generating a random key component;
combining a first plurality of key components to form a first key;
encrypting the object using the first key;
combining a second plurality of key components to form a second key;
encrypting the random key component using the second key to form an encrypted key component;
encrypting the hash value according to a digital signature algorithm using a user private key, to provide a digital signature;
encrypting the hash value according to a user algorithm using the first key;
forming a header including information that can be used to decrypt the encrypted object, wherein the information includes the user algorithm, the encrypted key component, and decrypt read credentials;
encrypting the header; and
adding the encrypted header to the encrypted object;
wherein the first plurality of key components includes the random key component, and the second plurality of key components does not include the random key component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
selecting at least one permission instance from a plurality of permission instances;
wherein the first plurality of key components includes a label key component corresponding to the at least one selected permission instance.
-
-
6. The process of claim 1, wherein the random key component is generated on the token.
-
7. The process of claim 1, wherein the header is encrypted on the token.
-
8. The process of claim 5, wherein the second plurality of key components includes a fixed organization key component, a variable maintenance key component, and the label key component.
-
9. The process of claim 5, wherein the header further includes the encrypted key component, the at least one selected permission instance, and the digital signature.
-
10. A process of decrypting an object secured according to the process of claim 1, comprising:
-
decrypting the header to recover the information that can be used to decrypt the encrypted object, wherein the information includes the encrypted key component, the user algorithm, and the decrypt read credentials;
checking at least some of the information that can be used to decrypt the encrypted object against the decrypt read credentials;
using the second plurality of key components to recover the random key component;
using the first plurality of key components to recover the first key; and
decrypting the encrypted object using the algorithm and the first key.
-
Specification