Multiple level access system
First Claim
Patent Images
1. In a multi-level access system, a method of securing an object at a multiple-level access level, comprising:
- receiving from a user, a profile key encryption key corresponding to the multiple-level access level;
selecting an object to secure;
selecting a profile associated with the user, wherein the profile includes a domain value, an encrypted profile encryption key, and a credential, wherein the credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier;
selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier;
generating a working key, including generating a random value, and binding at least the domain value and the random value together to form the working key;
encrypting the object with the working key;
generating a random value encryption key, including decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value;
encrypting the random value with at least the random value encryption key; and
providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient;
wherein the profile further includes a profile initialization vector, decrypting the encrypted credential public key encryption key includes decrypting the encrypted credential public key encryption key with the profile key encryption key and the profile initialization vector, the credential further includes a credential initialization vector, decrypting the encrypted credential public key includes decrypting the encrypted credential public key with the decrypted credential public key encryption key and the credential initialization vector, and the multiple-level access level is lower than the multiple-level access identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of securing an object at an access level includes selecting a profile for a user, including a credential having an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. A working key is generated by binding a domain value with a random value. The object is encrypted with the working key. A random value encryption key is generated based on the shared value by decrypting the credential public key encryption key with the profile key encryption key, decrypting the credential public key with the credential public key encryption key, generating an ephemeral key pair, and generating a shared value based on the ephemeral private key and the credential public key. The random value is encrypted with the random value encryption key, and the encrypted object, the ephemeral public key, and the encrypted random value are provided for an authorized recipient.
86 Citations
6 Claims
-
1. In a multi-level access system, a method of securing an object at a multiple-level access level, comprising:
-
receiving from a user, a profile key encryption key corresponding to the multiple-level access level;
selecting an object to secure;
selecting a profile associated with the user, wherein the profile includes a domain value, an encrypted profile encryption key, and a credential, wherein the credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier;
selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier;
generating a working key, including generating a random value, and binding at least the domain value and the random value together to form the working key;
encrypting the object with the working key;
generating a random value encryption key, including decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value;
encrypting the random value with at least the random value encryption key; and
providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient;
wherein the profile further includes a profile initialization vector, decrypting the encrypted credential public key encryption key includes decrypting the encrypted credential public key encryption key with the profile key encryption key and the profile initialization vector, the credential further includes a credential initialization vector, decrypting the encrypted credential public key includes decrypting the encrypted credential public key with the decrypted credential public key encryption key and the credential initialization vector, and the multiple-level access level is lower than the multiple-level access identifier. - View Dependent Claims (2, 3)
-
-
4. In a multi-level access system, a method of securing an object at a multiple-level access level, comprising:
-
receiving, from a user, a profile key encryption key corresponding to the multiple-level access level;
selecting an object to secure;
selecting a profile associated with the user, wherein the profile includes a domain value, an encrypted profile encryption key, and a credential, wherein the credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier;
selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier;
generating a working key, including generating a random value, and binding at least the domain value and the random value together to form the working key;
encrypting the object with the working key;
generating a random value encryption key, including decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value;
encrypting the random value with at least the random value encryption key; and
providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient;
wherein the profile further includes a profile initialization vector, decrypting the encrypted credential public key encryption key includes decrypting the encrypted credential public key encryption key with the profile key encryption key and the profile initialization vector, the credential further includes a credential initialization vector, decrypting the encrypted credential public key includes decrypting the encrypted credential public key with the decrypted credential public key encryption key and the credential initialization vector, and the multiple-level access level is higher than the multiple-level access identifier. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTecSec, Incorporated
-
Original AssigneeTecSec, Incorporated
-
InventorsScheidt, Edward M., Domangue, Ersin
-
Primary Examiner(s)Jean, Frantz B.
-
Assistant Examiner(s)Arani, Taghi T.
-
Application NumberUS10/060,011Time in Patent Office874 DaysField of Search713/201-202, 713/166, 713/184-187, 380/286, 380/277, 380/30US Class Current713/166CPC Class CodesG06F 21/31 User authenticationG06F 21/6218 to a system of files or obj...G06F 21/6245 Protecting personal data, e...G06F 2221/2113 Multi-level security, e.g. ...G06Q 20/3674 involving authenticationG06Q 20/3829 involving key managementH04L 2463/062 applying encryption of the ...H04L 63/0428 wherein the data content is...H04L 63/062 for key distribution, e.g. ...H04L 63/068 using time-dependent keys, ...H04L 63/083 using passwords cryptograph...H04L 63/105 Multiple levels of securityH04L 9/083 involving central third par...H04L 9/32 including means for verifyi...
