Method for providing secure access to information held in a shared repository
First Claim
Patent Images
1. A method for providing secure access to information held in a shared repository, comprising the steps of:
- storing, on a data server, information provided by a data owner;
providing, to the data owner, a data owner public key and a data owner private key, the data owner public key and the data owner private key being a first key pair of a public-key cryptography system;
providing the data owner public key to the data server;
providing, to a data user, a data user public key and a data user private key, the data user public key and the data user private key being a second key pair of the public-key cryptography system;
providing the data user public key to the data server;
sending the data user public key from the data user to the data owner;
combining, by the data owner, the data user public key and a sequence number, to provide a combination;
encrypting the combination by the data owner, using the data owner private key, to provide an encrypted combination;
sending, by the data owner to the data server, the encrypted combination and a command that gives the data server permission to transfer the information to the data user;
decrypting the encrypted combination, using the data owner public key, to provide a decrypted combination;
parsing the decrypted combination to provide a check word and a check number;
comparing the check word and the data user public key;
comparing the check number and an expected sequence number;
if the step of comparing the check word and the data user public key indicates that the check word end the data user public key match, and further if the step of comparing the check number and an expected sequence number indicates that the check number and the expected sequence number match, recording permission to transfer the information in an access list;
encrypting the data owner public key, by the data user, using the data user private key, to provide an encrypted data owner public key;
sending, from the data user to the data server, the encrypted data owner public key and a request to transfer the information to the data user;
decrypting the encrypted data owner public key, using the data user public key, to provide a second check word;
comparing the second check word and the data owner public key;
if the step of comparing the second check word and the data owner public key indicates that the second check word and the data owner public key match, checking the access list to determine whether the data server has permission to transfer the information; and
,if the data server has permission, transferring the information from the data server to the data user.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for providing secure access to information held in a shared repository, for example to electronic business cards stored on a server. A data owner registers with the server and provides information to be shared with selected data users. The server returns public-key cryptography keys. To access the information, a data user sends its public key to the data owner. The data owner encrypts the public key using the data owner private key, and sends the result to the server, along with permission to transfer information to the data user. The server decrypts the received result using the data owner public key, and compares the outcome with the data user public key. If they match, the server records permission on an access list. In response to a request for information the server checks the access list to determine whether the data user has permission. If so, the server encrypts the information using the data user public key, and transfers the result to the data user.
-
Citations
2 Claims
-
1. A method for providing secure access to information held in a shared repository, comprising the steps of:
-
storing, on a data server, information provided by a data owner; providing, to the data owner, a data owner public key and a data owner private key, the data owner public key and the data owner private key being a first key pair of a public-key cryptography system; providing the data owner public key to the data server; providing, to a data user, a data user public key and a data user private key, the data user public key and the data user private key being a second key pair of the public-key cryptography system; providing the data user public key to the data server; sending the data user public key from the data user to the data owner; combining, by the data owner, the data user public key and a sequence number, to provide a combination; encrypting the combination by the data owner, using the data owner private key, to provide an encrypted combination; sending, by the data owner to the data server, the encrypted combination and a command that gives the data server permission to transfer the information to the data user; decrypting the encrypted combination, using the data owner public key, to provide a decrypted combination; parsing the decrypted combination to provide a check word and a check number; comparing the check word and the data user public key; comparing the check number and an expected sequence number; if the step of comparing the check word and the data user public key indicates that the check word end the data user public key match, and further if the step of comparing the check number and an expected sequence number indicates that the check number and the expected sequence number match, recording permission to transfer the information in an access list; encrypting the data owner public key, by the data user, using the data user private key, to provide an encrypted data owner public key; sending, from the data user to the data server, the encrypted data owner public key and a request to transfer the information to the data user; decrypting the encrypted data owner public key, using the data user public key, to provide a second check word; comparing the second check word and the data owner public key; if the step of comparing the second check word and the data owner public key indicates that the second check word and the data owner public key match, checking the access list to determine whether the data server has permission to transfer the information; and
,if the data server has permission, transferring the information from the data server to the data user. - View Dependent Claims (2)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsTrevathan, Matthew Bunkley, Richards, Patrick James Jr.
-
Primary Examiner(s)PYZOCHA, MICHAEL J
-
Assistant Examiner(s)Schubert; Kevin
-
Application NumberUS11/358,812Publication NumberTime in Patent Office413 DaysField of Search713/182, 713/184, 713/185US Class Current713/185CPC Class CodesG06F 21/6218 to a system of files or obj...H04L 63/0442 wherein the sending and rec...H04L 63/062 for key distribution, e.g. ...H04L 63/101 Access control lists [ACL]H04L 9/0825 using asymmetric-key encryp...H04L 9/32 including means for verifyi...
