Method and apparatus for managing secure collaborative transactions
First Claim
1. A computer system with an algorithm-independent architecture for providing a security service to an application, the computer system comprising:
- a plurality of algorithm-independent abstract primitive services, at least some of which can be combined to implement the security service;
a plurality of static links between the security service and one or more of the abstract primitive services which implement the security service;
a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract primitive services; and
a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services.
2 Assignments
0 Petitions
Accused Products
Abstract
Different levels of security are provided in a security system so that users can decide the security level of their own communications. Users can choose a low level of security and maintain the security overhead as low as possible. Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telespace. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called “tribes” can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides.
21 Citations
20 Claims
-
1. A computer system with an algorithm-independent architecture for providing a security service to an application, the computer system comprising:
-
a plurality of algorithm-independent abstract primitive services, at least some of which can be combined to implement the security service; a plurality of static links between the security service and one or more of the abstract primitive services which implement the security service; a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract primitive services; and a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A process of operating a computer to execute an application that invokes a security service, the process comprising:
-
creating a registry of concrete primitive services active on the computer; invoking from the application a method of an abstract security service, the method, when invoked; creating an instance of the abstract security service incorporating a concrete primitive service listed in the registry; and returning an identifier of the instance; and invoking the instance from the application based on the identifier. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A tangible computer storage medium comprising computer executable modules for providing a security service to an application, the computer executable modules comprising:
-
at least one security service module; a plurality of abstract primitive modules each for providing an algorithm-independent abstract primitive service, and each of the plurality of abstract primitive modules being linked to the security service module through a static link; a plurality of concrete primitive modules each for providing an algorithm-dependent concrete primitive service, each of the concrete primitive modules comprising an interface for dynamically linking the concrete primitive module to an abstract primitive module through a dynamic link established at runtime in order to implement the security service. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification