Controlling access to information on a network using an extended network universal resource locator
First Claim
1. A method comprising:
- receiving via a network communication, by a first network entity that controls access to stored information, a message requesting access to the stored information, wherein the message includes a first component, a second component, and a third component, wherein the first component is encrypted with a first crypto-key associated with the first network entity that can be decrypted by the first network entity, wherein the second component is encrypted with a second crypto-key associated with a second network entity that controls access to the network by a user and that can be decrypted by the first network entity, and wherein the third component is encrypted with a third crypto-key associated with a third network entity associated with a service provider that can be decrypted by the first network entity;
decrypting, by the first network entity, the received encrypted first component, the received encrypted second component, and the received encrypted third component; and
transmitting the stored information to the user based at least in part on the decrypted first component, at least in part on the decrypted second component, and at least in part on the decrypted third component of the received message requesting access to the stored information,wherein the first component includes user identity information associated with the user and integrity information corresponding to the user identity information, andwherein the third component includes relationship information indicating a relationship between the third network entity and the first network entity wherein the user identity information and the integrity information were received by the third network entity from the first network entity and (ii) indicating a relationship between the third network entity and the second network entity wherein the user identity information and the integrity information were transmitted by the third network entity to the second network entity.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for controlling access to information on a network where a first network entity receives a message requesting access to stored information via a network communication. The received message includes a first component encrypted with a first crypto-key associated with the first network entity and a second component encrypted with a second crypto-key associated with a second network entity such that both can be decrypted by the first network entity. The second network entity controls access to the network by the user. After receiving the message, the first network entity decrypts the first component and the second component and then transmits the stored information to the user based on the content of the first component and the second component.
32 Citations
23 Claims
-
1. A method comprising:
-
receiving via a network communication, by a first network entity that controls access to stored information, a message requesting access to the stored information, wherein the message includes a first component, a second component, and a third component, wherein the first component is encrypted with a first crypto-key associated with the first network entity that can be decrypted by the first network entity, wherein the second component is encrypted with a second crypto-key associated with a second network entity that controls access to the network by a user and that can be decrypted by the first network entity, and wherein the third component is encrypted with a third crypto-key associated with a third network entity associated with a service provider that can be decrypted by the first network entity; decrypting, by the first network entity, the received encrypted first component, the received encrypted second component, and the received encrypted third component; and transmitting the stored information to the user based at least in part on the decrypted first component, at least in part on the decrypted second component, and at least in part on the decrypted third component of the received message requesting access to the stored information, wherein the first component includes user identity information associated with the user and integrity information corresponding to the user identity information, and wherein the third component includes relationship information indicating a relationship between the third network entity and the first network entity wherein the user identity information and the integrity information were received by the third network entity from the first network entity and (ii) indicating a relationship between the third network entity and the second network entity wherein the user identity information and the integrity information were transmitted by the third network entity to the second network entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for providing access to information stored on a network, comprising:
-
a data store, wherein the data store contains information associated with a user; and a network device, wherein the network device is configured to; receive, via a network communication, a message requesting access to the stored information, wherein the message has an encrypted first component, an encrypted second component, and an encrypted third component, wherein the first component is encrypted with a first crypto-key associated with the first network entity that can be decrypted by the first network entity, wherein the second component is encrypted with a second crypto-key associated with a second network entity that controls access to the network by the user and that can be decrypted by the first network entity, and wherein the third component is encrypted with a third crypto-key associated with a third network entity associated with a service provider that can be decrypted by the first network entity, decrypt the received encrypted first component, the received encrypted second component, and the received encrypted third component, and transmitt the stored information to the user based at least in part on the decrypted first component, at least in part on the decrypted second component, and at least in part on the decrypted third component of the received message requesting access to the stored information, wherein the first component includes user identity information associated with the user and integrity information corresponding to the user identity information, and wherein the third component includes relationship information (i) indicating a relationship between the third network entity and the first network entity wherein the user identity information and the integrity information were received by the third network entity from the first network entity and (ii) indicating a relationship between the third network entity and the second network entity wherein the user identity information and the integrity information were transmitted by the third network entity to the second network entity. - View Dependent Claims (21, 22, 23)
-
Specification