Information security architecture for remote access control using non-bidirectional protocols

US 7,458,102 B2
Filed: 08/17/2004
Issued: 11/25/2008
Est. Priority Date: 08/17/2004
Status: Active Grant

First Claim

Patent Images

1. A method of controlling distribution of electronic information to a user device through a non-bidirectional communication protocol, comprising:

retrieving, at a user device, a segment of encrypted electronic information;

first sending identification data from the user device to a gateway using the non-bidirectional communication protocol, the identification information including at least one of information associated with a user, information associated with the user device, or information associated with the segment of encrypted electronic information;

first extracting at the gateway the identification data from said first sending;

first forwarding the identification data from the gateway based on a bi-directional protocol;

retrieving an encryption key for the segment;

second forwarding a voucher to the gateway using the bi-directional protocol;

second extracting the voucher from said forwarding;

second sending the voucher to the user device using said a non-bidirectional communication protocol, the voucher including at least the encryption key associated with the segment; and

decrypting, at the user device, the segment using the encryption key for the segment.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of controlling distribution of electronic information to a device through a non-bidirectional protocol is disclosed. At a user device, a segment of encrypted electronic information is retrieved. Identification data is sent from the user device using the non-bidirectional communications protocol, where the identification information includes at least one of information associated with a user, information associated with the user device, or information associated with the segment of encrypted electronic information. A copy of an encryption key for the segment is retrieved. A voucher is forwarded to the user device using the non-bidirectional communications protocol, the voucher including at least the encryption key associated with the segment. At the user device, the segment is decrypted using the encryption key for the segment.

Citations

24 Claims

1. A method of controlling distribution of electronic information to a user device through a non-bidirectional communication protocol, comprising:
- retrieving, at a user device, a segment of encrypted electronic information;
  
  first sending identification data from the user device to a gateway using the non-bidirectional communication protocol, the identification information including at least one of information associated with a user, information associated with the user device, or information associated with the segment of encrypted electronic information;
  
  first extracting at the gateway the identification data from said first sending;
  
  first forwarding the identification data from the gateway based on a bi-directional protocol;
  
  retrieving an encryption key for the segment;
  
  second forwarding a voucher to the gateway using the bi-directional protocol;
  
  second extracting the voucher from said forwarding;
  
  second sending the voucher to the user device using said a non-bidirectional communication protocol, the voucher including at least the encryption key associated with the segment; and
  
  decrypting, at the user device, the segment using the encryption key for the segment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - encrypting, before said second forwarding, the voucher using an encryption key that is unique to at least one of the user device or the user.
  - 3. The method of claim 2, further comprising:
    - decrypting, at the user device, the voucher using the encryption key that is unique to at least one of the user device or the user, to thereby access the encryption key for the segment.
  - 4. The method of claim 1, wherein the voucher includes at least one policy constraint.
  - 5. The method of claim 1, wherein the voucher includes at least a validity period.
  - 6. The method of claim 5, wherein the voucher expires after the validity period.
  - 7. The method of claim 1, further comprising defending said encryption key at said user device.

8. A method of controlling distribution of electronic information, comprising:
- receiving identification information transmitted via a non-bidirectional communication protocol and then a bidirectional protocol, the identification information including at least information associated with a user, a user device, and a segment of encrypted electronic information;
  
  retrieving an encryption key for the segment;
  
  preparing a voucher, the voucher including at least an encryption key for decrypting the segment, and a validity period;
  
  encrypting the voucher using a key specific to at least the user device; and
  
  forwarding the voucher using the bidirectional protocol followed by the non-bidirectional communication protocol.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein said voucher is encrypted with an encryption key that is unique to at least one of a user device or a user.
  - 10. The method of claim 8, wherein the voucher includes at least one policy constraint.
  - 11. The method of claim 8, wherein the voucher includes at least a validity period.
  - 12. The method of claim 11, wherein the voucher expires after the validity period.

13. A system for controlling distribution of electronic information to a user device through a non-bidirectional communications protocol, comprising:
- said user device being configured to access a segment of encrypted electronic information and to send identification data to a gateway using the non-bidirectional communications protocol, the identification information including at least one of information associated with a user, information associated with the user device, or information associated with the segment of encrypted electronic information;
  
  a remote site including at least one server configured to retrieving a copy of an encryption key for the segment and forward a voucher to the gateway using a bidirectional communications protocol, wherein the voucher includes at least the encryption key associated with the segment;
  
  the gateway being configured to receive the identification data from the user device using the non-bidirectional protocol and forward the identification data to the remote site using the bidirectional protocol, and to receive the voucher from the remote site using the bidirectional protocol and to forward the voucher to the user device using the non-bidirectional protocol; and
  
  said user device being configured to receive said voucher and decrypt the segment using the encryption key for the segment.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, further comprising said at least one server being configured to encrypt the voucher using an encryption key that is unique to at least one of said user device or a specific user.
  - 15. The system of claim 14, further comprising said user device being configured to decrypt the voucher using the encryption key that is unique to at least one of the user device or the user, to thereby access the encryption key for the segment.
  - 16. The method of claim 13, wherein said voucher includes at least one policy constraint.
  - 17. The method of claim 13, wherein said voucher includes a validity period.
  - 18. The method of claim 17, wherein said voucher expires after the validity period.
  - 19. The system of claim 13, further comprising said user device being capable of defending said encryption key at said user device.

20. A system of controlling distribution of electronic information, comprising:
- at least one server configured to;
  
  receive identification information sent using a non-bidirectional communications protocol followed by using a bidirectional protocol, the identification information including at least information associated with a user, a user device, and a segment of encrypted electronic information;
  
  retrieve a copy of an encryption key for the segment;
  
  prepare a voucher that includes at least an encryption key for decrypting the segment and a validity period;
  
  encrypt the voucher using a key specific to at least the user device; and
  
  forward the voucher using the bidirectional protocol followed by using the non-bidirectional communications protocol.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, wherein said voucher is encrypted with an encryption key that is unique to at least one of a user device or a user.
  - 22. The method of claim 20, wherein said voucher includes at least one policy constraint.
  - 23. The method of claim 20, wherein said voucher includes a validity period.
  - 24. The method of claim 23, wherein said voucher expires after said validity period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Rogers, Allen, Norman, Timothy Neil, Hadden, Allen Douglas
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US10/919,300
Publication Number

US 20060041751A1
Time in Patent Office

1,561 Days
Field of Search

None
US Class Current

726/30
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/068   using time-dependent keys, ...

H04L 9/40   Network security protocols

Information security architecture for remote access control using non-bidirectional protocols

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Information security architecture for remote access control using non-bidirectional protocols

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links