Privacy and security mechanism for presence systems with tuple spaces
First Claim
1. A communication system for privately and securely exchanging information about a first entity with at least one further entity, comprising:
- a presence memory to store tuples that contain said information;
a presentity to publish encrypted information about said first entity to said presence memory, wherein said information comprises a unique identifier of said presentity, said unique identifier comprising a random string concatenated to an identifier key, and wherein said presentity is enabled to;
encrypt said information with a unique key provided by said presentity to create said encrypted information;
post said encrypted information to said presence memory;
change said unique key to a new unique key at random intervals;
re-encrypt said encrypted information with said new unique key to create re-encrypted information; and
re-post said re-encrypted information to said presence memory at said random intervals, and wherein said re-encrypt and said re-post are repeated when presence information changes in presence information comprising changes in location of a user;
sensors for detecting presence of the first entity, said presentity connected to said sensors;
a watcher agent associated with said at least one further entity to post a subscribe tuple to said presence memory to initiate a subscription to said information published by said presentity via said post and said re-post;
a presentity agent associated with said first entity to return subscribe-reply messages, a first subscribe-reply message containing said unique key to subscribe said further entity to said encrypted information published by said presentity, and a second subscribe-reply message containing said new unique key to subscribe said further entity to said re-encrypted information published by said presentity; and
a watcher associated with said further entity to monitor said presence memory and decrypt said encrypted information and said re-encrypted information using said encryption key and said new unique key, respectively, and provide said information to said further entity.
28 Assignments
0 Petitions
Accused Products
Abstract
A system is provided for cycling encryption keys to prevent the guessing of encrypted presence information in a shared information space. The system of the invention prevents malicious publication of presence information and ensures that only valid presence information is published to the shared information space. A malicious subscriber is prevented from knowing that he/she has been detected while a search is underway to determine his/her identity. During such a search, authorized subscribers are shifted to a new source of presence information while the malicious subscriber remains at the previous source.
-
Citations
2 Claims
-
1. A communication system for privately and securely exchanging information about a first entity with at least one further entity, comprising:
-
a presence memory to store tuples that contain said information; a presentity to publish encrypted information about said first entity to said presence memory, wherein said information comprises a unique identifier of said presentity, said unique identifier comprising a random string concatenated to an identifier key, and wherein said presentity is enabled to; encrypt said information with a unique key provided by said presentity to create said encrypted information; post said encrypted information to said presence memory; change said unique key to a new unique key at random intervals; re-encrypt said encrypted information with said new unique key to create re-encrypted information; and re-post said re-encrypted information to said presence memory at said random intervals, and wherein said re-encrypt and said re-post are repeated when presence information changes in presence information comprising changes in location of a user; sensors for detecting presence of the first entity, said presentity connected to said sensors; a watcher agent associated with said at least one further entity to post a subscribe tuple to said presence memory to initiate a subscription to said information published by said presentity via said post and said re-post; a presentity agent associated with said first entity to return subscribe-reply messages, a first subscribe-reply message containing said unique key to subscribe said further entity to said encrypted information published by said presentity, and a second subscribe-reply message containing said new unique key to subscribe said further entity to said re-encrypted information published by said presentity; and a watcher associated with said further entity to monitor said presence memory and decrypt said encrypted information and said re-encrypted information using said encryption key and said new unique key, respectively, and provide said information to said further entity. - View Dependent Claims (2)
-
Specification