Distributed scalable cryptographic access control
First Claim
1. A computer implemented method comprising:
- receiving a first resource identification of a first resource to be published, and first peer system identifications of a first plurality of peer systems within a peer-to-peer network to be granted access to said first resource after its publication;
generating a first resource key for use to encrypt the first resource;
obtaining a plurality of first encryption public keys of said first peer systems to be granted access to said first resource after its publication;
such that an encryption public key isobtained from each of the first peer systems within the peer-to-peer network;
generating a first resource key file for said first resource by;
determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and
generating an entry for each of the omitted peer systems within the peer-to-peer network by individually including within the resource key file an entry associated with each of the omitted peer systems within the peer-to-peer network using a retrieved first encryption public key associated with each of the omitted peer systems; and
publishing the first resource encrypted with said first resource key, along with said first resource key file, for selective access by said first plurality of peer systems such that a resource key file that includes a plurality of resource keys that are each individually associated with a peer system within a peer-to-peer network is published.
3 Assignments
0 Petitions
Accused Products
Abstract
Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.
-
Citations
102 Claims
-
1. A computer implemented method comprising:
-
receiving a first resource identification of a first resource to be published, and first peer system identifications of a first plurality of peer systems within a peer-to-peer network to be granted access to said first resource after its publication; generating a first resource key for use to encrypt the first resource; obtaining a plurality of first encryption public keys of said first peer systems to be granted access to said first resource after its publication;
such that an encryption public key isobtained from each of the first peer systems within the peer-to-peer network; generating a first resource key file for said first resource by; determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and generating an entry for each of the omitted peer systems within the peer-to-peer network by individually including within the resource key file an entry associated with each of the omitted peer systems within the peer-to-peer network using a retrieved first encryption public key associated with each of the omitted peer systems; and publishing the first resource encrypted with said first resource key, along with said first resource key file, for selective access by said first plurality of peer systems such that a resource key file that includes a plurality of resource keys that are each individually associated with a peer system within a peer-to-peer network is published. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A computer implemented method for generating a resource key file for a resource to be published in an encrypted form, the method comprising:
-
obtaining encryption public keys of a plurality of peer systems within a peer-to-peer network to be granted access to said resource after its publication in said encrypted form; and generating a plurality of encrypted resource key entries by; determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and generating an entry for each of the omitted peer systems within the peer-to-peer network by encrypting a resource key of said resource encrypted using corresponding ones of said obtained encryption public keys of said omitted peer systems;
such that an encryption public key is obtained from each of the first peer systems within the peer-to-peer network and is included within the resource key. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A peer system comprising:
-
storage medium having stored therein a plurality of programming instructions designed to; enable the peer system to receive a first resource identification of a first resource to be published, and first peer system identifications of a first plurality of other peer systems within a peer-to-peer network to be granted access to said first resource after its publication, generate a first resource key for use to encrypt the first resource; obtain first encryption public keys of said first plurality of other peer systems to be granted access to said first resource after its publication;
such that an encryption public key is obtained from each of the first peer systems within the peer-to-peer network,generate a first resource key file for said first resource by; determine an omitted peer system within the peer-to-peer network by determining one of the plurality of first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not yet been generated; and generate an entry for the omitted peer system within the peer-to-peer network by including within the resource key file an entry associated with the omitted peer system within the peer-to-peer network using a retrieved first encryption public key associated with the omitted peer system; repeat the process of determining an omitted peer system within the peer-to-peer network and generating an entry for each of the omitted peer system within the peer-to-peer network until an entry has been generated for each of the plurality of first peer systems to be granted access to said resource after its publication; and publish the first resource encrypted with said first resource key, along with said first resource key file, for selective access by said first plurality of other peer systems; and a processor coupled to the storage medium to execute the programming instructions. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93)
-
-
94. A peer system comprising:
-
storage medium having stored therein a plurality of programming instructions designed to; receive from a plurality of other peer systems to be granted access to said resource a public key associated with each of the other peer systems within a peer-to-peer network; cryptographically sign each of the public keys received to generate encrypted public keys; transmit each of the cryptographically signed public keys to the system from which the were received for incorporation to a client key file that is published over the peer-to-peer network such that each of the other peer systems are registered with the peer-to-peer network; enable the peer system to obtain encryption public keys of the plurality of other peer systems to be granted access to said resource after its publication in said encrypted form;
such that an encryption public key is obtained from each of the first peer systems within the peer-to-peer network, and generate a plurality of encrypted resource key entries by;determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and generating an entry for each of the omitted peer systems within the peer- to-peer network by encrypting a resource key of said resource encrypted using corresponding ones of said obtained encryption public keys of said omitted peer systems within the peer-to-peer; and at least one processor coupled to the storage medium to execute the programming instructions. - View Dependent Claims (95, 96, 97, 98, 99, 100, 101, 102)
-
Specification