Distributed scalable cryptographic access control

US 7,509,492 B2
Filed: 03/27/2002
Issued: 03/24/2009
Est. Priority Date: 03/27/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method comprising:

receiving a first resource identification of a first resource to be published, and first peer system identifications of a first plurality of peer systems within a peer-to-peer network to be granted access to said first resource after its publication;

generating a first resource key for use to encrypt the first resource;

obtaining a plurality of first encryption public keys of said first peer systems to be granted access to said first resource after its publication;

such that an encryption public key isobtained from each of the first peer systems within the peer-to-peer network;

generating a first resource key file for said first resource by;

determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and

generating an entry for each of the omitted peer systems within the peer-to-peer network by individually including within the resource key file an entry associated with each of the omitted peer systems within the peer-to-peer network using a retrieved first encryption public key associated with each of the omitted peer systems; and

publishing the first resource encrypted with said first resource key, along with said first resource key file, for selective access by said first plurality of peer systems such that a resource key file that includes a plurality of resource keys that are each individually associated with a peer system within a peer-to-peer network is published.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.

Citations

102 Claims

1. A computer implemented method comprising:
- receiving a first resource identification of a first resource to be published, and first peer system identifications of a first plurality of peer systems within a peer-to-peer network to be granted access to said first resource after its publication;
  
  generating a first resource key for use to encrypt the first resource;
  
  obtaining a plurality of first encryption public keys of said first peer systems to be granted access to said first resource after its publication;
  
  such that an encryption public key isobtained from each of the first peer systems within the peer-to-peer network;
  
  generating a first resource key file for said first resource by;
  
  determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and
  
  generating an entry for each of the omitted peer systems within the peer-to-peer network by individually including within the resource key file an entry associated with each of the omitted peer systems within the peer-to-peer network using a retrieved first encryption public key associated with each of the omitted peer systems; and
  
  publishing the first resource encrypted with said first resource key, along with said first resource key file, for selective access by said first plurality of peer systems such that a resource key file that includes a plurality of resource keys that are each individually associated with a peer system within a peer-to-peer network is published.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 2. The method of claim 1, wherein said first peer system identifications of said first plurality of peer systems to be granted access to said first resource after its publication comprise a first peer system identification individually identifying a first of said first plurality of peer systems.
  - 3. The method of claim 2, wherein said first of said first plurality of peer systems is a user peer system.
  - 4. The method of claim 2, wherein said first of said first plurality of peer systems is a gateway separating an internal network and external networks.
  - 5. The method of claim 2, wherein said first of said first plurality of peer systems comprises a search engine.
  - 6. The method of claim 1, wherein said first peer system identifications of said first plurality of peer systems to be granted access to said first resource after its publication comprise a first group identification collectively identifying a first subset of said first plurality of peer systems.
  - 7. The method of claim 6, wherein said first group identification comprises a first peer system identification individually identifying a first of said first plurality of peer systems.
  - 8. The method of claim 6, wherein said first group identification comprises a second group identification collectively identifying a second subset of said first subset of peer systems.
  - 9. The method of claim 8, wherein said second group identification comprises said first group identification.
  - 10. The method of claim 9, wherein said second subset of said first subset of peer systems comprises peer systems of one user.
  - 11. The method of claim 1, wherein said first resource key is randomly generated.
  - 12. The method of claim 1, wherein said first resource key is a symmetric encryption key.
  - 13. The method of claim 1, wherein said first resource key is deterministically generated from a seed.
  - 14. The method of claim 13, wherein said deterministic generation of said first resource key comprises randomly generating and saving a seed value;
    - initializing one or more operational constants to one or more integer values; and
      
      applying one or more one way hash functions to the seed value for one or more series of times in view of the one or more operational constants to generate or contribute to the generation of the first resource key.
  - 15. The method of claim 14, wherein said initializing comprises initializing a first operational constant to an integer value N;
    - and said applying comprises applying a first one way hash function to the seed value for a first series of times denoted by the first operational constant.
  - 16. The method of claim 14, wherein said initializing comprises initializing at least a first and a second operational constant to a first and a second integer values N1 and N2, that functionally map to a third integer value N;
    - and said applying comprises applying a first one way hash function to the seed value for a first series of times in view of the first operational constant, and applying said first and a second one way hash function to said seed value for a second and a third series of times in view of said first and second operational constants.
  - 17. The method of claim 1, wherein said obtaining of first encryption public keys of said first plurality of peer systems to be granted access to said first resource after its publication comprises accessing first client key files of said first plurality of peer systems.
  - 18. The method of claim 17, wherein said accessing of first client key files of said first plurality of peer systems comprises accessing a first client key file of a first of said first plurality of peer systems.
  - 19. The method of claim 17, wherein said accessing of first client key files of said first plurality of peer systems comprises accessing a first client key file of a first group of said first plurality of peer systems.
  - 20. The method of claim 1, wherein said generating of a first resource key file for said first resource, including generating for said first plurality of peer systems to be granted access to said first resource after publication, entries of said first resource key of the first resource encrypted using the retrieved first encryption public keys of the first plurality of peer systems to be granted access to said first resource after publication comprises generating a first entry of said first resource key of the first resource encrypted using a first of the retrieved first encryption public keys corresponding to a first of the first plurality of peer systems.
  - 21. The method of claim 20, wherein said first of said first plurality of peer systems is a user peer system.
  - 22. The method of claim 20, wherein said first of said first plurality of peer systems is a gateway separating an internal network and external networks.
  - 23. The method of claim 20, wherein said first of said first plurality of peer systems comprises a search engine.
  - 24. The method of claim 1, wherein said generating of a first resource key file for said first resource, including generating for said first plurality of peer systems to be granted access to said first resource after publication, entries of said first resource key of the first resource encrypted using the retrieved first encryption public keys of the first plurality of peer systems to be granted access to said first resource after publication comprises generating a first entry of said first resource key of the first resource encrypted using a first of the retrieved first encryption public keys corresponding to a first group of the first plurality of peer systems.
  - 25. The method of claim 1, wherein at least one of said generations of encrypted resource keys comprises encrypting the encrypted resource key one or more further times with a password.
  - 26. The method of claim 1, wherein said publishing of the first resource comprises notifying a resource locator server of the availability of the first resource and the associated first resource key file for access by authorized grantee systems including providing said resource locator server with said first resource identification of the first resource and a second resource identification identifying the associated first resource key file.
  - 27. The method of claim 1, wherein said generating of the first resource key file further comprises generating an entry of an obfuscated identification of the first resource encrypted using the first resource key;
    - and said publishing of the first resource comprises notifying a resource locator server of the availability of the first resource and the associated first resource key file for access by authorized grantee systems including providing said resource locator server with a first obfuscated identification of the first resource and a second resource identification identifying the associated first resource key file.
  - 28. The method of claim 1, wherein the method further comprises generating a first access control list for the first resource including said first peer system identifications of said first plurality of peer systems, and said first resource key.
  - 29. The method of claim 1, wherein the method further comprises receiving from a peer system a request for the first resource key file of the first resource;
    - and providing in response to the requesting peer system said first resource key file of the first resource.
  - 30. The method of claim 1, wherein the method further comprises receiving from a peer system a request for the first resource, with the first resource being referenced by said first resource identification;
    - and providing in response to the requesting peer system said first resource in an encrypted form, said first resource being published under said first resource identification.
  - 31. The method of claim 1, wherein the method further comprises receiving from a peer system a request for the first resource, with the first resource being referenced by said first resource identification;
    - and providing in response to the requesting peer system said first resource key file of the first resource, said first resource being published under a first obfuscated identification.
  - 32. The method of claim 1, wherein the method further comprises receiving from a peer system a request for the first resource, with the first resource being referenced by a first obfuscated identification under which the first resource is published;
    - and providing in response to the requesting peer system said first resource in an encrypted form.
  - 33. The method of claim 1, wherein the method further comprises encrypting said first resource using said first resource key.
  - 34. The method of claim 1, wherein said first resource is a selected one of a directory, a sub-directory, a data file and an executable.
  - 35. The method of claim 1, wherein said first resource is a selected one of a directory and a sub-directory, and the method further comprises receiving from a peer system a request for a second resource that is a member of the first directory/sub-directory resource;
    - and providing in response to the requesting peer system the requested second resource encrypted using said first resource key of the first resource, said second resource not having an associated resource key file, and said first resource being the closest ancestor resource having an associated resource key file.
  - 36. The method of claim 1, wherein said first resource is a selected one of a directory and a sub-directory, and the method further comprises receiving a second resource identification of a second resource to be published, and second peer system identifications of a second plurality of peer systems to be granted access to said second resource after its publication, said second resource being a member of said first directory/sub-directory resource;
    - generating a second resource key for use to encrypt the second resource;
      
      obtaining second encryption public keys of said second peer systems to be granted access to said second resource after its publication;
      
      generating a second resource key file for said second resource, including generating for said second peer systems to be granted access to said second resource after publication, entries of said second resource key of the second resource encrypted using said retrieved second encryption public keys of said second plurality of peer systems to be granted access to said second resource after publication; and
      
      publishing the second resource, along with said second resource key file, for selective access by said second plurality of peer systems.
  - 37. The method of claim 36, wherein the method further comprises receiving from a peer system a request for the second resource key file of the second resource;
    - and providing in response to the requesting peer system said second resource key file of the second resource.
  - 38. The method of claim 36, wherein the method further comprises receiving from a peer system a request for the second resource, with the second resource being correctly referenced;
    - and providing in response to the requesting peer system said second resource encrypted using said second resource key.
  - 39. The method of claim 1, wherein the method further comprises generating a selected one of a first signature and a first hash value of the first resource for a first peer system using a first signing private key of the first peer system;
    - and adding said selected one of the first signature and the first hash value to said first resource key file.
  - 40. The method of claim 39, wherein the method further comprises encrypting said selected one of the first signature and the first hash value using said first resource key of the first resource;
    - and said adding comprises adding said encrypted selected one of the first signature and the hash value to said first resource key file.
  - 41. The method of claim 1, wherein the method further comprises generating a selected one of a first signature and a first hash value of a second resource, descendant of said first resource, for a first peer system using a first signing private key of the first peer system;
    - and adding said selected one of the first signature and the first hash value to said first resource key file.
  - 42. The method of claim 41, wherein the method further comprises encrypting said selected one of the first signature and the first hash value using said first resource key of the first resource;
    - and said adding comprises adding said encrypted selected one of the first signature and the first hash value to said first resource key file.

43. A computer implemented method for generating a resource key file for a resource to be published in an encrypted form, the method comprising:
- obtaining encryption public keys of a plurality of peer systems within a peer-to-peer network to be granted access to said resource after its publication in said encrypted form; and
  
  generating a plurality of encrypted resource key entries by;
  
  determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and
  
  generating an entry for each of the omitted peer systems within the peer-to-peer network by encrypting a resource key of said resource encrypted using corresponding ones of said obtained encryption public keys of said omitted peer systems;
  
  such that an encryption public key is obtained from each of the first peer systems within the peer-to-peer network and is included within the resource key.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
- - 44. The method of claim 43, wherein said plurality of peer systems comprise a user peer system.
  - 45. The method of claim 43, wherein said plurality of peer systems comprise a gateway separating an internal network and external networks.
  - 46. The method of claim 43, wherein said plurality of peer systems comprise a search engine.
  - 47. The method of claim 43, wherein said obtained encryption public keys comprise a group encryption public key for a subset of said plurality of peer systems which are members of a group.
  - 48. The method of claim 43, wherein the method further comprises generating a selected of a signature and a hash value of the resource for a peer system using a signing private key of the peer system;
    - and adding said selected on of said signature and said hash value to said resource key file.
  - 49. The method of claim 48, wherein the method further comprises the method further comprises encrypting said selected one of the signature and the hash value using said resource key of the resource;
    - and said adding comprises adding said encrypted selected one of the signature and the hash value to said resource key file.
  - 50. The method of claim 43, wherein the method further comprises generating a selected one of a signature and a hash value of a descendant resource of said resource for a peer system using a signing private key of the peer system;
    - adding said selected one of said signature and said hash value to said resource key file.
  - 51. The method of claim 50, wherein the method further comprises the method further comprises encrypting said selected one of the signature and the hash value using said resource key of the resource;
    - and said adding comprises adding said encrypted selected one of the signature and the hash value to said resource key file.

52. A peer system comprising:
- storage medium having stored therein a plurality of programming instructions designed to;
  
  enable the peer system to receive a first resource identification of a first resource to be published, and first peer system identifications of a first plurality of other peer systems within a peer-to-peer network to be granted access to said first resource after its publication,generate a first resource key for use to encrypt the first resource;
  
  obtain first encryption public keys of said first plurality of other peer systems to be granted access to said first resource after its publication;
  
  such that an encryption public key is obtained from each of the first peer systems within the peer-to-peer network,generate a first resource key file for said first resource by;
  
  determine an omitted peer system within the peer-to-peer network by determining one of the plurality of first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not yet been generated; and
  
  generate an entry for the omitted peer system within the peer-to-peer network by including within the resource key file an entry associated with the omitted peer system within the peer-to-peer network using a retrieved first encryption public key associated with the omitted peer system;
  
  repeat the process of determining an omitted peer system within the peer-to-peer network and generating an entry for each of the omitted peer system within the peer-to-peer network until an entry has been generated for each of the plurality of first peer systems to be granted access to said resource after its publication; and
  
  publish the first resource encrypted with said first resource key, along with said first resource key file, for selective access by said first plurality of other peer systems; and
  
  a processor coupled to the storage medium to execute the programming instructions.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93)
- - 53. The peer system of claim 52, wherein said first peer system identifications of said first plurality of other peer systems to be granted access to said first resource after its publication comprise a first peer system identification individually identifying a first of said first plurality of other peer systems.
  - 54. The peer system of claim 53, wherein said first of said first plurality of other peer systems is a user peer system.
  - 55. The peer system of claim 53, wherein said first of said first plurality of other peer systems is a gateway separating an internal network and external networks.
  - 56. The peer system of claim 53, wherein said first of said first plurality of other peer systems comprises a search engine.
  - 57. The peer system of claim 52, wherein said first peer system identifications of said first plurality of peer systems to be granted access to said first resource after its publication comprise a first group identification collectively identifying a first subset of said first plurality of other peer systems.
  - 58. The peer system of claim 57, wherein said first group identification comprises a first peer system identification individually identifying a first of said first plurality of other peer systems.
  - 59. The peer system of claim 57, wherein said first group identification comprises a second group identification collectively identifying a second subset of said first subset of peer systems.
  - 60. The peer system of claim 59, wherein said second group identification comprises said first group identification.
  - 61. The peer system of claim 60, wherein said second subset of said first subset of peer systems comprises peer systems of one user.
  - 62. The peer system of claim 52, wherein said first resource key is randomly generated.
  - 63. The peer system of claim 52, wherein said first resource key is a symmetric encryption key.
  - 64. The peer system of claim 52, wherein said first resource key is deterministically generated from a seed.
  - 65. The peer system of claim 64, wherein said programming instructions are designed to enable the peer system to perform said deterministic generation of said first resource key by randomly generating and saving a seed value;
    - initializing one or more operational constants to one or more integer values; and
      
      applying one or more one way hash functions to the seed value for one or more series of times in view of the one or more operational constants to generate or contribute to the generation of the first resource key.
  - 66. The peer system of claim 65, wherein said programming instructions are designed to enable the peer system to perform said initializing by initializing a first operational constant to an integer value N;
    - and said applying by applying a first one way hash function to the seed value for a first series of times denoted by the first operational constant.
  - 67. The peer system of claim 65, wherein said programming instructions are designed to enable the peer system to perform said initializing by initializing at least a first and a second operational constant to a first and a second integer values N1 and N2, that functionally map to a third integer value N;
    - and said applying by applying a first one way hash function to the seed value for a first series of times in view of the first operational constant, and applying said first and a second one way hash function to said seed value for a second and a third series of times in view of said first and second operational constants.
  - 68. The peers system of claim 52, wherein said programming instructions are designed to enable the peer system to perform said obtaining of first encryption public keys of said first plurality of other peer systems to be granted access to said first resource after its publication by accessing first client key files of said first plurality of other peer systems.
  - 69. The peer system of claim 68, wherein said programming instructions are designed to enable the peer system to perform said accessing of first client key files of said first plurality of other peer systems by accessing a first client key file of a first of said first plurality of other peer systems.
  - 70. The peer system of claim 68, wherein said programming instructions are designed to enable the peer system to perform said accessing of first client key files of said first plurality of other peer systems by accessing a first client key file of a first group of said first plurality of other peer systems.
  - 71. The peer system of claim 52, wherein said programming instructions are designed to enable the peer system to perform said generating of a first resource key file for said first resource, including generating for said first plurality of other peer systems to be granted access to said first resource after publication, entries of said first resource key of the first resource encrypted using the retrieved first encryption public keys of the first plurality of other peer systems to be granted access to said first resource after publication by generating a first entry of said first resource key of the first resource encrypted using a first of the retrieved first encryption public keys corresponding to a first of the first plurality of other peer systems.
  - 72. The peer system of claim 71, wherein said first of said first plurality of other peer systems is a user peer system.
  - 73. The peer system of claim 71, wherein said first of said first plurality of other peer systems is a gateway separating an internal network and external networks.
  - 74. The peer system of claim 71, wherein said first of said first plurality of other peer systems comprises a search engine.
  - 75. The peer system of claim 72, wherein said programming instructions are designed to enable the peer system to perform said generating of a first resource key file for said first resource, including generating for said first plurality of other peer systems to be granted access to said first resource after publication, entries of said first resource key of the first resource encrypted using the retrieved first encryption public keys of the first plurality of other peer systems to be granted access to said first resource after publication by generating a first entry of said first resource key of the first resource encrypted using a first of the retrieved first encryption public keys corresponding to a first group of the first plurality of other peer systems.
  - 76. The peer system of claim 52, wherein said programming instructions are designed to enable the peer system to perform at least one of said generations of encrypted resource keys by encrypting the encrypted resource key one or more further times with a password.
  - 77. The peer system of claim 52, wherein said programming instructions are designed to enable the peer system to perform said publishing of the first resource by notifying a resource locator server of the availability of the first resource and the associated first resource key file for access by authorized grantee systems including providing said resource locator server with said first resource identification of the first resource and a second resource identification identifying the associated first resource key file.
  - 78. The peer system of claim 52, wherein said programming instructions are designed to enable the peer system to perform said generating of the first resource key file by further generating an entry of an obfuscated identification of the first resource encrypted using the first resource key;
    - and said publishing of the first resource by notifying a resource locator server of the availability of the first resource and the associated first resource key file for access by authorized grantee systems including providing said resource locator server with a first obfuscated identification of the first resource and a second resource identification identifying the associated first resource key file.
  - 79. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to generate a first access control list for the first resource including said first peer system identifications of said first plurality of other peer systems, and said first resource key.
  - 80. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to receive from a first of said first plurality of other peer systems a request for the first resource key file of the first resource;
    - and provide in response to the requesting first other peer system said first resource key file of the first resource.
  - 81. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to receive from a first of said first plurality of other peer systems a request for the first resource, with the first resource being referenced by said first resource identification;
    - and provide in response to the requesting first other peer system said first resource in an encrypted form, said first resource being published under said first resource identification.
  - 82. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to receive from a first of the first plurality of other peer systems a request for the first resource, with the first resource being referenced by said first resource identification;
    - and provide in response to the requesting first other peer system said first resource key file of the first resource, said first resource being published under a first obfuscated identification.
  - 83. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to receive from a first of the first plurality of other peer systems a request for the first resource, with the first resource being referenced by a first obfuscated identification under which the first resource is published;
    - and provide in response to the requesting first other peer system said first resource in an encrypted form.
  - 84. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to encrypt said first resource using said first resource key.
  - 85. The peer system of claim 52, wherein said first resource is a selected one of a directory, a sub-directory, a data file and an executable.
  - 86. The peer system of claim 52, wherein said first resource is a selected one of a directory and a sub-directory, and said programming instructions are further designed to enable the peer system to receive from a first of the first plurality of other peer systems a request for a second resource that is a member of the first directory/sub-directory resource;
    - and provide in response to the requesting the first other peer system the requested second resource encrypted using said first resource key of the first resource, said second resource not having an associated resource key file, and said first resource being the closest ancestor resource having an associated resource key file.
  - 87. The peer system of claim 52, wherein said first resource is a selected one of a directory and a sub-directory, and said programming instructions are further designed to enable the peer system to receive a second resource identification of a second resource to be published, and second peer system identifications of a second plurality of other peer systems to be granted access to said second resource after its publication, said second resource being a member of said first directory/sub-directory resource;
    - generate a second resource key for use to encrypt the second resource;
      
      obtain second encryption public keys of said second other peer systems to be granted access to said second resource after its publication;
      
      generate a second resource key file for said second resource, including generating for said second other peer systems to be granted access to said second resource after publication, entries of said second resource key of the second resource encrypted using said retrieved second encryption public keys of said second plurality of other peer systems to be granted access to said second resource after publication; and
      
      publish the second resource, along with said second resource key file, for selective access by said second plurality of other peer systems.
  - 88. The peer system of claim 87, wherein said programming instructions are further designed to enable the peer system to receive from a first of said first plurality of other peer systems a request for the second resource key file of the second resource;
    - and provide in response to the requesting first other peer system said second resource key file of the second resource.
  - 89. The peer system of claim 87, wherein said programming instructions are further designed to enable the peer system to receive from a first of said first plurality of other peer systems a request for the second resource, with the second resource being correctly referenced;
    - and provide in response to the requesting first other peer system said second resource encrypted using said second resource key.
  - 90. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to generate a selected one of a first signature and a first hash value of the first resource for a first other peer system using a first signing private key of the first other peer system;
    - and add said selected one of the first signature and the first hash value to said first resource key file.
  - 91. The peer system of claim 90, wherein said programming instructions are further designed to enable the peer system to encrypt said selected one of the first signature and the first hash value using said first resource key of the first resource;
    - and perform said adding by adding said encrypted selected one of the first signature and the hash value to said first resource key file.
  - 92. The peer system of claim 52, wherein said programming instructions are further designed to enable the peer system to generate a selected one of a first signature and a first hash value of a second resource, descendant of said first resource, for a first other peer system using a first signing private key of the first other peer system;
    - and add said selected one of the first signature and the first hash value to said first resource key file.
  - 93. The peer system of claim 92, wherein said programming instructions are further designed to enable the peer system to encrypt said selected one of the first signature and the first hash value using said first resource key of the first resource;
    - and perform said adding by adding said encrypted selected one of the first signature and the first hash value to said first resource key file.

94. A peer system comprising:
- storage medium having stored therein a plurality of programming instructions designed to;
  
  receive from a plurality of other peer systems to be granted access to said resource a public key associated with each of the other peer systems within a peer-to-peer network;
  
  cryptographically sign each of the public keys received to generate encrypted public keys;
  
  transmit each of the cryptographically signed public keys to the system from which the were received for incorporation to a client key file that is published over the peer-to-peer network such that each of the other peer systems are registered with the peer-to-peer network;
  
  enable the peer system to obtain encryption public keys of the plurality of other peer systems to be granted access to said resource after its publication in said encrypted form;
  
  such that an encryption public key is obtained from each of the first peer systems within the peer-to-peer network, and generate a plurality of encrypted resource key entries by;
  
  determining omitted peer systems within the peer-to-peer network by determining the first peer systems within the peer-to-peer network to be granted access to said resource after publication for which an entry within the resource file key has not been generated; and
  
  generating an entry for each of the omitted peer systems within the peer- to-peer network by encrypting a resource key of said resource encrypted using corresponding ones of said obtained encryption public keys of said omitted peer systems within the peer-to-peer; and
  
  at least one processor coupled to the storage medium to execute the programming instructions.
- View Dependent Claims (95, 96, 97, 98, 99, 100, 101, 102)
- - 95. The peer system of claim 94, wherein said plurality of other peer systems comprise a user peer system.
  - 96. The peer system of claim 94, wherein said plurality of other peer systems comprise a gateway separating an internal network and external networks.
  - 97. The peer system of claim 94, wherein said plurality of other peer systems comprise a search engine.
  - 98. The peer system of claim 94, wherein said obtained encryption public keys comprise a group encryption public key for a subset of said plurality of other peer systems which are members of a group.
  - 99. The peer system of claim 94, wherein said programming instructions are further designed to enable the peer system to generate a selected of a signature and a hash value of the resource for a first of said other peer systems using a signing private key of the first other peer system;
    - and add said selected on of said signature and said hash value to said resource key file.
  - 100. The peer system of claim 99, wherein said programming instructions are further designed to enable the peer system to encrypt said selected one of the signature and the hash value using said resource key of the resource;
    - and perform said adding by adding said encrypted selected one of the signature and the hash value to said resource key file.
  - 101. The peer system of claim 94, wherein said programming instructions are further designed to enable the peer system to generate a selected one of a signature and a hash value of a descendant resource of said resource for a first of said other peer systems using a signing private key of the first other peer system;
    - and add said selected one of said signature and said hash value to said resource key file.
  - 102. The peer system of claim 101, wherein said programming instructions are further designed to enable the peer system to encrypt said selected one of the signature and the hash value using said resource key of the resource;
    - and perform said adding comprises adding said encrypted selected one of the signature and the hash value to said resource key file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Qian, Zhenyu, Boyen, Xavier, Teodosiu, Dan
Primary Examiner(s)
Tran, Tongoc

Application Number

US10/473,264
Publication Number

US 20040123104A1
Time in Patent Office

2,554 Days
Field of Search

380/30, 380/259, 380/267, 380281-285, 380/256, 713/165
US Class Current

713/165
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2463/101   applying security measures ...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/104   Grouping of entities

H04L 63/123   received data contents, e.g...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/3263   involving certificates, e.g...

Distributed scalable cryptographic access control

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

102 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed scalable cryptographic access control

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

102 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links