Method for providing secure access to information held in a shared repository

US 7,698,746 B2
Filed: 09/26/2006
Issued: 04/13/2010
Est. Priority Date: 02/22/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing secure access to information held in a shared repository, comprising the steps of:

storing, on a data server, information provided by a data owner;

providing, to the data owner, a data owner public key and a data owner private key, the data owner public key and the data owner private key being a first key pair of a public-key cryptography system;

providing the data owner public key to the data server;

providing, to a data user, a data user public key and a data user private key, the data user public key and the data user private key being a second key pair of the public-key cryptography system;

providing the data user public key to the data server;

sending the data user public key from the data user to the data owner;

encrypting the data user public key by the data owner, using the data owner private key, to provide an encrypted data user public key;

sending, by the data owner to the data server, the encrypted data user public key and a command that gives the data server permission to transfer the information to the data user;

decrypting the encrypted data user public key, using the data owner public key, to provide a check word;

comparing the check word and the data user public key;

if the step of comparing the check word and the data user public key indicates that the check word and the data user public key match, recording permission to transfer the information in an access list;

encrypting the data owner public key, by the data user, using the data user private key, to provide an encrypted data owner public key;

sending, from the data user to the data server, the encrypted data owner public key and a request to transfer the information to the data user;

decrypting the encrypted data owner public key using the data user public key, to provide a second check word;

comparing the second check word and the data owner public key;

if the step of comparing the second check word and the data owner public key indicates that the second check word and the data owner public key match, checking the access list to determine whether the data server has permission to transfer the information;

if the data server has permission, transferring the information from the data server to the data user;

receiving, by the data server, a request by the data user to transfer the information to the data user;

responsive to receiving the request, checking the access list to determine whether the data server has permission to transfer the information;

if the data server has permission, encrypting the information using the data user public key to provide encrypted information; and

transferring the encrypted information to the data user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing secure access to information held in a shared repository, for example to electronic business cards stored on a server. A data owner registers with the server and provides information to be shared with selected data users. The server returns public-key cryptography keys. To access the information, a data user sends its public key to the data owner. The data owner encrypts the public key using the data owner private key, and sends the result to the server, along with permission to transfer information to the data user. The server decrypts the received result using the data owner public key, and compares the outcome with the data user public key. If they match, the server records permission on an access list. In response to a request for information the server checks the access list to determine whether the data user has permission. If so, the server encrypts the information using the data user public key, and transfers the result to the data user.

10 Citations

4 Claims

1. A method for providing secure access to information held in a shared repository, comprising the steps of:
- storing, on a data server, information provided by a data owner;
  
  providing, to the data owner, a data owner public key and a data owner private key, the data owner public key and the data owner private key being a first key pair of a public-key cryptography system;
  
  providing the data owner public key to the data server;
  
  providing, to a data user, a data user public key and a data user private key, the data user public key and the data user private key being a second key pair of the public-key cryptography system;
  
  providing the data user public key to the data server;
  
  sending the data user public key from the data user to the data owner;
  
  encrypting the data user public key by the data owner, using the data owner private key, to provide an encrypted data user public key;
  
  sending, by the data owner to the data server, the encrypted data user public key and a command that gives the data server permission to transfer the information to the data user;
  
  decrypting the encrypted data user public key, using the data owner public key, to provide a check word;
  
  comparing the check word and the data user public key;
  
  if the step of comparing the check word and the data user public key indicates that the check word and the data user public key match, recording permission to transfer the information in an access list;
  
  encrypting the data owner public key, by the data user, using the data user private key, to provide an encrypted data owner public key;
  
  sending, from the data user to the data server, the encrypted data owner public key and a request to transfer the information to the data user;
  
  decrypting the encrypted data owner public key using the data user public key, to provide a second check word;
  
  comparing the second check word and the data owner public key;
  
  if the step of comparing the second check word and the data owner public key indicates that the second check word and the data owner public key match, checking the access list to determine whether the data server has permission to transfer the information;
  
  if the data server has permission, transferring the information from the data server to the data user;
  
  receiving, by the data server, a request by the data user to transfer the information to the data user;
  
  responsive to receiving the request, checking the access list to determine whether the data server has permission to transfer the information;
  
  if the data server has permission, encrypting the information using the data user public key to provide encrypted information; and
  
  transferring the encrypted information to the data user.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the information includes an electronic business card.

3. A method for providing secure access to information held in a shared repository, comprising the steps of:
- storing, on a data server, information provided by a data owner;
  
  providing, to the data owner, a data owner public key and a data owner private key, the data owner public key and the data owner private key being a first key pair of a public-key cryptography system;
  
  providing the data owner public key to the data server;
  
  providing, to a data user, a data user public key and a data user private key, the data user public key and the data user private key being a second key pair of the public-key cryptography system;
  
  providing the data user public key to the data server;
  
  sending the data user public key from the data user to the data owner;
  
  combining, by the data owner, the data user public key and a sequence number, to provide a combination;
  
  encrypting the combination by the data owner, using the data owner private key, to provide an encrypted combination;
  
  sending, by the data owner to the data server, the encrypted combination and a command that gives the data server permission to transfer the information to the data user;
  
  decrypting the encrypted combination, using the data owner public key, to provide a decrypted combination;
  
  parsing the decrypted combination to provide a check word and a check number;
  
  comparing the check word and the data user public key;
  
  comparing the check number and an expected sequence number;
  
  if the step of comparing the check word and the data user public key indicates that the check word and the data user public key match, and further if the step of comparing the check number and an expected sequence number indicates that the check number and the expected sequence number match, recording permission to transfer the information in an access list;
  
  encrypting the data owner public key, by the data user, using the data user private key, to provide an encrypted data owner public key;
  
  sending, from the data user to the data server, the encrypted data owner public key and a request to transfer the information to the data user;
  
  decrypting the encrypted data owner public key, using the data user public key, to provide a second check word;
  
  comparing the second check word and the data owner public key;
  
  if the step of comparing the second check word and the data owner public key indicates that the second check word and the data owner public key match, checking the access list to determine whether the data server has permission to transfer the information;
  
  if the data server has permission, transferring the information from the data server to the data user;
  
  receiving, by the data server, a request by the data user to transfer the information to the data user;
  
  responsive to receiving the request, checking the access list to determine whether the data server has permission to transfer the information; and
  
  ,if the data server has permission, encrypting the information using the data user public key to provide encrypted information; and
  
  transferring the encrypted information to the data user.
- View Dependent Claims (4)
- - 4. The method of claim 3, wherein the information includes an electronic business card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Trevathan, Matthew Bunkley, Richards, Patrick James Jr.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US11/528,228
Publication Number

US 20070022302A1
Time in Patent Office

1,295 Days
Field of Search

713/185, 713/165, 726/28
US Class Current

726/28
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/101   Access control lists [ACL]

H04L 9/0825   using asymmetric-key encryp...

H04L 9/32   including means for verifyi...

Method for providing secure access to information held in a shared repository

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing secure access to information held in a shared repository

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links