Cross domain discovery

US 8,874,929 B2
Filed: 10/27/2009
Issued: 10/28/2014
Est. Priority Date: 10/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for searching, comprising:

uploading an object into a cross domain discovery system that includes a plurality of user service components;

generating a composite object structure of the uploaded object by one of the user service components, the composite object structure including an object identification that is a random number;

detecting an object identification collision by the one of the user service components and generating a new object identification of the composite object structure;

storing, by an object service component, first keywords in association with a first entity of the object, and second keywords in association with a second entity of the object by a search service component, the first entity having a first restriction level and the second entity having a second restriction level, one of the first and second entities is an existing entity that has at least information of a person to contact for the object, wherein storing the first keywords and second keywords further comprises;

encrypting the first entity using a first symmetric key;

storing the encrypted first entity in the object service component;

encrypting the second entity using a second symmetric key;

storing the encrypted second entity in the object service component;

obtaining the first symmetric key and the second symmetric key in association with the object;

splitting the first symmetric key into a first key split and a second key split; and

splitting the second symmetric key into a third key split and a forth key split;

determining a search request having the first restriction level matching the first keywords by the search service component; and

responding to the search request with the first entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the disclosure provide methods and systems for cross domain discovery. According to the disclosure, an object can include multiple entities defined by an originator. The multiple entities have different scopes corresponding to different access restrictions. Further, the originator defines keywords for each of the multiple entities. A system for cross domain discovery stores the multiple entities in an object service component, and stores the keywords and access restrictions in a search service component. The search service component conducts a search based on the keywords and access restrictions in response to a search request from a user. An entity is provided to the user based on the user'"'"'s credential and the searching.

Citations

16 Claims

1. A method for searching, comprising:
- uploading an object into a cross domain discovery system that includes a plurality of user service components;
  
  generating a composite object structure of the uploaded object by one of the user service components, the composite object structure including an object identification that is a random number;
  
  detecting an object identification collision by the one of the user service components and generating a new object identification of the composite object structure;
  
  storing, by an object service component, first keywords in association with a first entity of the object, and second keywords in association with a second entity of the object by a search service component, the first entity having a first restriction level and the second entity having a second restriction level, one of the first and second entities is an existing entity that has at least information of a person to contact for the object, wherein storing the first keywords and second keywords further comprises;
  
  encrypting the first entity using a first symmetric key;
  
  storing the encrypted first entity in the object service component;
  
  encrypting the second entity using a second symmetric key;
  
  storing the encrypted second entity in the object service component;
  
  obtaining the first symmetric key and the second symmetric key in association with the object;
  
  splitting the first symmetric key into a first key split and a second key split; and
  
  splitting the second symmetric key into a third key split and a forth key split;
  
  determining a search request having the first restriction level matching the first keywords by the search service component; and
  
  responding to the search request with the first entity.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein storing the first keywords in association with the first entity and the second keywords in association with the second entity by the search service further comprises:
    - storing the first keywords and the second keywords in a hash table.
  - 3. The method of claim 1, further comprising:
    - determining the search request being authorized by a policy service component.
  - 4. The method of claim 1, further comprising:
    - determining the search request having the first restriction level based on a credential of an originator of the search request.
  - 5. The method of claim 1, wherein responding to the search request with the first entity further comprises:
    - creating a hit entry including a reference to the object stored in an object service component.

6. A method for searching, comprising:
- uploading an object into a cross domain discovery system that includes a plurality of user service components;
  
  generating a composite object structure of the uploaded object by one of the user service components, the composite object structure including an object identification that is a random number;
  
  detecting an object identification collision by the one of the user service components and generating a new object identification of the composite object structure;
  
  storing the object, by an object service component, having a first entity with a first restriction level and a second entity with a second restriction level in the object service component, one of the first and second entities is an existing entity that has at least information of a person to contact for the object, wherein storing the object further comprises;
  
  encrypting the first entity using a first symmetric key;
  
  storing the encrypted first entity in the object service component;
  
  encrypting the second entity using a second symmetric key;
  
  storing the encrypted second entity in the object service component;
  
  obtaining the first symmetric key and the second symmetric key in association with the object;
  
  splitting the first symmetric key into a first key split and a second key split; and
  
  splitting the second symmetric key into a third key split and a forth key split;
  
  transmitting first keywords in association with the first entity and second keywords in association with the second entity to a search service component, wherein the search service component stores the first keywords and the second keywords, determines a search request having the first restriction level matching the first keywords and creates a hit entry including a reference to the first entity stored in the object service component.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, further comprising:
    - encrypting the first key split and the third key split using a public key of a first asymmetric key pair belonging to the object service component; and
      
      encrypting the second key split and the fourth key split using a public key of a second asymmetric key pair belonging to the policy service.
  - 8. The method of claim 7, further comprising:
    - transmitting the encrypted first key split, the encrypted second key split, the encrypted third key split and the encrypted fourth key split to the search service component; and
      
      deleting the first key split, the second key split, the third key split and the fourth key split.
  - 9. The method of claim 7, further comprising:
    - decrypting the encrypted first key split using a private key of the first asymmetric key pair belonging to the object service component.
  - 10. The method of claim 7, further comprising:
    - receiving a re-encrypted second key split, wherein the re-encrypted second keysplit is generated by decrypting the encrypted second key split using a private key of the second asymmetric key pair belonging to the policy service, and re-encrypting the second key split using the public key of the first asymmetric key pair belonging to the object service component; and
      
      decrypting the re-encrypted second key split using a private key of the first asymmetric key pair belonging to the object service component.
  - 11. The method of claim 10, further comprising:
    - combining the decrypted first key split and the decrypted second key split to recover the first symmetric key; and
      
      decrypting the encrypted first entity using the recovered first symmetric key.

12. A system for cross domain discovery, comprising:
- a microprocessor configured to execute instructions of the user service component of the system;
  
  a plurality of user service components of the system, an object being uploaded into the system, each of user service components configured to generate a composite object structure of the uploaded object, the composite object structure including an object identification that is a random number, to detect an object identification collision, and to generate a new object identification of the composite object structure;
  
  an object service component configured to store an object having a first entity with a first restriction level and a second entity with a second restriction level, one of the first and second entities is an existing entity that has at least information of a person to contact for the object;
  
  a search service component configured to store first keywords in association with the first entity, and second keywords in association with the second entity, determine a search request having the first restriction level matching the first keywords, and respond to the search request with the first entity stored in the object service component;
  
  a policy service component configured to authorize the search request; and
  
  a key service component configured to generate a first symmetric key and a second symmetric key in association with the object, whereinthe object service component is further configured toencrypt the first entity using the first symmetric key;
  
  encrypt the second entity using the second symmetric key;
  
  split the first symmetric key into a first key split and a second key split; and
  
  split the second symmetric key into a third key split and a forth key split;
  
  encrypt the first key split and the third key split using a public key of a first symmetric key pair belonging to the object service component, andencrypt the second key split and the forth key split using a public key of a second asymmetric key pair belonging to the policy service.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, wherein the search service component further comprises:
    - a hash table configured to store at least one of the first keywords and the second keywords.
  - 14. The system of claim 12, wherein each service component is further configured to receive the search request from a user, and associate a credential of the user with the search request.
  - 15. The system of claim 12, wherein the object service component is configured totransmit the encrypted first key split, the encrypted second key split, the encrypted third key split and the encrypted fourth key split to the search service component;
    - anddelete the first key split, the second key split, the third key split and the fourth key split.
  - 16. The system of claim 12, wherein the object service component is further configured todecrypt the encrypted first key split using a private key of the first asymmetric key pair belonging to the object service component,receive a re-encrypted second key split, wherein the re-encrypted second key split is generated by decrypting the encrypted second key split using a private key of the second asymmetric key pair belonging to the policy service, and re-encrypting the second key split using the public key of the first asymmetric key pair belonging to the object service component,decrypt the re-encrypted second key split using the private key of the first asymmetric key pair belonging to the object service component,combine the decrypted first key split and the decrypted second key split to recover tile first symmetric key, anddecrypt the encrypted first entity using the recovered first symmetric key. and re-encrypting the second key split using the public key of the first asymmetric key pair belonging to the object service component,decrypt the re-encrypted second key split using the private key of the first asymmetric key pair belonging to the object service component,combine the decrypted first key split and the decrypted second key split to recover tile first symmetric key, anddecrypt the encrypted first entity using the recovered first symmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
Fastring, Richard Arthur
Primary Examiner(s)
Lagor, Alexander

Application Number

US12/588,756
Publication Number

US 20110099203A1
Time in Patent Office

1,827 Days
Field of Search

None
US Class Current

713/189
CPC Class Codes

G06F 16/289   Object oriented databases

G06F 16/5838   using colour

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

Cross domain discovery

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Cross domain discovery

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links