Access control

US 9,294,447 B2
Filed: 04/18/2011
Issued: 03/22/2016
Est. Priority Date: 04/18/2011
Status: Active Grant

First Claim

Patent Images

1. A communication access control system, comprising:

a computing entity comprising a processor and memory;

at least one access control cell, implemented on the computing entity, for computing random input addresses and random output addresses upon a request of a system user;

wherein said input and output addresses are based on a cryptographic key held by a service facility associated with said at least one access control cell,wherein the at least one access control cell generates each random output address using a cryptographically secure pseudo-random number generator, and computes each random input address as a symmetrical encryption function of a corresponding random output address and an encryption key,and wherein the access control cell receives a message from a first user containing an input address and routes that message to a second users after converting the input address into the corresponding output address using the cryptography key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication access control system (100) includes at least one access control cell (160), implemented on a computing entity, for computing random input addresses (205) and random output addresses (210) upon a request of a system user (105). The input and output addresses are based on a cryptographic key (165) held by a service facility (115) associated with the at least one access control cell (160).

12 Citations

View as Search Results

13 Claims

1. A communication access control system, comprising:
- a computing entity comprising a processor and memory;
  
  at least one access control cell, implemented on the computing entity, for computing random input addresses and random output addresses upon a request of a system user;
  
  wherein said input and output addresses are based on a cryptographic key held by a service facility associated with said at least one access control cell,wherein the at least one access control cell generates each random output address using a cryptographically secure pseudo-random number generator, and computes each random input address as a symmetrical encryption function of a corresponding random output address and an encryption key,and wherein the access control cell receives a message from a first user containing an input address and routes that message to a second users after converting the input address into the corresponding output address using the cryptography key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein said service facility dynamically creates access control cells upon request of a system user.
  - 3. The system of claim 1, in which the message is a communication from one human user to another.
  - 4. The system of claim 1, in which the message is an operational command to a computing entity in a distributed computing environment.
  - 5. The system of claim 1, in which the at least one access control cell is stored on a user'"'"'s computing device to control access to that user'"'"'s computing device.
  - 6. The system of claim 1, further comprising a number of access control cells each residing on a different computing entity within a distributed computing environment.

7. A method for operating a distributed messaging system comprising, with a programmed processor:
- receiving at a group message web service (GMWS) facility a query from a user to receive an input address and output address;
  
  generating a random input address and random output address, the random output address generated using a cryptographically secure pseudo-random number generator, and the random input address generated as a symmetrical encryption function of the random output address and a cryptographic key;
  
  providing the user with the input address and output address;
  
  receiving a message containing an input address;
  
  computing the output address using the cryptography key;
  
  routing the message based on the output address computed; and
  
  dynamically creating an access control cell associated with the GMWS facility, the access control cell computing the random input address and the random output address upon request of system users.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, in which the access control cells are stored on the user'"'"'s computing devices.
  - 9. The method of claim 7, in which the cryptography key is not accessible by users of the system.
  - 10. The method of claim 7, in which the system is implemented on a distributed computing environment.
  - 11. The method of claim 7, in which the random input address and random output addresses are 256-bit cryptographic numbers.

12. A computer program product comprising a non-transitory computer readable storage medium having computer usable program code embodied therewith, the computer usable program code, when executed by a processor of a group message web facility, causes that processor to:
- receive a message containing an input address having a corresponding output address, the output address previously generated using a cryptographically secure pseudo-random number generator, and the input address previously generated as a symmetrical encryption function of the output address and a cryptographic key;
  
  compute the output address using the cryptography key;
  
  route the message based on the output address computed; and
  
  dynamically create an access control cell associated with a group message web service (GMWS) facility, the access control cell computing the random input address and the random output address upon request of system users,wherein the symmetrical encryption function means that the input address can be generated from the output address and the output address can be generated from the input address.
- View Dependent Claims (13)
- - 13. The computer program product of claim 12, further comprisingcomputer usable program code, when executed by a processor of a group message web facility, causes that processor to store the input address and output address on a users'"'"' computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Viswanathan, Kapaleeswaran, Saxena, Amitabh
Primary Examiner(s)
Traore, Fatoumata

Application Number

US14/112,549
Publication Number

US 20140040619A1
Time in Patent Office

1,800 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 51/52   for supporting social netwo...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 9/0869   involving random numbers or...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/08   Access security

Access control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Access control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links