METHOD AND APPARATUS FOR CONTROLLING ACCESS TO DATA BASED ON LAYER

US 20120131342A1
Filed: 06/16/2011
Published: 05/24/2012
Est. Priority Date: 11/22/2010
Status: Abandoned Application

First Claim

Patent Images

1. An access control apparatus, comprising:

a terminal authentication unit to acquire identification (ID) information and a public key (PK) of a terminal;

an encryption unit to encrypt a node key (NK) of a target layer to grant access authority to the terminal using the PK of the terminal;

an Access Control List (ACL) production unit to produce an ACL of the target layer based on the encrypted NK and the ID information of the terminal; and

an ACL copy production unit to produce a copy of the ACL based on link information of the encrypted NK and the ID information of the terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is an access control apparatus and method for giving access authority with respect to data. The access control apparatus may encrypt, using a Public Key (PK) of a terminal, a Node Key (NK) of a target layer in which the access authority is to be granted to the terminal, and produce an Access Control List (ACL) of the target layer based on the encrypted NK and ID information of the terminal. Also, the access control apparatus may produce a copy of the ACL based on the produced ACL, and store the produced copy of the ACL in a lower layer.

21 Citations

View as Search Results

24 Claims

1. An access control apparatus, comprising:
- a terminal authentication unit to acquire identification (ID) information and a public key (PK) of a terminal;
  
  an encryption unit to encrypt a node key (NK) of a target layer to grant access authority to the terminal using the PK of the terminal;
  
  an Access Control List (ACL) production unit to produce an ACL of the target layer based on the encrypted NK and the ID information of the terminal; and
  
  an ACL copy production unit to produce a copy of the ACL based on link information of the encrypted NK and the ID information of the terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The access control apparatus of claim 1, wherein the ACL production unit produces the ACL of the target layer so as to be different from a previously produced ACL of an upper layer relative to the target layer.
  - 3. The access control apparatus of claim 1, wherein the ACL copy production unit stores the produced copy of the ACL in metadata of data included in the target layer, metadata of a lower layer included in the target layer, metadata of data included in the lower layer, or any combination thereof.
  - 4. The access control apparatus of claim 1, wherein the ACL production unit updates a previously produced ACL of the target layer by adding the encrypted NK and the ID information of the terminal to the previously produced ACL of the target layer, and the ACL copy production unit updates a previously produced copy of the previously produced ACL of the target layer based on the updated ACL of the target layer.
  - 5. The access control apparatus of claim 1, wherein the ACL production unit reproduces the ACL of the target layer in response to the terminal having the access authority with respect to the target layer, and the ACL copy production unit reproduces a copy of the ACL of the target layer based on the reproduced ACL of the target layer.
  - 6. The access control apparatus of claim 1, wherein the encryption unit encrypts data included in the target layer using a data key (DK), and encrypts the DK using the NK of the target layer.
  - 7. The access control apparatus of claim 6, further comprising:
    - a transmission unit to transmit, to the terminal, the encrypted data, an encrypted hierarchical key, and the encrypted DK in response to a data request of the terminal.
  - 8. The access control apparatus of claim 1, further comprising:
    - a group production unit to group a plurality of terminals based on user characteristics,wherein the ACL production unit produces the ACL so as to grant the access authority to the plurality of terminals included in the group.
  - 9. The access control apparatus of claim 8, further comprising:
    - a transmission unit to transmit, to the terminal, a secret key of a group encrypted using a PK of one of the plurality of terminals, an NK encrypted using the PK of the one of the plurality of terminals, a data key (DK) encrypted using a hierarchical key, and data encrypted using the DK in response to the data request of the terminal,wherein the ACL includes the NK encrypted using the PK of the one of the plurality of terminals and ID information of the group.
  - 10. The access control apparatus of claim 8, wherein the group production unit sub-groups the plurality of terminals included in the group, and the ACL production unit produces the ACL so as to grant the access authority to the terminals included in a sub-group.

11. An access control method, comprising:
- acquiring identification (ID) information and a public key (PK) of s terminal to authenticate the terminal;
  
  encrypting an node key (NK) of a target layer to grant access authority to the terminal using the PK of the terminal;
  
  producing an Access Control List (ACL) of the target layer based on the encrypted NK and the ID information of the terminal; and
  
  producing a copy of the ACL based on link information of the encrypted NK and ID information of the terminal.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The access control method of claim 11, wherein the ACL of the target layer is produced so as to be different from a previously produced ACL of an upper layer relative to the target layer.
  - 13. The access control method of claim 11, further comprising storing the produced copy of the ACL in metadata of data included in the target layer, metadata of a lower layer included in the target layer, metadata of data included in the lower layer, or any combination thereof.
  - 14. The access control method of claim 11, wherein the producing of the ACL updates a previously produced ACL of the target layer by adding the encrypted NK and the ID information of the terminal to the previously produced ACL of the target layer, and the producing of the copy of the ACL updates a previously produced copy of the previously produced ACL of the target layer based on the updated ACL of the target layer.
  - 15. The access control method of claim 11, further comprising:
    - reproducing the ACL of the target layer in response to the terminal having the access authority with respect to the target layer; and
      
      reproducing a copy of the ACL of the target layer based on the reproduced ACL of the target layer.
  - 16. The access control method of claim 11, wherein the encrypting includes encrypting data included in the target layer using a data key (DK), and encrypting the DK using the NK of the target layer.
  - 17. The access control method of claim 16, further comprising:
    - transmitting, to the terminal, the encrypted data, an encrypted hierarchical key, and the encrypted DK in response to a data request of the terminal.
  - 18. The access control method of claim 11, further comprising:
    - grouping a plurality of terminals base on user characteristics,wherein the producing of the ACL produces the ACL so as to grant the access authority to the plurality of terminals included in the group.
  - 19. The access control method of claim 18, further comprising:
    - transmitting, to the terminal, a secret key of a group encrypted using a PK of one of the plurality of terminals, an NK encrypted using the PK of the one of the plurality of terminals, a data key (DK) encrypted using a hierarchical key, and data encrypted using the DK in response to the data request of the terminal,wherein the ACL includes the NK encrypted using the PK of the one of the plurality of terminals and ID information of the group.
  - 20. The access control method of claim 18, wherein the grouping includes sub-grouping the plurality of terminals included in the group, and the producing of the ACL produces the ACL so as to grant the access authority to the terminals included in a sub-group.

21. A method of controlling access to a data layer, the method including:
- encrypting a node key (NK) of a target data layer using a public key (PK) of a terminal; and
  
  producing an Access Control List (ACL) based on the encrypted NK and ID information of the terminal;
  
  wherein the ACL applies only to the target data layer in a plurality of data layers to which access is controlled by a common controller.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, further comprising acquiring the PK and ID information from the terminal in response to the terminal requesting access to the target data layer.
  - 23. The method of claim 21, further comprising:
    - producing a copy of the ACL;
      
      storing the ACL in the target data layer; and
      
      storing the copy of the ACL in one or more of the remaining data layers.
  - 24. The method of claim 21, wherein the producing of the ACL includes updating a previously produced ACL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Kim, Eunah, Huh, Mi Suk, Kim, Dae Youb

Application Number

US13/161,973
Publication Number

US 20120131342A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2463/062   applying encryption of the ...

H04L 63/101   Access control lists [ACL]

H04L 63/16   Implementing security featu...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/32   including means for verifyi...

METHOD AND APPARATUS FOR CONTROLLING ACCESS TO DATA BASED ON LAYER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR CONTROLLING ACCESS TO DATA BASED ON LAYER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links