Method and apparatus for creating a secure autonomous network entity of a network component system

US 5,966,441 A
Filed: 11/18/1996
Issued: 10/12/1999
Est. Priority Date: 11/18/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for creating an autonomous network entity configured to securely store sensitive information provided by a user of a computer coupled to a network having at least one network resource, the method comprising the steps of:

creating an encapsulated entity component containing a reference to a location of the at least one network resource on the computer network;

cryptographically-transforming the sensitive information using a key generated in accordance with inputs used in a multi-stage key generation process; and

encapsulating the cryptographically-transformed information, along with the inputs of the key within the encapsulated entity to create the autonomous network entity, wherein the key is retrievable solely by subjecting the inputs contained within the encapsulated entity to the multi-stage key generation process, thereby allowing the sensitive information to be recovered.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is provided for creating an autonomous network entity that stores sensitive information in a cryptographically secure manner. The autonomous entity comprises a data structure that encapsulates cryptographically-transformed information along with the inputs of a secret key used to reverse the transformation. Cryptographic storage of the sensitive information and its reversable key within the encapsulated entity makes the entity autonomous and capable of transfer among computer platforms and their processes without compromising the security of the information.

106 Citations

View as Search Results

20 Claims

1. A method for creating an autonomous network entity configured to securely store sensitive information provided by a user of a computer coupled to a network having at least one network resource, the method comprising the steps of:
- creating an encapsulated entity component containing a reference to a location of the at least one network resource on the computer network;
  
  cryptographically-transforming the sensitive information using a key generated in accordance with inputs used in a multi-stage key generation process; and
  
  encapsulating the cryptographically-transformed information, along with the inputs of the key within the encapsulated entity to create the autonomous network entity, wherein the key is retrievable solely by subjecting the inputs contained within the encapsulated entity to the multi-stage key generation process, thereby allowing the sensitive information to be recovered.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 farther comprising the step of reversing the cryptographically-transformed information to recover the sensitive information using the inputs of the key encapsulated within the autonomous network entity.
  - 3. The method of claim 2 further comprising the step of storing the autonomous network entity as a visual object on the computer.
  - 4. The method of claim 3 further comprising the step of manipulating the visual object with a pointing device to display contents of the autonomous network entity on a screen of the computer.
  - 5. The method of claim 4 further comprising the step of transferring the autonomous network entity among computer platforms and their processes without compromising the security of the sensitive information.
  - 6. The method of claim 1 wherein the step of cryptographically-transforming comprises the step of generating a first random number using a random number generator.
  - 7. The method of claim 6 wherein the step of cryptographically-transforming further comprises the step of generating a second random number using the first random number as a seed into a random number generator mechanism.
  - 8. The method of claim 7 wherein the step of cryptographically-transforming further comprises the step of digesting the second random number using a cryptographically-secure message digest function to produce the key.
  - 9. The method of claim 7 wherein the step of cryptographically-transforming further comprises the step of digesting the second random number in addition to other inputs using a cryptographically-secure message digest function to produce the key.
  - 10. The method of claim 9 wherein the other inputs comprise non-encrypted information.
  - 11. The method of claim 10 wherein the step of cryptographically-transforming further comprises the step of encrypting the sensitive information using the key in connection with a secret key algorithm.
  - 12. The method of claim 11 wherein the inputs of the key include the first random number and wherein the step of encapsulating comprises the step of storing the encrypted information and the first random number in various fields of the network entity.

13. A computer coupled to a network, the computer comprising:
- a memory for storing data and programs, including an operating system;
  
  a processing unit responsive to the programs for controlling and coordinating the operation of the computer;
  
  a software component layer coupled in cooperating relation with the operating system; and
  
  a data structure created by the software component layer, the data structure containing a reference to a location of a network resource on the computer network, the data structure further encapsulating cryptographically-transformed information along with inputs of a key used to reverse the transformation.

14. Apparatus for creating an autonomous network entity configured to securely store sensitive information provided by a user of a computer coupled to a network having at least one network resource, the apparatus comprising:
- means for creating an encapsulated entity component containing a reference to a location of the at least one network resource on the computer network;
  
  means for cryptographically-transforming the sensitive information using a key generated in accordance with inputs used in a multi-stage key generation process; and
  
  means for encapsulating the cryptographically-transformed information, along with the inputs of the key within the encapsulated entity to create the autonomous network entity, wherein the kev is retrievable solely by subjecting the inputs contained within the encapsulated entity to the multi-stage key generation process, thereby allowing the sensitive information to be recovered.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14 further comprising means for reversing the cryptographically-transformed information to recover the sensitive information using the inputs of the key encapsulated within the autonomous network entity.
  - 16. The apparatus of claim 15 wherein the cryptographically-transforming means comprises means for generating a first random number using a random number generator.
  - 17. The apparatus of claim 16 wherein the cryptographically-transforming means further comprises means for generating a second random number using the first random number as a seed into a random number generator mechanism.
  - 18. The apparatus of claim 17 wherein the cryptographically-transforming means further comprises means for digesting the second random number using a cryptographically-secure message digest function to produce the key.
  - 19. The apparatus of claim 17 wherein the cryptographically-transforming means further comprises means for encrypting the sensitive information using the key in connection with a secret key algorithm.
  - 20. The apparatus of claim 19 wherein the inputs of the key include the first random number and wherein the encapsulating means comprises means for storing the encrypted information and the first random number in various fields of the network entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Computer Incorporated (Apple Inc.)
Inventors
Calamera, Pablo M.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/751,317
Time in Patent Office

1,058 Days
Field of Search

380/25, 380/4, 380/9, 380/21, 380/23, 380/28, 380/49, 380/50, 380/59, 380/30, 395/186, 395/187.01, 395/188.01
US Class Current

713/167
CPC Class Codes

H04L 63/0428 wherein the data content is...

Method and apparatus for creating a secure autonomous network entity of a network component system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for creating a secure autonomous network entity of a network component system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others