System and method for accessing information resources using cryptographic authorization permits
First Claim
Patent Images
1. A node for an information system, comprising:
- a plurality of partitions on the node, wherein at least one partition has one or more subjects and at least one other partition has one or more resources, wherein access to a resource requires processing a cryptographic authorization permit (CAP) that is signed by two or more authorities, said two or more authorities each sign a CAP to authorize a subject in the at least one partition to access a resource in the at least one other partition, wherein the signature of each one of the two or more authorities signing the CAP is validated to grant access to the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority.
15 Citations
24 Claims
-
1. A node for an information system, comprising:
- a plurality of partitions on the node, wherein at least one partition has one or more subjects and at least one other partition has one or more resources, wherein access to a resource requires processing a cryptographic authorization permit (CAP) that is signed by two or more authorities, said two or more authorities each sign a CAP to authorize a subject in the at least one partition to access a resource in the at least one other partition, wherein the signature of each one of the two or more authorities signing the CAP is validated to grant access to the resource.
- View Dependent Claims (2, 3, 4, 5, 6)
-
7. In an information system, a node associated with one or more channels comprising:
- a partitioning communication system (PCS) that separates the one or more channels from each other;
a plurality of partitions, wherein at least one partition on the node communicates messages over the one or more channels based on a channel access privilege, wherein access to a channel requires processing a cryptographic authorization permit (CAP) that is signed by two or more authorities, said two or more authorities each sign a CAP to authorize the channel access privilege, wherein the signature of each one of the two or more authorities signing the CAP is validated to grant access to the channel. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- a partitioning communication system (PCS) that separates the one or more channels from each other;
-
16. A secure information system, comprising:
- a first node that is partitioned to a plurality of first partitions and a second node that is partitioned to a plurality of second partitions;
one or more channels for communicating messages between the first node and second node;
a partitioning communication system (PCS) that separates the one or more channels from each other, wherein at least one of the plurality of first partitions on the first node communicates messages over the one or more channels based on a first channel access privilege and at least one of the plurality of second partitions on the second node communicates messages over the one or more channels based on a second channel access privilege, wherein access to a channel requires processing a cryptographic authorization permit (CAP) that is signed by two or more authorities, said two or more authorities each sign a CAP to authorize the first and second channel access privileges, wherein the signature of each one of the two or more authorities signing the CAP is validated to grant access to the channel. - View Dependent Claims (17, 18, 19, 20)
- a first node that is partitioned to a plurality of first partitions and a second node that is partitioned to a plurality of second partitions;
-
21. A node for an information system, comprising:
- a plurality of partitions having resources comprising hardware that are separated from each other, wherein at least one partition has one or more subjects, wherein access to a resource requires processing a cryptographic authorization permit (CAP) that is signed by two or more authorities, said two or more authorities each sign a CAP to authorize a subject in the at least one partition to access a resource in the at least one other partition, wherein the signature of each one of the two or more authorities signing the CAP is validated to grant access to the resource.
-
22. A method for securing information comprising:
- receiving a request to access a resource in a first partition from a subject in a second partition, wherein the first and second partitions comprise resources separated by logical components;
receiving a cryptographic authorization permit (CAP) authorizing the subject to access the resource, wherein the CAP is signed by two or more authority and identifies the subject and cryptographic signature;
validating the CAP based on the two or more signature of the authority; and
granting access to the resource based on the validation of the CAP.
- receiving a request to access a resource in a first partition from a subject in a second partition, wherein the first and second partitions comprise resources separated by logical components;
-
23. A node for an information system, comprising:
a plurality of partitions on the node, wherein at least one partition has one or more subjects and at least one other partition has one or more resources, wherein access to a resource requires processing a cryptographic authorization permit (CAP), wherein a plurality of authorities each sign the CAP to authorize a subject in the at least one partition to access a resource in the at least one other partition, wherein the signature of each one of the plurality of authorities signing the CAP is validated to grant access to the resource.
-
24. A node for an information system, comprising:
-
a plurality of partitions on the node, wherein at least one partition has one or more subjects and at least one other partition has one or more resources, wherein access to a resource requires processing a cryptographic authorization permit (CAP) that is signed by one or more authorities, said one or more authorities each sign a CAP to authorize a subject in the at least one partition to access a resource in the at least one other partition, wherein the signature of each one of the one or more authorities signing the CAP is validated to grant access to the resource, wherein the plurality of partitions comprise a PCS-specific partition and at least one application partition, wherein one or more CAPs are stored in the PCS specific partition and the CAP is validated via the PCS-specific partition.
-
Specification