Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-07-06
2002-01-01
Beausoleil, Robert (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06336189
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the technique pertaining to the access control of programs and data which are handled by a computer, and particularly to the technique for providing programs and data themselves with the access control function.
2. Description of the Prior Art
There have been two major types of access control for programs and data which are handled by a computer, one being based on the access control list, the other being based on the capability. The access control list includes three items, which are data as a target of access, the host of access, and the condition of access right. Specifically, it stores attributes of data indicative of what type of access by what person is to be permitted. This kind of technique is proposed in Japanese Published Unexamined Patent Application No. Sho 62-235655, for example. This proposal is intended to implement the access control not only by the host of access, but also by the terminal used by the host.
The capability provides the host of access with information of access control so that the host of access presents the access right to the target of access before the host is enabled to access the target. This kind of technique is proposed in Japanese Published Unexamined Patent Application No. Sho 62-251948, for example. This proposal is designed to use a character string for the attribute of data, so that the user who intends to make access to data presents a specific character string to the data.
In order to cope with illegal access attempts which cannot be dealt with by the ordinary access control technique, such as the case of direct analysis of physical characteristics of the storage medium which stores data, there has been proposed the combination of the access control technique and the encryption technique, as described in Japanese Published Unexamined Patent Applications No. Sho 63-311454, No. Hei 03-276345, and No. Hei 09-44407.
The above-mentioned techniques are all based on the premise of the usage within the access control system, and access control of data becomes infeasible once data is taken out and put into other system. Although it is possible to encrypt data so that non-legitimate persons cannot take out decrypted data and put it into other systems, if data is put into other system by a legitimate user, access control of the data is no longer feasible and the data will be accessed by non-legitimate persons. It is possible to preclude legitimate users from taking out decrypted data, however, in this case even legitimate users cannot use data in other systems unless it has the access control function identical to that of the inherent system.
SUMMARY OF THE INVENTION
The present invention is intended to overcome the foregoing prior art deficiencies, and there are arranged, in correspondence to data, verification means which authenticate the right of access to the data and usage control means which enable the access to the data when the access right is verified, with this set of means and data being treated as a data capsule.
In case there exists a manner of data access beyond the control range of the usage control means, then data is encrypted in advance, there are arranged, in correspondence to the data, verification means which authenticate the right of access to the data, usage control means which enables the access to the data when the access right is verified, and decryption means which decrypt the data, with this set of means and data being treated as a data capsule.
In case the data decryption key exists within the data capsule, illegal data access can possibly be made based on the analysis of the data capsule, the extraction of the data decryption key, and the decryption of the data. For preventing this impropriety, it is desirable to get the key for decrypting encrypted data from information in the data capsule and information which proves the user's access right.
REFERENCES:
patent: 5337360 (1994-08-01), Fischer
patent: 5765152 (1998-06-01), Erickson
patent: 5815573 (1998-09-01), Johnson
patent: 5825877 (1998-10-01), Dan
patent: 5892899 (1999-04-01), Aucsmith
patent: 5970145 (1999-10-01), McManis
patent: 5991401 (1999-11-01), Daniels
patent: 5995625 (1999-11-01), Sudia
patent: 6006328 (1999-12-01), Drake
patent: 6021201 (2000-02-01), Bakhle
patent: 6063134 (2000-05-01), Peters
Kigo Kenichiro
Saito Kazuo
Takeda Koji
Beausoleil Robert
Bonzo Bryce P.
LandOfFree
Apparatus and method for data capsule generation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for data capsule generation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for data capsule generation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2866334