Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
2002-01-30
2004-06-22
Jean, Frantz B. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
C713S166000, C713S184000, C713S187000, C713S152000, C713S152000, C380S030000, C380S277000, C380S286000
Reexamination Certificate
active
06754820
ABSTRACT:
FIELD OF THE INVENTION
Generally, the present invention relates to techniques for controlling access to computer-based systems. In particular, the present invention relates to techniques for providing multiple-level access control to objects in a computer system.
BACKGROUND OF THE INVENTION
Access control can be defined as enforcing data-use or other object-use permissions that grant or deny access to content or applications. In this context, data-use can include a broad selection of functions such as reading, changing, executing, creating, overwriting, or deleting. The ability to change access permissions is another type of access that can be granted or denied.
Access control should be considered in a system approach in which a strong user (entity or member) identification and authorization (I&A) process plays a role. An exemplary system for user identification is described in a co-pending U.S. patent application, Ser. No. 10/060,011 filed on Jan. 30, 2002, the entire disclosure of which is incorporated herein by this reference.
Thus, the goal is to provide access control to objects such as data and applications. It should be flexible and suitable for implementing a variety of different schemes, such as discretionary access controls (DAC) and mandatory access controls (MAC). The key management system should be suitable for implementing a role-based access control system (RBAC). These controls should support content-based access control architectures that provide a very granular object level enforcement or that enable an expanded access.
BRIEF SUMMARY OF THE PRESENT INVENTION
It is therefore an objective of the present invention to enforce domain member access control to CKM labeled data with cryptography—i.e. by using symmetric key algorithms, asymmetric key algorithms and cryptographic hash functions.
It is another objective of the present invention to enforce domain member access control to applications.
It is an additional objective of the present invention to control encryption (write) and decryption (read) of objects based on the content of the object.
It is also an objective of the present invention to allow credential application to restrict or broaden readership of labeled objects.
It is another objective of the present invention to provide a user interface paradigm that is intuitive and easy to use.
It is an additional objective of the present invention to provide sensitivity level or multiple-level access control such that access to credentials is dependant on the method of member identification.
It is also an objective of the present invention to enforce domain authority-dictated policies for multiple-level access control by credential category.
According to an exemplary aspect of the invention, a user's profile (“user profile”) determines whether and how the user can encrypt (write) and decrypt (access) an object, which can be, for example, a data instance or a computer program. A user profile includes at least one credential, and each credential includes one or both of an asymmetric key pair: a credential public key (write authority) and a credential private key (access authority).
A user can encrypt (or write) an object with one or more particular credential public keys included in the user's profile, such that subsequent decryption of the encrypted object by another user (or the original user) requires corresponding or otherwise authorized credentials. Accordingly, a user can decrypt an encrypted object if the user possesses, in that user's profile, credentials corresponding to those with which the encrypted object was encrypted. A user can select one or more credentials with which to interact with a particular object or objects in general, or selection of credentials can be automated.
A credential and an object can correspond to a multiple-level access level (“MLA level”) to effectuate a partitioned-access scheme, an access-up scheme, or an access-down scheme for encryption and decryption of objects. The MLA level of a credential can be assigned by a domain authority, whereas the MLA level of an object can be assigned based on the object's content or based on the credential(s) used to encrypt the object.
A user profile and one or more credentials included in the profile can be secured, in whole or in part, through one or more levels of encryption. Thus, a user can obtain access to the user's respective user profile and one or more particular credentials contained in the profile by providing the requisite data for respective decryption of the profile or the credentials. The requisite data can be encryption scheme data (such as one or more encryption keys, algorithm identifiers, key qualifiers, or algorithm qualifiers, for example) or instances of keying data used to generate encryption scheme data. Further, a user can provide the requisite data as required or during an identification protocol through which the user obtains access to the computer system. In either case, the requisite data can be preexisting or generated, in whole or in part, such as through a user identification and authorization scheme.
Access controls according to the present invention are enforced using cryptographic algorithms, either proprietary or standards-based. Basic read and write access is correlated to decrypt and encrypt access, respectively, through credentials. These credentials can also define different access sensitivity levels based on defined I&A. Credentials can also control access to applications.
The present invention extends enforcement through read and write access controls, using cryptography, whereas most systems, such as computer operating systems, use software to provide access enforcement. The system of the present invention can be used alone, or with operating system access controls to provide greater security. For example, the present invention can provide cryptographic enforcement of a computer file system read and write controls.
These models offer a flexible approach to I&A and can allow the domain authority to tailor I&A policies for a particular domain. The present invention can be viewed as defining different I&A schemes with different relative assurance levels that can be used within a single domain.
According to a particular aspect of the present invention, in a multi-level access system, a method of securing an object at a multiple-level access level includes receiving, from a user, a profile key encryption key corresponding to the multiple-level access level, selecting an object to secure, and selecting a profile associated with the user. The profile includes a domain value, an encrypted profile encryption key, and a credential. The credential includes an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. The method also includes selecting the credential based on a comparison of the multiple-level access level and the multiple-level access identifier, and generating a working key. Generating the working key includes generating a random value, and binding at least the domain value and the random value together to form the working key. The method also includes encrypting the object with the working key, and generating a random value encryption key. Generating the random value encryption key includes decrypting the encrypted credential public key encryption key with at least the profile key encryption key, decrypting the encrypted credential public key with at least the decrypted credential public key encryption key, generating an ephemeral key pair including an ephemeral private key and an ephemeral public key, generating a shared value based on at least the ephemeral private key and the decrypted credential public key, and generating the random value encryption key based on at least the shared value. The method also includes encrypting the random value with at least the random value encryption key, and providing the encrypted object, the ephemeral public key, and the encrypted random value for an authorized recipient. The profile can also include a profile in
Domangue Ersin
Scheidt Edward M.
Arani Taghi T.
IP Strategies P.C.
Jean Frantz B.
Tecsec, Inc.
LandOfFree
Multiple level access system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Multiple level access system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Multiple level access system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3315790