Method and apparatus for web-based application service model for security management
A public network and security profile technology, applied in the field of authentication, distribution and use of access license certificates or codes, and management, can solve the problems of lack of access management and inability to provide electronic confidentiality
Inactive Publication Date: 2005-03-16
VIAQUO CORPORATION
View PDF3 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, current PKI technology cannot provide the key fifth element for electronic secrecy: authorization
This lack of access management poses a particularly important problem for one class of users: large organizations such as government agencies and corporations, where thousands of users need immediate access to millions of pieces of information - but each of them should only have access to or information to which she expressly has access
[0016] However, a major disadvantage of existing CKM systems is that CKM was conceived and designed to use two single-threaded, separate computer systems - one for members and one for administrators
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0074] PX 3 (precisely scalable authentication, authorization, and authentication) allows distribution of encrypted data objects to general audiences from distributors over a decentralized public network, where the distributors are unaware of each audience member's identity and associated access permissions. PX 3 Provides the basis for securely broadcasting and storing sensitive material over public networks, such as the Internet or cellular telephone networks. New audience members are authorized based on their credentials, which are assigned by the certification authority and assigned to members on the public network. PX 3 A feature of existing CKM techniques that can take multiple encrypted data objects and encrypt them into another encrypted data object is used. This "nested object" feature enables the PXa 3 The ability to optionally decrypt objects based on access permissions previously assigned to members.
[0075] The detailed description below discusses PXa 3 The ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention combines cryptographic key management technology with various authentication options and the use of a companion PKI system in a web-centric cryptographic key management security method and apparatus called PXa3(TM) (Precise eXtensible Authentication, Authorization and Administration). The PXa3 model uses a security profile unique to a network user and the member domain(s) he / she belongs to. A PXa3 server holds all private keys and certificates, the user's security profile, including credentials and the optional authentication enrollment data. The server maintains a security profile for each user, and administrators simply transmitted credential updates and other periodic maintenance updates to users via their PXa3 server-based member accounts. Domain and workgroup administrators also perform administrative chores via a connection to the PXa3 web site, rather than on a local workstation. A member's security profile, containing algorithm access permissions, credentials, domain and maintenance values, a file header encrypting key, optional biometric templates, and domain-specific policies is contained in one of two places: either on a removable cryptographic token (e.g., a smart card), or on a central server-based profile maintained for each member and available as a downloadable ''soft token'' over any Internet connection.
Description
[0001] Cross References to Related Applications [0002] This application claims U.S. Provisional Application No. 60 / 225,796 filed on August 15, 2000 and U.S. Provisional Application No. 60 / 239,109 filed on October 4, 2000 and U.S. Non-Provisional Application No. 60 / 239,109 filed on August 14, 2001 Priority of No. 09 / 930,029. technical field [0003] The present invention relates generally to encryption techniques for secure distribution of data and information over decentralized public networks, and more particularly to Web-based authentication, management, distribution, and access in a Web-based secure key management system Use of licenses or codes. Background technique [0004] A. Traditional Public Key Architecture System [0005] The digital electronics age utilizes five fundamental elements for electronic security: privacy (symmetric encryption), authentication, authorization, data integrity (tamper proof), and authorization (access management). Technologies current...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/061H04L63/0428H04L63/102
Inventor 威廉·B·斯威特约翰·J·于
Owner VIAQUO CORPORATION