WO2003098898A1 - Clearance-based method for dynamically configuring encryption strength - Google Patents

Clearance-based method for dynamically configuring encryption strength

Info

Publication number
WO2003098898A1
WO2003098898A1 PCT/US2002/015367 US0215367W WO2003098898A1 WO 2003098898 A1 WO2003098898 A1 WO 2003098898A1 US 0215367 W US0215367 W US 0215367W WO 2003098898 A1 WO2003098898 A1 WO 2003098898A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
data
remote user
piece
level
access
Prior art date
Application number
PCT/US2002/015367
Other languages
French (fr)
Inventor
Douglas Lavell Hale
Peter Kendrick Boucher
Mark Gordon Gayman
Original Assignee
Rappore Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Abstract

The method for configuring encryption strengths for data includes: providing a piece of the data with a sensitivity level; authenticating a remote user with a clearance level for accessing the data; selecting an encryption strength for the piece of the data based on the clearance level of the remote user, if the clearance level of the remote user allows access to the piece of the data with the sensitivity level; encrypting the piece of the data; and providing access to the encrypted piece of the data to the remote user. Remote users have varying levels of clearance to access data. Data is assigned varying sensitivity levels. Each clearance level allows the remote user to access data at that sensitivity level or below. The strength of the data encryption is based upon the remote user's clearance level or a requested session sensitivity level. Access control to data is thus more flexible.

Description

CLEARANCE-BASED METHOD FOR DYNAMICALLY CONFIGURING

ENCRYPTION STRENGTH

FIELD OF THE INVENTION

The present invention relates to computer systems, and more particularly, to data

access in computer systems.

BACKGROUND OF THE INVENTION

Certain computer systems in the industry require the encryption of data. For

example, banking through the Internet typically requires a remote user to have a browser

which supports the standard 128-bit SSL cipher suite for the encryption of data. However,

with conventional systems, all of the data is either encrypted or not and with the same

encryption strength. This is inflexible.

Accordingly, there exists a need for a method for dynamically configuring an

encryption strength for data. The present invention addresses such a need.

SUMMARY OF THE INVENTION

The method for configuring encryption strengths for data includes: providing a piece

of the data with a sensitivity level; authenticating a remote user with a clearance level for

accessing the data; selecting an encryption strength for the piece of the data based on the

clearance level of the remote user, if the clearance level of the remote user allows access to

the piece of the data with the sensitivity level; encrypting the piece of the data; and

providing access to the encrypted piece of the data to the remote user. Remote users have varying levels of clearance to access data. Data is assigned varying sensitivity levels. Each

clearance level allows the remote user to access data at that sensitivity level or below. The

strength of the data encryption is based upon the remote user's clearance level or a requested

session sensitivity level (a temporarily-lowered clearance that lasts as long as the current

session). Access control to data is thus more flexible.

BRIEF DESCRIPTION OF THE FIGURES

Figure 1 illustrates a preferred embodiment of a system which utilizes the method for

dynamically configuring an encryption strength for data in accordance with the present

invention.

Figure 2 is a flowchart illustrating a preferred embodiment of the method for

dynamically configuring an encryption strength for data in accordance with the present

invention.

Figure 3 is a flowchart illustrating in more detail the preferred embodiment of the

method for dynamically configuring an encryption strength for data in accordance with the

present invention.

Figure 4 is a flowchart illustrating the method for dynamically configuring an

encryption strength for data in accordance with the present invention, with the remote user

requesting a session sensitivity level.

DETAILED DESCRIPTION

The present invention provides a method for dynamically configuring an encryption strength for data. The following description is presented to enable one of ordinary skill in

the art to make and use the invention and is provided in the context of a patent application

and its requirements. Various modifications to the preferred embodiment will be readily

apparent to those skilled in the art and the generic principles herein may be applied to other

embodiments. Thus, the present invention is not intended to be limited to the embodiment

shown but is to be accorded the widest scope consistent with the principles and features

described herein.

The method in accordance with the present invention provides remote users with

varying levels of clearance to access data. Data in the system is assigned varying sensitivity

levels. Each level of clearance allows the remote user to access data of a certain sensitivity

level and below. In the preferred embodiment, the sensitivity level of data is assigned by the

local user. The "local user" is the user which owns the data. The "remote user" is the user

who is seeking access to the data. "Sensitivity level" refers to a representation of the amount

of damage that would be done to the local user if an unauthorized user gains access to the

data. The remote user provides his clearance level for accessing data. Before the data is

provided to the remote user, it is encrypted. The strength of the encryption of the data is

based upon the remote user's clearance level or a requested session sensitivity level.

To more particularly describe the features of the present invention, please refer to

Figures 1 through 4 in conjunction with the discussion below.

Figure 1 illustrates a preferred embodiment of a system which utilizes the method for

dynamically configuring an encryption strength for data in accordance with the present

invention. The system 100 includes an access and encryption software 102 which interfaces with a piece of data 104, the remote user 106, and the local user 108. The remote user 106

has been assigned a clearance level, and the pieces of data 104 has been assigned a

sensitivity level by the local user 108.

Figure 2 is a flowchart illustrating a preferred embodiment of the method for

dynamically configuring an encryption strength for data in accordance with the present

invention. First, a piece of data 104 with a sensitivity level is provided, via step 202. Next,

the remote user is then authenticated, via step 204. Next, it is determined if the remote user

106 has clearance to access the piece of data 104. The piece of data 104 has been assigned a

certain sensitivity level by the local user 108. If the remote user 106 does not have clearance

to access the piece of data 104 of that sensitivity level, then access to the piece of data 104 is

denied, via step 208. If the remote user 106 has clearance to access the piece of data 104 of

that sensitivity level, then an encryption strength for the piece of data 104 is selected, via

step 210. The encryption strength determines the cipher suite to be used. The piece of data

104 is encrypted with the cipher suite with the determined encryption strength, via step 212.

The remote user 106 is then provided access to the encrypted piece of data, via step 214.

In the preferred embodiment, the encryption strength, and thus the cipher suite to be

used, is based upon the remote user's clearance level. The local user 108 can configure the

access and encryption software 102 to specify which cipher-suites are appropriate for each

clearance level. For example, assume that the clearance levels range from "0" to "10", with

"0" being the lowest clearance, i.e., access only to data intended for public consumption.

The following is an example set of cipher suites assigned to the clearance levels:

• Level 0: no encryption, with 32-bit CRC error-detection • Levels 1-3: 40-bit RC4, 40-bit RC2, or 56-bit DES, with HMAC

X Levels 4-7: 128-bit RC5, or 128-bit Blowfish, with RSA/MD5

• Levels 8-10: 3-key 3DES, or 256-bit Rijndael, with RSA/SHA1

Figure 3 is a flowchart illustrating in more detail the preferred embodiment of the

method for dynamically configuring an encryption strength for data in accordance with the

present invention. First, the remote user 106 sends his identification data, via step 302,

which is then authenticated, via step 304. When the remote user 106 requests access to a

piece of data 104 in the system 100, it is determined if the remote user 106 has clearance to

access the piece of data 104, via step 306. If the remote user 106 does not have clearance to

access the piece of data 104, then access to the piece of data 104 is blocked, via step 310. If

the remote user 106 has clearance to access the piece of data 104, then an encryption

strength for the piece of data 104 is selected based on the remote user's clearance level, via

step 308. The piece of data 104 is then encrypted, via step 312, and access to the encrypted

piece of data provided to the remote user 106, via step 314. Steps 306-314 are repeated for

each piece of data to which the remote user 106 requests access.

Although the preferred embodiment handling the encrypting of data as described

above, one of ordinary skill in the art will understand that other methods of encrypting data

may be used without departing from the spirit and scope of the present invention.

An additional feature which may be provided with the method in accordance with the

present invention is to allow the remote user 106 to request a certain sensitivity level for the

current session, or "session sensitivity level". The session sensitivity level must be at or

below the remote user's assigned clearance level. This may be useful in certain situations, such as when the remote user 106 is using a public terminal and do not wish any data above

a certain sensitivity level to be downloaded into the public terminal.

Figure 4 is a flowchart illustrating the method for dynamically configuring an

encryption strength for data in accordance with the present invention, with the remote user

requesting a session sensitivity level. First, the remote user 106 sends identification data and

requests a session sensitivity level, via step 402. Next, the remote user's identification data

is authenticated, and the session sensitivity level is validated, via step 404. The session

sensitivity level is valid if the remote user's clearance allows him to access data with

sensitivity levels at or below the requested session sensitivity level. If the remote user 106 is

not authenticated or the session sensitivity level is not valid, via step 406, then access to data

in the system 100 is denied, via step 408. If the remote user 106 is authenticated and the

session sensitivity level is valid, via step 406, then it is determined which pieces of data to

which the remote user 106 has clearance to access and which has the requested session

sensitivity level or below, via step 410. The encryption strength for the pieces of data is then

selected based on the session sensitivity level, via step 412. The cipher suites for each

session sensitivity level can be assigned in the same manner as for the clearance level,

described above. Other methods for assigning the cipher suites for the session sensitivity

levels can also be used without departing from the spirit and scope of the present invention.

Once the cipher suite for the session sensitivity level is selected, the pieces of data are

encrypted, via step 414. The remote user 106 is then provided access to the encrypted pieces

of data, via step 416.

Another feature which may be added to the method for dynamically configuring an encryption strength for data in accordance with the present invention is allowing other facts

to be considered in selecting the encryption strength. For example, the security rating of the

output line onto which the data will be provided to the remote user 106 may be taken into

account in selecting the encryption strength or cipher suite for a particular clearance or

session sensitivity level. For example, data that is to be sent over the Internet, or some other

public medium, is to be assigned a stronger encryption than data that is to be sent over a

leased line, or some other non-public medium. Similarly, data that is to be sent over a leased

line, or some other non-public but non-physically-protected medium, is assigned a stronger

encryption than data that is to be sent to another host on the same local area network, or

some other physically-protected medium.

Another factor is the sensitivity level of the requested data. For performance

enhancement, low-sensitivity data can be encrypted with weaker (faster) encryption even if

the remote user has a higher clearance level. Other factors may be considered in the method

in accordance with the present invention without departing from the spirit and scope of the present invention.

Any combination of these factors may be considered in selecting the encryption

strength. In the preferred embodiment, the degree to which each of these factors is taken

into consideration may be configuration by the local user 108.

Although the preferred embodiment selects the encryption strength as described

above, one of ordinary skill in the art will understand that other methods of selecting the

encryption strength may be used without departing from the spirit and scope of the present

invention. A method for dynamically configuring an encryption strength for data has been

disclosed. The method provides remote users with varying levels of clearance to access

data. Data in the system is assigned varying sensitivity levels. Each level of clearance

allows the remote user to access data of a certain sensitivity level or below. The remote user

is assigned a clearance level by the local user. Before the data is provided to the remote

user, it is encrypted. The strength of the encryption of the data is based upon the remote

user's clearance level or a requested session sensitivity level. In this manner, access control

to data is more flexible.

Although the present invention has been described in accordance with the

embodiments shown, one of ordinary skill in the art will readily recognize that there could

be variations to the embodiments and those variations would be within the spirit and scope

of the present invention. Accordingly, many modifications may be made by one of ordinary

skill in the art without departing from the spirit and scope of the appended claims.

Claims

CLAIMSWhat is claimed is:
1. A method for configuring encryption strengths for data, comprising the steps
of:
(a) providing a piece of the data with a sensitivity level;
(b) authenticating a remote user with a clearance level for accessing the data;
(c) selecting an encryption strength for the piece of the data based on the
clearance level of the remote user, if the clearance level of the remote user allows access to
the piece of the data with the sensitivity level;
(d) encrypting the piece of the data; and
(e) providing access to the encrypted piece of the data to the remote user.
2. The method of claim 1, wherein the providing step (a) comprises:
(al) providing the data, wherein each piece of the data has one of a plurality of
sensitivity levels.
3. The method of claim 1 , wherein the authenticating step (b) comprises:
(bl) receiving identification data for the remote user;
(b2) authenticating the identification data of the remote user; and
(b3) verifying that the remote user has been assigned the clearance level for
accessing the data.
4. The method of claim 1, wherein the selecting step (c) comprises:
(cl) receiving a request from the remote user for access to the piece of data;
(c2) determining if the clearance level of the remote user allows access to the
piece of data with the sensitivity level; and
(c3) selecting an encryption strength for the piece of data based on the clearance
level of the remote user, if the clearance level of the remote user allows access to the piece
of data with the sensitivity level.
5. The method of claim 1, wherein the authenticating step (b) comprises:
(bl) receiving identification data for the remote user and a request for a session
sensitivity level;
(b2) authenticating the identification data;
(b3) verifying that the remote user has been assigned the clearance level for
accessing the data; and
(b4) validating the session sensitivity level.
6. The method of claim 5, wherein the validating step (b4) comprises:
(b4i) determining if the session sensitivity level allows the remote user to access
pieces of data with sensitivity levels at or below the clearance level for the remote user.
7. The method of claim 1, wherein the selecting step (c) comprises: (cl) determining pieces of data with sensitivity levels at or below the session
sensitivity level to which the clearance level allows the remote user to access; and
(c2) selecting an encryption strength for the pieces of data based on the session
sensitivity level.
8. The method of claim 1, wherein the selecting of the encryption strength for
the piece of the data is also based on the sensitivity level of the piece of the data.
9. The method of claim 1, wherein the selecting of the encryption strength for
the piece of the data is also based on a security rating of an output line onto which the
encrypted piece of the data will be provided to the remote user.
10. The method of claim 1, further comprising:
(f) blocking access to pieces of data to which the clearance level does not allow
the remote user to access.
11. A method for configuring encryption strengths for data, comprising the steps
of:
(a) providing a piece of the data with a sensitivity level;
(b) authenticating a remote user with a clearance level for accessing the data;
(c) receiving a request from the remote user for access to the piece of data;
(d) determining if the clearance level of the remote user allows access to the piece of data with the sensitivity level;
(e) selecting an encryption strength for the piece of data based on the clearance
level of the remote user, if the clearance level of the remote user allows access to the piece
of data with the sensitivity level;
(f) encrypting the piece of the data; and
(g) providing access to the encrypted piece of the data to the remote user.
12. The method of claim 11 , wherein the selecting of the encryption strength for
the piece of the data is also based on the sensitivity level of the piece of the data.
13. The method of claim 11, wherein the selecting of the encryption strength for
the piece of the data is also based on a security rating of an output line onto which the
encrypted piece of the data will be provided to the remote user.
14. The method of claim 11 , wherein the selecting of the encryption strength for
the piece of the data is also based on a session sensitivity level.
15. A method for configuring encryption strengths for data, comprising the steps
of:
(a) providing the data, wherein each piece of the data has one of a plurality of
sensitivity levels;
(b) receiving a clearance level assigned to a remote user for accessing the data and a request for a session sensitivity level;
(c) authenticating the remote user and validating the session sensitivity level;
(d) determining pieces of the data with sensitivity levels at or below the session
sensitivity level to which the clearance level allows the remote user to access; and
(e) selecting an encryption strength for the pieces of the data based on the session
sensitivity level;
(f) encrypting the pieces of the data; and
(g) providing access to the encrypted pieces of the data to the remote user.
16. The method of claim 15, wherein the authenticating step (c) comprises:
(cl) determining if the session sensitivity level for the remote user allows the
remote user to access pieces of data with sensitivity levels at or below the clearance level for
the remote user.
17. The method of claim 15, wherein the selecting of the encryption strength for
the pieces of the data is also based on the clearance level of the remote user.
18. The method of claim 15, wherein the selecting of the encryption strength for
the pieces of the data is also based on the sensitivity level of each piece of the data.
19. The method of claim 15, wherein the selecting of the encryption strength for
the pieces of the data is also based on a security rating of an output line onto which the encrypted pieces of the data will be provided to the remote user.
20. A computer readable medium with program instructions for configuring
encryption strengths for data, comprising the instructions for:
(a) providing a piece of the data with a sensitivity level;
(b) authenticating a remote user with a clearance level for accessing the data;
(c) selecting an encryption strength for the piece of the data based on the
clearance level of the remote user, if the clearance level of the remote user allows access to
the piece of the data with the sensitivity level;
(d) encrypting the piece of the data; and
(e) providing access to the encrypted piece of the data to the remote user.
21. The medium of claim 20, wherein the providing instruction (a) comprises
instructions for:
(al ) providing the data, wherein each piece of the data has one of a plurality of
sensitivity levels.
22. The medium of claim 20, wherein the authenticating instruction (b)
comprises instructions for:
(b 1 ) receiving identification data for the remote user;
(b2) authenticating the identification data of the remote user; and
(b3) verifying that the remote user has been assigned the clearance level for accessing the data.
23. The medium of claim 20, wherein the selecting instruction (c) comprises
instructions for:
(cl) receiving a request from the remote user for access to the piece of data;
(c2) determining if the clearance level of the remote user allows access to the
piece of data with the sensitivity level; and
(c3) selecting an encryption strength for the piece of data based on the clearance
level of the remote user, if the clearance level of the remote user allows access to the piece
of data with the sensitivity level.
24. The medium of claim 20, wherein the authenticating instruction (b)
comprises instructions for:
(bl) receiving identification data for the remote user and a request for a session
sensitivity level;
(b2) authenticating the identification data and validating the session sensitivity
level;
(b3) verifying that the remote user has been assigned the clearance level for
accessing the data; and
(b4) validating the session sensitivity level.
25. The medium of claim 24, wherein the validating instruction (b2) comprises instructions for:
(b4i) determining if the session sensitivity level allows the remote user to access
pieces of data with sensitivity levels at or below the clearance level for the remote user.
26. The medium of claim 20, wherein the selecting instruction (c) comprises
instructions for:
(c 1 ) determining pieces of data with sensitivity levels at or below the session
sensitivity level to which the clearance level allows the remote user to access; and
(c2) selecting an encryption strength for the pieces of data based on the session
sensitivity level.
27. The medium of claim 20, wherein the selecting of the encryption strength for
the piece of the data is also based on the sensitivity level of the piece of the data.
28. The medium of claim 20, wherein the selecting of the encryption strength for
the piece of the data is also based on a security rating of an output line onto which the
encrypted piece of the data will be provided to the remote user.
29. The medium of claim 20, further comprising instructions for:
(f) blocking access to pieces of data to which the clearance level does not allow
the remote user to access.
30. A computer readable medium with program instructions for configuring
encryption strengths for data, comprising the instructions for:
(a) providing a piece of the data with a sensitivity level;
(b) authenticating a remote user with a clearance level for accessing the data;
(c) receiving a request from the remote user for access to the piece of data;
(d) determining if the clearance level of the remote user allows access to the
piece of data with the sensitivity level;
(e) selecting an encryption strength for the piece of data based on the clearance
level of the remote user, if the clearance level of the remote user allows access to the piece
of data with the sensitivity level;
(f) encrypting the piece of the data; and
(g) providing access to the encrypted piece of the data to the remote user.
31. The medium of claim 30, wherein the selecting of the encryption strength for
the piece of the data is also based on the sensitivity level of the piece of the data.
32. The medium of claim 30, wherein the selecting of the encryption strength for
the piece of the data is also based on a security rating of an output line onto which the
encrypted piece of the data will be provided to the remote user.
33. The medium of claim 30, wherein the selecting of the encryption strength for
the piece of the data is also based on a session sensitivity level.
34. A computer readable medium with program instructions for configuring
encryption strengths for data, comprising the instructions for:
(a) providing the data, wherein each piece of the data has one of a plurality of
sensitivity levels;
(b) receiving a clearance level assigned to a remote user for accessing the data
and a request for a session sensitivity level;
(c) authenticating the remote user and validating the session sensitivity level;
(d) determining pieces of the data with sensitivity levels at or below the session
sensitivity level to which the clearance level allows the remote user to access; and
(e) selecting an encryption strength for the pieces of the data based on the session
sensitivity level;
(f) encrypting the pieces of the data; and
(g) providing access to the encrypted pieces of the data to the remote user.
35. The medium of claim 34, wherein the authenticating instruction (c) comprises
instructions for:
(cl) determining if the session sensitivity level allows the remote user to access
pieces of data with sensitivity levels at or below the clearance level for the remote user.
36. The medium of claim 34, wherein the selecting of the encryption strength for
the pieces of the data is also based on the clearance level of the remote user.
37. The medium of claim 34, wherein the selecting of the encryption strength for
the pieces of the data is also based on the sensitivity level of each piece of the data.
38. The medium of claim 34, wherein the selecting of the encryption strength for
the pieces of the data is also based on a security rating of an output line onto which the
encrypted pieces of the data will be provided to the remote user.
PCT/US2002/015367 2002-05-13 2002-05-13 Clearance-based method for dynamically configuring encryption strength WO2003098898A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2002/015367 WO2003098898A1 (en) 2002-05-13 2002-05-13 Clearance-based method for dynamically configuring encryption strength

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2002/015367 WO2003098898A1 (en) 2002-05-13 2002-05-13 Clearance-based method for dynamically configuring encryption strength

Publications (1)

Publication Number Publication Date
WO2003098898A1 true true WO2003098898A1 (en) 2003-11-27

Family

ID=29547644

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/015367 WO2003098898A1 (en) 2002-05-13 2002-05-13 Clearance-based method for dynamically configuring encryption strength

Country Status (1)

Country Link
WO (1) WO2003098898A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2411554A (en) * 2004-02-24 2005-08-31 Toshiba Res Europ Ltd Selecting encryption methods for secure transmission
WO2005083970A1 (en) * 2004-02-27 2005-09-09 Bae Systems Plc Secure computer communication
EP1766840A1 (en) * 2004-06-16 2007-03-28 Sxip Networks SRL Graduated authentication in an identity management system
US9245266B2 (en) 2004-06-16 2016-01-26 Callahan Cellular L.L.C. Auditable privacy policies in a distributed hierarchical identity management system
WO2016032752A1 (en) * 2014-08-28 2016-03-03 Motorola Solutions, Inc. Method and apparatus enabling interoperability between devices operating at different security levels and trust chains
US9928508B2 (en) 2000-08-04 2018-03-27 Intellectual Ventures I Llc Single sign-on for access to a central data repository

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5602916A (en) * 1994-10-05 1997-02-11 Motorola, Inc. Method and apparatus for preventing unauthorized monitoring of wireless data transmissions
US5689566A (en) * 1995-10-24 1997-11-18 Nguyen; Minhtam C. Network with secure communications sessions
WO2001011451A1 (en) * 1999-08-05 2001-02-15 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US6321201B1 (en) * 1996-06-20 2001-11-20 Anonymity Protection In Sweden Ab Data security system for a database having multiple encryption levels applicable on a data element value level

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5602916A (en) * 1994-10-05 1997-02-11 Motorola, Inc. Method and apparatus for preventing unauthorized monitoring of wireless data transmissions
US5689566A (en) * 1995-10-24 1997-11-18 Nguyen; Minhtam C. Network with secure communications sessions
US6321201B1 (en) * 1996-06-20 2001-11-20 Anonymity Protection In Sweden Ab Data security system for a database having multiple encryption levels applicable on a data element value level
WO2001011451A1 (en) * 1999-08-05 2001-02-15 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9928508B2 (en) 2000-08-04 2018-03-27 Intellectual Ventures I Llc Single sign-on for access to a central data repository
GB2411554A (en) * 2004-02-24 2005-08-31 Toshiba Res Europ Ltd Selecting encryption methods for secure transmission
GB2411554B (en) * 2004-02-24 2006-01-18 Toshiba Res Europ Ltd Multi-rate security
WO2005083970A1 (en) * 2004-02-27 2005-09-09 Bae Systems Plc Secure computer communication
EP1766840A4 (en) * 2004-06-16 2010-08-18 Dormarke Assets Llc Graduated authentication in an identity management system
US8959652B2 (en) 2004-06-16 2015-02-17 Dormarke Assets Limited Liability Company Graduated authentication in an identity management system
US9245266B2 (en) 2004-06-16 2016-01-26 Callahan Cellular L.L.C. Auditable privacy policies in a distributed hierarchical identity management system
US9398020B2 (en) 2004-06-16 2016-07-19 Callahan Cellular L.L.C. Graduated authentication in an identity management system
EP1766840A1 (en) * 2004-06-16 2007-03-28 Sxip Networks SRL Graduated authentication in an identity management system
WO2016032752A1 (en) * 2014-08-28 2016-03-03 Motorola Solutions, Inc. Method and apparatus enabling interoperability between devices operating at different security levels and trust chains

Similar Documents

Publication Publication Date Title
US7178166B1 (en) Vulnerability assessment and authentication of a computer by a local scanner
US6263432B1 (en) Electronic ticketing, authentication and/or authorization security system for internet applications
US7287271B1 (en) System and method for enabling secure access to services in a computer network
US6766454B1 (en) System and method for using an authentication applet to identify and authenticate a user in a computer network
US6725376B1 (en) Method of using an electronic ticket and distributed server computer architecture for the same
US6874084B1 (en) Method and apparatus for establishing a secure communication connection between a java application and secure server
US7562221B2 (en) Authentication method and apparatus utilizing proof-of-authentication module
US6775536B1 (en) Method for validating an application for use in a mobile communication device
US7150038B1 (en) Facilitating single sign-on by using authenticated code to access a password store
US7010600B1 (en) Method and apparatus for managing network resources for externally authenticated users
US6816900B1 (en) Updating trusted root certificates on a client computer
US6910136B1 (en) Verification of server authorization to provide network resources
US7024690B1 (en) Protected mutual authentication over an unsecured wireless communication channel
US6510236B1 (en) Authentication framework for managing authentication requests from multiple authentication devices
US5974550A (en) Method for strongly authenticating another process in a different address space
US6986040B1 (en) System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
US20030065956A1 (en) Challenge-response data communication protocol
US6134591A (en) Network security and integration method and system
US6988210B1 (en) Data processing system for application to access by accreditation
US7188181B1 (en) Universal session sharing
US20050044410A1 (en) System and method for device-based access privilege to an account
US20080148351A1 (en) Method and apparatus for providing access to an application-resource
US6105131A (en) Secure server and method of operation for a distributed information system
US6189100B1 (en) Ensuring the integrity of remote boot client data
US20070074033A1 (en) Account management in a system and method for providing code signing services

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP