CA2408437A1 - Method and apparatus for managing secure collaborative transactions - Google Patents
Method and apparatus for managing secure collaborative transactions Download PDFInfo
- Publication number
- CA2408437A1 CA2408437A1 CA002408437A CA2408437A CA2408437A1 CA 2408437 A1 CA2408437 A1 CA 2408437A1 CA 002408437 A CA002408437 A CA 002408437A CA 2408437 A CA2408437 A CA 2408437A CA 2408437 A1 CA2408437 A1 CA 2408437A1
- Authority
- CA
- Canada
- Prior art keywords
- key
- message
- chair
- group
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/1813—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for computer conferences, e.g. chat rooms
- H04L12/1822—Conducting the conference, e.g. admission, detection, selection or grouping of participants, correlating users to one or more conference sessions, prioritising transmission
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Abstract
Different levels of security are provided in a security system so that users can decide the security level of their own communications. Users can choose a low level of security and maintain the security overhead as low as possible.
Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telescape. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called "tribes" can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides.
Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telescape. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called "tribes" can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides.
Claims (75)
1. A method for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising the steps of:
(a) prior to performing collaborative transactions, selecting a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
(b) if a level of security selected in step (a) requires protecting the authenticity and integrity of delta messages, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and (c) if a level of security selected in step (a) requires protecting the confidentiality of delta messages, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
(a) prior to performing collaborative transactions, selecting a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
(b) if a level of security selected in step (a) requires protecting the authenticity and integrity of delta messages, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and (c) if a level of security selected in step (a) requires protecting the confidentiality of delta messages, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
2. The method of claim 1 wherein the first collaboration member and the second collaboration member are part of a secure group and a single encryption key is used to encrypt data in delta messages for the entire group.
3. The method of claim 2 wherein a single authentication key is used to authenticate delta messages for the entire group.
4. The method of claim 3 wherein step (b) comprises hashing the selected information with a one-way hashing function and providing the hashed information to the MAC algorithm along with the single authentication key.
5. The method of claim 4 wherein each message includes a header, a key version number and the data and wherein the selected information in step (b) is the header and the data.
6. The method of claim 5 wherein the key version number is the key version of the single authentication key.
7. The method of claim 5 wherein the key version number comprises a unique key identifier and an incremental sequence number.
8. The method of claim 2 wherein a separate authentication key is used to authenticate delta messages between each pair of group members.
9. The method of claim 8 wherein step (b) comprises hashing the selected information with a one-way hashing function and providing the hashed information to the MAC algorithm along with each separate authentication key to generate a separate authenticator for each pair of members and concatenating the separate authenticators to generate the message authentication code.
10. The method of claim 8 wherein step (b) comprises hashing the selected information with a one-way hashing function and providing the hashed information to a public key signature algorithm along with the private signing key of the message sender to generate the message authentication code.
11. The method of claim 8 wherein each message includes a header, a key version number and the data and wherein the selected information in step (b) is the header and the data.
12. The method of claim 11 wherein the key version number is a concatenation of the key versions of all separate authentication keys.
13. A method of adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, the method comprising:
(a) selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
(b) sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
(c) sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
(d) sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and (e) sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
(a) selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
(b) sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
(c) sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
(d) sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and (e) sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
14. The method of claim 13 wherein step (b) comprises generating a first one-time key, encrypting the invitation information with the first one-time key and encrypting the first one-time key with the invitee's public key and including the encrypted first one-time key and the encrypted invitation information in the invitation message.
15. The method of claim 13 wherein step (c) comprises generating a second one-time key, encrypting the acceptance information with the second one-time key, encrypting the second one-time key with the chair's public key and including the encrypted second one-time key and the encrypted acceptance information in the acceptance message.
16. The method of claim 13 wherein step (e) comprises generating a third one-time key, encrypting the group data information with the third one-time key and encrypting the third one-time key with the invitee's public key and including the encrypted third one-time key and the encrypted group data information in the invitation message.
17. The method of claim 13 wherein the invitation message further includes a header and a digital signature of a hash of the header, the invitation nonce, the first one-time key, and the invitation information.
18. The method of claim 13 wherein the invitation message further includes a chair's digital certificate including the chair's name, the chair's public signature verification key and the chair's public key.
19. The method of claim 13 wherein the acceptance message further includes a header and a digital signature of a hash of the header, the chair's name, the invitation nonce, the acceptance nonce, the second one-time key, and the acceptance information.
20. The method of claim 13 wherein the acceptance message further includes an invitee's digital certificate including the invitee's name, the invitee's public signature verification key and the invitee's public key.
21. The method of claim 13 wherein step (c) comprises verification of the signed invitation nonce received by the chair in the acceptance message.
22. The method of claim 21 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises a recalculation of the signed invitation nonce by the chair and a software comparison of the recalculated signed invitation nonce with the signed invitation nonce received in the acceptance message.
23. The method of claim 21 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises visually displaying the signed invitation nonce received by the chair in the acceptance message to the chair for manual verification.
24. A method for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, the method comprising:
(a) encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
(b) encrypting the new group encryption key with an inter-member key between the first and the second member;
(c) piggybacking the encrypted group encryption key along with the data message; and (d) protecting the data message with the new group encryption key.
(a) encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
(b) encrypting the new group encryption key with an inter-member key between the first and the second member;
(c) piggybacking the encrypted group encryption key along with the data message; and (d) protecting the data message with the new group encryption key.
25. The method of claim 24 further comprising inserting a key version number for the new group encryption key into the data message.
26. The method of claim 24 further comprising concatenating new key version numbers for all new inter-member keys when new inter-member keys are being distributed and inserting the new key version concatenation into the data message and concatenating old key version numbers for all old inter-member keys when new inter-member keys are not being distributed and inserting the old key version concatenation into the data message.
27. The method of claim 24 further comprising encrypting the new group encryption key with an inter-member key between each pair of members in the group, concatenating the encrypted group encryption keys and inserting the concatenation into the data message.
28. The method of claim 26 further comprising encrypting the new inter-member encryption keys between each pair of members in the group with a public key of each member, concatenating the encrypted inter-member encryption keys and inserting the concatenation into the data message.
29. An algorithm-independent architecture for providing a security service to an application comprising:
a plurality of algorithm-independent abstract services, at least some of which can be combined to implement the security service;
a plurality of static links between the security service and one or more of the abstract services which implement the security service;
a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract services; and a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services.
a plurality of algorithm-independent abstract services, at least some of which can be combined to implement the security service;
a plurality of static links between the security service and one or more of the abstract services which implement the security service;
a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract services; and a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services.
30. The architecture of claim 29 wherein each of the abstract services comprises an abstract service object which exports an application programming interface which includes methods that can be invoked by the service.
31. The architecture of claim 30 wherein all of the abstract service objects are contained in a dynamic link library.
32. The architecture of claim 31 wherein each abstract service object comprises non-static member variables.
33. The architecture of claim 32 wherein each concrete primitive service comprises a concrete primitive service object having specific algorithms for providing a primitive service and static member variables which hold data generated by the specific algorithms.
34. The architecture of claim 33 wherein each concrete primitive service object comprises a constructor method which uploads data in the static member variables into the non-static member variables in the abstract primitive service object.
35. The architecture of claim 34 wherein each abstract primitive service object creates one or more concrete primitive service objects by calling a constructor method therein to implement a primitive service.
36. Apparatus for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising:
a mechanism controlled by the user and operable prior to performing collaborative transactions, which selects a level of security that determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
a protocol engine that cooperates with the security level selecting mechanism and protects the authenticity and integrity of delta messages by, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and wherein the protocol engine protects the confidentiality of delta messages by, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
a mechanism controlled by the user and operable prior to performing collaborative transactions, which selects a level of security that determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
a protocol engine that cooperates with the security level selecting mechanism and protects the authenticity and integrity of delta messages by, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and wherein the protocol engine protects the confidentiality of delta messages by, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
37. The apparatus of claim 36 wherein the first collaboration member and the second collaboration member are part of a secure group and a single encryption key is used to encrypt data in delta messages for the entire group.
38. The apparatus of claim 37 wherein a single authentication key is used to authenticate delta messages for the entire group.
39. The apparatus of claim 38 wherein the protocol engine comprises an authentication module that hashes the selected information with a one-way hashing function and provides the hashed information to the MAC algorithm along with the single authentication key.
40. The apparatus of claim 39 wherein each message includes a header, a key version number and the data and wherein the selected information on which the protocol engine operates is the header and the data.
41. The apparatus of claim 40 wherein the key version number is the key version of the single authentication key.
42. The apparatus of claim 40 wherein the key version number comprises a unique key identifier and an incremental sequence number.
43. The apparatus of claim 37 wherein a separate authentication key is used to authenticate delta messages between each pair of group members.
44. The apparatus of claim 43 wherein the protocol engine comprises an authentication module that hashes the selected information with a one-way hashing function and provides the hashed information to the MAC algorithm along with each separate authentication key to generate a separate authenticator for each pair of members and concatenating the separate authenticators to generate the message authentication code.
45. The apparatus of claim 42 wherein the protocol engine comprises an authentication module that hashes the selected information with a one-way hashing function and provides the hashed information to a public key signature algorithm along with the private signing key of the message sender to generate the message authentication code.
46. The apparatus of claim 42 wherein each message includes a header, a key version number and the data and wherein the selected information on which the protocol engine operates is the header and the data.
47. The apparatus of claim 46 wherein the key version number is a concatenation of the key versions of all separate authentication keys.
48. Apparatus for adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, comprising:
a mechanism that selects at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
a chair protocol engine that sends an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
an invitee protocol engine that sends an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
a chair delta mechanism that sends a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and a chair joining mechanism that sends a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
a mechanism that selects at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
a chair protocol engine that sends an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
an invitee protocol engine that sends an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
a chair delta mechanism that sends a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and a chair joining mechanism that sends a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
49. The apparatus of claim 48 wherein the chair protocol engine generates a first one-time key, encrypts the invitation information with the first one-time key and encrypts the first one-time key with the invitee's public key and includes the encrypted first one-time key and the encrypted invitation information in the invitation message.
50. The apparatus of claim 48 wherein the invitee protocol engine generates a second one-time key, encrypts the acceptance information with the second one-time key, encrypts the second one-time key with the chair's public key and includes the encrypted second one-time key and the encrypted acceptance information in the acceptance message.
51. The apparatus of claim 48 wherein the chair joining mechanism generates a third one-time key, encrypts the group data information with the third one-time key and encrypts the third one-time key with the invitee's public key and includes the encrypted third one-time key and the encrypted group data information in the invitation message.
52. The apparatus of claim 48 wherein the invitation message further includes a header and a digital signature of a hash of the header, the invitation nonce, the first one-time key, and the invitation information.
53. The apparatus of claim 48 wherein the invitation message further includes a chair's digital certificate including the chair's name, the chair's public signature verification key and the chair's public key.
54. The apparatus of claim 48 wherein the acceptance message further includes a header and a digital signature of a hash of the header, the chair's name, the invitation nonce, the acceptance nonce, the second one-time key, and the acceptance information.
55. The apparatus of claim 48 wherein the acceptance message further includes an invitee's digital certificate including the invitee's name, the invitee's public signature verification key and the invitee's public key.
56. The apparatus of claim 48 wherein the chair protocol engine verifies the signed invitation nonce received by the chair in the acceptance message.
57. The apparatus of claim 56 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises a recalculation of the signed invitation nonce by the chair and a software comparison of the recalculated signed invitation nonce with the signed invitation nonce received in the acceptance message.
58. The apparatus of claim 56 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises visually displaying the signed invitation nonce received by the chair in the acceptance message to the chair for manual verification.
59. Apparatus for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, comprising:
a first encryption module that encrypts data for a data message to be sent from a first member to a second member with a new group encryption key;
a second encryption module that encrypts the new group encryption key with an inter-member key between the first and the second member;
a protocol engine that piggybacks the encrypted group encryption key along with the data message; and a third encryption module that protects the data message with the new group encryption key.
a first encryption module that encrypts data for a data message to be sent from a first member to a second member with a new group encryption key;
a second encryption module that encrypts the new group encryption key with an inter-member key between the first and the second member;
a protocol engine that piggybacks the encrypted group encryption key along with the data message; and a third encryption module that protects the data message with the new group encryption key.
50. The apparatus of claim 59 further comprising a versioning mechanism that inserts a key version number for the new group encryption key into the data message.
61. The apparatus of claim 60 further comprising an aggregate key version mechanism that concatenates new key version numbers for all new inter-member keys when new inter-member keys are being distributed and inserts the new key version concatenation into the data message and concatenates old key version numbers for all old inter-member keys when new inter-member keys are not being distributed and inserts the old key version concatenation into the data message.
62. The apparatus of claim 59 further comprising a first key generator that encrypts the new group encryption key with an inter-member key between each pair of members in the group, concatenates the encrypted group encryption keys and inserts the concatenation into the data message.
63. The method of claim 61 further comprising a second key generator that encrypts the new inter-member encryption keys between each pair of members in the group with a public key of each member, concatenates the encrypted inter-member encryption keys and inserts the concatenation into the data message.
64. A computer program product for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
65. The computer program product of claim 64 wherein the first collaboration member and the second collaboration member are part of a secure group and a single encryption key is used to encrypt data in delta messages for the entire group.
66. The computer program product of claim 65 wherein a single authentication key is used to authenticate delta messages for the entire group.
67. The computer program product of claim 66 wherein the program code that is operable if a selected level of security requires protecting the authenticity and integrity of delta messages comprises program code for hashing the selected information with a one-way hashing function and providing the hashed information to the MAC algorithm along with the single authentication key.
68. A computer program product for adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
program code for selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
program code for sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
program code for sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
program code for sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and program code for sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
program code for selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
program code for sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
program code for sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
program code for sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and program code for sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
69. The computer program product of claim 68 wherein the program code for sending an invitation message from the chair to the invitee comprises program code for generating a first one-time key, encrypting the invitation information with the first one-time key and encrypting the first one-time key with the invitee's public key and including the encrypted first one-time key and the encrypted invitation information in the invitation message.
70. The computer program product of claim 68 wherein the program code for sending an acceptance message from the invitee to the chair comprises program code for generating a second one-time key, encrypting the acceptance information with the second one-time key, encrypting the second one-time key with the chair's public key and including the encrypted second one-time key and the encrypted acceptance information in the acceptance message.
71. The computer program product of claim 68 wherein the program code for sending a group data message from the chair to the invitee comprises program code for generating a third one-time key, encrypting the group data information with the third one-time key and encrypting the third one-time key with the invitee's public key and including the encrypted third one-time key and the encrypted group data information in the invitation message.
72. A computer program product for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
program code for encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
program code for encrypting the new group encryption key with an inter-member key between the first and the second member;
program code for piggybacking the encrypted group encryption key along with the data message; and program code for protecting the data message with the new group encryption key.
program code for encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
program code for encrypting the new group encryption key with an inter-member key between the first and the second member;
program code for piggybacking the encrypted group encryption key along with the data message; and program code for protecting the data message with the new group encryption key.
73. A computer data signal embodied in a carrier wave for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, the computer data signal comprising:
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
74. A computer data signal embodied in a carrier wave for adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, the computer data signal comprising:
program code for selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
program code for sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
program code for sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
program code for sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and program code for sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
program code for selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
program code for sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
program code for sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
program code for sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and program code for sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
75. A computer data signal embodied in a carrier wave for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, the computer data signal comprising:
program code for encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
program code for encrypting the new group encryption key with an inter-member key between the first and the second member;
program code for piggybacking the encrypted group encryption key along with the data message; and program code for protecting the data message with the new group encryption key.
program code for encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
program code for encrypting the new group encryption key with an inter-member key between the first and the second member;
program code for piggybacking the encrypted group encryption key along with the data message; and program code for protecting the data message with the new group encryption key.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/571,851 | 2000-05-12 | ||
US09/571,851 US6986046B1 (en) | 2000-05-12 | 2000-05-12 | Method and apparatus for managing secure collaborative transactions |
PCT/US2001/014093 WO2001088674A2 (en) | 2000-05-12 | 2001-05-02 | Method and apparatus for managing secure collaborative transactions |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2408437A1 true CA2408437A1 (en) | 2001-11-22 |
CA2408437C CA2408437C (en) | 2010-11-30 |
Family
ID=24285327
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2408437A Expired - Fee Related CA2408437C (en) | 2000-05-12 | 2001-05-02 | Method and apparatus for managing secure collaborative transactions |
Country Status (10)
Country | Link |
---|---|
US (4) | US6986046B1 (en) |
EP (4) | EP1698959A1 (en) |
JP (2) | JP4955181B2 (en) |
KR (1) | KR100905141B1 (en) |
AT (1) | ATE346333T1 (en) |
AU (1) | AU2001261117A1 (en) |
CA (1) | CA2408437C (en) |
DE (1) | DE60124765T2 (en) |
IL (2) | IL152351A0 (en) |
WO (1) | WO2001088674A2 (en) |
Families Citing this family (176)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7013310B2 (en) | 2002-01-03 | 2006-03-14 | Cashedge, Inc. | Method and apparatus for retrieving and processing data |
US7797207B1 (en) | 2000-07-24 | 2010-09-14 | Cashedge, Inc. | Method and apparatus for analyzing financial data |
US8086508B2 (en) | 2000-07-24 | 2011-12-27 | Cashedge, Inc. | Method and apparatus for delegating authority |
US7536340B2 (en) | 2000-07-24 | 2009-05-19 | Cashedge, Inc. | Compliance monitoring method and apparatus |
US7146338B2 (en) | 2001-06-28 | 2006-12-05 | Checkfree Services Corporation | Inter-network financial service |
US7383223B1 (en) | 2000-09-20 | 2008-06-03 | Cashedge, Inc. | Method and apparatus for managing multiple accounts |
FR2823928B1 (en) * | 2001-04-19 | 2003-08-22 | Canal Plus Technologies | METHOD FOR SECURE COMMUNICATION BETWEEN TWO DEVICES |
JP4604422B2 (en) | 2001-07-31 | 2011-01-05 | ソニー株式会社 | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION METHOD |
US7203845B2 (en) * | 2002-01-11 | 2007-04-10 | Cashedge, Inc. | Multiple trust modes for handling data |
US7627753B2 (en) * | 2002-03-19 | 2009-12-01 | Microsoft Corporation | Secure digital data format and code enforced policy |
US7120797B2 (en) * | 2002-04-24 | 2006-10-10 | Microsoft Corporation | Methods for authenticating potential members invited to join a group |
US20040006705A1 (en) * | 2002-07-05 | 2004-01-08 | Walker Jesse R. | Secure two-message synchronization in wireless networks |
US7515569B2 (en) * | 2002-11-27 | 2009-04-07 | Agere Systems, Inc. | Access control for wireless systems |
US7730446B2 (en) * | 2003-03-12 | 2010-06-01 | Microsoft Corporation | Software business process model |
US7577934B2 (en) * | 2003-03-12 | 2009-08-18 | Microsoft Corporation | Framework for modeling and providing runtime behavior for business software applications |
US7376834B2 (en) * | 2003-07-18 | 2008-05-20 | Palo Alto Research Center Incorporated | System and method for securely controlling communications |
US7103779B2 (en) * | 2003-09-18 | 2006-09-05 | Apple Computer, Inc. | Method and apparatus for incremental code signing |
US8190893B2 (en) | 2003-10-27 | 2012-05-29 | Jp Morgan Chase Bank | Portable security transaction protocol |
US7302060B2 (en) * | 2003-11-10 | 2007-11-27 | Qualcomm Incorporated | Method and application for authentication of a wireless communication using an expiration marker |
US8060743B2 (en) * | 2003-11-14 | 2011-11-15 | Certicom Corp. | Cryptographic method and apparatus |
US7783769B2 (en) * | 2004-03-31 | 2010-08-24 | Intel Corporation | Accelerated TCP (Transport Control Protocol) stack processing |
ATE505766T1 (en) * | 2004-04-29 | 2011-04-15 | Nxp Bv | INTRUSION DETECTION DURING PROGRAM EXECUTION IN A COMPUTER |
US20060010205A1 (en) * | 2004-05-21 | 2006-01-12 | Bea Systems, Inc. | Systems and methods for collaboration impersonation |
US20050262075A1 (en) | 2004-05-21 | 2005-11-24 | Bea Systems, Inc. | Systems and methods for collaboration shared state management |
US20060010125A1 (en) * | 2004-05-21 | 2006-01-12 | Bea Systems, Inc. | Systems and methods for collaborative shared workspaces |
JP2006018430A (en) * | 2004-06-30 | 2006-01-19 | Ricoh Co Ltd | Information processor, network system, program, data structure and storage medium |
US7480803B1 (en) * | 2004-07-23 | 2009-01-20 | Sprint Communications Company L.P. | System and method for securing system content by automated device authentication |
US7636841B2 (en) | 2004-07-26 | 2009-12-22 | Intercall, Inc. | Systems and methods for secure data exchange in a distributed collaborative application |
MX2007001072A (en) * | 2004-07-29 | 2007-04-17 | Vadium Technology Inc | Techniques to strengthen one-time pad encryption. |
US8656161B2 (en) * | 2004-11-30 | 2014-02-18 | Nec Corporation | Information sharing system, information sharing method, group management program and compartment management program |
JP4701706B2 (en) * | 2004-12-22 | 2011-06-15 | 富士ゼロックス株式会社 | Information processing apparatus, method, and program |
US7752253B2 (en) * | 2005-04-25 | 2010-07-06 | Microsoft Corporation | Collaborative invitation system and method |
JP4900891B2 (en) * | 2005-04-27 | 2012-03-21 | キヤノン株式会社 | Communication apparatus and communication method |
US7890220B2 (en) * | 2005-05-03 | 2011-02-15 | Mks Instruments, Inc. | Low overhead closed loop control system |
US7647508B2 (en) * | 2005-06-16 | 2010-01-12 | Intel Corporation | Methods and apparatus for providing integrity protection for management and control traffic of wireless communication networks |
US20070076709A1 (en) * | 2005-07-01 | 2007-04-05 | Geoffrey Mattson | Apparatus and method for facilitating a virtual private local area network service with realm specific addresses |
US20070086456A1 (en) * | 2005-08-12 | 2007-04-19 | Electronics And Telecommunications Research Institute | Integrated layer frame processing device including variable protocol header |
US8306918B2 (en) | 2005-10-11 | 2012-11-06 | Apple Inc. | Use of media storage structure with multiple pieces of content in a content-distribution system |
US20070101400A1 (en) * | 2005-10-31 | 2007-05-03 | Overcow Corporation | Method of providing secure access to computer resources |
US20070157266A1 (en) * | 2005-12-23 | 2007-07-05 | United Video Properties, Inc. | Interactive media guidance system having multiple devices |
US20070157281A1 (en) * | 2005-12-23 | 2007-07-05 | United Video Properties, Inc. | Interactive media guidance system having multiple devices |
US8364965B2 (en) * | 2006-03-15 | 2013-01-29 | Apple Inc. | Optimized integrity verification procedures |
US8627092B2 (en) * | 2006-03-22 | 2014-01-07 | Lg Electronics Inc. | Asymmetric cryptography for wireless systems |
US8224751B2 (en) | 2006-05-03 | 2012-07-17 | Apple Inc. | Device-independent management of cryptographic information |
US7945053B2 (en) * | 2006-05-15 | 2011-05-17 | Intel Corporation | Methods and apparatus for a keying mechanism for end-to-end service control protection |
US7940926B2 (en) * | 2006-06-08 | 2011-05-10 | Novell, Inc. | Cooperative encoding of data by pluralities of parties |
US8301753B1 (en) | 2006-06-27 | 2012-10-30 | Nosadia Pass Nv, Limited Liability Company | Endpoint activity logging |
US7668954B1 (en) | 2006-06-27 | 2010-02-23 | Stephen Waller Melvin | Unique identifier validation |
GB0612775D0 (en) * | 2006-06-28 | 2006-08-09 | Ibm | An apparatus for securing a communications exchange between computers |
US20080005558A1 (en) * | 2006-06-29 | 2008-01-03 | Battelle Memorial Institute | Methods and apparatuses for authentication and validation of computer-processable communications |
US8127135B2 (en) * | 2006-09-28 | 2012-02-28 | Hewlett-Packard Development Company, L.P. | Changing of shared encryption key |
JP4886463B2 (en) | 2006-10-20 | 2012-02-29 | キヤノン株式会社 | Communication parameter setting method, communication apparatus, and management apparatus for managing communication parameters |
KR101365603B1 (en) | 2006-12-04 | 2014-02-20 | 삼성전자주식회사 | Method for conditional inserting authentication code and apparatus therefor, Method for conditional using data through authenticating and apparatus therefor |
US10416838B2 (en) * | 2006-12-11 | 2019-09-17 | Oath Inc. | Graphical messages |
US7765266B2 (en) * | 2007-03-30 | 2010-07-27 | Uranus International Limited | Method, apparatus, system, medium, and signals for publishing content created during a communication |
US8060887B2 (en) * | 2007-03-30 | 2011-11-15 | Uranus International Limited | Method, apparatus, system, and medium for supporting multiple-party communications |
US8627211B2 (en) * | 2007-03-30 | 2014-01-07 | Uranus International Limited | Method, apparatus, system, medium, and signals for supporting pointer display in a multiple-party communication |
US7950046B2 (en) * | 2007-03-30 | 2011-05-24 | Uranus International Limited | Method, apparatus, system, medium, and signals for intercepting a multiple-party communication |
US8702505B2 (en) * | 2007-03-30 | 2014-04-22 | Uranus International Limited | Method, apparatus, system, medium, and signals for supporting game piece movement in a multiple-party communication |
WO2008119149A1 (en) * | 2007-03-30 | 2008-10-09 | Uranus International Limited | Method, apparatus, system, and medium for supporting multiple-party communications |
US7765261B2 (en) * | 2007-03-30 | 2010-07-27 | Uranus International Limited | Method, apparatus, system, medium and signals for supporting a multiple-party communication on a plurality of computer servers |
US8705348B2 (en) * | 2007-04-18 | 2014-04-22 | Cisco Technology, Inc. | Use of metadata for time based anti-replay |
EP1986151A1 (en) * | 2007-04-23 | 2008-10-29 | Hewlett-Packard Development Company, L.P. | A data processing system, method and computer program product for providing a service to a service requester |
US20080288376A1 (en) | 2007-04-27 | 2008-11-20 | Cashedge, Inc. | Centralized payment hub method and system |
US9311492B2 (en) | 2007-05-22 | 2016-04-12 | Apple Inc. | Media storage structures for storing content, devices for using such structures, systems for distributing such structures |
US8347098B2 (en) * | 2007-05-22 | 2013-01-01 | Apple Inc. | Media storage structures for storing content, devices for using such structures, systems for distributing such structures |
US20090034734A1 (en) * | 2007-07-31 | 2009-02-05 | Viasat, Inc. | Multi-Level Key Manager |
TWI378702B (en) * | 2007-08-24 | 2012-12-01 | Ind Tech Res Inst | Group authentication method |
WO2009033248A1 (en) * | 2007-09-10 | 2009-03-19 | Novell, Inc. | A method for efficient thread usage for hierarchically structured tasks |
KR100959074B1 (en) * | 2007-12-12 | 2010-05-20 | 한국전자통신연구원 | The security group creation and authentication on the p2p network |
US8522360B2 (en) * | 2008-01-28 | 2013-08-27 | Seagate Technology Llc | Posted move in anchor point-based digital rights management |
US8533474B2 (en) * | 2008-02-27 | 2013-09-10 | Red Hat, Inc. | Generating session keys |
US8688975B2 (en) * | 2008-03-25 | 2014-04-01 | International Business Machines Corporation | Certifying a virtual entity in a virtual universe |
CN101547443B (en) * | 2008-03-28 | 2011-12-21 | 上海华为技术有限公司 | Method for transmitting signaling and communication device |
US8458456B2 (en) * | 2008-04-30 | 2013-06-04 | Nec Europe Ltd. | Method and system for verifying the identity of a communication partner |
JP5480890B2 (en) | 2008-05-29 | 2014-04-23 | エルジー エレクトロニクス インコーポレイティド | Control signal encryption method |
CN101321209B (en) * | 2008-06-19 | 2011-11-16 | 上海软中信息技术有限公司 | Safe communication distributed data extraction method and implementing system based on PSTN |
US8230217B2 (en) * | 2008-10-13 | 2012-07-24 | International Business Machines Corporation | Method and system for secure collaboration using slepian-wolf codes |
US7899056B2 (en) * | 2009-01-13 | 2011-03-01 | Fujitsu Limited | Device and method for reducing overhead in a wireless network |
US8023513B2 (en) * | 2009-02-24 | 2011-09-20 | Fujitsu Limited | System and method for reducing overhead in a wireless network |
US8812854B2 (en) * | 2009-10-13 | 2014-08-19 | Google Inc. | Firmware verified boot |
US8806190B1 (en) | 2010-04-19 | 2014-08-12 | Amaani Munshi | Method of transmission of encrypted documents from an email application |
JP5301034B2 (en) * | 2010-05-19 | 2013-09-25 | 三洋電機株式会社 | OBE |
WO2012003504A2 (en) * | 2010-07-02 | 2012-01-05 | Air Computing, Inc. | A system and method for cloud file management |
WO2012099617A1 (en) | 2011-01-20 | 2012-07-26 | Box.Net, Inc. | Real time notification of activities that occur in a web-based collaboration environment |
US8751777B2 (en) | 2011-01-28 | 2014-06-10 | Honeywell International Inc. | Methods and reconfigurable systems to optimize the performance of a condition based health maintenance system |
US8990770B2 (en) | 2011-05-25 | 2015-03-24 | Honeywell International Inc. | Systems and methods to configure condition based health maintenance systems |
US8880886B2 (en) | 2011-05-26 | 2014-11-04 | First Data Corporation | Systems and methods for authenticating mobile devices |
US9652741B2 (en) | 2011-07-08 | 2017-05-16 | Box, Inc. | Desktop application for access and interaction with workspaces in a cloud-based content management system and synchronization mechanisms thereof |
US8856530B2 (en) | 2011-09-21 | 2014-10-07 | Onyx Privacy, Inc. | Data storage incorporating cryptographically enhanced data protection |
US20130080768A1 (en) * | 2011-09-26 | 2013-03-28 | Erik Lagerway | Systems and methods for secure communications using an open peer protocol |
GB2507935B (en) * | 2011-10-12 | 2014-07-30 | Ibm | Method, system, mediation server, client, and computer program for deleting information in order to maintain security level |
US8726084B2 (en) | 2011-10-14 | 2014-05-13 | Honeywell International Inc. | Methods and systems for distributed diagnostic reasoning |
US9098474B2 (en) | 2011-10-26 | 2015-08-04 | Box, Inc. | Preview pre-generation based on heuristics and algorithmic prediction/assessment of predicted user behavior for enhancement of user experience |
WO2013062599A1 (en) | 2011-10-26 | 2013-05-02 | Box, Inc. | Enhanced multimedia content preview rendering in a cloud content management system |
WO2013082320A1 (en) | 2011-11-29 | 2013-06-06 | Box, Inc. | Mobile platform file and folder selection functionalities for offline access and synchronization |
US9904435B2 (en) | 2012-01-06 | 2018-02-27 | Box, Inc. | System and method for actionable event generation for task delegation and management via a discussion forum in a web-based collaboration environment |
US20130191629A1 (en) * | 2012-01-19 | 2013-07-25 | Laconic Security, Llc | Secure group-based data storage in the cloud |
US11232481B2 (en) | 2012-01-30 | 2022-01-25 | Box, Inc. | Extended applications of multimedia content previews in the cloud-based content management system |
US9965745B2 (en) | 2012-02-24 | 2018-05-08 | Box, Inc. | System and method for promoting enterprise adoption of a web-based collaboration environment |
US9575981B2 (en) | 2012-04-11 | 2017-02-21 | Box, Inc. | Cloud service enabled to handle a set of files depicted to a user as a single file in a native operating system |
US9413587B2 (en) | 2012-05-02 | 2016-08-09 | Box, Inc. | System and method for a third-party application to access content within a cloud-based platform |
WO2013166520A1 (en) | 2012-05-04 | 2013-11-07 | Box, Inc. | Repository redundancy implementation of a system which incrementally updates clients with events that occurred via cloud-enabled platform |
CN102708192B (en) * | 2012-05-15 | 2017-11-28 | 华为技术有限公司 | A kind of method and system of document sharing, equipment |
US9691051B2 (en) | 2012-05-21 | 2017-06-27 | Box, Inc. | Security enhancement through application access control |
US8832649B2 (en) * | 2012-05-22 | 2014-09-09 | Honeywell International Inc. | Systems and methods for augmenting the functionality of a monitoring node without recompiling |
US8914900B2 (en) | 2012-05-23 | 2014-12-16 | Box, Inc. | Methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform |
US9712510B2 (en) | 2012-07-06 | 2017-07-18 | Box, Inc. | Systems and methods for securely submitting comments among users via external messaging applications in a cloud-based platform |
GB2505072A (en) | 2012-07-06 | 2014-02-19 | Box Inc | Identifying users and collaborators as search results in a cloud-based system |
US9166958B2 (en) * | 2012-07-17 | 2015-10-20 | Texas Instruments Incorporated | ID-based control unit-key fob pairing |
US9081953B2 (en) | 2012-07-17 | 2015-07-14 | Oracle International Corporation | Defense against search engine tracking |
US9794256B2 (en) | 2012-07-30 | 2017-10-17 | Box, Inc. | System and method for advanced control tools for administrators in a cloud-based service |
US8832716B2 (en) | 2012-08-10 | 2014-09-09 | Honeywell International Inc. | Systems and methods for limiting user customization of task workflow in a condition based health maintenance system |
GB2513671A (en) | 2012-08-27 | 2014-11-05 | Box Inc | Server side techniques for reducing database workload in implementing selective subfolder synchronization in a cloud-based environment |
US9135462B2 (en) | 2012-08-29 | 2015-09-15 | Box, Inc. | Upload and download streaming encryption to/from a cloud-based platform |
US9195519B2 (en) | 2012-09-06 | 2015-11-24 | Box, Inc. | Disabling the self-referential appearance of a mobile application in an intent via a background registration |
US9117087B2 (en) | 2012-09-06 | 2015-08-25 | Box, Inc. | System and method for creating a secure channel for inter-application communication based on intents |
US9292833B2 (en) | 2012-09-14 | 2016-03-22 | Box, Inc. | Batching notifications of activities that occur in a web-based collaboration environment |
US10915492B2 (en) | 2012-09-19 | 2021-02-09 | Box, Inc. | Cloud-based platform enabled with media content indexed for text-based searches and/or metadata extraction |
US9037920B2 (en) | 2012-09-28 | 2015-05-19 | Honeywell International Inc. | Method for performing condition based data acquisition in a hierarchically distributed condition based maintenance system |
US9959420B2 (en) | 2012-10-02 | 2018-05-01 | Box, Inc. | System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment |
US9495364B2 (en) | 2012-10-04 | 2016-11-15 | Box, Inc. | Enhanced quick search features, low-barrier commenting/interactive features in a collaboration platform |
US9665349B2 (en) | 2012-10-05 | 2017-05-30 | Box, Inc. | System and method for generating embeddable widgets which enable access to a cloud-based collaboration platform |
KR101659113B1 (en) * | 2012-10-09 | 2016-09-23 | 엘에스산전 주식회사 | System for clouding service provide of power system |
US10235383B2 (en) | 2012-12-19 | 2019-03-19 | Box, Inc. | Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment |
CN103067156B (en) * | 2012-12-28 | 2016-01-20 | 北京移数通电讯有限公司 | The URL encryption of mobile Internet user resources access, verification method and device |
US20140188728A1 (en) | 2012-12-31 | 2014-07-03 | Fiserv, Inc. | Systems and methods for performing financial transactions |
US9396245B2 (en) | 2013-01-02 | 2016-07-19 | Box, Inc. | Race condition handling in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform |
US9953036B2 (en) | 2013-01-09 | 2018-04-24 | Box, Inc. | File system monitoring in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform |
US9507795B2 (en) | 2013-01-11 | 2016-11-29 | Box, Inc. | Functionalities, features, and user interface of a synchronization client to a cloud-based environment |
US10599671B2 (en) | 2013-01-17 | 2020-03-24 | Box, Inc. | Conflict resolution, retry condition management, and handling of problem files for the synchronization client to a cloud-based platform |
US10725968B2 (en) | 2013-05-10 | 2020-07-28 | Box, Inc. | Top down delete or unsynchronization on delete of and depiction of item synchronization with a synchronization client to a cloud-based platform |
US10846074B2 (en) | 2013-05-10 | 2020-11-24 | Box, Inc. | Identification and handling of items to be ignored for synchronization with a cloud-based platform by a synchronization client |
US9633037B2 (en) | 2013-06-13 | 2017-04-25 | Box, Inc | Systems and methods for synchronization event building and/or collapsing by a synchronization component of a cloud-based platform |
US9805050B2 (en) | 2013-06-21 | 2017-10-31 | Box, Inc. | Maintaining and updating file system shadows on a local device by a synchronization client of a cloud-based platform |
US9467283B2 (en) | 2013-06-24 | 2016-10-11 | Blackberry Limited | Securing method for lawful interception |
US9535924B2 (en) | 2013-07-30 | 2017-01-03 | Box, Inc. | Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform |
US9584488B2 (en) | 2013-08-09 | 2017-02-28 | Introspective Power, Inc. | Data encryption cipher using rotating ports |
US9584313B2 (en) * | 2013-08-09 | 2017-02-28 | Introspective Power, Inc. | Streaming one time pad cipher using rotating ports for data encryption |
US10509527B2 (en) | 2013-09-13 | 2019-12-17 | Box, Inc. | Systems and methods for configuring event-based automation in cloud-based collaboration platforms |
US9535909B2 (en) | 2013-09-13 | 2017-01-03 | Box, Inc. | Configurable event-based automation architecture for cloud-based collaboration platforms |
KR101524743B1 (en) * | 2013-11-15 | 2015-06-24 | 주식회사 날리지큐브 | Virtual cluster |
GB2515853B (en) | 2014-02-25 | 2015-08-19 | Cambridge Silicon Radio Ltd | Latency mitigation |
GB2517844B (en) | 2014-02-25 | 2015-09-09 | Cambridge Silicon Radio Ltd | Thwarting traffic analysis |
US9762395B2 (en) | 2014-04-30 | 2017-09-12 | International Business Machines Corporation | Adjusting a number of dispersed storage units |
WO2015175426A1 (en) * | 2014-05-12 | 2015-11-19 | Google Inc. | Managing nic-encrypted flows for migrating guests or tasks |
US10530854B2 (en) | 2014-05-30 | 2020-01-07 | Box, Inc. | Synchronization of permissioned content in cloud-based environments |
US10038731B2 (en) | 2014-08-29 | 2018-07-31 | Box, Inc. | Managing flow-based interactions with cloud-based shared content |
US9894119B2 (en) | 2014-08-29 | 2018-02-13 | Box, Inc. | Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms |
US9942211B1 (en) * | 2014-12-11 | 2018-04-10 | Amazon Technologies, Inc. | Efficient use of keystreams |
US10185946B2 (en) | 2014-12-31 | 2019-01-22 | Fiserv, Inc. | Facilitating presentation of content relating to a financial transaction |
WO2016118523A1 (en) | 2015-01-19 | 2016-07-28 | InAuth, Inc. | Systems and methods for trusted path secure communication |
JPWO2016132719A1 (en) * | 2015-02-16 | 2017-12-28 | 日本電気株式会社 | COMMUNICATION SYSTEM, NODE DEVICE, COMMUNICATION TERMINAL, AND KEY MANAGEMENT METHOD |
US9509709B2 (en) * | 2015-03-19 | 2016-11-29 | International Business Machines Corporation | Mechanism to augment IPS/SIEM evidence information with process history snapshot and application window capture history |
US10104047B2 (en) * | 2015-04-08 | 2018-10-16 | Microsemi Solutions (U.S.), Inc. | Method and system for encrypting/decrypting payload content of an OTN frame |
US9432340B1 (en) * | 2015-05-07 | 2016-08-30 | Bogart Associates | System and method for secure end-to-end chat system |
US10216709B2 (en) | 2015-05-22 | 2019-02-26 | Microsoft Technology Licensing, Llc | Unified messaging platform and interface for providing inline replies |
US20160344677A1 (en) | 2015-05-22 | 2016-11-24 | Microsoft Technology Licensing, Llc | Unified messaging platform for providing interactive semantic objects |
EP3381166B1 (en) | 2015-11-25 | 2021-04-28 | Inauth, Inc. | Systems and methods for cross-channel device binding |
US10009328B2 (en) * | 2015-12-07 | 2018-06-26 | Mcafee, Llc | System, apparatus and method for providing privacy preserving interaction with a computing system |
US9590956B1 (en) | 2015-12-18 | 2017-03-07 | Wickr Inc. | Decentralized authoritative messaging |
US10334062B2 (en) | 2016-02-25 | 2019-06-25 | InAuth, Inc. | Systems and methods for recognizing a device |
US9596079B1 (en) * | 2016-04-14 | 2017-03-14 | Wickr Inc. | Secure telecommunications |
US20180012190A1 (en) * | 2016-07-06 | 2018-01-11 | International Business Machines Corporation | Automatic inference of meeting attendance |
FR3054905B1 (en) * | 2016-08-04 | 2019-10-18 | Safran Identity & Security | KEY GENERATION METHOD AND ACCESS CONTROL METHOD |
US11403563B2 (en) | 2016-10-19 | 2022-08-02 | Accertify, Inc. | Systems and methods for facilitating recognition of a device and/or an instance of an app invoked on a device |
US11093852B2 (en) | 2016-10-19 | 2021-08-17 | Accertify, Inc. | Systems and methods for recognizing a device and/or an instance of an app invoked on a device |
US10778432B2 (en) | 2017-11-08 | 2020-09-15 | Wickr Inc. | End-to-end encryption during a secure communication session |
US11101999B2 (en) | 2017-11-08 | 2021-08-24 | Amazon Technologies, Inc. | Two-way handshake for key establishment for secure communications |
US10541814B2 (en) | 2017-11-08 | 2020-01-21 | Wickr Inc. | End-to-end encryption during a secure communication session |
US10855440B1 (en) | 2017-11-08 | 2020-12-01 | Wickr Inc. | Generating new encryption keys during a secure communication session |
US11310078B2 (en) * | 2018-01-11 | 2022-04-19 | Wesley Rogers | Cipher stream based secure packet communications with key stream transmission over diverse paths |
US10754972B2 (en) | 2018-01-30 | 2020-08-25 | Salesforce.Com, Inc. | Multi-factor administrator action verification system |
US10460235B1 (en) * | 2018-07-06 | 2019-10-29 | Capital One Services, Llc | Data model generation using generative adversarial networks |
US11222311B2 (en) * | 2018-12-18 | 2022-01-11 | The Toronto-Dominion Bank | System and method for secure data transfer |
US11804970B2 (en) * | 2021-10-15 | 2023-10-31 | Lenovo Global Technology (United States) Inc. | Baseboard management controller group administration |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07235921A (en) * | 1994-02-23 | 1995-09-05 | Nippon Telegr & Teleph Corp <Ntt> | Security managing method and device for information communication |
GB9502182D0 (en) * | 1995-02-03 | 1995-03-22 | Plessey Telecomm | Telecommunications service interactions |
JP3982848B2 (en) * | 1995-10-19 | 2007-09-26 | 富士通株式会社 | Security level control device and network communication system |
US5787175A (en) | 1995-10-23 | 1998-07-28 | Novell, Inc. | Method and apparatus for collaborative document control |
FR2743235B1 (en) * | 1995-12-27 | 1998-01-23 | Alsthom Cge Alcatel | METHOD FOR SECURING COLLABORATIONS BETWEEN OBJECTS OF AN OBJECT-ORIENTED PROGRAM |
JP3562134B2 (en) * | 1996-04-19 | 2004-09-08 | 富士ゼロックス株式会社 | Collaborative design support system and method |
JPH09319673A (en) * | 1996-05-27 | 1997-12-12 | Matsushita Electric Works Ltd | Method and system for updating cryptographic key |
DE19622630C1 (en) * | 1996-06-05 | 1997-11-20 | Siemens Ag | Method for group-based cryptographic key management between a first computer unit and group computer units |
US6453327B1 (en) * | 1996-06-10 | 2002-09-17 | Sun Microsystems, Inc. | Method and apparatus for identifying and discarding junk electronic mail |
US6272639B1 (en) * | 1996-07-30 | 2001-08-07 | Micron Technology, Inc. | Mixed enclave operation in a computer network |
JPH10111825A (en) * | 1996-10-04 | 1998-04-28 | Kokusai Denshin Denwa Co Ltd <Kdd> | Method and device for matching and updating plural databases |
JP3512311B2 (en) * | 1997-03-27 | 2004-03-29 | 日立ソフトウエアエンジニアリング株式会社 | Information link management method and information providing system |
JPH1115373A (en) * | 1997-06-20 | 1999-01-22 | Fuji Xerox Co Ltd | Open key coding system |
US6775382B1 (en) | 1997-06-30 | 2004-08-10 | Sun Microsystems, Inc. | Method and apparatus for recovering encryption session keys |
JPH11150554A (en) * | 1997-11-14 | 1999-06-02 | Casio Comput Co Ltd | Data communication equipment, data communication method and storage medium |
US6195751B1 (en) | 1998-01-20 | 2001-02-27 | Sun Microsystems, Inc. | Efficient, secure multicasting with minimal knowledge |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
US6334146B1 (en) * | 1998-06-05 | 2001-12-25 | I2 Technologies Us, Inc. | System and method for remotely accessing data |
US6295361B1 (en) * | 1998-06-30 | 2001-09-25 | Sun Microsystems, Inc. | Method and apparatus for multicast indication of group key change |
JP2000066941A (en) * | 1998-08-25 | 2000-03-03 | Nec Corp | Method and system for updating distributed file |
US6584566B1 (en) * | 1998-08-27 | 2003-06-24 | Nortel Networks Limited | Distributed group key management for multicast security |
US6606706B1 (en) * | 1999-02-08 | 2003-08-12 | Nortel Networks Limited | Hierarchical multicast traffic security system in an internetwork |
US6542993B1 (en) * | 1999-03-12 | 2003-04-01 | Lucent Technologies Inc. | Security management system and method |
US6961855B1 (en) * | 1999-12-16 | 2005-11-01 | International Business Machines Corporation | Notification of modifications to a trusted computing base |
-
2000
- 2000-05-12 US US09/571,851 patent/US6986046B1/en not_active Expired - Fee Related
-
2001
- 2001-05-02 EP EP06011338A patent/EP1698959A1/en not_active Ceased
- 2001-05-02 AU AU2001261117A patent/AU2001261117A1/en not_active Abandoned
- 2001-05-02 JP JP2001585004A patent/JP4955181B2/en not_active Expired - Fee Related
- 2001-05-02 EP EP06013559A patent/EP1705599A3/en not_active Ceased
- 2001-05-02 WO PCT/US2001/014093 patent/WO2001088674A2/en active IP Right Grant
- 2001-05-02 CA CA2408437A patent/CA2408437C/en not_active Expired - Fee Related
- 2001-05-02 KR KR1020027015206A patent/KR100905141B1/en not_active IP Right Cessation
- 2001-05-02 EP EP01934977A patent/EP1348152B1/en not_active Expired - Lifetime
- 2001-05-02 AT AT01934977T patent/ATE346333T1/en not_active IP Right Cessation
- 2001-05-02 EP EP06013436A patent/EP1708406A3/en not_active Ceased
- 2001-05-02 DE DE60124765T patent/DE60124765T2/en not_active Expired - Lifetime
- 2001-05-02 IL IL15235101A patent/IL152351A0/en unknown
-
2002
- 2002-10-17 IL IL152351A patent/IL152351A/en not_active IP Right Cessation
-
2005
- 2005-10-24 US US11/257,479 patent/US7415606B2/en not_active Expired - Fee Related
- 2005-10-24 US US11/257,358 patent/US7213147B2/en not_active Expired - Fee Related
- 2005-10-24 US US11/257,239 patent/US7171001B2/en not_active Expired - Fee Related
-
2011
- 2011-08-23 JP JP2011181880A patent/JP2012019534A/en active Pending
Also Published As
Publication number | Publication date |
---|---|
IL152351A (en) | 2009-08-03 |
JP2012019534A (en) | 2012-01-26 |
US20060041752A1 (en) | 2006-02-23 |
KR20030010620A (en) | 2003-02-05 |
EP1348152A2 (en) | 2003-10-01 |
EP1708406A3 (en) | 2006-11-22 |
EP1348152B1 (en) | 2006-11-22 |
EP1708406A2 (en) | 2006-10-04 |
WO2001088674A3 (en) | 2003-07-24 |
IL152351A0 (en) | 2003-05-29 |
AU2001261117A1 (en) | 2001-11-26 |
DE60124765T2 (en) | 2008-02-14 |
US7415606B2 (en) | 2008-08-19 |
US20060050869A1 (en) | 2006-03-09 |
US20060036862A1 (en) | 2006-02-16 |
US7213147B2 (en) | 2007-05-01 |
US7171001B2 (en) | 2007-01-30 |
JP4955181B2 (en) | 2012-06-20 |
JP2004501547A (en) | 2004-01-15 |
EP1698959A1 (en) | 2006-09-06 |
EP1705599A3 (en) | 2006-11-22 |
ATE346333T1 (en) | 2006-12-15 |
KR100905141B1 (en) | 2009-06-29 |
DE60124765D1 (en) | 2007-01-04 |
US6986046B1 (en) | 2006-01-10 |
CA2408437C (en) | 2010-11-30 |
WO2001088674A2 (en) | 2001-11-22 |
EP1705599A2 (en) | 2006-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2408437A1 (en) | Method and apparatus for managing secure collaborative transactions | |
AU2003254377B2 (en) | Methods and systems for providing a secure data distribution via public networks | |
JP3872107B2 (en) | Encryption key recovery system | |
US7522732B2 (en) | Method for controlling the distribution of software code updates | |
US7860243B2 (en) | Public key encryption for groups | |
KR100568233B1 (en) | Device Authentication Method using certificate and digital content processing device using the method | |
US20030078058A1 (en) | Method for transmission of secure messages in a telecommunications network | |
JPH09505711A (en) | Computer network encryption key distribution system | |
AU2003202511A1 (en) | Methods for authenticating potential members invited to join a group | |
JP2022521525A (en) | Cryptographic method for validating data | |
US20060053294A1 (en) | System and method for proving time and content of digital data in a monitored system | |
WO2000013368A1 (en) | Method of authenticating or 'digitally signing' digital data objects | |
CN113297633A (en) | Quantum digital signature method | |
CN111432403A (en) | Data auditing method and device based on block chain | |
US20030037241A1 (en) | Single algorithm cipher suite for messaging | |
CN117200966A (en) | Trusted authorization data sharing method based on distributed identity and alliance chain | |
CN114297721A (en) | Information processing method, information processing apparatus, block chain platform, and storage medium | |
CN113987546A (en) | Alliance chain system based on identification password system | |
CN113918971A (en) | Block chain based message transmission method, device, equipment and readable storage medium | |
JP2002539489A (en) | Voice and data encryption method using encryption key split combiner | |
CN116506120B (en) | Key loading method, key system and readable storage medium | |
JP4000899B2 (en) | Cryptographic method with authentication, decryption method and device with authentication, program, and computer-readable recording medium | |
JPH08204696A (en) | Authentication method in communication system having plural equipments | |
Barnes et al. | RFC 9420: The Messaging Layer Security (MLS) Protocol | |
CN113868715A (en) | Signature method and system based on quantum key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20140502 |