CA2408437A1 - Method and apparatus for managing secure collaborative transactions - Google Patents

Method and apparatus for managing secure collaborative transactions Download PDF

Info

Publication number
CA2408437A1
CA2408437A1 CA002408437A CA2408437A CA2408437A1 CA 2408437 A1 CA2408437 A1 CA 2408437A1 CA 002408437 A CA002408437 A CA 002408437A CA 2408437 A CA2408437 A CA 2408437A CA 2408437 A1 CA2408437 A1 CA 2408437A1
Authority
CA
Canada
Prior art keywords
key
message
chair
group
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002408437A
Other languages
French (fr)
Other versions
CA2408437C (en
Inventor
Walter Tuvell
Nimisha Asthagiri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2408437A1 publication Critical patent/CA2408437A1/en
Application granted granted Critical
Publication of CA2408437C publication Critical patent/CA2408437C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1813Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for computer conferences, e.g. chat rooms
    • H04L12/1822Conducting the conference, e.g. admission, detection, selection or grouping of participants, correlating users to one or more conference sessions, prioritising transmission
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Abstract

Different levels of security are provided in a security system so that users can decide the security level of their own communications. Users can choose a low level of security and maintain the security overhead as low as possible.
Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telescape. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called "tribes" can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides.

Claims (75)

1. A method for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising the steps of:

(a) prior to performing collaborative transactions, selecting a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;

(b) if a level of security selected in step (a) requires protecting the authenticity and integrity of delta messages, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and (c) if a level of security selected in step (a) requires protecting the confidentiality of delta messages, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
2. The method of claim 1 wherein the first collaboration member and the second collaboration member are part of a secure group and a single encryption key is used to encrypt data in delta messages for the entire group.
3. The method of claim 2 wherein a single authentication key is used to authenticate delta messages for the entire group.
4. The method of claim 3 wherein step (b) comprises hashing the selected information with a one-way hashing function and providing the hashed information to the MAC algorithm along with the single authentication key.
5. The method of claim 4 wherein each message includes a header, a key version number and the data and wherein the selected information in step (b) is the header and the data.
6. The method of claim 5 wherein the key version number is the key version of the single authentication key.
7. The method of claim 5 wherein the key version number comprises a unique key identifier and an incremental sequence number.
8. The method of claim 2 wherein a separate authentication key is used to authenticate delta messages between each pair of group members.
9. The method of claim 8 wherein step (b) comprises hashing the selected information with a one-way hashing function and providing the hashed information to the MAC algorithm along with each separate authentication key to generate a separate authenticator for each pair of members and concatenating the separate authenticators to generate the message authentication code.
10. The method of claim 8 wherein step (b) comprises hashing the selected information with a one-way hashing function and providing the hashed information to a public key signature algorithm along with the private signing key of the message sender to generate the message authentication code.
11. The method of claim 8 wherein each message includes a header, a key version number and the data and wherein the selected information in step (b) is the header and the data.
12. The method of claim 11 wherein the key version number is a concatenation of the key versions of all separate authentication keys.
13. A method of adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, the method comprising:
(a) selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
(b) sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
(c) sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
(d) sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and (e) sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
14. The method of claim 13 wherein step (b) comprises generating a first one-time key, encrypting the invitation information with the first one-time key and encrypting the first one-time key with the invitee's public key and including the encrypted first one-time key and the encrypted invitation information in the invitation message.
15. The method of claim 13 wherein step (c) comprises generating a second one-time key, encrypting the acceptance information with the second one-time key, encrypting the second one-time key with the chair's public key and including the encrypted second one-time key and the encrypted acceptance information in the acceptance message.
16. The method of claim 13 wherein step (e) comprises generating a third one-time key, encrypting the group data information with the third one-time key and encrypting the third one-time key with the invitee's public key and including the encrypted third one-time key and the encrypted group data information in the invitation message.
17. The method of claim 13 wherein the invitation message further includes a header and a digital signature of a hash of the header, the invitation nonce, the first one-time key, and the invitation information.
18. The method of claim 13 wherein the invitation message further includes a chair's digital certificate including the chair's name, the chair's public signature verification key and the chair's public key.
19. The method of claim 13 wherein the acceptance message further includes a header and a digital signature of a hash of the header, the chair's name, the invitation nonce, the acceptance nonce, the second one-time key, and the acceptance information.
20. The method of claim 13 wherein the acceptance message further includes an invitee's digital certificate including the invitee's name, the invitee's public signature verification key and the invitee's public key.
21. The method of claim 13 wherein step (c) comprises verification of the signed invitation nonce received by the chair in the acceptance message.
22. The method of claim 21 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises a recalculation of the signed invitation nonce by the chair and a software comparison of the recalculated signed invitation nonce with the signed invitation nonce received in the acceptance message.
23. The method of claim 21 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises visually displaying the signed invitation nonce received by the chair in the acceptance message to the chair for manual verification.
24. A method for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, the method comprising:
(a) encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
(b) encrypting the new group encryption key with an inter-member key between the first and the second member;
(c) piggybacking the encrypted group encryption key along with the data message; and (d) protecting the data message with the new group encryption key.
25. The method of claim 24 further comprising inserting a key version number for the new group encryption key into the data message.
26. The method of claim 24 further comprising concatenating new key version numbers for all new inter-member keys when new inter-member keys are being distributed and inserting the new key version concatenation into the data message and concatenating old key version numbers for all old inter-member keys when new inter-member keys are not being distributed and inserting the old key version concatenation into the data message.
27. The method of claim 24 further comprising encrypting the new group encryption key with an inter-member key between each pair of members in the group, concatenating the encrypted group encryption keys and inserting the concatenation into the data message.
28. The method of claim 26 further comprising encrypting the new inter-member encryption keys between each pair of members in the group with a public key of each member, concatenating the encrypted inter-member encryption keys and inserting the concatenation into the data message.
29. An algorithm-independent architecture for providing a security service to an application comprising:

a plurality of algorithm-independent abstract services, at least some of which can be combined to implement the security service;
a plurality of static links between the security service and one or more of the abstract services which implement the security service;
a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract services; and a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services.
30. The architecture of claim 29 wherein each of the abstract services comprises an abstract service object which exports an application programming interface which includes methods that can be invoked by the service.
31. The architecture of claim 30 wherein all of the abstract service objects are contained in a dynamic link library.
32. The architecture of claim 31 wherein each abstract service object comprises non-static member variables.
33. The architecture of claim 32 wherein each concrete primitive service comprises a concrete primitive service object having specific algorithms for providing a primitive service and static member variables which hold data generated by the specific algorithms.
34. The architecture of claim 33 wherein each concrete primitive service object comprises a constructor method which uploads data in the static member variables into the non-static member variables in the abstract primitive service object.
35. The architecture of claim 34 wherein each abstract primitive service object creates one or more concrete primitive service objects by calling a constructor method therein to implement a primitive service.
36. Apparatus for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, comprising:
a mechanism controlled by the user and operable prior to performing collaborative transactions, which selects a level of security that determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
a protocol engine that cooperates with the security level selecting mechanism and protects the authenticity and integrity of delta messages by, prior to transmission of a delta message from a sender to a receiver, appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and wherein the protocol engine protects the confidentiality of delta messages by, prior to transmission of a delta message from a sender to a receiver, encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
37. The apparatus of claim 36 wherein the first collaboration member and the second collaboration member are part of a secure group and a single encryption key is used to encrypt data in delta messages for the entire group.
38. The apparatus of claim 37 wherein a single authentication key is used to authenticate delta messages for the entire group.
39. The apparatus of claim 38 wherein the protocol engine comprises an authentication module that hashes the selected information with a one-way hashing function and provides the hashed information to the MAC algorithm along with the single authentication key.
40. The apparatus of claim 39 wherein each message includes a header, a key version number and the data and wherein the selected information on which the protocol engine operates is the header and the data.
41. The apparatus of claim 40 wherein the key version number is the key version of the single authentication key.
42. The apparatus of claim 40 wherein the key version number comprises a unique key identifier and an incremental sequence number.
43. The apparatus of claim 37 wherein a separate authentication key is used to authenticate delta messages between each pair of group members.
44. The apparatus of claim 43 wherein the protocol engine comprises an authentication module that hashes the selected information with a one-way hashing function and provides the hashed information to the MAC algorithm along with each separate authentication key to generate a separate authenticator for each pair of members and concatenating the separate authenticators to generate the message authentication code.
45. The apparatus of claim 42 wherein the protocol engine comprises an authentication module that hashes the selected information with a one-way hashing function and provides the hashed information to a public key signature algorithm along with the private signing key of the message sender to generate the message authentication code.
46. The apparatus of claim 42 wherein each message includes a header, a key version number and the data and wherein the selected information on which the protocol engine operates is the header and the data.
47. The apparatus of claim 46 wherein the key version number is a concatenation of the key versions of all separate authentication keys.
48. Apparatus for adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, comprising:
a mechanism that selects at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;

a chair protocol engine that sends an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
an invitee protocol engine that sends an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
a chair delta mechanism that sends a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and a chair joining mechanism that sends a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
49. The apparatus of claim 48 wherein the chair protocol engine generates a first one-time key, encrypts the invitation information with the first one-time key and encrypts the first one-time key with the invitee's public key and includes the encrypted first one-time key and the encrypted invitation information in the invitation message.
50. The apparatus of claim 48 wherein the invitee protocol engine generates a second one-time key, encrypts the acceptance information with the second one-time key, encrypts the second one-time key with the chair's public key and includes the encrypted second one-time key and the encrypted acceptance information in the acceptance message.
51. The apparatus of claim 48 wherein the chair joining mechanism generates a third one-time key, encrypts the group data information with the third one-time key and encrypts the third one-time key with the invitee's public key and includes the encrypted third one-time key and the encrypted group data information in the invitation message.
52. The apparatus of claim 48 wherein the invitation message further includes a header and a digital signature of a hash of the header, the invitation nonce, the first one-time key, and the invitation information.
53. The apparatus of claim 48 wherein the invitation message further includes a chair's digital certificate including the chair's name, the chair's public signature verification key and the chair's public key.
54. The apparatus of claim 48 wherein the acceptance message further includes a header and a digital signature of a hash of the header, the chair's name, the invitation nonce, the acceptance nonce, the second one-time key, and the acceptance information.
55. The apparatus of claim 48 wherein the acceptance message further includes an invitee's digital certificate including the invitee's name, the invitee's public signature verification key and the invitee's public key.
56. The apparatus of claim 48 wherein the chair protocol engine verifies the signed invitation nonce received by the chair in the acceptance message.
57. The apparatus of claim 56 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises a recalculation of the signed invitation nonce by the chair and a software comparison of the recalculated signed invitation nonce with the signed invitation nonce received in the acceptance message.
58. The apparatus of claim 56 wherein verification of the signed invitation nonce received by the chair in the acceptance message comprises visually displaying the signed invitation nonce received by the chair in the acceptance message to the chair for manual verification.
59. Apparatus for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, comprising:

a first encryption module that encrypts data for a data message to be sent from a first member to a second member with a new group encryption key;
a second encryption module that encrypts the new group encryption key with an inter-member key between the first and the second member;
a protocol engine that piggybacks the encrypted group encryption key along with the data message; and a third encryption module that protects the data message with the new group encryption key.
50. The apparatus of claim 59 further comprising a versioning mechanism that inserts a key version number for the new group encryption key into the data message.
61. The apparatus of claim 60 further comprising an aggregate key version mechanism that concatenates new key version numbers for all new inter-member keys when new inter-member keys are being distributed and inserts the new key version concatenation into the data message and concatenates old key version numbers for all old inter-member keys when new inter-member keys are not being distributed and inserts the old key version concatenation into the data message.
62. The apparatus of claim 59 further comprising a first key generator that encrypts the new group encryption key with an inter-member key between each pair of members in the group, concatenates the encrypted group encryption keys and inserts the concatenation into the data message.
63. The method of claim 61 further comprising a second key generator that encrypts the new inter-member encryption keys between each pair of members in the group with a public key of each member, concatenates the encrypted inter-member encryption keys and inserts the concatenation into the data message.
64. A computer program product for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
65. The computer program product of claim 64 wherein the first collaboration member and the second collaboration member are part of a secure group and a single encryption key is used to encrypt data in delta messages for the entire group.
66. The computer program product of claim 65 wherein a single authentication key is used to authenticate delta messages for the entire group.
67. The computer program product of claim 66 wherein the program code that is operable if a selected level of security requires protecting the authenticity and integrity of delta messages comprises program code for hashing the selected information with a one-way hashing function and providing the hashed information to the MAC algorithm along with the single authentication key.
68. A computer program product for adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
program code for selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
program code for sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
program code for sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
program code for sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and program code for sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
69. The computer program product of claim 68 wherein the program code for sending an invitation message from the chair to the invitee comprises program code for generating a first one-time key, encrypting the invitation information with the first one-time key and encrypting the first one-time key with the invitee's public key and including the encrypted first one-time key and the encrypted invitation information in the invitation message.
70. The computer program product of claim 68 wherein the program code for sending an acceptance message from the invitee to the chair comprises program code for generating a second one-time key, encrypting the acceptance information with the second one-time key, encrypting the second one-time key with the chair's public key and including the encrypted second one-time key and the encrypted acceptance information in the acceptance message.
71. The computer program product of claim 68 wherein the program code for sending a group data message from the chair to the invitee comprises program code for generating a third one-time key, encrypting the group data information with the third one-time key and encrypting the third one-time key with the invitee's public key and including the encrypted third one-time key and the encrypted group data information in the invitation message.
72. A computer program product for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, the computer program product comprising a computer usable medium having computer readable program code thereon, including:
program code for encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;
program code for encrypting the new group encryption key with an inter-member key between the first and the second member;
program code for piggybacking the encrypted group encryption key along with the data message; and program code for protecting the data message with the new group encryption key.
73. A computer data signal embodied in a carrier wave for managing secure collaborative transactions in which a first collaboration member and a second collaboration member update local data copies by exchanging delta messages which include data changes, the computer data signal comprising:
program code that, prior to performing collaborative transactions, selects a level of security which determines whether authenticity and integrity and confidentiality of delta messages shall be protected;
program code operable if a selected level of security requires protecting the authenticity and integrity of delta messages and prior to transmission of a delta message from a sender to a receiver, for appending to the data therein, a message authentication code comprising selected information in the message, protected by a predetermined MAC algorithm using an authentication key; and program code operable if a selected level of security requires protecting the confidentiality of delta messages and prior to transmission of a delta message from a sender to a receiver, for encrypting the data by a predetermined encryption algorithm using an encryption key which is different than the authentication key.
74. A computer data signal embodied in a carrier wave for adding an invitee having a public/private key pair to a secure group of collaborators who communicate with messages protected with inter-member keys, the computer data signal comprising:
program code for selecting at least one of the group members as a chair with authority to add new members to the group and a public/private key pair;
program code for sending an invitation message from the chair to the invitee; the invitation message including a signed invitation nonce, invitation information encrypted with the invitee's public key and signed with the chair's private key;
program code for sending an acceptance message from the invitee to the chair, the acceptance message including the signed invitation nonce, a signed acceptance nonce, acceptance information encrypted with the chair's public key;
program code for sending a new member message from the chair to all members of the secure group of collaborators, the new member message including new inter-member keys; and program code for sending a group data message from the chair to the invitee, the group data message including a signed acceptance nonce and group information protected with the invitee's public key.
75. A computer data signal embodied in a carrier wave for distributing new keys to a secure group of collaborators who communicate via messages containing data and protected with a group encryption key and inter-member keys, the computer data signal comprising:
program code for encrypting data for a data message to be sent from a first member to a second member with a new group encryption key;

program code for encrypting the new group encryption key with an inter-member key between the first and the second member;
program code for piggybacking the encrypted group encryption key along with the data message; and program code for protecting the data message with the new group encryption key.
CA2408437A 2000-05-12 2001-05-02 Method and apparatus for managing secure collaborative transactions Expired - Fee Related CA2408437C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/571,851 2000-05-12
US09/571,851 US6986046B1 (en) 2000-05-12 2000-05-12 Method and apparatus for managing secure collaborative transactions
PCT/US2001/014093 WO2001088674A2 (en) 2000-05-12 2001-05-02 Method and apparatus for managing secure collaborative transactions

Publications (2)

Publication Number Publication Date
CA2408437A1 true CA2408437A1 (en) 2001-11-22
CA2408437C CA2408437C (en) 2010-11-30

Family

ID=24285327

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2408437A Expired - Fee Related CA2408437C (en) 2000-05-12 2001-05-02 Method and apparatus for managing secure collaborative transactions

Country Status (10)

Country Link
US (4) US6986046B1 (en)
EP (4) EP1698959A1 (en)
JP (2) JP4955181B2 (en)
KR (1) KR100905141B1 (en)
AT (1) ATE346333T1 (en)
AU (1) AU2001261117A1 (en)
CA (1) CA2408437C (en)
DE (1) DE60124765T2 (en)
IL (2) IL152351A0 (en)
WO (1) WO2001088674A2 (en)

Families Citing this family (176)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7013310B2 (en) 2002-01-03 2006-03-14 Cashedge, Inc. Method and apparatus for retrieving and processing data
US7797207B1 (en) 2000-07-24 2010-09-14 Cashedge, Inc. Method and apparatus for analyzing financial data
US8086508B2 (en) 2000-07-24 2011-12-27 Cashedge, Inc. Method and apparatus for delegating authority
US7536340B2 (en) 2000-07-24 2009-05-19 Cashedge, Inc. Compliance monitoring method and apparatus
US7146338B2 (en) 2001-06-28 2006-12-05 Checkfree Services Corporation Inter-network financial service
US7383223B1 (en) 2000-09-20 2008-06-03 Cashedge, Inc. Method and apparatus for managing multiple accounts
FR2823928B1 (en) * 2001-04-19 2003-08-22 Canal Plus Technologies METHOD FOR SECURE COMMUNICATION BETWEEN TWO DEVICES
JP4604422B2 (en) 2001-07-31 2011-01-05 ソニー株式会社 COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION METHOD
US7203845B2 (en) * 2002-01-11 2007-04-10 Cashedge, Inc. Multiple trust modes for handling data
US7627753B2 (en) * 2002-03-19 2009-12-01 Microsoft Corporation Secure digital data format and code enforced policy
US7120797B2 (en) * 2002-04-24 2006-10-10 Microsoft Corporation Methods for authenticating potential members invited to join a group
US20040006705A1 (en) * 2002-07-05 2004-01-08 Walker Jesse R. Secure two-message synchronization in wireless networks
US7515569B2 (en) * 2002-11-27 2009-04-07 Agere Systems, Inc. Access control for wireless systems
US7730446B2 (en) * 2003-03-12 2010-06-01 Microsoft Corporation Software business process model
US7577934B2 (en) * 2003-03-12 2009-08-18 Microsoft Corporation Framework for modeling and providing runtime behavior for business software applications
US7376834B2 (en) * 2003-07-18 2008-05-20 Palo Alto Research Center Incorporated System and method for securely controlling communications
US7103779B2 (en) * 2003-09-18 2006-09-05 Apple Computer, Inc. Method and apparatus for incremental code signing
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US7302060B2 (en) * 2003-11-10 2007-11-27 Qualcomm Incorporated Method and application for authentication of a wireless communication using an expiration marker
US8060743B2 (en) * 2003-11-14 2011-11-15 Certicom Corp. Cryptographic method and apparatus
US7783769B2 (en) * 2004-03-31 2010-08-24 Intel Corporation Accelerated TCP (Transport Control Protocol) stack processing
ATE505766T1 (en) * 2004-04-29 2011-04-15 Nxp Bv INTRUSION DETECTION DURING PROGRAM EXECUTION IN A COMPUTER
US20060010205A1 (en) * 2004-05-21 2006-01-12 Bea Systems, Inc. Systems and methods for collaboration impersonation
US20050262075A1 (en) 2004-05-21 2005-11-24 Bea Systems, Inc. Systems and methods for collaboration shared state management
US20060010125A1 (en) * 2004-05-21 2006-01-12 Bea Systems, Inc. Systems and methods for collaborative shared workspaces
JP2006018430A (en) * 2004-06-30 2006-01-19 Ricoh Co Ltd Information processor, network system, program, data structure and storage medium
US7480803B1 (en) * 2004-07-23 2009-01-20 Sprint Communications Company L.P. System and method for securing system content by automated device authentication
US7636841B2 (en) 2004-07-26 2009-12-22 Intercall, Inc. Systems and methods for secure data exchange in a distributed collaborative application
MX2007001072A (en) * 2004-07-29 2007-04-17 Vadium Technology Inc Techniques to strengthen one-time pad encryption.
US8656161B2 (en) * 2004-11-30 2014-02-18 Nec Corporation Information sharing system, information sharing method, group management program and compartment management program
JP4701706B2 (en) * 2004-12-22 2011-06-15 富士ゼロックス株式会社 Information processing apparatus, method, and program
US7752253B2 (en) * 2005-04-25 2010-07-06 Microsoft Corporation Collaborative invitation system and method
JP4900891B2 (en) * 2005-04-27 2012-03-21 キヤノン株式会社 Communication apparatus and communication method
US7890220B2 (en) * 2005-05-03 2011-02-15 Mks Instruments, Inc. Low overhead closed loop control system
US7647508B2 (en) * 2005-06-16 2010-01-12 Intel Corporation Methods and apparatus for providing integrity protection for management and control traffic of wireless communication networks
US20070076709A1 (en) * 2005-07-01 2007-04-05 Geoffrey Mattson Apparatus and method for facilitating a virtual private local area network service with realm specific addresses
US20070086456A1 (en) * 2005-08-12 2007-04-19 Electronics And Telecommunications Research Institute Integrated layer frame processing device including variable protocol header
US8306918B2 (en) 2005-10-11 2012-11-06 Apple Inc. Use of media storage structure with multiple pieces of content in a content-distribution system
US20070101400A1 (en) * 2005-10-31 2007-05-03 Overcow Corporation Method of providing secure access to computer resources
US20070157266A1 (en) * 2005-12-23 2007-07-05 United Video Properties, Inc. Interactive media guidance system having multiple devices
US20070157281A1 (en) * 2005-12-23 2007-07-05 United Video Properties, Inc. Interactive media guidance system having multiple devices
US8364965B2 (en) * 2006-03-15 2013-01-29 Apple Inc. Optimized integrity verification procedures
US8627092B2 (en) * 2006-03-22 2014-01-07 Lg Electronics Inc. Asymmetric cryptography for wireless systems
US8224751B2 (en) 2006-05-03 2012-07-17 Apple Inc. Device-independent management of cryptographic information
US7945053B2 (en) * 2006-05-15 2011-05-17 Intel Corporation Methods and apparatus for a keying mechanism for end-to-end service control protection
US7940926B2 (en) * 2006-06-08 2011-05-10 Novell, Inc. Cooperative encoding of data by pluralities of parties
US8301753B1 (en) 2006-06-27 2012-10-30 Nosadia Pass Nv, Limited Liability Company Endpoint activity logging
US7668954B1 (en) 2006-06-27 2010-02-23 Stephen Waller Melvin Unique identifier validation
GB0612775D0 (en) * 2006-06-28 2006-08-09 Ibm An apparatus for securing a communications exchange between computers
US20080005558A1 (en) * 2006-06-29 2008-01-03 Battelle Memorial Institute Methods and apparatuses for authentication and validation of computer-processable communications
US8127135B2 (en) * 2006-09-28 2012-02-28 Hewlett-Packard Development Company, L.P. Changing of shared encryption key
JP4886463B2 (en) 2006-10-20 2012-02-29 キヤノン株式会社 Communication parameter setting method, communication apparatus, and management apparatus for managing communication parameters
KR101365603B1 (en) 2006-12-04 2014-02-20 삼성전자주식회사 Method for conditional inserting authentication code and apparatus therefor, Method for conditional using data through authenticating and apparatus therefor
US10416838B2 (en) * 2006-12-11 2019-09-17 Oath Inc. Graphical messages
US7765266B2 (en) * 2007-03-30 2010-07-27 Uranus International Limited Method, apparatus, system, medium, and signals for publishing content created during a communication
US8060887B2 (en) * 2007-03-30 2011-11-15 Uranus International Limited Method, apparatus, system, and medium for supporting multiple-party communications
US8627211B2 (en) * 2007-03-30 2014-01-07 Uranus International Limited Method, apparatus, system, medium, and signals for supporting pointer display in a multiple-party communication
US7950046B2 (en) * 2007-03-30 2011-05-24 Uranus International Limited Method, apparatus, system, medium, and signals for intercepting a multiple-party communication
US8702505B2 (en) * 2007-03-30 2014-04-22 Uranus International Limited Method, apparatus, system, medium, and signals for supporting game piece movement in a multiple-party communication
WO2008119149A1 (en) * 2007-03-30 2008-10-09 Uranus International Limited Method, apparatus, system, and medium for supporting multiple-party communications
US7765261B2 (en) * 2007-03-30 2010-07-27 Uranus International Limited Method, apparatus, system, medium and signals for supporting a multiple-party communication on a plurality of computer servers
US8705348B2 (en) * 2007-04-18 2014-04-22 Cisco Technology, Inc. Use of metadata for time based anti-replay
EP1986151A1 (en) * 2007-04-23 2008-10-29 Hewlett-Packard Development Company, L.P. A data processing system, method and computer program product for providing a service to a service requester
US20080288376A1 (en) 2007-04-27 2008-11-20 Cashedge, Inc. Centralized payment hub method and system
US9311492B2 (en) 2007-05-22 2016-04-12 Apple Inc. Media storage structures for storing content, devices for using such structures, systems for distributing such structures
US8347098B2 (en) * 2007-05-22 2013-01-01 Apple Inc. Media storage structures for storing content, devices for using such structures, systems for distributing such structures
US20090034734A1 (en) * 2007-07-31 2009-02-05 Viasat, Inc. Multi-Level Key Manager
TWI378702B (en) * 2007-08-24 2012-12-01 Ind Tech Res Inst Group authentication method
WO2009033248A1 (en) * 2007-09-10 2009-03-19 Novell, Inc. A method for efficient thread usage for hierarchically structured tasks
KR100959074B1 (en) * 2007-12-12 2010-05-20 한국전자통신연구원 The security group creation and authentication on the p2p network
US8522360B2 (en) * 2008-01-28 2013-08-27 Seagate Technology Llc Posted move in anchor point-based digital rights management
US8533474B2 (en) * 2008-02-27 2013-09-10 Red Hat, Inc. Generating session keys
US8688975B2 (en) * 2008-03-25 2014-04-01 International Business Machines Corporation Certifying a virtual entity in a virtual universe
CN101547443B (en) * 2008-03-28 2011-12-21 上海华为技术有限公司 Method for transmitting signaling and communication device
US8458456B2 (en) * 2008-04-30 2013-06-04 Nec Europe Ltd. Method and system for verifying the identity of a communication partner
JP5480890B2 (en) 2008-05-29 2014-04-23 エルジー エレクトロニクス インコーポレイティド Control signal encryption method
CN101321209B (en) * 2008-06-19 2011-11-16 上海软中信息技术有限公司 Safe communication distributed data extraction method and implementing system based on PSTN
US8230217B2 (en) * 2008-10-13 2012-07-24 International Business Machines Corporation Method and system for secure collaboration using slepian-wolf codes
US7899056B2 (en) * 2009-01-13 2011-03-01 Fujitsu Limited Device and method for reducing overhead in a wireless network
US8023513B2 (en) * 2009-02-24 2011-09-20 Fujitsu Limited System and method for reducing overhead in a wireless network
US8812854B2 (en) * 2009-10-13 2014-08-19 Google Inc. Firmware verified boot
US8806190B1 (en) 2010-04-19 2014-08-12 Amaani Munshi Method of transmission of encrypted documents from an email application
JP5301034B2 (en) * 2010-05-19 2013-09-25 三洋電機株式会社 OBE
WO2012003504A2 (en) * 2010-07-02 2012-01-05 Air Computing, Inc. A system and method for cloud file management
WO2012099617A1 (en) 2011-01-20 2012-07-26 Box.Net, Inc. Real time notification of activities that occur in a web-based collaboration environment
US8751777B2 (en) 2011-01-28 2014-06-10 Honeywell International Inc. Methods and reconfigurable systems to optimize the performance of a condition based health maintenance system
US8990770B2 (en) 2011-05-25 2015-03-24 Honeywell International Inc. Systems and methods to configure condition based health maintenance systems
US8880886B2 (en) 2011-05-26 2014-11-04 First Data Corporation Systems and methods for authenticating mobile devices
US9652741B2 (en) 2011-07-08 2017-05-16 Box, Inc. Desktop application for access and interaction with workspaces in a cloud-based content management system and synchronization mechanisms thereof
US8856530B2 (en) 2011-09-21 2014-10-07 Onyx Privacy, Inc. Data storage incorporating cryptographically enhanced data protection
US20130080768A1 (en) * 2011-09-26 2013-03-28 Erik Lagerway Systems and methods for secure communications using an open peer protocol
GB2507935B (en) * 2011-10-12 2014-07-30 Ibm Method, system, mediation server, client, and computer program for deleting information in order to maintain security level
US8726084B2 (en) 2011-10-14 2014-05-13 Honeywell International Inc. Methods and systems for distributed diagnostic reasoning
US9098474B2 (en) 2011-10-26 2015-08-04 Box, Inc. Preview pre-generation based on heuristics and algorithmic prediction/assessment of predicted user behavior for enhancement of user experience
WO2013062599A1 (en) 2011-10-26 2013-05-02 Box, Inc. Enhanced multimedia content preview rendering in a cloud content management system
WO2013082320A1 (en) 2011-11-29 2013-06-06 Box, Inc. Mobile platform file and folder selection functionalities for offline access and synchronization
US9904435B2 (en) 2012-01-06 2018-02-27 Box, Inc. System and method for actionable event generation for task delegation and management via a discussion forum in a web-based collaboration environment
US20130191629A1 (en) * 2012-01-19 2013-07-25 Laconic Security, Llc Secure group-based data storage in the cloud
US11232481B2 (en) 2012-01-30 2022-01-25 Box, Inc. Extended applications of multimedia content previews in the cloud-based content management system
US9965745B2 (en) 2012-02-24 2018-05-08 Box, Inc. System and method for promoting enterprise adoption of a web-based collaboration environment
US9575981B2 (en) 2012-04-11 2017-02-21 Box, Inc. Cloud service enabled to handle a set of files depicted to a user as a single file in a native operating system
US9413587B2 (en) 2012-05-02 2016-08-09 Box, Inc. System and method for a third-party application to access content within a cloud-based platform
WO2013166520A1 (en) 2012-05-04 2013-11-07 Box, Inc. Repository redundancy implementation of a system which incrementally updates clients with events that occurred via cloud-enabled platform
CN102708192B (en) * 2012-05-15 2017-11-28 华为技术有限公司 A kind of method and system of document sharing, equipment
US9691051B2 (en) 2012-05-21 2017-06-27 Box, Inc. Security enhancement through application access control
US8832649B2 (en) * 2012-05-22 2014-09-09 Honeywell International Inc. Systems and methods for augmenting the functionality of a monitoring node without recompiling
US8914900B2 (en) 2012-05-23 2014-12-16 Box, Inc. Methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform
US9712510B2 (en) 2012-07-06 2017-07-18 Box, Inc. Systems and methods for securely submitting comments among users via external messaging applications in a cloud-based platform
GB2505072A (en) 2012-07-06 2014-02-19 Box Inc Identifying users and collaborators as search results in a cloud-based system
US9166958B2 (en) * 2012-07-17 2015-10-20 Texas Instruments Incorporated ID-based control unit-key fob pairing
US9081953B2 (en) 2012-07-17 2015-07-14 Oracle International Corporation Defense against search engine tracking
US9794256B2 (en) 2012-07-30 2017-10-17 Box, Inc. System and method for advanced control tools for administrators in a cloud-based service
US8832716B2 (en) 2012-08-10 2014-09-09 Honeywell International Inc. Systems and methods for limiting user customization of task workflow in a condition based health maintenance system
GB2513671A (en) 2012-08-27 2014-11-05 Box Inc Server side techniques for reducing database workload in implementing selective subfolder synchronization in a cloud-based environment
US9135462B2 (en) 2012-08-29 2015-09-15 Box, Inc. Upload and download streaming encryption to/from a cloud-based platform
US9195519B2 (en) 2012-09-06 2015-11-24 Box, Inc. Disabling the self-referential appearance of a mobile application in an intent via a background registration
US9117087B2 (en) 2012-09-06 2015-08-25 Box, Inc. System and method for creating a secure channel for inter-application communication based on intents
US9292833B2 (en) 2012-09-14 2016-03-22 Box, Inc. Batching notifications of activities that occur in a web-based collaboration environment
US10915492B2 (en) 2012-09-19 2021-02-09 Box, Inc. Cloud-based platform enabled with media content indexed for text-based searches and/or metadata extraction
US9037920B2 (en) 2012-09-28 2015-05-19 Honeywell International Inc. Method for performing condition based data acquisition in a hierarchically distributed condition based maintenance system
US9959420B2 (en) 2012-10-02 2018-05-01 Box, Inc. System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment
US9495364B2 (en) 2012-10-04 2016-11-15 Box, Inc. Enhanced quick search features, low-barrier commenting/interactive features in a collaboration platform
US9665349B2 (en) 2012-10-05 2017-05-30 Box, Inc. System and method for generating embeddable widgets which enable access to a cloud-based collaboration platform
KR101659113B1 (en) * 2012-10-09 2016-09-23 엘에스산전 주식회사 System for clouding service provide of power system
US10235383B2 (en) 2012-12-19 2019-03-19 Box, Inc. Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment
CN103067156B (en) * 2012-12-28 2016-01-20 北京移数通电讯有限公司 The URL encryption of mobile Internet user resources access, verification method and device
US20140188728A1 (en) 2012-12-31 2014-07-03 Fiserv, Inc. Systems and methods for performing financial transactions
US9396245B2 (en) 2013-01-02 2016-07-19 Box, Inc. Race condition handling in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9953036B2 (en) 2013-01-09 2018-04-24 Box, Inc. File system monitoring in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9507795B2 (en) 2013-01-11 2016-11-29 Box, Inc. Functionalities, features, and user interface of a synchronization client to a cloud-based environment
US10599671B2 (en) 2013-01-17 2020-03-24 Box, Inc. Conflict resolution, retry condition management, and handling of problem files for the synchronization client to a cloud-based platform
US10725968B2 (en) 2013-05-10 2020-07-28 Box, Inc. Top down delete or unsynchronization on delete of and depiction of item synchronization with a synchronization client to a cloud-based platform
US10846074B2 (en) 2013-05-10 2020-11-24 Box, Inc. Identification and handling of items to be ignored for synchronization with a cloud-based platform by a synchronization client
US9633037B2 (en) 2013-06-13 2017-04-25 Box, Inc Systems and methods for synchronization event building and/or collapsing by a synchronization component of a cloud-based platform
US9805050B2 (en) 2013-06-21 2017-10-31 Box, Inc. Maintaining and updating file system shadows on a local device by a synchronization client of a cloud-based platform
US9467283B2 (en) 2013-06-24 2016-10-11 Blackberry Limited Securing method for lawful interception
US9535924B2 (en) 2013-07-30 2017-01-03 Box, Inc. Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9584488B2 (en) 2013-08-09 2017-02-28 Introspective Power, Inc. Data encryption cipher using rotating ports
US9584313B2 (en) * 2013-08-09 2017-02-28 Introspective Power, Inc. Streaming one time pad cipher using rotating ports for data encryption
US10509527B2 (en) 2013-09-13 2019-12-17 Box, Inc. Systems and methods for configuring event-based automation in cloud-based collaboration platforms
US9535909B2 (en) 2013-09-13 2017-01-03 Box, Inc. Configurable event-based automation architecture for cloud-based collaboration platforms
KR101524743B1 (en) * 2013-11-15 2015-06-24 주식회사 날리지큐브 Virtual cluster
GB2515853B (en) 2014-02-25 2015-08-19 Cambridge Silicon Radio Ltd Latency mitigation
GB2517844B (en) 2014-02-25 2015-09-09 Cambridge Silicon Radio Ltd Thwarting traffic analysis
US9762395B2 (en) 2014-04-30 2017-09-12 International Business Machines Corporation Adjusting a number of dispersed storage units
WO2015175426A1 (en) * 2014-05-12 2015-11-19 Google Inc. Managing nic-encrypted flows for migrating guests or tasks
US10530854B2 (en) 2014-05-30 2020-01-07 Box, Inc. Synchronization of permissioned content in cloud-based environments
US10038731B2 (en) 2014-08-29 2018-07-31 Box, Inc. Managing flow-based interactions with cloud-based shared content
US9894119B2 (en) 2014-08-29 2018-02-13 Box, Inc. Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms
US9942211B1 (en) * 2014-12-11 2018-04-10 Amazon Technologies, Inc. Efficient use of keystreams
US10185946B2 (en) 2014-12-31 2019-01-22 Fiserv, Inc. Facilitating presentation of content relating to a financial transaction
WO2016118523A1 (en) 2015-01-19 2016-07-28 InAuth, Inc. Systems and methods for trusted path secure communication
JPWO2016132719A1 (en) * 2015-02-16 2017-12-28 日本電気株式会社 COMMUNICATION SYSTEM, NODE DEVICE, COMMUNICATION TERMINAL, AND KEY MANAGEMENT METHOD
US9509709B2 (en) * 2015-03-19 2016-11-29 International Business Machines Corporation Mechanism to augment IPS/SIEM evidence information with process history snapshot and application window capture history
US10104047B2 (en) * 2015-04-08 2018-10-16 Microsemi Solutions (U.S.), Inc. Method and system for encrypting/decrypting payload content of an OTN frame
US9432340B1 (en) * 2015-05-07 2016-08-30 Bogart Associates System and method for secure end-to-end chat system
US10216709B2 (en) 2015-05-22 2019-02-26 Microsoft Technology Licensing, Llc Unified messaging platform and interface for providing inline replies
US20160344677A1 (en) 2015-05-22 2016-11-24 Microsoft Technology Licensing, Llc Unified messaging platform for providing interactive semantic objects
EP3381166B1 (en) 2015-11-25 2021-04-28 Inauth, Inc. Systems and methods for cross-channel device binding
US10009328B2 (en) * 2015-12-07 2018-06-26 Mcafee, Llc System, apparatus and method for providing privacy preserving interaction with a computing system
US9590956B1 (en) 2015-12-18 2017-03-07 Wickr Inc. Decentralized authoritative messaging
US10334062B2 (en) 2016-02-25 2019-06-25 InAuth, Inc. Systems and methods for recognizing a device
US9596079B1 (en) * 2016-04-14 2017-03-14 Wickr Inc. Secure telecommunications
US20180012190A1 (en) * 2016-07-06 2018-01-11 International Business Machines Corporation Automatic inference of meeting attendance
FR3054905B1 (en) * 2016-08-04 2019-10-18 Safran Identity & Security KEY GENERATION METHOD AND ACCESS CONTROL METHOD
US11403563B2 (en) 2016-10-19 2022-08-02 Accertify, Inc. Systems and methods for facilitating recognition of a device and/or an instance of an app invoked on a device
US11093852B2 (en) 2016-10-19 2021-08-17 Accertify, Inc. Systems and methods for recognizing a device and/or an instance of an app invoked on a device
US10778432B2 (en) 2017-11-08 2020-09-15 Wickr Inc. End-to-end encryption during a secure communication session
US11101999B2 (en) 2017-11-08 2021-08-24 Amazon Technologies, Inc. Two-way handshake for key establishment for secure communications
US10541814B2 (en) 2017-11-08 2020-01-21 Wickr Inc. End-to-end encryption during a secure communication session
US10855440B1 (en) 2017-11-08 2020-12-01 Wickr Inc. Generating new encryption keys during a secure communication session
US11310078B2 (en) * 2018-01-11 2022-04-19 Wesley Rogers Cipher stream based secure packet communications with key stream transmission over diverse paths
US10754972B2 (en) 2018-01-30 2020-08-25 Salesforce.Com, Inc. Multi-factor administrator action verification system
US10460235B1 (en) * 2018-07-06 2019-10-29 Capital One Services, Llc Data model generation using generative adversarial networks
US11222311B2 (en) * 2018-12-18 2022-01-11 The Toronto-Dominion Bank System and method for secure data transfer
US11804970B2 (en) * 2021-10-15 2023-10-31 Lenovo Global Technology (United States) Inc. Baseboard management controller group administration

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07235921A (en) * 1994-02-23 1995-09-05 Nippon Telegr & Teleph Corp <Ntt> Security managing method and device for information communication
GB9502182D0 (en) * 1995-02-03 1995-03-22 Plessey Telecomm Telecommunications service interactions
JP3982848B2 (en) * 1995-10-19 2007-09-26 富士通株式会社 Security level control device and network communication system
US5787175A (en) 1995-10-23 1998-07-28 Novell, Inc. Method and apparatus for collaborative document control
FR2743235B1 (en) * 1995-12-27 1998-01-23 Alsthom Cge Alcatel METHOD FOR SECURING COLLABORATIONS BETWEEN OBJECTS OF AN OBJECT-ORIENTED PROGRAM
JP3562134B2 (en) * 1996-04-19 2004-09-08 富士ゼロックス株式会社 Collaborative design support system and method
JPH09319673A (en) * 1996-05-27 1997-12-12 Matsushita Electric Works Ltd Method and system for updating cryptographic key
DE19622630C1 (en) * 1996-06-05 1997-11-20 Siemens Ag Method for group-based cryptographic key management between a first computer unit and group computer units
US6453327B1 (en) * 1996-06-10 2002-09-17 Sun Microsystems, Inc. Method and apparatus for identifying and discarding junk electronic mail
US6272639B1 (en) * 1996-07-30 2001-08-07 Micron Technology, Inc. Mixed enclave operation in a computer network
JPH10111825A (en) * 1996-10-04 1998-04-28 Kokusai Denshin Denwa Co Ltd <Kdd> Method and device for matching and updating plural databases
JP3512311B2 (en) * 1997-03-27 2004-03-29 日立ソフトウエアエンジニアリング株式会社 Information link management method and information providing system
JPH1115373A (en) * 1997-06-20 1999-01-22 Fuji Xerox Co Ltd Open key coding system
US6775382B1 (en) 1997-06-30 2004-08-10 Sun Microsystems, Inc. Method and apparatus for recovering encryption session keys
JPH11150554A (en) * 1997-11-14 1999-06-02 Casio Comput Co Ltd Data communication equipment, data communication method and storage medium
US6195751B1 (en) 1998-01-20 2001-02-27 Sun Microsystems, Inc. Efficient, secure multicasting with minimal knowledge
US6049878A (en) * 1998-01-20 2000-04-11 Sun Microsystems, Inc. Efficient, secure multicasting with global knowledge
US6334146B1 (en) * 1998-06-05 2001-12-25 I2 Technologies Us, Inc. System and method for remotely accessing data
US6295361B1 (en) * 1998-06-30 2001-09-25 Sun Microsystems, Inc. Method and apparatus for multicast indication of group key change
JP2000066941A (en) * 1998-08-25 2000-03-03 Nec Corp Method and system for updating distributed file
US6584566B1 (en) * 1998-08-27 2003-06-24 Nortel Networks Limited Distributed group key management for multicast security
US6606706B1 (en) * 1999-02-08 2003-08-12 Nortel Networks Limited Hierarchical multicast traffic security system in an internetwork
US6542993B1 (en) * 1999-03-12 2003-04-01 Lucent Technologies Inc. Security management system and method
US6961855B1 (en) * 1999-12-16 2005-11-01 International Business Machines Corporation Notification of modifications to a trusted computing base

Also Published As

Publication number Publication date
IL152351A (en) 2009-08-03
JP2012019534A (en) 2012-01-26
US20060041752A1 (en) 2006-02-23
KR20030010620A (en) 2003-02-05
EP1348152A2 (en) 2003-10-01
EP1708406A3 (en) 2006-11-22
EP1348152B1 (en) 2006-11-22
EP1708406A2 (en) 2006-10-04
WO2001088674A3 (en) 2003-07-24
IL152351A0 (en) 2003-05-29
AU2001261117A1 (en) 2001-11-26
DE60124765T2 (en) 2008-02-14
US7415606B2 (en) 2008-08-19
US20060050869A1 (en) 2006-03-09
US20060036862A1 (en) 2006-02-16
US7213147B2 (en) 2007-05-01
US7171001B2 (en) 2007-01-30
JP4955181B2 (en) 2012-06-20
JP2004501547A (en) 2004-01-15
EP1698959A1 (en) 2006-09-06
EP1705599A3 (en) 2006-11-22
ATE346333T1 (en) 2006-12-15
KR100905141B1 (en) 2009-06-29
DE60124765D1 (en) 2007-01-04
US6986046B1 (en) 2006-01-10
CA2408437C (en) 2010-11-30
WO2001088674A2 (en) 2001-11-22
EP1705599A2 (en) 2006-09-27

Similar Documents

Publication Publication Date Title
CA2408437A1 (en) Method and apparatus for managing secure collaborative transactions
AU2003254377B2 (en) Methods and systems for providing a secure data distribution via public networks
JP3872107B2 (en) Encryption key recovery system
US7522732B2 (en) Method for controlling the distribution of software code updates
US7860243B2 (en) Public key encryption for groups
KR100568233B1 (en) Device Authentication Method using certificate and digital content processing device using the method
US20030078058A1 (en) Method for transmission of secure messages in a telecommunications network
JPH09505711A (en) Computer network encryption key distribution system
AU2003202511A1 (en) Methods for authenticating potential members invited to join a group
JP2022521525A (en) Cryptographic method for validating data
US20060053294A1 (en) System and method for proving time and content of digital data in a monitored system
WO2000013368A1 (en) Method of authenticating or &#39;digitally signing&#39; digital data objects
CN113297633A (en) Quantum digital signature method
CN111432403A (en) Data auditing method and device based on block chain
US20030037241A1 (en) Single algorithm cipher suite for messaging
CN117200966A (en) Trusted authorization data sharing method based on distributed identity and alliance chain
CN114297721A (en) Information processing method, information processing apparatus, block chain platform, and storage medium
CN113987546A (en) Alliance chain system based on identification password system
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium
JP2002539489A (en) Voice and data encryption method using encryption key split combiner
CN116506120B (en) Key loading method, key system and readable storage medium
JP4000899B2 (en) Cryptographic method with authentication, decryption method and device with authentication, program, and computer-readable recording medium
JPH08204696A (en) Authentication method in communication system having plural equipments
Barnes et al. RFC 9420: The Messaging Layer Security (MLS) Protocol
CN113868715A (en) Signature method and system based on quantum key

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20140502