JP2009514072A - Method for providing secure access to computer resources - Google Patents

Abstract

A method is provided for providing various levels of secure access to computer resources.
According to the present invention, a specific data requester is authenticated using a certificate. Authenticate the certificate using asymmetric cryptography. The trust authority assigns the trust level to the certificate. This trust level is an indication of the truthfulness of the data requester. Individual users set different levels of access rights to shared system resources for specific data requesters. The authenticated data requester is given a predetermined level of access right to the desired shared resource. The level of access rights depends on the user whose data is being sought, the authenticated ID of the data requester, and the trust level. Shared resources include data and application modules that are executed over a secure symmetric cryptographic tunnel.
[Selection] Figure 1

Description

      The present invention relates to a method for providing user-discriminating / discriminating access to a computer resource via a secure connection, and in particular to sharing a predetermined level of secure connection to a shared computer resource for a data requester. The method is based on the priority of a particular user of the resource. The level of secure access is determined in part by the trust level attributed (attached) to the data requester provided by the third party trust server.

      In a computer network, it is desirable to provide access to resources on its own computer or computer network in a secure manner for a particular computer user. The data requester is usually required to register in advance in a predetermined computer system with a login ID and a password. A secure connection is established when the user identifies himself by providing a login ID and password information, which usually provides the same level of access to all resources. Or provide a limited number of different levels of access based on the user's ID. These various access levels are determined at the system administrator level and are equally applied throughout the computer network.

      Currently, individual users on a computer network set their own permission levels that provide various levels of access to personal data based on the identity of the data requester seeking access to the personal data. That is not done. Even a data requester who personally knows a particular user cannot always gain trust. Computer hackers are known to hijack certificates used for electronic authentication. In any case, these certificates are becoming obsolete. Furthermore, the system administrator or individual user cannot predetermine what level of access (rights) should be provided to a data requester that he or she does not know. By default there is no “rating system” that determines the trust level attributed to the identity of a known or unknown data requester, so by default, data requesters have important business data (management (Confidential information), or access (rights) to confidential data or their applications.

      What is needed is a way to provide various levels of secure access to shared computer resources that overcomes the above disadvantages.

Patent document 1 discloses an enhanced secure shell (SSH) protocol having fine-grained access security policy management. According to this protocol, the system administrator can set permission to access or use a specific shared resource for each data requester or a group of data requesters. This protocol requires the data requester to have an account and log into the network before secure access is granted. Patent Document 1 does not disclose that a trust level is attributed to an individual who requests system access, either before or after the creation of an account. This permission level is set at the system administrator level and cannot be adjusted by individual network users. Thus, access to system resources occurs on a system wide basis, and individual users cannot set various levels of access (rights) to shared resources for specific data requesters. Therefore, there is no need to determine the level of secure access based on the user from whom data access is required.
US Pat. No. 6,851,113 US Pat. No. 6,820,063 US Pat. No. 5,659,616

      Patent Document 2 discloses a digital rights management method for controlling access to downloaded content. An access predicate specifies the right of a particular subscriber to download. For example, when a subscriber attempts to download some digital content (eg, an application), the subscriber's access predicate is compared to the rights manager certificate. If this rights manager certificate meets the requirements of the access predicate, the subscriber is allowed to download the digital content. Access predicates and their digital content are protected using cryptographic techniques. The invention of Patent Document 2 restricts the access right to a specific application to only a specified user, and the determination of the specified user is performed at a system-wide level (system-wide level). Individual users associated with a downloaded application cannot set the level of access provided to requesters seeking access to that application. Therefore, the level of access for a particular user cannot be differentiated, and as a result, the maximum level of access provided to that user cannot be determined. Furthermore, a trust level is not assigned to the ID of each user who requests download access rights.

      Patent Document 3 discloses a method for securely using a digital signature in a commercially available cryptographic system. Organizations employ attribute certificates that provide different levels of access to individuals based on their signature geography and age. The various levels of these accesses are determined at the system wide level. Therefore, a particular user is not provided with various levels of access (rights) and does not determine the maximum level of access that applies to a particular user. In the present specification, the terms “access” and “access right” are used almost synonymously.

      A variety of resources to allow different levels of access rights to be determined by individual users of the system or to verify / verify the identity of individuals requesting access to resources using a trust authority No method for providing a level of secure access is disclosed in the prior art.

According to one aspect of the present invention, a first computer or computer network (hereinafter referred to as a first network) having at least one user or a group of users (hereinafter referred to as users) having the following steps (a) to (h): A method for providing various levels of secure access to computer resources (referred to as computers) is disclosed.
(A) establishing a secure connection between a second computer or computer network (hereinafter referred to as second computer) and the first computer using a common symmetric encryption key;
The second computer has at least one data requester or a group of data requesters (hereinafter referred to as data requesters),
(B) providing the data requester's ID and authentication package to the first computer via the secure connection;
The authentication package is encrypted using the secret key of the data requester;
(C) for each user, checking the ID against an account list associated with the user and determining whether the account list includes the ID;
(D) authenticating the ID by decrypting the authentication package using a public key associated with the ID;
(E) with the authenticated ID, the data requester selects a specific user who intends to access a resource via the secure connection;
(F) checking for the selected user whether the authenticated ID is on the account list;
(G) for an requested resource associated with the selected user, checking an access control list to determine a level of secure access to be provided to a data requester for the resource;
The level of secure access is determined based on both the selected user and the authenticated identity;
(H) providing a predetermined level of secure access to the resource via the secure connection;

According to another aspect of the invention, various levels of security to computer resources on a first computer or computer network (hereinafter referred to as the first computer) having the following steps (a) to (g): A method for providing secure access is disclosed.
(A) establishing a secure connection between a second computer or computer network (hereinafter referred to as second computer) and the first computer using a common symmetric encryption key;
The second computer has at least one data requester or a group of data requesters (hereinafter referred to as data requesters),
(B) providing the data requester's ID and authentication package to the first computer via the secure connection;
The authentication package is encrypted using the secret key of the data requester;
(C) checking the ID against an account list on the first computer and determining whether the account list includes the ID;
(D) authenticating the ID by decrypting the authentication package using a public key associated with the ID;
(E) assigning a trust level to an authenticated ID based on one or more trust tables;
(F) checking an access control list to determine a level of secure access to be provided to the data requester;
The level of secure access is determined based on both the authenticated ID and the trust level;
(G) providing a predetermined level of secure access to the resource via the secure connection;

According to one aspect of the present invention, a first computer or computer network (hereinafter referred to as a first network) having at least one user or a group of users (hereinafter referred to as users) having the following steps (a) to (i): A method for providing various levels of secure access to computer resources (referred to as computers) is disclosed.
(A) establishing a secure connection between a second computer or computer network (hereinafter referred to as second computer) and the first computer using a common symmetric encryption key;
The second computer has at least one data requester or a group of data requesters (hereinafter referred to as data requesters),
(B) providing the data requester's ID and authentication package to the first computer via the secure connection;
The authentication package is encrypted using the secret key of the data requester;
(C) for each user, checking the ID against an account list associated with the user and determining whether the account list includes the ID;
(D) authenticating the ID by decrypting the authentication package using a public key associated with the ID;
(E) assigning a trust level to an authenticated ID based on one or more trust tables;
(F) with the authenticated ID, the data requester selects a specific user who intends to access a resource via the secure connection;
(G) checking for the selected user whether the authenticated ID is on the account list;
(H) checking an access control list to determine a level of secure access to a requested resource associated with the selected user to be provided to a data requester for the resource;
The level of secure access is determined based on the selected user, the authenticated ID and a trust level;
(I) providing a predetermined level of secure access to the resource via the secure connection;

      The present invention provides various data requesters with various levels of secure access to shared computer resources. This is determined by the individual user of the computer system and is based on the data requester's ID. The trust level associated with the data requester is utilized by individual users to determine the level of secure access provided to the data requester. This allows a data requester known or unknown to the user to gain secure access to secret system resources (eg, personal data or networked computer applications). This is done based on the data requester's trust level and does not require pre-registration or provision of a password or personal information.

      In accordance with the present invention, many computer applications can be developed for secure access to shared computer resources. For example, a personal calendar application containing personal appointment information for individual users of the network is made available over the network. The user can set various levels of calendar access rights based on the authenticated ID of the requester seeking access to the personal calendar. Assume that the user is a doctor. The user's (doctor's) secretary has one level of access (eg, the right to view and edit occupational appointments), and the doctor's wife has another level of access (eg, ( The right to enter and edit personal appointments), and the doctor's mother has another level of access (e.g., the right to see family related contacts). An unknown data requester at a remote location with a certain trust level can enter a new appointment in the doctor's calendar and see that the appointment exists at a particular time, Can't see. Other doctors in the same office can appoint another person to view and edit their professional or social appointments, but they do not provide access to those designated by their colleagues Absent. Access to this application allows the data requester to have access to other shared network resources (eg, secret patient data) without the need for prior registration or providing password information. Nor. This type of calendar application that allows various levels of secure access to shared information is not available in the prior art and is just one example of many applications that take advantage of the unique advantages of the present invention.

      The trust level is determined using a trust table registered in the computer network. This trust table reflects the opinions and experiences of designated users in the network. Alternatively, the designated user may belong to other third party networks. This designated user is also referred to as a “trust authority”. The trust level attributed to the individual by the trust authority may represent whether the certificate and public key provided are actually attributed to the individual requesting attribution. In other words, when a certificate is no longer trusted as a positive proof of an individual's identity that requires it to be trusted and belong to that certificate, a lower trust level is assigned to that identity by the trust authority. Be attributed (attached). This prevents fraudulent use of individuals (IDs) who have lost their trust, and can limit access to shared resources. In the present specification, the terms “individual” and “ID” are used (translated) almost synonymously. The “individual” does not necessarily include “one individual” but also an organization / organization such as “group” or “company”.

      The trust level attributed to the data requester is determined using various factors. The trust level belonging to an individual (ID) can be edited using information from multiple trust categories. This trust category can be entered, for example, by the number of legitimate or fraudulent business transactions performed by an individual (ID), the number of successful attempts to access the network on the first attempt, the number of occurrences of unauthorized use of data, Either the number of complaints, the number of “revoked” events by the owner of the ID in the event of the credit failure of the alleged certificate, the current or past employment relationship, or any of several other criteria. The level of trust is provided as a percentage value and is provided within a composite value and / or within multiple trust categories reflecting the opinions and experiences of multiple users. As another example, the trust level is selected based on the trust level attributed to a particular trust authority of a particular category. By adopting the determination of a certain trust authority in preference to the others, it is possible to resolve a trust level conflict (mismatch) belonging to a specific ID.

      Another way to determine the trust level attributed to a particular ID relies on a chain of trusted authorities. For example, when a user of a network is designated as the first trust authority, the trust level attributed to that data requester by that user is trusted by other users of that network. A user or group of users on the third party network can also be designated as the first trust authority. When this first trust authority cannot provide information about a particular individual (ID) in a given category, another second trust authority designated as trusted by the first trust authority It is trusted (used) when a trust level is attached (attributed) to (ID). In the event of an information collision between multiple second trust authorities, the trust level attributed to a specific second trust authority by the first trust authority is used to avoid this collision. It is done. Thus, a trusted authority chain can be used to determine the trust level for a particular data requester within a particular category. This is useful when information about the data requester is not available from the network owner's trust table.

      The third party trust server may be set up as a public forum that shares information about the trust level of a particular category of ID. A third-party trust server is designated as a trust authority and is trusted to represent multiple users' opinions and experiences (eg, the number of successful business transactions) for a particular ID within a larger trust category. . Users from a particular individual computer network will post their experiences with their ID to a third party trust server. This serves as an information source available to the public to determine the trust level attributed to the ID in that category. A specific user or group of users can develop their own trust tables, but this development is done with reference to multiple third party trust servers in various categories.

      The above concept is equally applicable to users on one computer, users on a computer network, groups of users on one computer, and groups of users on a network. The same applies to a single data requester or group of data requesters. A group is configured on the basis of a family unit, a workplace unit, a team, and the like, and similar access permission (access right) is given to all members in the group. When a member in a group is given a higher level of access by a particular user than other members, the highest level of access is granted to the members of that group. The formation of the group is determined by the group manager, who can add or remove members from the group. This is particularly advantageous for the company. The reason is that employees can easily be added to a group of companies, which gives them access to internal company information or information that belongs to the company's business partners. .

      The present invention is also referred to as a Secure Trust Protocol (STP). The present invention provides a method for connecting individual systems, authenticating users, controlling resource utilization, and executing protocol procedures at remote locations. The present invention is used in an enterprise and connects a first computer and a second computer on the same internal network, or connects a first computer network and a second computer network. Referring to FIG. 1, the present invention functions as a “peer to peer” with the use of a trust authority and a gateway. Standard network protocols are used for communication, but data exchange occurs over symmetric cryptographic tunnels. The ID of the data requester and the user for whom data is requested is confirmed using asymmetric encryption. This protocol performs these functions, but by invoking modules that are provided as part of a hierarchical architecture.

      In FIG. 2, a data requester or group of data requesters seeking access to data associated with a particular user or group of users of a first computer or computer network requests data via a secure connection. A secure connection is established between a first computer or computer network and a second computer or computer network using a common symmetric encryption key. This symmetric encryption key is known to both parties, or a unique symmetric encryption key may be generated in each session. One means of generating a unique common symmetric encryption key uses both public keys and a key exchange algorithm (eg, Diffie-Hellman key exchange). However, the symmetric encryption key may be generated using another appropriate key exchange algorithm. Once a common symmetric encryption key is available to both (user and data requester), a secure connection (eg, a symmetric encryption tunnel) can be used for a particular session or for all subsequent communications. As a result, an unauthenticated third party cannot “intercept” communication between them. If communication is intercepted, it will lead to leakage of both IDs.

      When a secure connection is established, the first computer or computer network sends the first data string to the second computer or computer network. This first data string is randomly generated and used to prevent a “playback attack”. In “playback attack”, the data requester simply repeats the challenge-response sequence once used by the authenticated data requester to gain unauthorized access to the system.

      The second computer or computer network responds by providing the ID of the data requester or group of data requesters. In its simplest form, this ID is a text string (eg, jim@example.com). However, the ID may include other alphanumeric information. This ID is accompanied by a hash value of the certificate of the data requester or data requester group. This certificate includes the public key of the data requester or group of data requesters. A hash algorithm (ie, a one-way encryption algorithm) is used to generate a number (hash value) associated with the hashed certificate. The recipient of this hash value obtains the same numeric value (hash value) using the same (hash) algorithm on the copy of the data requester's certificate. This authenticates (confirms) that the sender has the same public key as the one recorded, and then confirms that asymmetrically encrypted communication can be performed without error. If this test fails, the data requester is disconnected before conveying further information.

      Thereafter, the first computer checks whether the ID of the data requester exists on the account list of the first computer. Each user of the computer has an account list. This account list contains the IDs of users who are authorized to access computer resources. The first computer checks each user's account list to determine whether there is a user on the computer or computer network that will provide some level of access to the data requester. If no account list containing the data requester's ID exists in the first computer's account list, the session ends. If at least one account list contains the identity of this data requester, the session is authorized and goes to the authentication process.

      When the ID of the data requester is transmitted, the second computer transmits an encrypted authentication package. This authentication package is asymmetrically encrypted using the data requester's private key and can only be decrypted with the public key corresponding to this private key. The authentication package includes a hash value of a first data string and a symmetric encryption key concatenation. The authentication package also includes a second data string. Preferably, this second data string is randomly generated by the second computer. After receiving the authentication package over the secure connection, the first computer decrypts the authentication package using the data requester's public key. Thereby, it is confirmed that the ID of the data requester corresponds to the certificate. Thereafter, by using a hash algorithm to obtain the same numerical value (hash value) for the chain of symmetric encryption keys, the first computer encrypts the package and the data requester It also receives a string and confirms that it is the same person with a common symmetric encryption key. This eliminates the need to insert additional computers between the first and second computers, and prevents “man in the middle” attacks. If decryption of the authentication package or authentication of the hash value fails, the data requester is disconnected as an error. If successful, the session proceeds.

      In one embodiment of the present invention, a data requester can select a user or group of users for whom he wants to access a resource. The data requester is allowed to access resources associated with a user or group of users who have an authenticated ID on their account list. A list of selected users is obtained only after authentication. The list of users to be selected can only be accessed after authentication. Alternatively, a list including all users of the first computer or computer network may be accessible after authentication. In this case, the first computer or computer network must check whether the selected user has an authenticated ID on the account list. This selection process is then completed.

      After selecting a specific user to access the resource, the data requester is allowed to select the desired resource associated with the selected user. Each user of the first computer or computer network creates an access control list for each resource that is allowed to grant access to the data requester. This access control list includes the ID of the data requester authorized to access that particular resource and the level of data access rights provided to the data requester. The data requester can view a list of available resources that the selected user has designated as accessible by the data requester. This available resource includes computer data or computer applications and is stored on a particular computer on the first computer network or stored in an accessible location on another network. User and resource selection is performed manually or automatically, for example, on software designated at the workplace, according to the method of the present invention.

      Once a user group is established that includes all users of the first computer or computer network, all data requesters who have permission to access resources on the first computer or computer network will see this group. Exists on your account list. Once authenticated, the data requester can access any resource that has the data requester's ID on its access control list. This is particularly beneficial. For example, the method of the present invention is employed within a company to provide each employee with a predetermined level of access to shared network resources, but the employee is prohibited from designating a visitor with access. Because it can.

      In one embodiment of the invention, the user has a personal id or machine id on the first computer or computer network. The machine id can give automatic access to certain resources. For example, a user can be given remote access to personal data registered on the machine. On the other hand, the personal id can give a right to access a personally important resource (for example, a function capable of sending an email from the personal id). The personal id may also require a password or passphrase to allow access to the data requester and add an additional security layer to prevent unauthorized use of personal data.

      When a user or group of users and resources associated with the user or group of users are selected, the first computer or computer network sends an encrypted response to the second computer or computer network. This encrypted response is asymmetrically encrypted using a first computer or computer network private key (preferably the selected user's private key) and a copy of the public key corresponding to this private key ( The data requester has). This encrypted response includes a hash value of the symmetric encryption key chained to the second data string. By decrypting the response using the public key and obtaining the same numerical value (hash value) as the hash value, the second computer is communicating with the selected user, “ Authenticate (confirm) that there is no “interceptor)”.

      When this authentication is complete, the data requester is provided with a level of secure access to the resource specified by the user in the access control list for that resource. The level of secure access to a particular shared resource on the first computer or computer network is a function of the ID of the data requester and the ID of the user (access to the resource is through this user). This predetermined level of secure access is provided using a predetermined symmetric cryptographic tunnel over the secure connection. Other safer methods can also be used depending on the importance of the resource being accessed.

      In a related aspect of the invention, the level of trust belongs to an ID that has been authenticated by referring to a trust table. This trust table represents the degree of trust placed in the authentication of a specific ID. For example, an ID known to have been damaged by a hacker belongs to a low trust level. On the other hand, employees of a company known to have a valid ID on the first network belong to a higher level of trust. This trust level is then used as an additional factor in determining the level of secure access provided to the data requester or group of data requesters. The trust table is accessible from the trust authority access. The trust table of the present invention is shown in FIG.

      The trust table includes the identity of the data requester and the trust level in at least one trust category. Any number of categories are provided in the trust table. Each ID has a trust level in each category. It is usually represented by a number from 1 to 100. This number is assigned by the trust authority that manages the trust table and is automatically determined according to an algorithm that takes into account the experiences of multiple users within a particular trust category. The overall effect of this trust level is that the level of secrecy / trust can be attributed to the truthfulness of the data requester's ID.

      The trust authority is either a user of the first computer or computer network or a user on a third party trust server accessible using a secure connection. If trust information for a particular ID is not obtained from the designated first trust authority, the first trust authority designates a second trust authority. This is usually a third party trust server, which provides trust information. Thus, a trusted authority chain is created. As a result, the trust level is determined regardless of whether the particular ID is known to the first trust authority. Thereby, a general member can access a certain system resource. This is done even if they are not personally acquainted with the user designated as the first trust authority of the first computer or computer network. For example, a person seeking access to personal tax data from a government computer server can obtain the data based on a trust authority that authenticates the person's identity. This is done without logging into a government server, providing a password, or providing personal identification information.

      Third party trust authorities can provide public certificate information along with trust information and routing information. This is comparable to a telephone directory that provides ID information along with telephone numbers and address information. This trust authority provides encrypted stored information of secret key information. Thus, the private key can be recovered when lost or damaged, and the certificate is not required to be destroyed by assigning a low trust level to this ID. If the certificate is voluntarily terminated, the certificate is stored in a memory location associated with a third party trust authority. Using this storage location, the certificate is removed from valid distribution, but the updated certificate is sent by the first trust authority to a third party trust in response to a request to belong to the trust level. Provided to the first trust authority when connected to the authority. Thus, the updated information is distributed without the intervention of the data requester. Clear continuity is provided to the data requester without any system shutdown due to low trust levels.

      A trust authority is used with access to system resources to distinguish / discriminate between users. In another embodiment of the present invention, the trust authority is widely set and can be used to authenticate the authenticity of an individual's identity using a certificate. These trust authorities function as described above and are used to provide certificate expiration information. For example, if the ID displayed by a particular certificate is user@corporation.com, but the user is no longer working for that company, the company will identify a third-party trust authority. , Invalidate the certificate. Trust authorities are used with many existing secure access protocols that rely on certificates. Examples of protocols are SSH, VPN, SSL, Kerberos (registered trademark), WEP, Bluetooth (registered trademark), and Windows (registered trademark) login.

      The present invention is executed via a plurality of application modules. FIG. 4 shows the layered architecture of the module of the present invention. Each stage of the method of the present invention is represented by a different layer, each layer having a plurality of modules. This module performs the steps of the method described above and performs other steps known in the art used to facilitate communication and exchange of data between the first and second computer networks. For example, at a lower level of the architecture, TCP / IP modules, FILES modules, and MEMORY modules are used to facilitate basic communication and basic data transmission and reception. The intermediate level of the architecture associated with the first stage of the method of the present invention, such as the CRYPTO level, generates a symmetric encryption key and a random number generator module used to generate the first and second data strings. DIFFIE-HELLMAN module used for The TRUST level of the architecture includes the AUTHORITY module used to access the authority table, the CERTIFICATE module used to authorize the certificate, and the Access for the particular desired resource associated with the selected user. And an ACL module used to provide the Control List. The highest level of architecture includes modules that perform secure data transfer functions and modules that provide secure application access. For example, the highest levels include the CALENDAR module, the FILE MANAGER module, and the CONTACTS module, which are used to send specific data to the user over the secure connection.

      At the highest or MODULE level, the method of the present invention allows for the wide use of the following three core modules: That is, the SERVICE REGISTRY module records the IDs of all modules installed in the system along with its certificate, providing information that requires other modules in the system and the load on a specific module. To do. The DISCOVERY module provides information to the data requester. This information is information about which modules are available as resources for the particular user to which they are connected. The data requester selects the desired resource by selecting one of the available modules. The MACHINE DELEGATE module provides access to resources on the first computer or computer network when the user to whom access is requested is not logged in. In order to determine the resources that are sought to be accessed by the data requester, the ACL associated with that user is respected by the MACHINE DELEGATE module so that a predetermined level of access to a particular desired resource is Given to the data requester. The MACHINE DELEGATE module has a lower set of access permission levels for its resources than when the user actually logged in. This prevents the MACHINE DELEGATE module from performing functions that provide access to resources that are normally required by the user (eg, sending email).

      Each top-level module communicates using an exposed application programming interface (API). With this API, anyone can create a module that functions according to the method of the present invention. This API provides a plurality of features common to each module. For example, each module can store and register its configuration state and its own internal access control list (only for module users), and can perform desired functions (eg, communicate between computers and exchange data) To access modules in other layers of the architecture.

      Each module is digitally signed. This signature is authenticated using a trust authority as described above for individual users and data requesters. Once signed, this module proves the module's authentication / authority to the data requester, and a hacker or other malicious individual can identify a computer virus or other harmful application as an unsuspecting data requester. Do not give on the first computer network requesting access. Known hackers who sign modules have a low trust level on third party trust authorities, and the data requester is signed by someone who has a trust level below a certain threshold You can choose not to run the module. Module authentication / authorization is completed at the RPC level of the layered architecture. Similarly, a module attempting to upload information to the first computer or computer network must have a trust level above a certain value in order to complete the upload and allow access to upload data. Must have a level.

      The following description is an embodiment of the present invention using pseudo code and is described for those skilled in the art. The pseudocode in the left column of the following table represents modules and procedures executed on the second computer or computer network. The pseudocode in the right column represents modules and procedures that are executed on the first computer or computer network. The pseudo code lines are executed sequentially, and the codes appearing on both sides of the same line are executed in parallel.

Table 1

      The above description relates to one embodiment of the present invention, and those skilled in the art can consider various modifications of the present invention, all of which are included in the technical scope of the present invention. The The numbers in parentheses described after the constituent elements of the claims correspond to the part numbers in the drawings, are attached for easy understanding of the invention, and are used for limiting the invention. Must not. In addition, the part numbers in the description and the claims are not necessarily the same even with the same number. This is for the reason described above.

FIG. 4 shows an example of the connection between a data requester and a user and the use of modules of the overall system architecture according to the invention. The flowchart figure showing one Example of this invention. The flowchart figure showing the other Example of this invention. A diagram representing a hierarchical architecture including a plurality of modules.

Claims (20)

Providing various levels of secure access to computer resources on a first computer or computer network (hereinafter “first computer”) having at least one user or group of users (hereinafter “user”). In the way to
(A) establishing a secure connection between a second computer or computer network (hereinafter referred to as a “second computer”) and the first computer using a common symmetric encryption key;
The second computer has at least one data requester or a group of data requesters (hereinafter referred to as “data requesters”),
(B) providing the data requester's ID and authentication package to the first computer via the secure connection;
The authentication package is encrypted using the secret key of the data requester;
(C) for each user, checking the data requester's ID against an account list associated with the user and determining whether the account list includes the data requester's ID;
(D) authenticating the data requester's ID by decrypting the authentication package using a public key associated with the data requester's ID;
(E) with the authenticated ID, the data requester selects a specific user who intends to access a resource via the secure connection;
(F) checking for the selected user whether the authenticated ID is on the account list;
(G) for an requested resource associated with the selected user, checking an access control list to determine a level of secure access to be provided to a data requester for the resource;
The level of secure access is determined based on both the selected user and the authenticated identity;
(H) providing a predetermined level of secure access to the resource via the secure connection; and various levels of secure access to the computer resources of the first computer or computer network. How to provide access. After determining the level of secure access to be provided to the data requester,
(I) transmitting an encrypted response from the first computer via a secure connection;
The encrypted response further comprises being encrypted using a secret key associated with the first computer;
The method of claim 1 wherein: 3. The method of claim 2, wherein the encrypted response is decrypted by the second computer using a public key corresponding to a secret key used to encrypt the response. The method of claim 2, wherein the response is encrypted using the selected user's private key. 5. The method of claim 4, wherein the encrypted response is decrypted by the second computer using the public key of the selected user. The method of claim 2, wherein step (a) includes transmitting a first data string from the first computer to the second computer over a secure connection. The method of claim 6, wherein the authentication package includes a hash value of a combination of the symmetric encryption key and the first data string, and a second data string. The method of claim 7, wherein the encrypted response includes a hash value of the combination of the symmetric encryption key and a second data string. The method of claim 7, wherein the first and second data strings are randomly generated. The method of claim 1, wherein the symmetric encryption key is generated using a Diffie-Hellman key exchange algorithm on both the first computer and the second computer. The method according to claim 1, wherein in step (b), a hash value of a certificate corresponding to the ID of the data requester is provided to the first computer via the secure connection. . The method of claim 1, wherein the list of available resources associated with the selected user is accessible by the data requester only after step (f). The method of claim 1, wherein the desired resource comprises data unique to the user. The method of claim 1, wherein the desired data includes an executable module. In a method of providing various levels of secure access to computer resources on a first computer or computer network (hereinafter “first computer”),
(A) establishing a secure connection between a second computer or computer network (hereinafter referred to as a “second computer”) and the first computer using a common symmetric encryption key;
The second computer has at least one data requester or a group of data requesters (hereinafter referred to as “data requesters”),
(B) providing the data requester's ID and authentication package to the first computer via the secure connection;
The authentication package is encrypted using the secret key of the data requester;
(C) checking the data requester's ID against an account list on the first computer to determine whether the account list includes the data requester's ID;
(D) authenticating the data requester's ID by decrypting the authentication package using a public key associated with the data requester's ID;
(E) assigning a trust level to an authenticated data requester's ID based on one or more trust tables;
(F) checking an access control list to determine a level of secure access to be provided to the data requester;
The level of secure access is determined based on both the identity and trust level of the authenticated data requester;
(G) providing various levels of secure access to the computer resources of the first computer or computer network comprising providing a predetermined level of secure access to the resources via the secure connection. How to provide. The method of claim 15, further comprising the step of: (h) updating a trust level on the one or more trust tables. The method of claim 15, wherein the at least one trust table is on a third computer or computer network. The method of claim 17, wherein a trust table on the third computer or computer network is accessed via a second secure connection. The method of claim 15, wherein the trust table includes trust information provided by a plurality of users or groups of users. Providing various levels of secure access to computer resources on a first computer or computer network (hereinafter “first computer”) having at least one user or group of users (hereinafter “user”). In the way to
(A) establishing a secure connection between a second computer or computer network (hereinafter referred to as a “second computer”) and the first computer using a common symmetric encryption key;
The second computer has at least one data requester or a group of data requesters (hereinafter referred to as data requesters),
(B) providing the data requester's ID and authentication package to the first computer via the secure connection;
The authentication package is encrypted using the secret key of the data requester;
(C) for each user, checking the data requester's ID against an account list associated with the user and determining whether the account list includes the data requester's ID;
(D) authenticating the data requester's ID by decrypting the authentication package using a public key associated with the data requester's ID;
(E) assigning a trust level to an authenticated ID based on one or more trust tables;
(F) selecting, by the authenticated data requester's ID, a specific user that the data requester intends to access a resource via the secure connection;
(G) checking for the selected user whether the ID of the authenticated data requester is on the account list;
(H) checking an access control list to determine a level of secure access to a requested resource associated with the selected user to be provided to a data requester for the resource;
The level of secure access is determined based on the identity and trust level of the selected user and the authenticated data requester;
(I) providing a predetermined level of secure access to the resource via the secure connection; and various levels of secure access to the computer resources of the first computer or computer network. How to provide access.

Images