US 2013/0212388 A1 - Providing Trustworthy Workflow Across Trust Boundaries - The Lens

Providing Trustworthy Workflow Across Trust Boundaries

Published: Aug 15, 2013
Earliest Priority: Feb 13 2012
Family: 1
Cited Works: 2
Cited by: 21
Cites: 10
Additional Info: Cited Works Full text Published

Abstract

Methods, systems and apparatuses for providing trustworthy workflow across trust boundaries are disclosed. One method includes a curator generating a first public key (PKC1) and a second public key (PKC2), publishing the first public key (PKC1) and the second public key (PKC2), and generating a first proxy re-encryption key (RKC1-C2) and a second proxy re-encryption key (RKC2-B). Further, a first party encrypts data having a key k, wherein k is encrypted according to the first public key (PKC1). A custodian proxy re-encrypts k from the first public key (PKC1) to the second public key (PKC2) using the first proxy re-encryption key (RK C1-C2), and the custodian proxy re-encrypts k from the second public key (PKC2) to a public key (PKB) of the second party B using the second proxy re-encryption key (RKC2-B). The second party B receiving the data and decrypting the data with the key k.

Claims

A method of providing trustworthy workflow across trust boundaries between a first party A and a second party B, comprising:
one or more curators generating a first public key (PK_C1) and a second public key (PK_C), and the one or more curators generating and maintaining a first secret key (SK_C1) and a second secret key (SK_C);

the one or more curators publishing the first public key (PK_C1) and the second public key (PK_C2);

the one or more curators generating a first proxy re-encryption key RK_C1-C2) and a second proxy re-encryption key (RK_C2-B);

the first party A encrypting data having a key k, wherein k is encrypted according to the first public key (PK_C1);

one or more custodians proxy re-encrypting k from the first public key (PK_C) to the second public key (PK_C2) using the first proxy re-enctyption key (RK_C1-C2) herein the proxy re-encryption is one-way;

the one or more custodians proxy re-encrypting k from the second public key (PK_C2) to a public key (PK_B) of the second party B using the second proxy re-encryption key (RK_C2), wherein the proxy re-encryption is one-way; and

the second party B receiving the data and decrypting the data with the key k, decrypted from a secret key SK_B,
The method of claim 1, wherein the proxy re-encryption being one-way comprises:
the one or more curators generating the proxy re-encryption key utilizing a cryptographic one-way function., wherein the cryptographic one-way function comprises a cryptographic pairing, and wherein the proxy re-encryption is restricted to be one-way.
The method of claim 1, wherein the one or more curators generate the second proxy re-encryption key (RK_C2-B) without knowledge of the secret key SK_Bcomprising:
obtaining a public key of the second party B;

generating the second proxy re-encryption key (RK_C2-B) by applying a cryptographic function to the public key of the second party B.
The method of claim 1, further comprising preventing collusion between the one or more custodians, the one or more curators or any other party to obtain a curator secret key or any other parties' secret key, comprising utilizing a one-way pairing function.
The method of claim 1, further comprising preventing the ability for party B or one or more curators or one or more custodians, or in any combination to generate a proxy re-encryption that is not the intention of party A
The method of claim 1, wherein the one or more curators comprises a plurality of curators, acting as one or more Policy Administration Points (PAP) and one or more Policy Decision Points (PDP) for one or more enterprises across trust boundaries, and further comprising preventing the one or more custodians, acting as one or more Policy Enforcement Points (PEP), from accessing or tampering content of policies of the plurality of curators while enforcing the policies across the plurality of curators.
The method of claim 6, wherein policy enforcement actions performed by one or more custodians are non-repudiable and tamper proof.
The method of claim 6, further comprising the plurality of curators translating the policies into the generation of the first public key (PK_C1), the second public key (PK_C2), the first secret key (SK_C1), the second secret key (SK_C2).
The method of claim 8, wherein publishing the first public key (PK_C1) and the second public key (PK_C2) comprises the plurality of curators sending the first public key (PK_C1) and the second public key (PK_C2) to the one or more custodians.
The method of claim 9, further comprising the plurality of curators requesting for policy enforcement comprising publishing the first proxy re-encryption key (RK_c1-c2) and the second proxy re-encryption key (RK_c2-B) to the one or more custodians, and sending requests to perform one or more proxy re-encryption operations to the one or more custodians.
The method of claim 9, further comprising the one or more custodians enforcing the policies by performing the proxy re-encrypting of k from the first public key (PK_C1) to the second public key (PK_C2) and proxy re-encrypting k from the second public key (PK_C2) to a public key (PK_a).
The method of claim 1, wherein the one or more curators, comprising an enterprise, and the one or more custodians provide the trustworthy workflow within a cloud network, wherein the one or more custodians comprise one or more cloud service providers.
The method of claim 12, wherein Party A is a resource provider in an enterprise and the curator is an identity provider.
The method of claim 1, wherein the party A or the party B is the curator.
The method of claim 1, wherein proxy re-encryption keys generated by the one or more curators have a time-out period in which the proxy re-encryption keys expire.
The method of claim 1, wherein at least one of party A and party B are within a hierarchical group, and further comprising proxy re-encrypting the k more than twice, wherein sharing of the data from one party of the hierarchical group to another party of the hierarchical group includes a proxy re-encrypting.
A system for providing trustworthy workflow across trust boundaries between a first party A and a second party B, comprising:
one or more curator servers operative to generate a first public key (PK_C1) and a second public key (PK_C2), wherein the One or more curators maintain a first secret key (SK_C1) and a second secret key (SK_C2);

the one or more curator servers operative to publish the first public key (PK_C1) and the second public key (PK_C2);

the one or more curator servers operative to generate a first proxy re-encryption key (RK_C1-C2) and a second proxy re-encryption key (RK_C2-B);

the first party server A operative to encrypt data having a key k, wherein k is encrypted according to the first public key (PK_C1);

one or more custodian servers operative to proxy re-encrypt k from the first public key (PK_C1) to the second public key (PK_C2) using the first proxy re-encryption key (RK_C1-C2) wherein the proxy re-encryption is one-way;

the one or more custodians servers operative to proxy re-encrypt k from the second public key (PK_C2) to a public key (RK_C2-B) of the second party using the second proxy re-encryption key (RK_C2-B), wherein the proxy re-encryption is one-way; and

the second party server B operative to receive the data and decrypting the data with the key k, decrypted from a secret key SK_B.
The system of claim 17, wherein the one or more curators servers comprises a plurality of curator servers, and the plurality curator servers are operative to acti as one or more Policy Administration Points (PAP) and one or more Policy Decision Points (PDP) for one or more enterprises across trust boundaries, and are further operative to prevent the one or more custodian servers, acting as one or more Policy Enforcement Points (PEP), from accessing or tampering content of policies of the plurality of curator servers while enforcing the policies across the plurality of curator servers.
A method of enabling one or more custodians to provide trustworthy workflow across trust boundaries between a first party A and a second party B, comprising:
receiving, by the one or more custodians, a first public key (PK_C1) and a second public key (PK_C2);

receiving, by the one or more custodians, a first proxy re-encryption key (RK_C1-C2) and a second proxy re-encryption key (RK_C2-B);

receiving, by the one or more custodians, encrypted data having a key k, wherein k is encrypted according to the first public key (PK_C1);

proxy re-encrypting k from the first public key (PK_C1) to the second public key (PK_C2) using the first proxy re-encryption key (RK_C1-C2), wherein the proxy re-encryption is one-way;

proxy re-encrypting k from the second public key (PK_C2) to a public key (PK_B) of the second party B using the second proxy re-encryption key (RK_C2-B), wherein the proxy re-encryption is one-way; and

sending, by the one or more custodians, the encrypted data to the second party B, thereby allowing the second party B to decrypt the data with key k, decrypted from a secret key SK_B.
The method of claim 19, wherein a cloud-based cloud connect service aids the one or more custodians to proxy re-encrypt k from the first public key (PK_C1-C2) to the second public key (PK_C2) using the first proxy re-encryption key (RK_C1-C2), and to proxy re-encrypt k from the second public key (PK_C2) to a public key (PK_B) of the second party B using the second proxy re-encryption key (RK_C2-B).