Showing papers by "Diana K. Smetters published in 2006"
21 Apr 2006
TL;DR: The usability of access control is focused on: how people manage file sharing among various groups, organizations, and tasks and the implications for the design of networked collaboration tools.
Abstract: The sharing of network-based information is a key component of recreational and professional interaction, from email attachments to P2P networks. However, people need to accommodate technical challenges in successful and secure content sharing. In particular, people have to manage access control policies that are both social and technical: deciding what to share and who to share it with, and how to technically effect their decisions. In this paper, we focus on the usability of access control: how people manage file sharing among various groups, organizations, and tasks. We present survey and interview data regarding content sharing and content protection, and discuss the implications for the design of networked collaboration tools.
64 citations
Patent•
PARC1
TL;DR: In this article, the authors present a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device during operation, the system assesses the security posture of the device upon which the encrypted data is stored If the assessed security posture meets specified criteria, then the system provides the device with a key which enables the device to access encrypted data.
Abstract: One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data
53 citations
Patent•
PARC1
TL;DR: In this article, a method of accessing a data resource identifies the data resource, the data resources accessible through a first device and associated with a resource locator, the first device configured to provide access to the data Resource responsive to possession of a whitelisted credential.
Abstract: A method of accessing a data resource identifies the data resource, the data resource accessible through a first device and associated with a resource locator, the first device configured to provide access to the data resource responsive to possession of a whitelisted credential. The method includes receiving a second-device credential from a second device by a personal domain controller, the personal domain controller and the first device within a first trusted relationship and provides, by the personal domain controller, the second-device credential to the first device for whitelisting subject to the first trusted relationship. The method uses, by the second device, the second-device credential to access the data resource responsive to the resource locator.
17 citations
Patent•
PARC1
TL;DR: In this paper, a method of accessing a data resource identifies, by a personal domain controller, the data resource accessible by a first device and determines if there is a pause point for the data resources stored in the Personal Domain Controller.
Abstract: A method of accessing a data resource identifies, by a personal domain controller, the data resource accessible by a first device and determines if there is a pause point for the data resource stored in the personal domain controller.
16 citations
Patent•
18 Dec 2006TL;DR: In this article, a method for securing human-to-human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticateded data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming data stream.
Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticateed data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.
6 citations
Patent•
04 Dec 2006
TL;DR: In this article, the authors propose a system that includes a temporary smart card 106 configured to provide a temporary credential for a first device, and consequently when the temporary credential is used with the first device a temporary safe access to a remote data source is provided to the first user.
Abstract: PROBLEM TO BE SOLVED: To set a temporary and permanent credential for safe, online commercial transaction. SOLUTION: This system includes a temporary smart card 106 configured to provide a temporary credential for a first device, and consequently when the temporary smart card 106 is used with the first device a temporary safe access to a remote data source is provided to the first device. In addition, the system includes a registration smart card 108, configured to provide a permanent credential for a second device, and accordingly, the permanent safe access to the remote data source is provided to the second device, without the existence of the registration smart card 106 or the temporary smart card 108. COPYRIGHT: (C)2007,JPO&INPIT
2 citations
Patent•
12 Jan 2006
TL;DR: In this paper, a portable security token is located in close physical proximity to a target device and can communicate with the target device through a location-limited communication channel, and forms a ticket by digitally signing the authenticator with a key previously agreed upon by the portable token and a certification authority.
Abstract: PROBLEM TO BE SOLVED: To provide a system for using a portable security token to facilitate public key certification for a target device in a network. SOLUTION: A portable security token 102 is located in close physical proximity to a target device 104 to allow the portable security token 102 to communicate with the target device 104 through a location-limited communication channel. The portable security token 102 receives an authenticator for the target device 104 through the location-limited communication channel, and forms a ticket by digitally signing the authenticator with a key previously agreed upon by the portable security token 102 and a certification authority (CA) 106. Next, the portable security token sends the ticket to the target device 104, whereby the target device 104 can subsequently present the ticket to the CA 106 to prove that the target device 104 is authorized to receive credential information from the CA 106. COPYRIGHT: (C)2006,JPO&NCIPI
2 citations
Patent•
27 Apr 2006
TL;DR: In this paper, the authors proposed a cross-domain PKI cross-certification protocol that uses a PST (portable security token) 130 to perform crosscertification between CAs (certification bodies) 102 and 112.
Abstract: PROBLEM TO BE SOLVED: To facilitate inter-domain PKI (public-key infrastructure) cross-certifications. SOLUTION: A PST (portable security token) 130 is used to perform cross-certification between CAs (certification bodies) 102 and 112. The CA 102 forms a PKI domain 110, together with subscriber devices 104-107 and the CA 112, forms a PKI domain 120, together with subscriber devices 114-117. During operation, the PST 130 that communicates with the CA 102 and the CA 112 via a location-limited communication channel is used to transfer certification information between the CA 102 and the CA 112, the certification information is used to issue a cross-certificate signed by the CA 112 and destined to the CA 102, and the certificate of cross-certification is propagated from the CA 102 to the subscriber devices 104-107 within the PKI domain 110, thereby allowing the subscriber devices in the PKI domain 110 to authenticate themselves with respect to the devices within the PKI domain 120. COPYRIGHT: (C)2006,JPO&NCIPI
1 citations