[go: up one dir, main page]

GB2472491B - System and method for multilevel secure object management - Google Patents

System and method for multilevel secure object management

Info

Publication number
GB2472491B
GB2472491B GB1012190.3A GB201012190A GB2472491B GB 2472491 B GB2472491 B GB 2472491B GB 201012190 A GB201012190 A GB 201012190A GB 2472491 B GB2472491 B GB 2472491B
Authority
GB
United Kingdom
Prior art keywords
broker
consumer
producer
key generation
registers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1012190.3A
Other versions
GB201012190D0 (en
GB2472491A (en
Inventor
Adrian Waller
Glyn Jones
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales Holdings UK PLC
Original Assignee
Thales Holdings UK PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales Holdings UK PLC filed Critical Thales Holdings UK PLC
Priority to GB1012190.3A priority Critical patent/GB2472491B/en
Priority claimed from GB0902029.8A external-priority patent/GB2467580B/en
Publication of GB201012190D0 publication Critical patent/GB201012190D0/en
Publication of GB2472491A publication Critical patent/GB2472491A/en
Application granted granted Critical
Publication of GB2472491B publication Critical patent/GB2472491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • H04L63/064Hierarchical key distribution, e.g. by multi-tier trusted parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a system for the distribution of secure containers comprising multiple elements each encrypted with a key derived from the access policy for that element. A container producer 100 registers with a broker 101 and exchanges a key generation secret. The producer broker then handles the checking of access policies and issuing of decryption keys to consumers 102. The consumer 102 registers with a further broker 103. This consumer broker may act as a common authentication and access point for the consumer, avoiding the need to authenticate with multiple brokers and keeping sensitive information in one place. The producer broker may pass the key generation secret to the consumer broker and delegate key generation, subject to trust limitations. Brokers may handle payment and billing.
GB1012190.3A 2009-02-06 2009-02-06 System and method for multilevel secure object management Active GB2472491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1012190.3A GB2472491B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0902029.8A GB2467580B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management
GB1012190.3A GB2472491B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management

Publications (3)

Publication Number Publication Date
GB201012190D0 GB201012190D0 (en) 2010-09-08
GB2472491A GB2472491A (en) 2011-02-09
GB2472491B true GB2472491B (en) 2013-09-18

Family

ID=42752533

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1012190.3A Active GB2472491B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management

Country Status (1)

Country Link
GB (1) GB2472491B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10713077B2 (en) 2017-01-26 2020-07-14 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud
US10742689B2 (en) 2013-10-07 2020-08-11 Fornetix Llc System and method for encryption key management, federation and distribution
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3785409B1 (en) 2018-04-25 2023-08-02 British Telecommunications public limited company Data message sharing
WO2019223979A1 (en) 2018-05-24 2019-11-28 British Telecommunications Public Limited Company Cryptographic key generation and storage
WO2019223980A1 (en) 2018-05-24 2019-11-28 British Telecommunications Public Limited Company Cryptographic key generation using multiple random sources
BR112022009812A2 (en) * 2019-11-21 2022-08-09 Inventio Ag PROCESS FOR SECURE DATA COMMUNICATION ON A COMPUTER NETWORK
CN115017523A (en) * 2022-04-29 2022-09-06 国网新疆电力有限公司信息通信公司 Distributed data security encryption method, transmission method and related device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002001271A1 (en) * 2000-06-29 2002-01-03 Koninkl Philips Electronics Nv Multiple encryption of a single document providing multiple level access privileges
US6598161B1 (en) * 1999-08-09 2003-07-22 International Business Machines Corporation Methods, systems and computer program products for multi-level encryption
US20040133785A1 (en) * 2002-11-07 2004-07-08 Masami Kugai Content utilizing method
US20050039031A1 (en) * 2003-01-31 2005-02-17 Mont Marco Casassa Privacy management of personal data
EP2015214A2 (en) * 1995-02-13 2009-01-14 Intertrust Technologies Corp Systems and methods for secure transaction management and electronic rights protection

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2015214A2 (en) * 1995-02-13 2009-01-14 Intertrust Technologies Corp Systems and methods for secure transaction management and electronic rights protection
US6598161B1 (en) * 1999-08-09 2003-07-22 International Business Machines Corporation Methods, systems and computer program products for multi-level encryption
WO2002001271A1 (en) * 2000-06-29 2002-01-03 Koninkl Philips Electronics Nv Multiple encryption of a single document providing multiple level access privileges
US20040133785A1 (en) * 2002-11-07 2004-07-08 Masami Kugai Content utilizing method
US20050039031A1 (en) * 2003-01-31 2005-02-17 Mont Marco Casassa Privacy management of personal data

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10742689B2 (en) 2013-10-07 2020-08-11 Fornetix Llc System and method for encryption key management, federation and distribution
US11503076B2 (en) 2013-10-07 2022-11-15 Fornetix Llc System and method for encryption key management, federation and distribution
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US11470086B2 (en) 2015-03-12 2022-10-11 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US11924345B2 (en) 2015-03-13 2024-03-05 Fornetix Llc Server-client key escrow for applied key management system and process
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US11537195B2 (en) 2016-02-26 2022-12-27 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US11700244B2 (en) 2016-02-26 2023-07-11 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US11775327B2 (en) 2017-01-26 2023-10-03 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud
US10713077B2 (en) 2017-01-26 2020-07-14 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud

Also Published As

Publication number Publication date
GB201012190D0 (en) 2010-09-08
GB2472491A (en) 2011-02-09

Similar Documents

Publication Publication Date Title
GB2472491B (en) System and method for multilevel secure object management
Li et al. Multi-authority fine-grained access control with accountability and its application in cloud
US10523644B2 (en) System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key
Koops Crypto law survey
WO2007125486A3 (en) Improved access to authorized domains
Louk et al. Homomorphic encryption in mobile multi cloud computing
US20090315686A1 (en) Rfid tag using encrypted value
CN102594824A (en) Security electronic document distribution method based on multiple security protection mechanisms
WO2010141501A3 (en) Purchase transaction system with encrypted payment card data
CA2714196A1 (en) Information distribution system and program for the same
Kediya et al. Blockchain and Proxy ReEncryption Technology Based Financial Data Sharing Solution
Chinnaperumal et al. Decentralized energy optimization using blockchain with battery storage and electric vehicle networks
CN102542645B (en) A kind of entrance guard authentication method and Verification System
Shuijing Data security: the challenges of cloud computing
Sustek Hardware security module
Cleemput Secure and privacy-friendly smart electricity metering
Hardjono Future directions for regulated private wallets and VASP trust infrastructures
Kadam et al. Security issues in cloud computing
Upadhyaya et al. Deployment of secure sharing: Authenticity and authorization using cryptography in cloud environment
Dudykevych et al. Investigation of Payment Cards systems information security control
CN109961290A (en) A kind of user information safety management method based on block chain technology
N'Gumah Evaluating security in cryptocurrency wallets
US20150082023A1 (en) Aggregator Node, Method for Aggregating Data, and Computer Program Product
Ghiţă et al. A new DRM architecture based on mobilel code and white-box encryption
CN109558702A (en) A kind of digitized content guard method and device