GB2550557A - Data management system and method - Google Patents

Data management system and method Download PDF

Info

Publication number
GB2550557A
GB2550557A GB1608642.3A GB201608642A GB2550557A GB 2550557 A GB2550557 A GB 2550557A GB 201608642 A GB201608642 A GB 201608642A GB 2550557 A GB2550557 A GB 2550557A
Authority
GB
United Kingdom
Prior art keywords
data
document
management system
encrypted
data management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1608642.3A
Other versions
GB201608642D0 (en
Inventor
Aaltonen Janne
Majaniemi Jari
Norris Timothy
Bunke Christian
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Arctic Alliance Ltd
Original Assignee
Arctic Alliance Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Arctic Alliance Ltd filed Critical Arctic Alliance Ltd
Priority to GB1608642.3A priority Critical patent/GB2550557A/en
Publication of GB201608642D0 publication Critical patent/GB201608642D0/en
Priority to PCT/EP2017/025134 priority patent/WO2017198345A2/en
Priority to EP21194840.1A priority patent/EP3940612A1/en
Priority to EP17751612.7A priority patent/EP3459020A2/en
Priority to US16/302,408 priority patent/US20190199733A1/en
Publication of GB2550557A publication Critical patent/GB2550557A/en
Priority to US17/523,140 priority patent/US20220067621A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services; Handling legal documents
    • G06Q50/184Intellectual property management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

A data management system 10 and method for handling patent documents between a plurality of user devices 110, 112 and comprises three security levels, L1, L2 and L3, each offering a different degree of security. The system receives a first document containing patent information from an inventor, and sets a highest security level of encryption L3 to the first document to generate a first encrypted document. A patent attorney creates a second document using information derived from the first document and/or first encrypted document. The second document is sent to at least one patent office as a patent application, and applies a second security level of encryption L2 to the second document to generate a second encrypted document. The system is set to retrieve and analyse publication information about the patent application, and once the application is published, a lowest level of encryption L1 is applied to the second document to create a third encrypted document. The encryption method may comprise partitioning data file into a plurality of data blocks, encrypting the data blocks and obfuscating the data blocks by swapping data. A data map is also generated to aid decryption.

Description

DATA MANAGEMENT SYSTEM AND METHOD Technical Field
The present disclosure relates to data management systems, for example to data management systems that are operable to communicate various mutually different types of data and/or mutually different security classifications of data via a data communication network. Moreover, the present disclosure concerns methods of operating aforementioned data management systems, for example to methods of operating data management systems for communicating various mutually different types of data mutually different security classifications of data via a data communication network. Yet additionally, the present disclosure is concerned with computer program products comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute aforesaid methods.
Background
Conventionally, when designing and operating data distribution systems, there arises a need to manage rights associated with document, and also security levels associated with such documents. It is conventional practice to devise data management systems employing varying degrees of encryption, with appropriate related encryption keys selectively distributed within the data management systems; the encryption keys ensure security, and distribution of the encryption keys controls which users have access to encrypted documents. Such considerations pertain to any large organisation that is required to distribute commercially sensitive proprietary confidential information, as well as managing intellectual property documents, for example during a lifetime of a given patent application from generating an initial invention report, filing the given patent application , prosecuting the given patent application through substantive examination, and finally maintaining patent rights generated at conclusion of substantive examination of the given patent application.
One conventional way to secure documents is to use passwords in respect of the documents. Such an approach using passwords is problematic since there is need to distribute and manage the passwords. An alternative known way is to use encryption techniques in a server, as aforementioned, wherein the documents are stored in the server and access to the documents as encrypted data is provided via a secure connection layer of a data management system.
When creating confidential documents, there is need to protect the documents, so that unwanted novelty-prejudicial disclosures to third parties does not occur.
Encrypting and decrypting documents in a server system and/or in a target user device requires key management and also data processing capacity in computing hardware. Typically, encrypted documents require more data storage capacity in hard disc than required to store corresponding non-encrypted documents. Such data storage can potentially be considerable; for example, patent-related documents for a modest-sized intellectual property consultancy firm can approach 10 to 100 Terabytes (TB).
Summary
The present disclosure seeks to provide a data management system that allows for documents to be sent In a more secure manner to selected authorized users.
Moreover, the present disclosure seeks to provide a method of operating a data management system that allows for documents to be sent in a more secure manner to selected authorized users.
According to a first aspect, there is provided a data management system for handling one or more documents between a plurality of user devices, wherein the data management system is operable to manage security levels (LI, L2, L3) in respect of the one or more documents, characterized in that the data management system is operable: (i) to receive a first document; (ii) to set a first level of security (L3) for the first document to generate a corresponding first encrypted document; (iii) to create a second document using information derived from the first encrypted document and/or from the first document; (iv) to send the second document to at least one patent office; (v) to set a second level of security (L2) for the second document to create a corresponding second encrypted document; (vi) to retrieve publication information related to the second document from the at least one patent office; and (vii) to analyze the publication information and setting a third level (LI) of security to the second encrypted document in an event that the publication information indicates that the second document is public to create a third encrypted document.
The invention is of advantage in that it is capable of providing for more reliable security management of documents, and provides for more efficient generation, revision and filing of documents with document receiving authorities, for example one or more patent offices.
Optionally, the data management system includes a server arrangement for storing document and encrypted documents, wherein the server arrangement is coupled to the plurality of user devices via a data communication network arrangement.
Optionally, the data management system is operable to use one or more encryption keys that are communicated to or generated by the user devices for encrypting and/or decrypting documents.
Optionally, the data management system is operable to employ an encryption method including partitioning one or more data files Into a plurality of data blocks, to encrypt the data blocks to generate corresponding encrypted data blocks and to obfuscate the encrypted data blocks by mutually swapping data therebetween to generate corresponding encrypted data, wherein a data map is also generated to define partitioning, encryption and obfuscation employed to generate the corresponding encrypted data to enable the encrypted data to be subsequently de-obfuscated, decrypted and de-partitioned to regenerate corresponding decrypted data of the one or more data files.
More optionally, in the data management system, the data map is communicated in encrypted form within the data management system.
Optionally, in the data management system, the user devices are provided with detectors for detecting malware present in the users devices that is capable of circumventing encryption of data executed by the user devices.
Optionally, the data management system is configured for drafting revising and submitting patent application documents to one or more patent offices.
Optionally, the data management system is operable to employ one or more artificial intelligence algorithms to analyze the publication information and/or to control the levels of security of the data management system.
According to a second aspect, there is provided a method of operating a data management system for handling one or more documents between a plurality of user devices, wherein the data management system is operable to manage security levels (LI, L2, L3) in respect of the one or more documents, characterized in that the method includes: (i) receiving a first document; (ii) setting a first level of security (L3) for the first document to generate a corresponding first encrypted document; (iii) creating a second document using information derived from the first encrypted document and/or from the first document; (iv) sending the second document to at least one patent office; (v) setting a second level of security (L2) for the second document to create a corresponding second encrypted document; (vi) retrieving publication information related to the second document from the at least one patent office; and (vii) analyzing the publication information and setting a third level (LI) of security to the second encrypted document in an event that the publication information indicates that the second document is public to create a third encrypted document.
Optionally, the method includes arranging for the data management system to include a server arrangement for storing document and encrypted documents, wherein the server arrangement is coupied to the plurality of user devices via a data communication network arrangement.
Optionally, the method includes arranging for the data management system to use one or more encryption keys that are communicated to or generated by the user devices for encrypting and/or decrypting documents.
Optionally, the method includes arranging for the data management system to employ an encryption method including partitioning one or more data files into a plurality of data blocks, to encrypt the data blocks to generate corresponding encrypted data blocks and to obfuscate the encrypted data blocks by mutually swapping data therebetween to generate corresponding encrypted data, wherein a data map is also generated to define partitioning, encryption and obfuscation employed to generate the corresponding encrypted data to enable the encrypted data to be subsequently de-obfuscated, decrypted and de-partitloned to regenerate corresponding decrypted data of the one or more data files.
More optionally, the method includes communicating the data map in encrypted form within the data management system.
Optionally, the method Includes providing the user devices with detectors for detecting malware present In the users devices that Is capable of circumventing encryption of data executed by the user devices.
Optionally, the method Includes arranging for the data management system to be configured for drafting revising and submitting patent application documents to one or more patent offices.
Optionally, the method Includes arranging for the data management system (10) to employ one or more artificial intelligence algorithms to analyze the publication information and/or to control the levels of security of the data management system.
According to a third aspect, there is provided a computer program product comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute a method of the second aspect.
It will be appreciated that features of the invention are susceptible to being combined in various combinations without departing from the scope of the invention as defined by the appended claims.
Description of the diagrams
Embodiments of the present invention will now be described, by way of example only, with reference to the following diagrams wherein: FIG. 1 is a schematic illustration of a data management system pursuant to the present disclosure; and FIG. 2 is a flow chart depicted steps of a method of operating the data management system of FIG. 1.
In the accompanying diagrams, an underlined number is employed to represent an item over which the underlined number is positioned or an item to which the underlined number is adjacent. A non-underlined number relates to an item identified by a line linking the non-underlined number to the item. When a number is non-underlined and accompanied by an associated arrow, the non-underlined number is used to identify a general item at which the arrow is pointing.
Description of embodiments
According to a first aspect, there is provided a data management system for handling one or more documents between a plurality of user devices, wherein the data management system is operable to manage security levels (LI, L2, L3) in respect of the one or more documents, characterized in that the data management system is operable: (i) to receive a first document; (ii) to set a first level of security (L3) for the first document to generate a corresponding first encrypted document; (iii) to create a second document using information derived from the first encrypted document and/or from the first document; (iv) to send the second document to at least one patent office; (v) to set a second level of security (L2) for the second document to create a corresponding second encrypted document; (vi) to retrieve publication information related to the second document from the at least one patent office; and (vii) to analyze the publication information and setting a third level (LI) of security to the second encrypted document in an event that the publication information indicates that the second document is public to create a third encrypted document.
The invention is of advantage in that it is capable of providing for more reliable security management of documents, and provides for more efficient generation, revision and filing of documents with document receiving authorities, for example one or more patent offices.
Optionally, the data management system includes a server arrangement for storing document and encrypted documents, wherein the server arrangement is coupled to the plurality of user devices via a data communication network arrangement.
Optionally, the data management system is operable to use one or more encryption keys that are communicated to or generated by the user devices for encrypting and/or decrypting documents.
Optionally, the data management system is operable to employ an encryption method including partitioning one or more data files into a plurality of data blocks, to encrypt the data blocks to generate corresponding encrypted data blocks and to obfuscate the encrypted data blocks by mutually swapping data therebetween to generate corresponding encrypted data, wherein a data map is aiso generated to define partitioning, encryption and obfuscation employed to generate the corresponding encrypted data to enabie the encrypted data to be subsequentiy de-obfuscated, decrypted and de-partitioned to regenerate corresponding decrypted data of the one or more data fiies.
More optionaiiy, in the data management system, the data map is communicated in encrypted form within the data management system.
Optionaiiy, in the data management system, the user devices are provided with detectors for detecting maiware present in the users devices that is capable of circumventing encryption of data executed by the user devices.
Optionaiiy, the data management system is configured for drafting revising and submitting patent appiication documents to one or more patent offices.
Optionaiiy, the data management system is operable to employ one or more artificial intelligence algorithms to analyze the publication information and/or to controi the ievels of security of the data management system.
According to a second aspect, there is provided a method of operating a data management system for handling one or more documents between a plurality of user devices, wherein the data management system is operabie to manage security leveis (LI, L2, L3) in respect of the one or more documents, characterized in that the method includes: (i) receiving a first document; (ii) setting a first level of security (L3) for the first document to generate a corresponding first encrypted document; (iii) creating a second document using information derived from the first encrypted document and/or from the first document; (iv) sending the second document to at least one patent office; (v) setting a second level of security (L2) for the second document to create a corresponding second encrypted document; (vi) retrieving publication information related to the second document from the at least one patent office; and (vii) analyzing the publication information and setting a third level (LI) of security to the second encrypted document in an event that the publication information indicates that the second document is public to create a third encrypted document.
Optionally, the method includes arranging for the data management system to include a server arrangement for storing document and encrypted documents, wherein the server arrangement is coupled to the plurality of user devices via a data communication network arrangement.
Optionally, the method includes arranging for the data management system to use one or more encryption keys that are communicated to or generated by the user devices for encrypting and/or decrypting documents.
Optionally, the method includes arranging for the data management system to employ an encryption method including partitioning one or more data files into a plurality of data blocks, to encrypt the data blocks to generate corresponding encrypted data blocks and to obfuscate the encrypted data blocks by mutually swapping data therebetween to generate corresponding encrypted data, wherein a data map is also generated to define partitioning, encryption and obfuscation employed to generate the corresponding encrypted data to enable the encrypted data to be subsequently de-obfuscated, decrypted and de-partitioned to regenerate corresponding decrypted data of the one or more data files.
More optionally, the method includes communicating the data map in encrypted form within the data management system.
Optionally, the method includes providing the user devices with detectors for detecting malware present in the users devices that is capable of circumventing encryption of data executed by the user devices.
Optionally, the method includes arranging for the data management system to be configured for drafting revising and submitting patent application documents to one or more patent offices.
Optionally, the method Includes arranging for the data management system (10) to employ one or more artificial Intelligence algorithms to analyze the publication information and/or to control the levels of security of the data management system.
According to a third aspect, there is provided a computer program product comprising a non-transitory computer-readable storage medium having computer-readable Instructions stored thereon, the computer-readable Instructions being executable by a computerized device comprising processing hardware to execute a method of the second aspect.
In overview, the present disclosure Is concerned with data management systems, more particularly to data management systems that are operable to manage communication of Intellectual property documents from and to one or more users of the data management system. The data management system is conveniently, for example, hosted via the Internet operating pursuant to TCP/IP, although not limited thereto; for example, embodiments of the present disclosure can be Implemented on custom data communication networks, for example secure data communication network supported via the Internet, for example data communication networks to a security standard approaching a one-time pad or quantum computing level security. For example, embodiments of the present disclosure are capable of preventing eavesdropping by rogue and corrupt governmental organisations, as well as spying by rogue and corrupt corporate organisations.
Thus, the present disclosure Is concerned with data management systems for managing document rights and security levels. Moreover, embodiments of the present disclosure are concerned with methods of managing patent and other intellectual property documents during a lifetime of one or more patent applications from generating one or more initial invention reporting progression of the one or more patent applications, filing the one or more patent applications, prosecution the one or more patent applications and maintaining patent rights granted in respect of the one or more patent applications. In such a scenario, it will be appreciated that the data management system Is a hierarchical/layered security system, wherein one or more security levels change depending on a stage of a given patent appiication in its substantive examination and granting process; such change arises, for exampie, on account of patent applications being published circa 18 months after their earliest priority date (Art 4A/C Paris Convention) and thereby becoming publicly-accessible documents.
Fig. 1 is an illustration of a data management system of the present disclosure, indicated generally by 10; the illustration corresponds to a high level system. A first user terminal 110 of the data management system 10 is used by an inventor. A second user terminal 122 of the data management system 10 is used by a patent attorney. The user terminals 1001 122 can be laptop, smart phone, web pad, phablets or similar computing device having a graphical user interface (GUI). An intellectual property management system (IPMS) 120 is implemented as a server arrangement, for example including one or more servers, a cioud computing service, and similar. A patent office database system (IPODB) 120 is impiemented as one or more servers operated by a patent office; optionaiiy, the patent office database system (IPODB) 120 corresponds to a piurality of patent offices. The user terminais 110, 112 can connect to the IMPS 120 and IPODB 122 via a data communication network 130, for example via the Internet operating pursuant to TCP/IP or via a wireiess teiephone network.
The data management system 10 empioys a method of operation that enables documents to be amended, communicated secureiy and seiectiveiy exchanged between user terminais of the data management system 10. The method inciudes steps as depicted in FIG. 2, and is indicated generaiiy by 200.
In a step SI.2 of the method 200, the inventor writes an invention disclosure and uploads it via the data communication network 130 to the intellectual property management system (IPMS) 122 over a secured communication channei such as HTTPS (hyper text transfer protocoi secure).
Aiternativeiy, other types of secure channels can be employed, for example a communication channel arrangement that achieves a high degree of data security by employing partitioning of data files into corresponding data blocks, encrypting the data blocks to provide corresponding encrypted data blocks, and then obfuscating the encrypted data blocks by mutually swapping data therebetween; data block partitioning employed, encryption methods employed and obfuscation methods employed are recorded in a data map that is heavily encrypted within the data management system 10, wherein the data map enables the data files to be regenerated when the encrypted data map, and the obfuscated encrypted data blocks are received. Moreover, the user terminals 110, 112 are provided with malware protection monitoring devices that prevents malware from being active in the user terminals 110, 112 from monitoring such data processing involved with partitioning data files into data blocks, encrypting and data blocks and obfuscating the encrypted data blocks, mutatis mutandis when the data map is decrypted and then used to de-obfuscate obfuscated encrypted data blocks, to decrypt the encrypted data blocks and to recombine the data blocks to regenerate the data files. Yet alternatively, the users terminals 110, 112 are operable to perform such data partitioning, encryption and obfuscation when off-line (for example in "flight mode") to prevent third part monitoring via malware. Optionally, the user terminals 110, 120 are operable to employ a Harvard-type processing architecture that is robust against virus and malware attack. Harvard-type architecture concerns partitioning of data and address working spaces into separate regions in computer memory. By employing such an approach, a security level approaching a one-time pad or quantum computing is capable of being achieved and substantially impossible for any eavesdropping organisation to break, even using the World's most powerful computing tools.
In a step S2.2 of the method 200, the data files corresponding to the invention disclosure are further encrypted either before uploading those or at the IPMS 122. For example, for the encrypting the data files corresponding to the invention disclosure, various encryption algorithms can be used. In embodiments of the present disclosure, the encryption algorithms are grouped based upon their security level of level LO = no security, LI = low level security, L2 = medium level security, and L3 = high level security; the example the aforementioned data partitioning, encryption and obfuscation, in combination with use of an encrypted data map, is beneficially employed to provide the L3 level security. The security levels can for example correspond to number of bits used on encrypting or complexity of the encryption method, for example as aforementioned. The levels can also correspond to one or two step verifications where one step is considered a lower level than a two step verification. A two step verification can refer on asking for a password, and sending over via a short message service (SMS) an additional security code for opening a given patent document.
In a Step S3.2 of the method 200, the patent attorney downloads the invention disclosure from the IPMS 122 to the user terminal 112, wherein the patent attorney has been given access to the invention disclosure stored in the IPMS 122.
In a Step S4.2 of the method 200, the invention disclosure is decrypted in the user terminal 112 after downloading or in the IPMS 122 before downloading, depending on the security level and settings. Preferably, in such a phase, namely distributing and working with the invention disclosure, the highest security level is used in information exchange, namely sending back and forth invention report and draft versions of a patent application draft. It will be appreciated that communication using standard e-mail using unencrypted attachments via the Internet is far from secure in view of various data mining, cookies and other types of software active on the Internet.
In a Step S5.2 of the method 200, the patent attorney uploads the patent draft to the IPMS 122 using a high security level setting for the inventor to review. In a Step S6.2 of the method 200, the inventor downloads the draft version of a patent application draft from the IMPS 112 for review and comments. The draft version of a patent draft is iterated between the inventor and the patent attorney until a patent application draft for filing is ready.
In a Step S7.2 of the method 200, the patent application for filing is filed to the patent office database (IPODB) 120 via the communication network 130. The patent application is allocated a patent application number. The text and figures of the patent application, at this stage, have security level LO since the patent office needs to have access to the files and has to be able to read those text and figures.
In a Step S8.2 of the method 200, since the text and the figures are now in addition to the IMPS 122 in the IPODB 120, a security level of the text and the figured of the patent application draft can be changed to a security level lower than used previously for example to layer L2. This is advantageous because a lower level of encryption of the documents in the IMPS 122 requires less memory in the database system and also reduces communication resources needed to decrypt the document should decryption be needed.
In the aforementioned embodiments of the present disclosure, the prosecution process is split to two different phases: (i) Phase 1 = a non-public phase; and (ii) Phase 2 = a public phase.
Typically, the non-public phase 1 is 18 months from the date of filing the patent application, or a first in a series of related patent applications that are mutually related. In the embodiments of the present disclosure, the security level L2 is maintained in the IMPS 122 during this the Phase 1.
In a Step S9.2 of the method 200, the IMPS 122 checks the IPODB 120 at preset times or regularly or randomly, in order to determine whether or not the patent application has been published.
In a Step SIO.2 of the method 200, if it is clear from data from the IPODB 120 that the patent application has been published, then there is not a need to maintain L2 level security in the documents as filed. The security level in the IPMS 122 can be changed for the respective documents to LI or LO. This will further reduce communication resource need in the IMPS 122, an amount of storage based needed and also reduces need to manage encryption keys for the files related to the published patent application.
This way, for example if the patent attorney changes or the inventor changes company, the files can be opened by anyone who has credentials to the IMPS 122.
It will be appreciated from the foregoing that execution of the method 200 in the data management system 10 with document storage capabilities provides for more efficient and secure procedure, thereby saving resources, reducing cost and potentially reducing a potential risk of any errors being made (for example inadvertent unintended public disclosure).
Modifications to embodiments of the invention described in the foregoing are possible without departing from the scope of the invention as defined by the accompanying claims. Expressions such as "including", "comprising", "incorporating", "consisting of", "have", "is" used to describe and claim the present invention are intended to be construed in a non-exclusive manner, namely allowing for items, components or elements not explicitly described also to be present. Reference to the singular is also to be construed to relate to the plural. Numerals included within parentheses in the accompanying claims are intended to assist understanding of the claims and should not be construed in any way to limit subject matter claimed by these claims.

Claims (17)

CLAIMS We claim:
1. A data management system (10) for handling one or more documents between a plurality of user devices (110, 122), wherein the data management system (10) is operable to manage security levels (LI, L2, L3) in respect of the one or more documents, characterized in that the data management system (10) is operable: (i) to receive a first document; (ii) to set a first level of security (L3) for the first document to generate a corresponding first encrypted document; (iii) to create a second document using information derived from the first encrypted document and/or from the first document; (iv) to send the second document to at least one patent office; (v) to set a second level of security (L2) for the second document to create a corresponding second encrypted document; (vi) to retrieve publication information related to the second document from the at least one patent office; and (vii) to analyze the publication information and setting a third level (LI) of security to the second encrypted document in an event that the publication information indicates that the second document is public to create a third encrypted document.
2. A data management system (10) of claim 1, characterized in that the data management system (10) includes a server arrangement for storing document and encrypted documents, wherein the server arrangement is coupled to the plurality of user devices (110, 122) via a data communication network arrangement.
3. A data management system (10) of claim 1 or 2, characterized in that the data management system (10) is operable to use one or more encryption keys that are communicated to or generated by the user devices (110, 122) for encrypting and/or decrypting documents.
4. A data management system (10) of claim 1, 2 or 3, characterized in that the data management system (10) is operable to employ an encryption method including partitioning one or more data files into a plurality of data blocks, to encrypt the data blocks to generate corresponding encrypted data blocks and to obfuscate the encrypted data blocks by mutually swapping data therebetween to generate corresponding encrypted data, wherein a data map is also generated to define partitioning, encryption and obfuscation employed to generate the corresponding encrypted data to enable the encrypted data to be subsequently de-obfuscated, decrypted and de-partitioned to regenerate corresponding decrypted data of the one or more data files.
5. A data management system (10) of claim 4, characterized in that the data map is communicated in encrypted form within the data management system (10).
6. A data management system (10) of any one of the preceding claims, characterized in that the user devices (110, 122) are provided with detectors for detecting malware present in the users devices (110, 122) that is capable of circumventing encryption of data executed by the user devices (110, 122).
7. A data management system (10) of any one of the preceding claims, characterized in that the data management system (10) is configured for drafting revising and submitting patent application documents to one or more patent offices.
8. A data management system (10) of any one of the preceding claims, characterized in that the data management system (10) is operable to employ one or more artificial intelligence algorithms to analyze the publication information and/or to control the levels of security of the data management system (10).
9. A method of operating a data management system (10) for handling one or more documents between a plurality of user devices (110, 122), wherein the data management system (10) is operable to manage security levels (LI, L2, L3) in respect of the one or more documents, characterized in that the method inciudes: (i) receiving a first document; (ii) setting a first ievei of security (L3) for the first document to generate a corresponding first encrypted document; (iii) creating a second document using information derived from the first encrypted document and/or from the first document; (iv) sending the second document to at ieast one patent office; (v) setting a second ievei of security (L2) for the second document to create a corresponding second encrypted document; (vi) retrieving pubiication information reiated to the second document from the at ieast one patent office; and (vii) anaiyzing the pubiication information and setting a third level (LI) of security to the second encrypted document in an event that the pubiication information indicates that the second document is public to create a third encrypted document.
10. A method of ciaim 9, characterized in that the method includes arranging for the data management system (10) to include a server arrangement for storing document and encrypted documents, wherein the server arrangement is coupled to the plurality of user devices (110, 122) via a data communication network arrangement.
11. A method of claim 9 or 10, characterized in that the method includes arranging for the data management system (10) to use one or more encryption keys that are communicated to or generated by the user devices (110, 122) for encrypting and/or decrypting documents.
12. A method of claim 9, 10 or 11, characterized in that the method includes arranging for the data management system (10) to employ an encryption method including partitioning one or more data files into a plurality of data blocks, to encrypt the data blocks to generate corresponding encrypted data blocks and to obfuscate the encrypted data blocks by mutually swapping data therebetween to generate corresponding encrypted data, wherein a data map is also generated to define partitioning, encryption and obfuscation employed to generate the corresponding encrypted data to enable the encrypted data to be subsequently de-obfuscated, decrypted and de-partitioned to regenerate corresponding decrypted data of the one or more data files.
13. A method of claim 12, characterized in that the method includes communicating the data map in encrypted form within the data management system (10).
14. A method of any one of claims 9 to 13, characterized in that the method includes providing the user devices (110, 122) with detectors for detecting malware present in the users devices (110, 122) that is capable of circumventing encryption of data executed by the user devices (110, 122).
15. A method of any one of claims 9 to 14, characterized in that the method includes arranging for the data management system (10) to be configured for drafting revising and submitting patent application documents to one or more patent offices.
16. A method of any one of claims 9 to 15, characterized in that the method includes arranging for the data management system (10) to employ one or more artificial intelligence algorithms to analyze the publication information and/or to control the levels of security of the data management system (10).
17. A computer program product comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute a method as claimed in any one of claims 9 to 16.
GB1608642.3A 2016-05-17 2016-05-17 Data management system and method Withdrawn GB2550557A (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
GB1608642.3A GB2550557A (en) 2016-05-17 2016-05-17 Data management system and method
PCT/EP2017/025134 WO2017198345A2 (en) 2016-05-17 2017-05-17 Artificial intelligence data processing system and method
EP21194840.1A EP3940612A1 (en) 2016-05-17 2017-05-17 Artificial intelligence data processing system and method
EP17751612.7A EP3459020A2 (en) 2016-05-17 2017-05-17 Artificial intelligence data processing system and method
US16/302,408 US20190199733A1 (en) 2016-05-17 2017-05-17 Artificial intelligence data processing system and method
US17/523,140 US20220067621A1 (en) 2016-05-17 2021-11-10 Artificial intelligence data processing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1608642.3A GB2550557A (en) 2016-05-17 2016-05-17 Data management system and method

Publications (2)

Publication Number Publication Date
GB201608642D0 GB201608642D0 (en) 2016-06-29
GB2550557A true GB2550557A (en) 2017-11-29

Family

ID=56320523

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1608642.3A Withdrawn GB2550557A (en) 2016-05-17 2016-05-17 Data management system and method

Country Status (1)

Country Link
GB (1) GB2550557A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2589569B (en) * 2019-11-28 2022-04-13 Augnet Ltd Data communication system and method for providing end-to-end ciphering

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2589569B (en) * 2019-11-28 2022-04-13 Augnet Ltd Data communication system and method for providing end-to-end ciphering

Also Published As

Publication number Publication date
GB201608642D0 (en) 2016-06-29

Similar Documents

Publication Publication Date Title
US11431494B2 (en) Passwordless security system for data-at-rest
US9602549B2 (en) Establishing trust between applications on a computer
EP2973183B1 (en) Intra-computer protected communications between applications
CN104618096A (en) Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center
US20220200791A1 (en) Method for encrypting and storing computer files and associated encryption and storage device
US10623400B2 (en) Method and device for credential and data protection
Junghanns et al. Engineering of secure multi-cloud storage
EP3794482B1 (en) Method for securing an automated system
US8738531B1 (en) Cryptographic distributed storage system and method
GB2550557A (en) Data management system and method
US20220086000A1 (en) Cryptographic systems
Senthilkumar et al. HB-PPAC: hierarchy-based privacy preserving access control technique in public cloud
JP2020155801A (en) Information management system and method therefor
US11683159B2 (en) Hybrid content protection architecture
Aissaoui et al. Data Security and Access Management in Cloud Computing: Capability list-based Cyrptography
Khandagale et al. SECURELY-A Golang CLI Tool for Secure File Sharing with Shamir's Secret Sharing Scheme
Han Confidential Documents Sharing Model Based on Blockchain Environment
Ashok Reddy et al. Identity-Based Remote Data Integrity Checking Using Lattice Approach by Third-Party Auditor
CN117313144A (en) Sensitive data management method and device, storage medium and electronic equipment
Kowalski CRYPTOBOX V2.
Beley et al. A Management of Keys of Data Sheet in Data Warehouse
CN116962022A (en) Outgoing file encryption and decryption method and device, computer equipment and medium
Eichman et al. Secure Information Sharing and Processing (SISAP) Technology
KR20040008550A (en) classified document sharing method with secret sharing system
Singsit et al. Ensuring Data Privacy and Access Anonymity using Cryptographic Techniques in Cloud Computing

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)