AU2007200817A1 - A method of enabling secure transfer of a package of information - Google Patents

A method of enabling secure transfer of a package of information Download PDF

Info

Publication number
AU2007200817A1
AU2007200817A1 AU2007200817A AU2007200817A AU2007200817A1 AU 2007200817 A1 AU2007200817 A1 AU 2007200817A1 AU 2007200817 A AU2007200817 A AU 2007200817A AU 2007200817 A AU2007200817 A AU 2007200817A AU 2007200817 A1 AU2007200817 A1 AU 2007200817A1
Authority
AU
Australia
Prior art keywords
encryption key
information
package
receiver
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2007200817A
Inventor
Goran Ekstrom
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IES INTERNET EXPRESS SCANDINAVIA AB
Original Assignee
IES INTERNET EXPRESS SCANDINAVIA AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IES INTERNET EXPRESS SCANDINAVIA AB filed Critical IES INTERNET EXPRESS SCANDINAVIA AB
Priority to AU2007200817A priority Critical patent/AU2007200817A1/en
Publication of AU2007200817A1 publication Critical patent/AU2007200817A1/en
Abandoned legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Description

S&F Ref: 666056D1 00
Q,)
0
(N
OL
fc
AUSTRALIA
PATENTS ACT 1990 COMPLETE SPECIFICATION FOR A STANDARD PATENT Name and Address of Applicant Actual Inventor(s): Address for Service: Invention Title: IES Internet Express Scandinavia AB, of P.O. Box 30, SE- 164 93, Kista, Sweden Goran Ekstrom Spruson Ferguson St Martins Tower Level 31 Market Street Sydney NSW 2000 (CCN 3710000177) A method of enabling secure transfer of a package of information The following statement is a full description of this invention, including the best method of performing it known to me/us:- 5845c(691314_1) S-_METHOD OF ENABLINQ SECURE TRANSFER OF A PACKAGE OF
IFOEMION
00 Technical field of the invention The present invention relates to a method and a system for enabling secure transfer of a- package of information in a digital communications network from a CIq sender to a receiver.
Background of the invention The Internet has revolutionized the way business is done and has changed consumer behaviour in a very short space of time. However, the e-Economy will only be able to realise its full potential if a number of important conditions are met. One of these conditions will be the underlying security of the data transported over the Internet, intranets and extranets.
Thus, there is an increasing demand for creating secure transfer of packages of information between senders and receivers in digital communications networks.
In areas such as digital business communication, digital money transactions, digital product delivery, etc., it is of great importance that the package of information doea not fall into the wrong hands or is tampered with.
It has previously been proposed to use an intermediate storage, of the exchanged information, on a so called secure or trusted server, having controlled access. Even though there is controlled access to the server, in order to make sure that the package of information is provided to the correct receiver, the security is not satisfactory enough. For instance, an operator of the so called secure server may maliciously access secret information that is stored on the server.
Thus, this solution can not guarantee satisfactory security and can therefore not be considered a trusted server. Some other drawbacks of the above solution is that large volumes of information Must be stored on the ci server and that the server must provide extreme commuunication bandwidth.
An alternative is to send a package of information directly to the receiver, the package of information being encrypted with the receiver's public key by means of P1(1 (Public Key Infraotructure). However, this method greatly limits the information exchange to e-mail and gives the sender little control over the sent information, which e.g. cannot be revoked by the sender.
An embodiment of the present invention achieves a method, a system and a computer readable medium that alleviate the drawbacks of the prior art.
Another embodiment of the invention achieves a method, a system and a computer readable medium that allow a sender to control a consignment.
Another embodiment of the invention achieves a simple and effective, yet secure method, system and computer readable medium for informxation handling.
These and other features, which will become apparent in the following, are provided by a method, a system and a computer readable medium as claimed in the appended claims.
The invention is based on the insight that secure and controlled transfer of a package of information is achieved by encrypting said package of information and depositing to a third party only a part of the data necessary for decrypting the package of information. The security level is hereby increased, since an operator with malice aforethought does not have access to all necessary data for decryption and will therefore not be able to e.g. read or alter the information, Basically, this is accomplished by transferring an encryption key to a third party, while the receiver will have or be provided with supplementary encryption key, ci both keys being necessary for decrypting the package of information.
This means that the third party cannot decrypt the 00 package of information without the receiver. Thus, the third party is indeed a trusted third party. Conversely, CI this also means that the receiver cannot. reveal the contents of the encrypted package of information without the involvement of the trusted third party, thus, giving the sender possibility to control or monitor the activities of the receiver, e.g. by instructing the third party under what conditions the receiver may be given the deposited encryption key.
There are two similar alternative embodiments of the invention, which both come from the same inventive concept of ensuring that an encrypted package of information is decryptable only when the supplementary encryption key of the receiver is combined with the encryption key deposited at the trudted third -party. The term 'combined" or "in combination" should be interpreted as "involving" both encryption keys. As will be apparent from the following, the encryption keys may be "combinedo in different ways.
One of the alternatives is to encrypt the package of information and provide at least one encryption key, i. e.
a first encryption key, to the receiver and at leaet one encryption key, i.e. a second encryption key, to the third party, the package of information having been encrypted with e.g. a newly generated encryption key by combining all said keys. All keys are necessary for decrypting the package of information. Thus, the receiver and the trusted third party cannot do it independently of each other.
Another alternative is to encrypt the package of information with an encryption key and encrypt the encryption key so that only the receiver may be able to decrypt it, e.g. encryption by mneans of a public key of the receiver. Thereafter, the encrypted encryption key is transferred to the third party. only the receiver is in possession of the key, e.g. his o wn private key, for decrypting the encryption key and thereafter being able 00 to decrypt the actual package of information.
When a package of information is being transferred in accordance with the present invention, three participants or parties are involved, namely the sender, the receiver and the trusted third party.
Thus, from the sender's point of view, according to one aspect of the invention a method ot enabling secure transfer of a package of information in a digital commvunications network from a sender to a receiver is provided. In this method the package of information is encrypted and the encrypted package of information is provided to the receiver. Then an encryption key is provided to the third party, the encryption key having such a format that it is unable to decrypt said package of information. Thus, this may be one of two encryption keys used to encrypt the package of information (a first key being provided to the receive r and a second key to the third party) or an encrypted encryption key (e.g.
encrypted with a public key of the receivep). In either came, the third party has one encryption key and the receiver has a supplementary encryption key. The encryption key now held by the third party is providable from the third party to the receiver, upon positive identification of the receiver. This encryption key enables, with the involvement of the supplementary encryption key of the receiver, decryption of the package of information.
From the receiver's point of view, according to a second aspect of the invention a method of enabling secure transfer of a package of information in a digital communications network from a sender to a receiver is provided. In this method a package of information, which is encrypted, is obtained from a sender. After having M been positively identified by the third party, an, encryption key is obtained from the third party. The encrypted package of information is decrypted by means of that obtained encryption key with the involvement of a 00 supplementary encryption key of the receiver. This may be realised in different ways. For example, a first encryption key is obtained from the sender. After having been positively identified by the third party, a second encryption key is obtained from said third party. The third party has previously received the second encryption key from the sender. The first and the second encryption keys combined enables decryption of the package of information. Another example is instead of obtaining a first encryption key from the sender, the receiver may already have an encryption key, such as a private encryption key, and obtain an encrypted -second" encryption key from the third party, said "second" encryption key e.g. being encrypted with the receiver's public key. The result is the same in both cases and they relate to the same inventive concept. Thus, the receiver and the third party cannot separately decrypt the encrypted package of information.
From the third party's point of view, paccording to a third aspect of the invention a method of enabling secure transfer of a package of information in a digital communications network from a sender to a receiver is provided. In this method an encryption key is received from a sender of an encrypted package of information, the encryption key, with the involvement of a supplementary encryption key, enabling decryption of said package of information. The received encryption key may be one of two encryption keys, the other one being the supplementary key provided to the receiver.
Alternatively, the received encryption key may be encrypted, such as with the receiver's public key, wherein the supplementary encryption key would e.g. be the receiver's private key. The receiver of the package of information is identified and the third party's encryption key, having such a format that it is -unable to decrypt said package of information, is provided to the receiver upon positive identification of the same.
00 The invention thus provid .es a secure transfer of an encrypted package of informnation, in that it can only be decrypted by combining the keys of two different parties, namely the receiver and the third party. An operator of the third party cannot eavesdrop on a consignment, as possession of both keys is required. A consignment is metaphorically speaking a safe container that can be used for exchanging packages of information over insecure communication channels. Thus, another important advantage of the present invention is that information may be securely transferred on an otherwise insecure channel and the invention is virtually independent of the communication method.
Furthermore, since the receiver must acquire an encryption key from the trusted third party to recover the exchanged information, this gives the sender control and supervision possibilities. The sender may give instructions to the third party under what conditions the receiver may be provided with the encryption key that has been provided to the third party. These conditions or control attributes may be time related. For instance, the receiver must identify himself to the third party no later than one hour after being notified of the package of information. Another control attribute may be that the receiver must digitally sign a receipt providing proof of the delivery to the sender. When it comes to important contracts or agreements, there may be a control attribute with a co-signing function that requires mutual signing of the agreements. Other control attributes are also conceivable. Furthermore, if the receiver has not yet obtained the encryption key frtom the third party, the sender may, by giving specific instructions to the third party, prevent the receiver from obtaining that encryption key. Thus, the sender has revoked the receiver's rights to that encryption key.
Furthermore, there is a possibility to use a control attribute which facilitates notification. For instance, 00 an e-mail or SMS may be provided to the sender of a consignment in order to make the sender immediately aware of recipient activities.
According to one embodiment of the invention P1(1 (Public Key Infrastructure) is used, wherein the package of information is encrypted with an encryption key, and before being provided to the third party, that encryption key is encrypted with a public key of the receiver. Thus, the third party will have an encrypted encryption key which cannot be decrypted without a private key of the receiver, said private key only being known to the receiver.
However, P1(1 may also be used in the case when the sender provides the receiver with a first encryption key and the third party with a second encryption key, both keys being needed to decrypt an encrypted package of information. So in order to further enhance the security, the first encryption key is masked by encrypting it with a public key of the receiver. The receiver-.will thus obtain two objects, namely an encrypted package of information and the encrypted first encryption key. The.
receiver will easily decrypt the encrypted encryption key by means of his own private key. However, having now 130 obtained the first encryption key in readable form, is not enough for decrypting the encrypted package of information. He still needs the second encryption key, which has been provided to the third party. As been described previously, the receiver musit be identified before he may obtain the second encryption key.
Purthermore, in this manner, even in the unlikely case of a dishonest operator of the third party somehow getting hold of the first encryption key, it will be in an encrypted form, which can only be decrypted with the receiver's private key. Naturally, also the second encryption key may be encrypted with the receivers public key, without changing the requireme nts of the necessity of a positive identification of the receiver for 00 obtaining the second encryption key from the third p arty.
The package of information to be transferred from a nender to a receiver may be encrypted in. different C ~10 manners. For instance, a first encryption key and a second encryption key may be combined so as to generate a new combined encryption key, with which the package of information is encrypted. Then, as previously described the first and second encryption keys, being independent, are provided to the receiver and the third party, respectively. Both keys are required to recover-the information.
An alternative way to encrypt said package of information is to first encrypt the package of information with a first encryption key, and then further encrypt the encrypted package of information with the se cond encryption key. The first and second encryption keys are then, just like above, provided to the receiver and the third party, respectively.
Yet another alternative is to use a main encryption key for encrypting the package of information, and then divide that encryption keys into first and second encryption keys containing SO 4 each of the total number of bits), which are provided to the receiver and the third party, respectively. Inntead of dividing the main encryption key, it may be encrypted with a public key of the receiver and the provided in encrypted form to the third party, as has been previously discussed.
The receiver may be identified in any suitable manner, egg. by means of a user name and a corresponding password, or by POP, etc. in one embodiment. of'the invention the receiver is identified by means of a registered certificate. The third party keeps up with the certificate of the receiver, while the sender may be completely ignorant thereof. The receiver will, thus, identify himself by means of the certificate. and specify a aerial number that corresponds to the actual consignment that contains the package of information. The 00 third party will check if the receiver is allowed to open the consignment and, if so, provide him with the deposited encryption key.
According to another embodiment of the invention-the secure transfer of said package of information is only completely performed if the sender has been identified by the third party. Also this identif ication is preferably performed by means of a registered certificate.
The use of certificatea strengthens-identification of the communicating parties, which in turn increases trust and legal strength. The trusted third party is able to store different types of already existing, registered certificates and will be updated on their validity. The use of verification of user certificates against revocation lists gives real-time validation that secures that the involved certificates have not been compromised.
The third party also has the option of accepting which certificates may be used for communication with each other. Registering all users' preferred certificates with the trusted third party simplifies the use of a PKI.
An extra certificate may be used for commnunication with the trusted third party for increasing the security when soft certificates, i.e. certificates that are stored on the file system of a computer, are used.
Even though the actual encrypted package of information is not stored at the third party, a hash value derived from the contents of said package of information may be stored by the third party. This means that the receiver may be given the opportunity to detect if said package of information has been tampered with.
Also, by saving a hash value the trusted third party may add transaction archiving that may be used for dispute resolution.
A log of all activities on a consignment by the trusted third party makes it possible to provide timestamp information. The trusted third party may be provided with a tick engine, which makes it possible to produce invoicing information based on transactions.
c-i The invention may be implemented as a client-server application, wherein the third party has a server which performs all authentication and validation. Also, the encryption key that is provided to the third party is deposited on that server. The sender and receiver are preferably registered clients of the third party. The clients run a small application that implements the encryption and decryption. Thus, the clients communicate with the server that holds one of the encryption keys on behalf of the sender. Suitably, the client software cannot be used as a tool for breaking into the system or the consignments containing said package of information.
The third party has suitably a network of servers for communication with the clients. Clients are preferably implemented as desktop applications running on personal computers. The encryption keys may be generated randomly. The clients communicate with a selected server 2S via 12 over the Internet. Users identify tInemselves to the servers, preferably by mens of certificates, such as X.509 certificates. The servers may be implemented with.
redundant hardware for maximum availability. The servers in the network communicate with each other to support interaction between users affiliated with different servers.
It ahould be clear from what has been previously discussed, that the present invention provides a flexible method and system for transferring information. It is not only limited to physical persons wishing to exchange information. Thus, the communicating parties may be applications as well as human beings. The receiver may ~flfor instan ce be a service provider application for buying something over the Internet.
AB has been shown, the present invention has ,many advantages. An open infrastructure is achieved which c; allows different parties to communicate in a secure way.
Another advantage is that the third party identifies the 00 Bender and the receiver in real time. A further advantage is that the inventive concept is independent of the information format. Yet another advantage is that the communication between registered' parties my be performed Cl at an arbitrary time. Furthermore, only a minimum software is required for a user.: Furthermore, the present invention may be implemented as a virtual safe. This is accomplished by only giving the sender access to the package of information and the supplementary key described above. In other words the Bender and the receiver is one and the same person. Thus, the sender may utilise the present invention to-protect sensitive information on an unsafe system. He simply encrypts the information and provides an encryption key to the third party, the sender himself holding the supplementary encryption key.
Arief description of the drawings Fig. 1 illustrates a server network for use in the present invention.
F~ig. 2 illustrates one embodiment of the invention..
Fig. 3 illustrates in a flow chart the steps of sealing a consignment in accordance with the embodiment illustrated in Fig. 2.
Fig. 4 illustrates in a flow chart the steps of unsealing a consignment in accordance with the embodiment illustrated in Fig. 2.
Fig. 5 illustrates another embodiment of the invention.
(111 12 Fig. 6 illustrates in a flow chart the steps of Dealing a consignment in accordance with the embodiment illustrated in Fig. Fig. 7 illustrates in a flow chart the steps of S unsealing a consignment in accordance with the embodimnr illustrated in Fig. S.
Fig. 8 schematically illustrates a physical (1 architecture of a system for use in the present invention.
Detailtd deacriptijon of the drawinosi Fig. I. illustrates a server network 10 for use in the present invention. The server network 10 comprisea several servers 12. The ivention provides an infrastructure for secure electronic communication. it packages information into electronic consignments and controls access to the contents. The servers 12 do not take part in the actual information transport.
Consignments are to be regarded as safe containers that can be used for exchange of information over insecure communication channels. The communicating parties may be human beings as well as applications. Consignments are created and accessed by means of client software 14.
Several types of clients exist, such as stand-alone desktop applications arnd add-ins for e-mail~ clients 16.
All client implementations share a aoftware library 18, also available for users who want develop their own user applications The clients 14, 16 communicate with a server 12 via the Internet. The servers 12 are interconnected in the server network 10 to facilitate communication between clients that are connected to different servers. in order to become a client, one has to become registered with a server 12. The registering process comprises otoring of a certificate 22 for producing a digital signature.
Different types of certificates 22 (three illustrated in the figure) may be used by different clients 14, 16. When a first user of the system wishes to transfer a package of information to other users, he activates hie client A identity 14 that has been registered with a server 12 and creates a consignment. The first user is only allowed to create a consignment after having sufficiently identified himself to the server 12. Thereafter, the first user 00 names those users that shall be granted access. Files are then added to the consignment, which is finally sealed and may now be distributed to the receiving users by means of appropriate means of transport, e.g. e-mail. The CI users that have received the consignment must activate their respective client application in order to open the consignment. Permission to access the consignment is granted only if a receiving user can provide sufficient proof of identity and has been gr anted access by the creator of the consignment. If both these conditions are met a receiving user can extract the files contained in the consignment. Users identify themselves to the server network 10 by means of digital certificates 22. The actual method of handling encryption keys for sealing and opening consignments will be illustrated in connection wi th Figs. 2 and Fig. 2 illustrates one embodiment of the invention.
The figure illustrates a sender 40 and a receiver 42 of a package of information 46. Furthermore, there is a truated third party 44, which ig illustrated with a server. The package of information 46 is sent in a consignment 48, which is illustrated as pieces of paper put into a box, as indicated by arrow 60. The consignment 48 is sealed by encryption with two randomly selected encryption keys 1(1, K2.
One encryption key Kl is encrypted with a public key (not shown) of the receiver 42 and is sent together with the sealed consignment 48 from the sender 40 to the receiver 42. This is indicated by an arrow 6.2. The receiver can decrypt the encrypted encryption key 1(1 by means of his private key (not shown) In Pig. 2 the sealed consignment 48, which is sent to the receiver, is illustrated with a provided lock.
M The other encryption key K(2 is stored-on the server of the third party 44 (indicated by an arrow 64) toge ther with consignment attributes. These attributes,-set by the sender 40, define under what conditions the receiver 42 00 may obtain the other encryption key K2 from the third party 44. Even though the contents of the consignment 48 are not stored by the third party 44, a hash value derived from the contents is stored.
Both encryption keys 1(1, K(2 are required to open the consiginent 48. So far the receiver 42 has only obtained one encryption key 1(1, and must acquire the second encryption key K(2 from the third party 44. This gives the third party 44 control over the receiver 42. Furthermore, an operator of the third party 44 cannot eavesdrop on a consignment, since possession of both encryption keys K(1, K2 are required to open the consignment 48 and extract the package of information 46.
When the receiver 42 has been identified by the third party 44, and met the conditions defined by the sender 40, he is given the other encryption key 1(2, as indicated by an arrow 66. The receiver now being in.
possession of both encryption keys K(1, 1(2 may open the 25 consignment 48 and extract the package of information, as indicated by an arrow 68.
All transactions are logged by the third party in a transaction logj 50, which makes it possible to provide timestamp information and to produce invoicing information based on transactions.
When the sender 40 creates a consignment, the client library performs the following processing to create a sealed consignment: 1. Compile the package of information 46 that shall be included in the consignment 48.
2. Add digital signatures for selected component.
3. Specify the identity of the receivers 42 and procesaing attributes.
N4. Contact the Berver of the third party 44. Uea digital certificate-as a proof of identity.
5. Retrieve the preferred public keys for all receivers 42 from the server of the third party 44.
00 6. seal the consignment 48.
7. Store consignment attributes and one K2 of the encryption keya on the server of the third party 44.
010 8. Distribute the consignment 48 by e.g. e-mail or c-I ftp.
The actual sealing (step 6) of the consignment 48 is illuotrated in Fig. 3.
is Fig. 3 illustrates in a flow chart the steps of sealing a consignment in accordance with the embodiment illustrated in Fig. 2. In a first creating step 80, a first random encryption key KI is created. This is followed by a second creating step 82, In which a second random encryption key K2 is created. In a compiling step 84 an encryption key K is compiled from encryption keys 1(1 and K2. The compiled encryption key K may be obtained by e.g. performing an XOR of encryption keys 1(1 and K2.
In a first encryption step 86, the package of information is encrypted with the new, compiled encrypt'ion key K. In a aecond encryption atep 88, one KI of the original encryption keys is encrypted with a receiver's public key. If the package of information in to be sent to several receivers, the step 88 is carried out for each one of the receivers with a respective public key. In an adding step 90, the encrypted encryption key K1 is added to the consignment. In a depositing step 92, the other encryption key K2 is kept for the deposit-on a server of the third party. This is preferably done via SSL. The consignment now having been sealed may be distributed to the receivers.
The person skilled in the art realises that alternative orders in which some of the steps are performed are possible. Also, other ways to combine encryption keys Ki and K2 are possible. For instance, the package of information may first be encrypted by one encryption key Ki, and then by the other encryption key K2. Another alternative is to start with a random encryption key with which the package of information is encrypted, and then divide that key into- two encryption keys Ki, K(2 for distribution to the receiver and the third party, respectively.
With reference to Fig. 2, when the receiver 42 wishes to open a consignment 48, the client library of the receiver performs the following processing to open a sealed consignment: 1. Extract the consignment identity from the consignment 48.
2. Contact the server of the third party 44.
3. Retrieve the encryption key K(2 from the server of the third party 44.
4. unseal the consignment 46.
Extract the contained package of information 46.
The actual unsealing (step 4) or decryjption of the consignment 46 is illuatrated in Fig. 4.
Fig. 4 illustrates in a f low chart the steps of unsealing a consignment in accordance with the embodiment illustrated in Fig. 2. In an extracting step 100, the encrypted encryption key Ki, which was sent with the consignment, is extracted. in a subsequent first decrypting step 102, the user uses his private key to decrypt the encrypted encryption key Ki. In a retrieving step 104, the encryption key K(2 stored on the server of the third party is retrieved therefrom. At this point, the receiver has both encryption keys Ki and K2. However, the package of information was encrypted with a compiled encryption key K. Thus, in a compiling step 106, the compiled encryption key K is generated from K1. and K(2.
This in followed by a second decrypting step 108, *in which the package of information is decrypted with the compiled encryption key K.
__The person skilled in the art will understand that 00 the order in which some of the steps are performed may be altered. Also, depending on how the package of information was encrypted, the use and combination of the encryption keys K1 and K2 is altered accordingly.
Fig. 5 illustrates another embodiment of the present invention. Using the reference numerals of Fig. 2 with
A
the addition of 100, Fig. S illustrates a sender 140, a receiver 1.42, a third party 144, a package of information 146 to be sent in a consignment 148, and a transaction log 150. in this embodiment, instead of distributing two encryption keys K1, K(2, only one encryption key K3 is used. The package of information 146 is encrypted with this encryption key K(3, wherein the consignment 148 is sealed. The consignment 148 is sent to the receiver 142, as indicated by arrow 162. The encryption key K(3 is encrypted with a public key (not shown) of the receiver 142. The encrypted encryption key K3 is deposited on the server of the third party 144, as indicated by arrow 164.
Thus, the encryption key K3 is in such a format that it is unable to decrypt said package of information. The receiver 142 will, after having been positively identified by the third party 144, obtain the encrypted encryption key K(3 (as indicated by arrow 166) and will .with the involvement of supplementary encryption key be able to open the consignment 148. In this case the supplementary encryption key is a private key (not shown) of the receiver 142. Thus, the receiver 142 decrypts the encrypted encryption key K(3 with his private key and 3S subsequently decrypts the package of information with that encryption key K(3.
Fig. 6 illustrates in a flow chart the steps of sealing a consignment in accordance with the embodiment illustrated in Fig. 5.-In a creating step 180, a random encr-yption key K(3 is created by the application-software of the sender. This encryption key K3 is used in a first encryption step 182 for encrypting the package of 00 information to be provided to a receiver. in a second encryption step 164, the actual encryption key K(3 is encrypted with a public key of the receiver. It should be noted that if the package of information is provided to CI several receivers, the second encryption step 184 will be performed for each one of the receivers with their respective public key. Finally, in a depositing etep 186, the encrypted encryption key K(3 is provided to a server 1S of the third party. The consignment is now sealed and may be provided to the receiver.
Pig. 7 illustrates in a flow. chart the steps of unsealing a consignment in accordance with the embodiment illustrated in Fig. 5. In a retrieving step 200 the receiver retrieves the encrypted encryption key K(3. The encryption key K(3 is now in such -a format that it is not possible to decrypt the package of information.
Therefore, in a first decrypting step 202, the-receiver uses his private key to decrypt t he encrypted encryption key K(3 so as to obtain it in ouch a format that it is possible to decrypt the package of information. So, in a second decrypting step 204, the encryption key 1C3 is used for decrypting the package of information, whereby the consignment has been unsealed.
Fig. 8 schematically illustrates a physical architecture of a system for use in the present invention. The figure gives merely an overview of the physical system architecture and some of its incorporated components. Redundancy and load balancing components have been omitted for the sake of clarity. The components have the following functions. A toolkit 240 is provided for development of clients and applications using the trusted servers of the third party. The toolkit 240 may, for instance, be used for adding PKI based security to legacy applications. All functionality, including administrative functions, is available thorough the toolkit 240'. The toolkit 240 communicates directly with a first server 242 by means of XML over HTTPS. The first server 242 00 communicates with the trusted servers .specific clients via library routines. A client application 244 is developed specifically for use with the trusted third party. The client application 244 provides a user- C1 friendly graphical interface to the functionality that is offered by the toolkit 240. The client application 244 is loosely integrated with e-mail clients, via HAPI, for the transport of consignments. A second server 246 offers a IS graphical interface to administrative services via thin clients, for example, registering new users. A thin client has little predetermnined functionality and is a client that gets part of its behaviour downloaded from the second server 246. Thus, the second server 246 communicates with general web-clients, such as web browsers of the types Internet Explorer or Netscape. The second server 246 uses the toolkit 240 to communicate with the first server 242. The first server 242 and a third server 248 realise a layered implementation of business logic. These two components are reeponsible for bookkeeping of consignments, signatures, timestampe and encryption keys. Another function of the first server 2.42 and the third server 248 is to verify user identities and certificates. A database 250 of the third server 248 has the function of atorage of users, consignment, information, signatures and certificates. A certificate producing component 252 produces certificates for internal use, i.e. the certificates are not used publicly. only the thi.rd party needs to accept and rely on these certificates for internal use. This may also be viewed as a closed PKI as opposed to ean open PKI. An archive 254 connected with the database 250 provides long-term storage of notary records. A tick engine 256 is Si provided for the generation of transaction based cinvoicing information. Also, several firewalle 258 are provided for increased security.
It should be noted that numerous modifications and variations can be made without departing from the scope 0 of the present invention defined in the accompanied 0 claims.
Thus, it is to be understood that even though some specific system components have been pointed out, they CM are only elucidative examples for the ease of understanding. Obviously, many others are conceivable.
Also, even if the previous description for the most part has emphasised computer based communication, other means are equally possible, such as a cellular phone WAPinterface, etc..

Claims (27)

  1. 2. A method as claimed in claim 1, further comprising the step of providing a first encryption key, which is said supplementary encryption key, to the receiver, the encryption key provided to the third party being a second encryption key, wherein the second encryption key in combination with the first encryption key enables decryption of the package of information.
  2. 3. A method as claimed in claim 2, in-.which said step of encrypting said package of information further comprises the steps of: combining said first and second encryption keys for generating combined encryption key; and encrypting said package of information by mearw of said generated combined encryption key.
  3. 4. A method as claimed in claim 2, in which said package of information is first encrypted by one of said first and second. encryption keys, and then encrypted by the other one of said first and second encryption keys. S. A method as claimed in claim 2, in which said information is encrypted by a main encryption key, said M main encryption key then being'divided into said first encryption key which ise provided to the receiver and said second encryption key which is provided to the third party. 00
  4. 6. A method as claimed in any one of claims 2 in which the step of providing a first encryption key to the receiver is preceded by the step of encrypting said first encr-yption key with a public key of the receiver, wherein the receiver is able to decrypt said encrypted first encryption key with a private key.
  5. 7. A method as claimed in claim 1, in which the step of providing to a third party an encryption key is preceded by the steps of; encrypting said package of information with that encr-yption key; and encrypting that encryption k ey, wherein said encrypted encryption key is decryptable by said supplementary encryption key of the receiver so as to enable decryption of the package of information. R. A method as claimed in claMim 7, in which said encryption key is encrypted with a public key of the receiver, and in which said supplementary encryption key is a private key of the receiver enabling decryption of said encrypted encryption key.
  6. 9. A method as claimed in any one of claims I 8, in which instructions are sent to'the third party, said instructions defining under what conditions the encryption key provided to the third party may be retrieved by the receiver of the package of information. A method as claimed in any one of claims 1 9, in which the encr-yption key provided to the third party, upon instructions to the third party, is prevented from being provided to the receiver.
  7. 11. A method as claimed in any one of claims 1 00 in which said receiver is identified by means of a registered certificate.
  8. 12. A method as claimed in any one of claims 1 -12, in which the secure transfer of said package of information is only completely performed if the sender has been identified by the third party, such as by means of a registered certificate.
  9. 13. A method as claimed in any one of claims 1 12, in which a hash value derived from the contento of said package of information is stored by the third party, 4 without storing the actual package of information, wherein the receiver will be able to detect if said package of information has been tampered with.
  10. 14. A method of enabling sec ,ure transfer of a package of information in a digital communications network from a sender to a receiver, comprising the steps of: receiving from the sender of-an encrypted package of information an encryption key which, with the involvement of a supplementary encryption key of the receiver, enables decryption of said package of information; identifying the receiver of said package of information; and providing said received encryption key to the receiver upon positive identification of the same. A method as claimed in claim 14, in which said supplementary encryption key is a first encryption key provided to the receiver, and in which the Oncryption key received in the step of receiving an encryption key is a second encryption key, the combination of Maid first and second encryption keys enabling decryption of said package of information. 00
  11. 16. A method as claimed in claim 14, in which the encryption key received in the step of receiving an A4 encryption key is an encrypted encryption key.
  12. 17. A method as claimed in claim 16, in which said encryption key is encrypted with a public key of the receiver, and in which eaid supplementary encryption key is a private key of the receiver enabling decryption of said encrypted encryption key.
  13. 18. A method as claimed in any one of claims 14 17, in which instructions are received from the Bender, said instructions defining under what conditions the encryption key received from the sender may be retrieved by the receiver of the package of information.
  14. 19. A method as claimed in any one claims 14 -18, in which the receiver is identified by insano of a registered certificate. A method as claimed in any one of claims 14- 19, further comprising the step of identifying the sender, wherein the secure transfer of said package of information is only completely performed if the sender has been identified, ouch as by means of a registered certificate.
  15. 21. A method as claimed in any one of claims 14 further comprising the step of storing a hash value derived from the contents of said package of information, without storing the actual package of information, wherein the receiver will be able to detect if said M ~package of -information has been tampered with.
  16. 22. A method 'of enabling secure transfer of a package of information in a digital communications network from a sender to a receiver, comprising the steps of: obtaining said package of information, which is encrypted, from the sender; being positively identified by a third party; obtaining from said third party an encryption key having ouch a format that it is unable to decrypt said package of information, said third party having o btained iS the encryption key from the sender; and A decrypting said package of information by means of said obtained encryption key with the involvement of a supplementary encryption key.
  17. 23. A method as claimed in claim 22, further comprising the step of obtaining a first encryption key, which is said supplementary encryption key, from the sender, the encryption key obtained from the third party b~eing a second encryption key, wherein the step of decrypting said package of information comprises the step of combining the first encryption key and the second encryption key.
  18. 24. A method as claimed in claim 23, in which said step of decrypting said package of information further comprises the steps of: A combining said first and second encryption keys for generating a combined encryption key; and decrypting said package of Information by means of said generated combined encryption key. A method as claimed in claim 23, in which. said package of information is first decrypted by one of said first and second encryption keys, and then decrypted by the other one of said first and second encryption keys. S
  19. 26. A method as claimed in claim 23, in which said 00 first encryption key is encrypted with a public key of the receiver, wherein said step of decrypting said package of information is preceded by the step of decrypting said encrypted first encryption key with a private key.
  20. 27. A method as claimed in claim 22, in which the encryption key obtained from the third party is encrypted, wherein the step of decrypting said package of information comprises the steps of: decrypting the encrypted encryption key obtained from the third party by means of said supplementary encryption key; and decrypting said package of information with the decrypted encryption key.
  21. 28. A method as claimed in claim 27, in which the encryption key obtained from the third party is encrypted 2S with a public key of the receiver, wherein-said aupplementary encryption key is a private key of the receiver enabling decryption of the encrypted encryption key.
  22. 29. A method as claimed in any one of claimBs 22 28, in which the step of being positively identified by a third party comprises identification by means of a registered certificate.
  23. 30. A method as claimed in any one of claims 22- 29, further comprising the steps of: c 27 .3 obtaining from the third party a first hash value Fwhich has been derived from the contents of said package (C of information by means of a hash function; calculating by means of said hash function a second hash value of the obtained package of information; and comparing said first hash value with said second 0 0 hash value, in order to detect if said package of information has been tampered with.
  24. 31. A system for enabling secure transfer of a Cl package of information in a digital communications network from a sender to a receiver, comprising means for performing the steps in any one of the methods as claimed in claims 1
  25. 32. A computer readable medium for enabling secure transfer of a package of information in a digital communications network from a sender to a receiver, comprising means for performing the steps in any one of the methods as claimed in claims 1
  26. 33. A method of enabling secure transfer of a package of information in a digital communications network, substantially as described herein with reference to any one or more of the accompanying drawings.
  27. 34. A system for enabling secure transfer of a package of information in a digital communications network, substantially as described herein with reference to any one or more of the accompanying drawings. A computer program comprising program code instructions for controlling a data processing apparatus to perform a method for enabling secure transfer of a package of information in a digital communications network, substantially as described herein with reference to any one or more of the accompanying drawings. DATED this Twenty-Second Day of February, 2007 IES Internet Express Scandinavia AB Patent Attorneys for the Applicant SPRUSON FERGUSON
AU2007200817A 2004-01-29 2007-02-23 A method of enabling secure transfer of a package of information Abandoned AU2007200817A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2007200817A AU2007200817A1 (en) 2004-01-29 2007-02-23 A method of enabling secure transfer of a package of information

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AU2004200319 2004-01-29
AU2004200319A AU2004200319A1 (en) 2004-01-29 2004-01-29 A Method of Enabling Secure Transfer of a Package of Information
AU2007200817A AU2007200817A1 (en) 2004-01-29 2007-02-23 A method of enabling secure transfer of a package of information

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU2004200319A Division AU2004200319A1 (en) 2004-01-29 2004-01-29 A Method of Enabling Secure Transfer of a Package of Information

Publications (1)

Publication Number Publication Date
AU2007200817A1 true AU2007200817A1 (en) 2007-03-15

Family

ID=34865678

Family Applications (2)

Application Number Title Priority Date Filing Date
AU2004200319A Abandoned AU2004200319A1 (en) 2004-01-29 2004-01-29 A Method of Enabling Secure Transfer of a Package of Information
AU2007200817A Abandoned AU2007200817A1 (en) 2004-01-29 2007-02-23 A method of enabling secure transfer of a package of information

Family Applications Before (1)

Application Number Title Priority Date Filing Date
AU2004200319A Abandoned AU2004200319A1 (en) 2004-01-29 2004-01-29 A Method of Enabling Secure Transfer of a Package of Information

Country Status (1)

Country Link
AU (2) AU2004200319A1 (en)

Also Published As

Publication number Publication date
AU2004200319A1 (en) 2005-08-18

Similar Documents

Publication Publication Date Title
US20080098227A1 (en) Method of enabling secure transfer of a package of information
US7860243B2 (en) Public key encryption for groups
EP1782213B1 (en) Secure messaging system with derived keys
US8799981B2 (en) Privacy protection system
US7499551B1 (en) Public key infrastructure utilizing master key encryption
US10523644B2 (en) System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key
US20060053285A1 (en) Object access level
US20110035596A1 (en) Method of Secure Broadcasting of Digital Data to an Authorized Third Party
CN100342684C (en) Securing arbitrary communication services
WO2001052473A1 (en) Secure management of electronic documents in a networked environment
US20150256336A1 (en) End-To-End Encryption Method for Digital Data Sharing Through a Third Party
EP1423958A2 (en) Method and device for transmitting an electronic message
US20110040972A1 (en) Terminal for strong authentication of a user
CN114679340B (en) File sharing method, system, device and readable storage medium
US10892892B1 (en) Method and apparatus for end-to-end secure sharing of information with multiple recipients without maintaining a key directory
GB2395304A (en) A digital locking system for physical and digital items using a location based indication for unlocking
AU2007200817A1 (en) A method of enabling secure transfer of a package of information
EP1280295A1 (en) A method of enabling secure transfer of a package of information
EP4016916B1 (en) Method and apparatus for sharing data
EP4016916A1 (en) Method and apparatus for sharing data
Contiu Applied Cryptographic Access Control for Untrusted Cloud Storage
Stapleton The Many Ways of BYOK.
Hughes Key Management
Vijayan et al. A Blockchain-Based Access Control System for Cloud Storage
Tanwar et al. Design and Implementation of Database Security for Various type of Digital Signature

Legal Events

Date Code Title Description
MK5 Application lapsed section 142(2)(e) - patent request and compl. specification not accepted