AU2013200771A1 - System and method for distributing secured data - Google Patents

Abstract

- 26 Abstract The present invention relates to a system and method for distributing secured data, and particularly, although not exclusively to a system and method for distributing secured data objects which are encrypted. The method comprising the steps of receiving a request from a data recipient to access encrypted data; authenticating the request and where upon the request is authenticated, retrieve a key to decrypt the encrypted data into decrypted data; distributing the decrypted data to the data recipient via a remote module. The recipient being able to access the data via the remote module. The method performs encryption and decryption within a browser application at a user computing device using keys delivered via a communications network.

Description

- 1 A SYSTEM AND METHOD FOR DISTRIBUTING SECURED DATA TECHNICAL FIELD [001] The present invention relates to a system and method for distributing secured data, and particularly, although not exclusively, to a system and method for distributing secured data objects which are encrypted. BACKGROUND [002] Transferring information electronically through the Internet or another public telecommunication network (such as wired or wireless telephone services) is a cost effective solution for distributing information. However, as much of the Internet operates on public infrastructure, sensitive or confidential information sent through the Internet may be accessible to unauthorised parties. [003] To address these security concerns, Internet-based communications have developed methods for exchanging information based on identification information associated with individuals or systems. These approaches include Secured Shell session (SSH), Pretty Good Privacy (PGP), and Gnu Privacy Guard (GPG), all of which are based upon public key cryptography. [004] Public key solutions require an exchange of public key certificates between the connecting devices as a prerequisite for secure communications between the devices. These solutions carry an unfortunate security-convenience trade-off. That is, in order to use them securely, the user needs to know a fair amount about public key infrastructure and has to perform certain inconvenient manual operations. One such example is out-of band fingerprint verification of the public key certificate from the other party. Such complexities have reduced the market uptake of such encryption and decryption technologies. Furthermore, those users who continue with such solutions often ignore such complexity without understanding that this puts their security at risk. [005] In addition, encryption solutions usually require the use of software which must be installed and verified on the user's computer. This can be problematic if installing such software is not an option, for example if the user does not own the system, or if the system has constrained resources, or if the user just does not want to install another package for any number of reasons.

-2 [006] Attempts have been made at avoiding these problems with web browser based solutions involving a centralized, trusted server for all secure communications. Such solutions do not require certificate exchanges between users but instead only require that users can verify the server's certificate for all secure communicates which is potentially a much more user friendly solution. However, such systems typically perform the encryption and decryption on the server which brings with it a number of potential problems. For one, server side encryption requires significant computational overhead and doesn't scale well, either under normal usage or potentially malicious usage (denial of service attacks). Moreover, when the content is processed on a centralised server it is potentially vulnerable to single point hacking attacks that could compromise the entire system and impact many users. Ideally data should be encrypted/decrypted as close to the source as possible to maintain the security of the data and minimise the potential threat to multiple users. SUMMARY [007] Disclosed is a zero-footprint solution leveraging the ubiquity of browser installations to simplify access to secure solutions. This approach removes the need to install an application on the user's machine. Instead a program is transparently downloaded from a server and executed in the user's browser. Unlike other solutions, all encryption and decryption happens in the browser itself. [008] The browser communicates with a secure server to authenticate the user and authorise key access. [009] The browser also transmits and receives encrypted data from other servers which are independent of the secure server. [0010] The downloaded program performs the encryption and decryption locally in the browser. [0011] This also resolves the problem of transmitting the data unencrypted to/from a web server that would otherwise be used to encrypt/decrypt that data. Only encrypted data is then transferred across the communications channel or otherwise provided from the user device. The present approach makes use of access to a trusted server that provides the authentication and authorization of key access as well as the browser application. Once the data is encrypted it can be transmitted across the internet, for example by being uploaded to an untrusted server.

-3 [0012] One benefit of this distributed design is that there is no single point of attack to compromise the entire system which is in agreement with the Defense in Depth security principle. A malicious user (hacker) may be able to attack individual users by attacking the browser, but this will, at best, only provide access to a single user's data. Alternatively the malicious user needs to attack multiple servers to get access to multiple users' data. [0013] The present approach also reduces server load by performing the cryptography in the client environment. This also reduces the risk of a potential Denial of Service attack, which involves the making many requests to the server that require significant resources to process. [0014] According to one aspect of the present disclosed, there is provided a method of securing data, the method comprising: authenticating an identity of a user of a browser application executing on a user computing device with a secured data system remotely accessible to the user computing device via a communications network; forwarding to a security module of the secured data system, in response to a valid authentication of the user identity, a request for a key associated with the authenticated user identity; communicating at least one key from the security module to the browser application via the communications network, the key being associated with the authenticated user identity and an access permission; and one of: (a) (a-1) encrypting data at the user computing device via the browser application using the key received from the security module; and (a-2) providing the encrypted data for access by a third party; and (b) (b-1) receiving encrypted data at the user computing device; and (b-2) decrypting the encrypted data at the user computing device via the browser application using the key and the access permission received from the security module to make the data available at the user computing device. [0015] Other corresponding or complementary aspects are also disclosed. [0016] In accordance with another aspect of the present disclosure, there is provided a method for distributing secured data comprising the steps of: - receiving a request from a data recipient to access encrypted data; -4 - authenticating the request and where upon the request is authenticated, retrieval of keys to decrypt the encrypted data; and - the viewing of the decrypted data by the data recipient. [0017] In an example of the first aspect, the key is retrieved from a first location. [0018] In an example of the first aspect, the encrypted data is stored in a second location. [0019] In an example of the first aspect, the encrypted data is distributed to the data recipient over a communications network. [0020] In an example of the first aspect, the encrypted data is distributed over the communications network through a secure channel. [0021] In an example of the first aspect, the encrypted data is streamed via the communications network to the data recipient. [0022] In an example of the first aspect, the key is arranged to remain effective for a pre determined period of time. [0023] In an example of the first aspect, the method further includes a step of deleting the encrypted data after the encrypted data has been transmitted to the recipient user. [0024] In an example of the first aspect, the encrypted data is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data. [0025] In accordance with a second aspect of the present disclosure, there is provided a system for distributing secured data: - a module arranged to receive a request from a data recipient to access encrypted data; - an authentication routine arranged to authenticate the request and where upon the request is authenticated, retrieve a key to decrypt the encrypted data; and - communication interface arranged to distribute the encrypted data to the data recipient. [0026] In an example of the second aspect, the key is retrieved from a first location. [0027] In an example of the second aspect, the encrypted data is stored in a second location.

-5 [0028] In an example of the second aspect, the encrypted data is distributed to the data recipient over a communications network. [0029] In an example of the second aspect, the encrypted data is distributed via the communications network through a secure channel. [0030] In an example of the second aspect, the encrypted data is streamed over the communication network to the data recipient. [0031] In an example of the second aspect, the key is arranged to remain effective for a pre-determined period of time. [0032] In an example of the second aspect, the system further includes a purge module arranged to delete the encrypted data after the encrypted data has been transmitted to the recipient user. [0033] In an example of the second aspect, the encrypted data is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data. [0034] In accordance with a third aspect of the present disclosure, there is provided a computer program comprising at least one instruction for controlling a computer system to implement a method in accordance with any one of any one of the examples of the first aspect of the present invention. [0035] In accordance with a fourth aspect of the present disclosure, there is provided a computer readable medium providing a computer program in accordance with the third aspect of the present invention. [0036] In accordance with a fifth aspect of the present disclosure, there is provided a communication signal transmitted by an electronic system implementing a method in accordance with any one example of the first aspect. BRIEF DESCRIPTION OF THE DRAWINGS [0037] At least one embodiment of the present invention will now be described, by way of example, with reference to the accompanying drawings in which: [0038] Figure 1 is a schematic block diagram of a system for distributing secured data; -6 [0039] Figure 2 is a block diagram of a system for securing data; [0040] Figure 3 is a block diagram of another system for distributing secured data; [0041] Figure 4A is a collection of example screenshots shown to a user of a system in accordance with Figure 3; [0042] Figure 4B is a flow diagram of a system in accordance with Figure 3; [0043] Figure 5 is a schematic block diagram of another system for distributing secured data; and [0044] Figure 6 is a schematic block diagram of another system for distributing secured data. DETAILED DESCRIPTION INCLUDING BEST MODE [0045] Figure 1 illustrates a system for distributing secured data comprising: - a module arranged to receive a request from a data recipient to access the encrypted data; - an authentication routine arranged to authenticate the request and whereupon the request is authenticated; - a decrypting processor arranged to retrieve a key to decrypt the encrypted data into decrypted data; and - a communication interface arranged to distribute the decrypt data to the data recipient. [0046] In this example, the module, authentication routine, decrypting processor may be implemented by one or more electronics circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the computing devices. The computer may be implemented by any computing architecture, including stand-alone PC, client/server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture. In some implementations, the computing device may also be appropriately programmed to implement the described functionality. [0047] Referring to Figure 1 there is a shown a schematic diagram of a system for accessing secured data which in this example comprises a server 100. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions. The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc. Display -7 112 such as a liquid crystal display, a light emitting display or any other suitable display and communications links 114. The server 100 includes instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as a server, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communications link may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communications link. [0048] The server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system 116 which resides on the disk drive or in the ROM of the server 100. [0049] The system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data. The database 120 is in communication with an interface 202, which is implemented by computer software residing on the server 100. The interface 202 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing. The interface 202 may be implemented with input devices such as keyboards, mouse or, in another example the interface 202 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like. [0050] With reference to Figure 2, there is illustrated a block diagram of a system for securing data. In this example, the system may be implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN etc. or any communication network which operates with any communication protocol, including Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version wherein the server 200 is arranged to communicate with other computing or communication devices 204, 206 via the communication network. [0051] As shown, this exemplary implementation comprises a server 200 which is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another recipient user 206, computer, processor or controller. In this -8 example, the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not limited to: 1 - Filenames of any files to be encrypted; 2 - File size, dates, properties, permissions settings and other attributes; 3 - The identification of the recipient 206 of the file; 4 - The access permissions of the recipient 206; 5 - The address or reference of the recipient 206; and 6 - Any other information relating to the security settings or the data object that is to be encrypted which may be required to encrypt the file. [0052] Once the encryption request 202 is received by the server 200, the server 200 is arranged to generate a key which can be used to encrypt the data object. The key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated. [0053] After the data object is encrypted, the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206. As the encrypted data object 210 is now secured, it may be sent through a computer network email, virtual storage servers or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like. Preferably, in some situations, some form of security consideration is still put into practice with the transmission of the encrypted data object 210 for best practice. [0054] Once the recipient user 206 receives the encrypted data object 210, the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210. In one exemplary implementation, the server 200 may enforce an authentication process (212) on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient. The authentication process (212) may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of the systems described thereof. [0055] After the recipient user 206 is authenticated by the server 200 and is authorized to decrypt the data object 210, a key 214 may be provided to the recipient user 206 to -9 decrypt the file. In one example, the recipient user 206 may be given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206. In another example, the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206. In these examples, it may be necessary to encrypt the data object with necessary information for third party software to control and enforce these permission settings. Examples of these third party software includes Secure Word or Adobe Acrobat reader which have permission controls capable of limiting the manipulation of a data file. [0056] Alternative examples of a system for securing data are also described in International Patent Application No. PCT/AU2008/001898 (International Patent Publication No. WO 2009/079708) filed by the present Patent Applicant, the entire contents of which are fully incorporated herein by reference for all purposes. These examples are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is removed from the encrypted data object 210. As such the encrypted data object may be transmitted in a less secure, whilst more convenient channel since even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of decryption since the key is not within the encrypted object. [0057] With reference to Figure 3, there is illustrated a system 300 for distributing secured data comprising a system 200 for securing data. Here the system 300 comprises a remote client module 306, a storage module 304 and a security module 302. These three modules 302, 304, 306 may be implemented with computer software, hardware or a combination of software and hardware operating on a single computing device or multiple computing devices. In certain security or operating environments, it is preferable that each of the modules 302, 304, 306 are implemented on individual computing devices, such as servers or banks of servers and deployed at one or more geographical locations, although for costs or technical reasons, each of the modules may be implemented together or separately on one or more servers being located on one or more physical or network locations. In the example illustrated in Figure 3, the remote client module 306, the storage module 304 and the security module 302 are implemented on individual servers being disposed at different physical and/or network locations whilst allowing recipients or users of the system 308A, 308B to at least communicate with the remote client module 306 from a fourth physical and/or network location.

- 10 [0058] In this example, the security module 302 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object. The security module 302 may be a server arranged to receive a request for a key to encrypt a data file, after which when the file is encrypted and is required to be decrypted, the key is then provided to a recipient 308A, 308B of the file after the recipient 308A, 308B has been authenticated. The security module 302 may be a server 302 connected to a network arranged to allow other computers 308A, 308B operated by users, routines, processors or the like to connect to the server with requests to generate or obtain a key to encrypt or decrypt a data object. In one example, the security module 302 is implemented based on the server 200 described above, or in another example, the security module 302 is implemented based on a system for securing data described with reference to the aforementioned International Patent Publication No. WO 2009/079708. [0059] As illustrated in Figure 3, the storage module 304 is arranged to store data objects, and preferably, the module stores encrypted or secured data objects which have been encrypted with the encryption methods mentioned above. [0060] In one exemplary implementation, the storage module 304 is arranged to be connected on a communication network such as a public network or private network such that the module 304 can communicate with the secure module 302 and/or the remote client module 306. In one example, the storage module 304 is a server 304 having one or more storage devices such as a disk, database or storage array. In some exemplary implementations, the module 304 is arranged to include a gatekeeper or firewall services which allows connections to only the security module 302 and the remote client 306. When the storage module 304 is instructed to retrieve a particular encrypted data object by the security module 302 or the remote client module 306, the storage module may proceed to transfer the requested encrypted data object to the remote client module 306 for decryption. [0061] As illustrated in Figure 3, the remote client module 306 is arranged to decrypt encrypted data objects and transmit the decrypted data object to an authorized user. In one example, the remote client module 306 communicates with the security module 302, the storage module 304 and any computing devices belonging to users or processes or routines which are using the system to distribute encrypted data. [0062] In one exemplary implementation, the remote client module 306 is a server arranged to receive requests (310) from a recipient user to obtain a data object from the - 11 storage module 304. The remote client module 306 may be connected to the recipient user after the recipient has been authenticated by the secure module 302 via a secured connection over a communication network such as Hypertext Transfer Protocol Secure (HTTPS), Secured Shell session (SSH), Secure Hypertext Transfer Protocol (S-HTTP) or other secure/encrypted transmission methods. Once connected, the remote client module 306 may then proceed to communicate with the storage module 304 to obtain the associated encrypted data object and communicate with the secure module 302 to obtain a key associated with the data objects that the authenticated recipient wishes to obtain. In one example, particularly in example implementations where there are multiple storage modules 304 located at different locations and/or that the storage module 304 has a unique file system; the remote client module 306 may also communicate with the secure module 302 to obtain a location reference and/or file pointer which directs the remote client module 306 to connect with the correct storage module 304 and/or retrieve the correct data from the file system of the storage module 304. To enhance security, each location file system and/or file pointer may also be a unique URL which may be changed over time to thereby minimise unauthorised access to the storage module 304. [0063] Once the data object and key is retrieved (312) by the remote client module 306, the data is decrypted and transmitted to the recipient (314). In some examples, the data may be streamed over a communication network to the recipient user such that the recipient may be able to start processing the data before the entire data object is decrypted, thus offering advantages in the processing of large files such as multimedia files or the like. [0064] Preferably, the remote client module 306 is arranged to delete the key and/or decrypted data object once it has been transferred to the recipient. This is because the combination of the key and the decrypted data object within the same location may increase the security risk of data from being accessed by unauthorised parties. As such, the remote client module 306 may include a self-purging function which ensures the duration period of the module 306 being in possession of both the key and the data object to be minimised to acceptable standards in accordance with required risk management policies in the environment in which the system operates. [0065] In an exemplary implementation the remote client module 306 is also arranged to encrypt data or a data object to create a secured data object or secured data. The secured data can be stored in the storage module 304. The remote client module 306 can be utilised by a user (e.g. 308A) to encrypt a data object and store the secured data - 12 object on the storage module. The user can request an encryption key via the remote client module 306. The remote client module 306 transmits a request for a key to the security module 302. The security module authenticates the user and provides an encryption key. The data is encrypted using any suitable encryption key. The remote client module 306 is arranged to encrypt the data using the key. The key is stored in a separate server or on the security module 302. The secured data is stored in the storage module 304. [0066] The user can also define a plurality of rules or permissions that to constrain the manner in which a data recipient (e.g. 308B) can interact with the data. These rules or permissions can be stored as an access control list on the security module 302 or alternatively on the remote client module 306. The access control list can also comprise a list of allowed data recipients and define the particular data the recipients can access. The data recipient is first authenticated by the security module 302 (as described). Authentication can be done by any suitable process such as password verification. Authentication validates the identity of the recipient (i.e. user). [0067] The access control list can further define varying levels or authorisations for data recipients. Authorisation defines the entitlement a particular data recipient has to data stored in the storage array 303. The various authorisations can be defined as rules or permissions. In one example the permissions (i.e. authorisations) may demand that a particular data file or data object within the storage module 304 is read only or print only. In another example the permissions may demand that a particular data object can only be accessed by a particular recipient if that recipient is at a specific geographic location and the data is inaccessible if the recipient is not at that location. [0068] In yet another example the permissions may demand that a particular piece of data (e.g. a data file or data object) can only be accessed by a specific recipient. In a further example the permissions may demand that a data recipient may only access a particular piece of data at a specified time of day. Many other such authorisations can be created and stored in the access control list. [0069] These rules or permissions may be defined by the data sender, i.e. person who is transmitting secured data. The rules and permissions constrain the manner in which at least one recipient can interact with the data. These rules are enforced by the remote client module 306 but are preferably also applied by the security sever 302 or alternatively by a client application operating on the user's computing device. The system is - 13 advantageous because access to the data is controlled by the sender via the rules or permissions. The rules and permissions are also enforced once the decryption key is passed to the recipient and after the recipient has received the data. The rules control the type of interaction the recipient has with the data. [0070] Other persons than the data sender may define the rules and permissions e.g. a systems administrator. In one example as shown in the flow diagram of Figure 4B, the system for distributing encrypted data operates by firstly allowing a recipient user to access the remote client module 302 through a web browser on their internet or network enabled computing device. The recipient user 308A, 308B may then proceed to authenticate itself with the remote client module or be rerouted to the security module for authentication (400). Examples of login screens which allow a user to login to the remote client module 302 and undertake the authentication process is shown in Figure 4A.1 and Figure 4A.2. [0071] Once authenticated, the session information of the recipient user is recorded by the remote client module (402). This information may then be used by the remote client module 302 to identify the recipient during the duration of the encryption or decryption process. Upon authentication, the recipient user's web browser may then display information including a directory listing of the data objects (as shown in Figure 4A.3 and Figure 4A.4) or a reference link (e.g. URL, web link) to data objects which are intended for the recipient user. [0072] The recipient may then submit a request through their web browser for the data objects which are intended for delivery to them (404). Once this request is submitted, the remote client module 302 may then connect with the storage module 304 to retrieve the specific encrypted data object associated with the request (406). This encrypted data object is then transmitted to the remote client module 306 for temporary storage in its encrypted state (408). Preferably, the encrypted data object is transmitted to the remote client module 306 through a secure link such as HTTPS or the like such that the encrypted data is encrypted a second time to increase security. [0073] Once the encrypted data object is transferred to the remote client module 306, the remote client module 306 may then proceed to obtain necessary information (such as the key) from the security module 302 to decrypt the encrypted data object (410). The remote client module 306 may decrypt a portion of the encrypted data object (412) and proceed to transmit this portion to the recipient user through a communication link (414) which is - 14 preferably, also secured. The remote client module 306 is further arranged to apply or enforce the one or more rules or permissions defined in the access control list. These rules constrain the manner in which the recipient can interact with the data. These rules can also define when or what type of data is transferred to the user (or remote client module 306) from the storage module 304. [0074] Preferably, as each portion of the decrypted data object is sent to the recipient, the decrypted data, encrypted data portion and the key is immediately purged (416) from the remote client module. This is advantageous in that the chances of the remote client module being a potential target for hackers may be reduced. [0075] An advantage of at least one of these approaches is that by decrypting the encrypted data objects on the remote client module 306 is that a recipient user does not need to have any specialised decryption software to be installed on the recipient computer system or device. The user can perform all the functions (described earlier) via a web browser. As such, the costs to use the system for distributing secured data is reduced as the cost of additional software and its associated maintenance and training is avoided. [0076] The remote client module 306 functions as a virtual client in the system 300. Therefore no software is required to be downloaded and installed onto the users computing devices. This is advantageous as no "footprint" is left on the user's computing device and hence provides security since hackers or malicious parties cannot access any information by obtaining the user's computing device. In one example implementation can be for a corporate company with sensitive information. An executive (e.g. CEO) being remote to the company's office can use a computing device and access secure data using the system of Figure 3. The executive does not require any software installed on his/her device since the executive can use the remote client module 306 to either secure data or access secured data. A further advantage is that there is no footprint left of the executive's data, i.e. no software or secured data is installed or maintained on the executive's computer. This is advantageous because if the executive's device falls into "enemy hands" (e.g. a competitors), the data cannot be accessed from the executive's device since there is no specialised software the competitor can use to access the data. The competitor cannot access sensitive data. Secured data is accessed using the remote client module that stores all the information. The remote client module 306 displays the data to a user (e.g. a soldier) via the user's device.

- 15 [0077] In a further exemplary implementation the remote client module 306 may be a web server. [0078] Although not required, the arrangements described above can be implemented using an application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular functions, the skilled person will understand that the functionality of the software application may be distributed across a number of routines, objects or components to achieve the same functionality desired herein. [0079] The user computer device (308A, 308B) can comprise a web application such as a web browser to communicate with the remote client module. [0080] The arrangements described in the aforementioned (International Patent Publication No. WO 2009/079708) implement systems generally referred to by the Patent Applicant as "secure objects", whereby data is encrypted as secure objects. The arrangements now to be described extend the concept of secure objects into the creation, management and use in a number of scenarios by which security of the data concerned is maintained. [0081] Figure 5 shows a further specific system 500 for the distributing of secured data that makes use of the systems described in relation to Figures 3, 4A and 4B. In this exemplary implementation, a user operates a user device 502 which executes a browser application 504 to obtain access to a communications network 510, such as the Internet/World Wide Web, or a local network. The user device 502 may be personal computer or mobile device akin to those previously described. In this implementation, the user desires to securely store a file 506 in a file vault or storage facility 530 for later retrieval by the user or making available of the file to other, authorised persons. The file 506 in this regard may have been generated on the user device 502 by another application, such as a word processing application, and stored in memory, like the RAM 106, or the disk drive 108 where the user is confident of maintaining physical security over the user device 502. [0082] In the system 500, the user, via the browser application 504 accesses a server hosted web client 550, akin to the remote client 306 described above, under a - 16 communications protocol such as HTTPS, to perform a user authentication process 515 with the server 550 as discussed above via the processes of Figs. 4A.1 and 4A.2. Once the user of the user device 502 is authenticated, the web client 550 forwards a request 542 for a key associated with the identity of the user to a secure objects server 520, generally akin to the security module 302. The secure objects server 520 operates to generate at least one unique key 524 for each file (data object) that is to be encrypted. The keys may be pre-generated and stored within the server 520, or generated on-the-fly on receipt of each request 542. The key 524 is linked 526 to the specific identity of the user 522 as authenticated by the web client server 550. The link 526 may further specify an access permission to be associated with a secure object formed using the linked key. Such access permission can then be used for decryption, by associating the key with the encrypted data. The secure objects server 520 then returns 544 the key 524 via the web client server 550 and the communications network to the browser application 504 within the user device 502. [0083] With the key 524, the now authenticated user operating the user device 502 can, via the browser application 504 and an application program downloaded from the web client server 550 and executable within the browser 504, encrypt the file 506 to form an encrypted file (a secure data object). The application program may for example be configured according to any one of a number of formats such as JavaTM apples, JavaScript T M libraries, embedded FlashTM objects, or Silverlight

TM

. The application program may be downloaded from the web client 550 alongside the keys, or simply at the time of authentication, expecting that some encryption/decryption operation is to follow. The encrypted file may be saved locally within the device 502, for example to the disk drive 108 or to a portable memory device (not illustrated), such as USB memory or CD ROM. Such portable memory may be provided to a third party for subsequent decryption. The encrypted file may also be communicated to other third party users connected to the network 510 via an email or other mode of communication outside the scope of the system formed by the web client 550 and the browser application 504. In the illustrated example, the encrypted file is uploaded 546 from the browser 504 via the communications network 510 and the web client server 550, and stored 548 in a file vault /storage 530, akin to the storage module 304, as an encrypted file 532. The encrypted file 532 is then regarded as securely stored and accessible via the web client server 550 to either the original user, or an authorised recipient user. [0084] On closing the browser application 504, information associated with the encryption and storage exchanges under the HTTPS communications is deleted from the user - 17 device 502 thereby leaving a zero footprint of data that could otherwise be used to gain access to and/or decrypt the encrypted file 532. The location and identification of the encrypted file 532 may be recorded in the web client server 550. [0085] As noted above, typically the cryptographic program is provided by the web client 550 with each associated HTTPS web session performed by the browser application 504. Alternatively, upon an initial (first) occasion authentication of the user of the user device 502, the web client 550 may be configured to download to the user device 502 an appropriate application program that may remain resident on disk drive 108 of the user device 502 and which may be accessed by the browser 504 for cryptographic operations. [0086] For access purposes, the original user or a third party authorised recipient thereof, can access the encrypted file 532 by a generally complementary process. Specifically, the user of the device 502 (or an authorised user with any such device) enables a browser application 504 and performs an authentication procedure 515 via the web client server 550 to authenticate the user. With knowledge of the encrypted file to access and where such is stored in the file vault 530, as input via the browser 504, the web client server 550 requests 542 the key 524 associated with the encrypted file 532 from the secure object server 520. This functionality arises through consideration of the access permission discussed above that is associated with the stored encrypted file and with which the present user has possession. The key 524 is retrieved and returned 544 via the server 550 to the browser 504. As a consequence of the same request, the web client server 550 can also request the retrieval 550 of the encrypted file 532 from the file vault 530 whereupon such is also downloaded 552 to the browser 504. The provision of the key 524 and encrypted file 532 may be in concert with provision of an application program executable within the browser 504 as discussed above to perform the necessary decryption function using the key 524 and the encrypted file 532 to deliver or otherwise make available the unencrypted file 506 to the user of the device 502. [0087] In this exemplary implementation, the keys and the encrypted files are communicated using HTTPS, SSH or S-HTTP for example to thereby avoid transfer of the key 524 at least in the clear over a public network, such as the Internet. The web client server 550 also manages the various transactions thereby providing for delivery of keys and encrypted files to authenticated and authorised users, as for example using specific distribution criteria established by the original user of the encrypted file 532.

- 18 [0088] It is noted that the key to decrypt the data is associated to the data itself, not the user. In other words, if user A encrypts data for users B and C, both users B and C will use the same key, which most often is the key that was used to create the encrypted data. Accordingly, whilst the keys are linked to authenticated users, the keys must nevertheless be associated with the data encrypted with them to enable subsequent access. [0089] Figure 6 shows a system 600 similar to that of Figure 5 where like components and functions are indicated by reference numerals increased by the value of 100. The system 600 differs from the system 500 by the absence of the server hosted web client 550 and by the connection of each of the secure objects server 620 and file vault 630 directly to the network 610. In the system 600, the authentication procedure 615 occurs between the browser application 604 and the secure objects server 620 via the network 610, and those specific authentication and other processes previously performed by the web client 550 are implemented in the secure objects server 620. In other respects the system 600 operates in the same manner as the system 500. [0090] The system 500 in this is well suited to a third-party provider of secure object services by which the secure transfer and storage of files may be performed under a fee for-service type arrangement without a specific need for the licensing of services and the like, which are otherwise delivered via the web client 550, typically during each and every browsing session to a user device 502. This arrangement is also well suited to large storage vault situations where the three servers 550, 520 and 523 may be configured on a private network in a physically secured environment. [0091] The system 600 is suited to where individual users and/or organisations routinely utilise secure objects for the communication of data objects. Here the communications network 610 may be a local network within a corporation or government department which may couple to a wide network (e.g. the Internet or World Wide Web) via a firewall device. Alternatively, the network 610 may be the Internet or World Wide Web. The system 600 also has the feature of never having the keys and data together on the server side which enforces the no single point of attack security feature. That is, to compromise multiple users, an attacker needs to hack more than one system to succeed. [0092] In the each of the systems 500 and 600, the secure objects server 520/620 is configured as a trusted server usually in a physically and data secure environment. By contrast, the other devices within the systems, including particularly the file vault 530/630 - 19 are essentially "untrusted" in that the data desired to be protected is indeed cryptographically protected at all times during communication or provision across the systems 500/600. [0093] The arrangements of Figures 3, 4, 5 and 6 are characterised by all encryption and decryption of files occurring on the user device 502/602 within a browser application such that on termination of the browser, no residual data associated with the cryptographic processes remain in the system 500/600 other than in the secure object server 520/620. [0094] In the systems 500/600, the same key 524/624 is typically used for both encryption and decryption. Alternatively, the arrangements may be implemented with asymmetric or dual keys such that an encryption key is used only for encrypting the file 506/606 to form the encrypted file 532/632, and a different but complementary decryption key is used upon retrieval of the encrypted file 532/632 to perform the decryption in the browser 504/604. [0095] A further advantage of the system 600 is that the file vault/storage module 630 need not necessarily reside in a physically secured location since no information associated with either the encryption or decryption of the encrypted file 632 is retained in the location 630. Thus the vault location 630 may be associated with high bandwidth communications channels whereas the secure objects server 620, because of comparatively reduced communications loads, limited generally to requests, authentications and keys, need only be associated with generally lower bandwidth channels. Further, a single secure objects server 620 is potentially easier to physically secure than potentially a significantly sized file vault 630. The system 600 in this regard offers a distinct security advantage over the system 500. [0096] In the system 600, the combination of the secure objects server 620 and the file vault 630 form a secured data system in which the specific data is secured during any communication about the system 600. The system 500 additionally includes the web client 550 as part as the secured data system. [0097] It should be appreciated that, as used herein, including in the claims, the term "browser" (or "web browser" or "browser application") refers to any software program or mechanism that renders encoded documents in a form suitable for presentation (e.g., display). The term "browser" (or "web browser") is not limited to any particular implementation of browser. A browser may be a standalone application or may be implemented as part of another application. A browser may be implemented in software - 20 or hardware or combination thereof. Thus, e.g., a browser may be implemented as part of a word processing system, an email system, or the like. I t should further be appreciated that a browser is not limited by the encodings which it is able to render or by the manner in which it presents or otherwise renders encoded information. It should also be appreciated that a browser is not limited by the manner in which it communicates with other components or entities or by the protocol(s) used for such communications. [0098] It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand-alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and "computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described. [0099] It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the arrangements described without departing from the spirit or scope of the invention as broadly described. The arrangements are, therefore, to be considered in all respects as illustrative and not restrictive. [00100] Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated. [00101] The arrangements described with reference to the Figures can be implemented to operate with any form of communication network operating with any type of communication protocol. Generally, where the underlying communication network or communication protocol includes additional routines, functionalities, infrastructure or packet formats, the skilled person will understand that the implementations described with reference to the Figures may be modified or optimized for operation with these additional routines, functionalities, infrastructure or packet formats.

Claims (19)

1. A method of securing data, the method comprising: authenticating an identity of a user of a browser application executing on a user computing device with a secured data system remotely accessible to the user computing device via a communications network; forwarding to a security module of the secured data system, in response to a valid authentication of the user identity, a request for a key associated with the authenticated user identity; communicating at least one key from the security module to the browser application via the communications network, the key being associated with the authenticated user identity and an access permission; and one of: (a) (a-1) encrypting data at the user computing device via the browser application using the key received from the security module; and (a-2) providing the encrypted data for access by a third party; and (b) (b-1) receiving encrypted data at the user computing device; and (b-2) decrypting the encrypted data at the user computing device via the browser application using the key and the access permission received from the security module to make the data available at the user computing device.

2. A method according to claim 1, further comprising communicating to the browser application a program executable within the browser application for encrypting/decrypting the data using the key.

3. A method according to claim 2, wherein communications between the browser of the user computing device and at least the security module is via secured communications established between those devices, such that each of the authentication, the keys and the program are communicated via the secured communications.

4. A method according to claim 1, wherein the providing of the encrypted data for access by a third party comprises storing the encrypted data in a storage module of the secured data system and recording an identification and location of the encrypted data in the secured data system.

5. A method according to claim 4 wherein the secured data system optionally further comprises a web server coupled to the communications network and to which at least one of the security module and storage module are operatively coupled. - 22

6. A method operable within a server coupled to a communications network for securing data, the method comprising: authenticating an identity of a user of a browser application executing on a user computing device remotely accessible to the server via the communications network; receiving, via the communications network at a security module of the server in response to a valid authentication of the user identity, a request for a key associated with the authenticated user identity; communicating at least one key from the security module of the server to the browser application via the communications network, the key being associated within the security module with the authenticated user identity and an access permission; and one of: (a) recording in the security module at least an identification of encrypted data encrypted at the user computing device via the browser application using the key received from the security module and the access permission; and (b) providing to the browser application at the user computing device the key and the access permission to at least identify encrypted data to be decrypted using the browser at the user computing device to make data available at the user computing device.

7. A method according to claim 6 further comprising communicating from the server to the browser application a program executable within the browser application for at least one of encrypting data or decrypting the encrypted data using the key.

8. A method according to claim 7 wherein communications between the browser of the user computing device and at least the server is via secured communications established between those devices, such that each of the authentication, the keys and the program are communicated via the secured communications.

9. A method according to claim 6 wherein the encrypted data is transmitted via the communications network and stored in a storage location accessible via the communications network, the access permission associated being recorded in association with the key by which encryption occurred and with which decryption is performed.

10. A method according to claim 9 wherein the server optionally comprises a web client server and a security module, the web client server coupling the security module and a storage module to the communications network, the storage module including the storage location. - 23

11. A method, operable in a browser application executable on a user computing device, for encrypting data, the method comprising: authenticating an identity of a user of the browser application executing on the user computing device with a secured data system remotely accessible to the user computing device via a communications network; forwarding to a security module of the secured data system, in response to a valid authentication of the user identity, a request for a key associated with the authenticated user identity; receiving at the browser application from the security module via the communications network at least one key, the key being associated with the authenticated user identity; encrypting data at the user computing device via the browser application using the key received from the security module; and providing the encrypted data for access by a third party.

12. A method according to claim 11 wherein the providing comprises transmitting the encrypted data from the browser via the communications network for storage at a storage location accessible by the third party.

13. A method according to claim 11 further comprising communicating to the browser application a program executable within the browser application for encrypting the data using the key.

14. A method, operable in a browser application executable on a user computing device, for decrypting data, the method comprising: authenticating an identity of a user of the browser application executing on the user computing device with a secured data system remotely accessible to the user computing device via a communications network; forwarding to a security module of the secured data system, in response to a valid authentication of the user identity, a request for a key associated with the authenticated user identity; receiving at the browser application from the security module via the communications network at least one key, the key being associated with the authenticated user identity and an access permission for encrypted data; receiving the encrypted data at the user computing device pursuant to the access permission; and decrypting the encrypted data at the user computing device via the browser - 24 application using the key received from the security module to make the data available at the user computing device.

15. A method according to claim 14 wherein the receiving of the encrypted data comprises receiving at the browser the encrypted data from a storage location accessible via the communications network.

16. A method according to claim 14 further comprising communicating to the browser application a program executable within the browser application for encrypting the data using the key.

17. A method according to claim 13 or 16 wherein communications between the browser of the user computing device and at least the security module is via secured communications established between those devices, such that each of the authentication, the keys, the access permission and the program are communicated via the secured communications.

18. A system for secured data communications, said system comprising: a user computing device executing a browser application; a server computer executing a security module; a communications network coupling the user computing device to the server computer; a storage location accessible to each of the server computer and the user computing device via the communications network; an authentication procedure via which an identity of a user of the browser application executing on the user computing device is authenticated with the security module; a key procedure operable in response to a valid authentication of the user identity for forwarding to the security module at least a request for a key associated with the authenticated user identity and by which at least one key is communicated from the security module to the browser application via the communications network, the key being associated with the authenticated user identity and an access permission; an encryption procedure by which data at the user computing device is encrypted via the browser application at the user computing device using the key received from the security module and the encrypted data is communicated via the communications network for storage at the storage location in association with the access permission; and a decryption procedure by which encrypted data received at the user computing - 25 device from the storage location via the communications network according to the access permission is decrypted at the user computing device via the browser application using the key received from the security module to make the data available at the user computing device.

19. A system according to claim 18 wherein the key procedure further provides a cryptographic program to the user computing device for use in the encrypting and decrypting, and the communications between the browser of the user computing device and at least the security module is via secured communications established between those devices, such that each of the authentication procedure, the key procedure, the access permission and the cryptographic program are communicated via the secured communications. Dated this 13 th day of February 2013 Cocoon Data Holdings Limited Patent Attorneys for the Applicant Spruson & Ferguson