GB2472491B - System and method for multilevel secure object management - Google Patents

System and method for multilevel secure object management

Info

Publication number
GB2472491B
GB2472491B GB1012190.3A GB201012190A GB2472491B GB 2472491 B GB2472491 B GB 2472491B GB 201012190 A GB201012190 A GB 201012190A GB 2472491 B GB2472491 B GB 2472491B
Authority
GB
United Kingdom
Prior art keywords
broker
consumer
producer
key generation
registers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1012190.3A
Other versions
GB201012190D0 (en
GB2472491A (en
Inventor
Adrian Waller
Glyn Jones
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales Holdings UK PLC
Original Assignee
Thales Holdings UK PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales Holdings UK PLC filed Critical Thales Holdings UK PLC
Priority to GB1012190.3A priority Critical patent/GB2472491B/en
Priority claimed from GB0902029.8A external-priority patent/GB2467580B/en
Publication of GB201012190D0 publication Critical patent/GB201012190D0/en
Publication of GB2472491A publication Critical patent/GB2472491A/en
Application granted granted Critical
Publication of GB2472491B publication Critical patent/GB2472491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • H04L63/064Hierarchical key distribution, e.g. by multi-tier trusted parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Abstract

The invention discloses a system for the distribution of secure containers comprising multiple elements each encrypted with a key derived from the access policy for that element. A container producer 100 registers with a broker 101 and exchanges a key generation secret. The producer broker then handles the checking of access policies and issuing of decryption keys to consumers 102. The consumer 102 registers with a further broker 103. This consumer broker may act as a common authentication and access point for the consumer, avoiding the need to authenticate with multiple brokers and keeping sensitive information in one place. The producer broker may pass the key generation secret to the consumer broker and delegate key generation, subject to trust limitations. Brokers may handle payment and billing.
GB1012190.3A 2009-02-06 2009-02-06 System and method for multilevel secure object management Active GB2472491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1012190.3A GB2472491B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0902029.8A GB2467580B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management
GB1012190.3A GB2472491B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management

Publications (3)

Publication Number Publication Date
GB201012190D0 GB201012190D0 (en) 2010-09-08
GB2472491A GB2472491A (en) 2011-02-09
GB2472491B true GB2472491B (en) 2013-09-18

Family

ID=42752533

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1012190.3A Active GB2472491B (en) 2009-02-06 2009-02-06 System and method for multilevel secure object management

Country Status (1)

Country Link
GB (1) GB2472491B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10713077B2 (en) 2017-01-26 2020-07-14 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud
US10742689B2 (en) 2013-10-07 2020-08-11 Fornetix Llc System and method for encryption key management, federation and distribution
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019206524A1 (en) * 2018-04-25 2019-10-31 British Telecommunications Public Limited Company Data message sharing
US11451387B2 (en) 2018-05-24 2022-09-20 British Telecommunications Public Limited Company Cryptographic key generation and storage
WO2019223980A1 (en) 2018-05-24 2019-11-28 British Telecommunications Public Limited Company Cryptographic key generation using multiple random sources
WO2021099561A1 (en) * 2019-11-21 2021-05-27 Inventio Ag Method for secure data communication in a computer network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002001271A1 (en) * 2000-06-29 2002-01-03 Koninkl Philips Electronics Nv Multiple encryption of a single document providing multiple level access privileges
US6598161B1 (en) * 1999-08-09 2003-07-22 International Business Machines Corporation Methods, systems and computer program products for multi-level encryption
US20040133785A1 (en) * 2002-11-07 2004-07-08 Masami Kugai Content utilizing method
US20050039031A1 (en) * 2003-01-31 2005-02-17 Mont Marco Casassa Privacy management of personal data
EP2015214A2 (en) * 1995-02-13 2009-01-14 Intertrust Technologies Corp Systems and methods for secure transaction management and electronic rights protection

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2015214A2 (en) * 1995-02-13 2009-01-14 Intertrust Technologies Corp Systems and methods for secure transaction management and electronic rights protection
US6598161B1 (en) * 1999-08-09 2003-07-22 International Business Machines Corporation Methods, systems and computer program products for multi-level encryption
WO2002001271A1 (en) * 2000-06-29 2002-01-03 Koninkl Philips Electronics Nv Multiple encryption of a single document providing multiple level access privileges
US20040133785A1 (en) * 2002-11-07 2004-07-08 Masami Kugai Content utilizing method
US20050039031A1 (en) * 2003-01-31 2005-02-17 Mont Marco Casassa Privacy management of personal data

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10742689B2 (en) 2013-10-07 2020-08-11 Fornetix Llc System and method for encryption key management, federation and distribution
US11503076B2 (en) 2013-10-07 2022-11-15 Fornetix Llc System and method for encryption key management, federation and distribution
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US11470086B2 (en) 2015-03-12 2022-10-11 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US11924345B2 (en) 2015-03-13 2024-03-05 Fornetix Llc Server-client key escrow for applied key management system and process
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US11537195B2 (en) 2016-02-26 2022-12-27 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US11700244B2 (en) 2016-02-26 2023-07-11 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US11775327B2 (en) 2017-01-26 2023-10-03 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud
US10713077B2 (en) 2017-01-26 2020-07-14 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud

Also Published As

Publication number Publication date
GB201012190D0 (en) 2010-09-08
GB2472491A (en) 2011-02-09

Similar Documents

Publication Publication Date Title
GB2472491B (en) System and method for multilevel secure object management
US10523644B2 (en) System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key
WO2007125486A3 (en) Improved access to authorized domains
CN106063182B (en) Electric endorsement method, system and equipment
Louk et al. Homomorphic encryption in mobile multi cloud computing
CN109479001A (en) Exit passageway is established
WO2010141501A3 (en) Purchase transaction system with encrypted payment card data
CN102594824A (en) Security electronic document distribution method based on multiple security protection mechanisms
CA2714196A1 (en) Information distribution system and program for the same
US20090315686A1 (en) Rfid tag using encrypted value
CN101304569A (en) Mobile authentication system based on intelligent mobile phone
Mylrea AI enabled blockchain smart contracts: Cyber resilient energy infrastructure and IoT
CN102542645B (en) A kind of entrance guard authentication method and Verification System
Kadam et al. Security issues in cloud computing
Shahgholi et al. A new soa security framework defending web services against wsdl attacks
KR102055888B1 (en) Encryption and decryption method for protecting information
Hardjono Future Directions for Regulated Private Wallets and VASP Trust Infrastructures
US20150082023A1 (en) Aggregator Node, Method for Aggregating Data, and Computer Program Product
CN109558702A (en) A kind of digitized content guard method and device
Upadhyaya et al. Deployment of secure sharing: Authenticity and authorization using cryptography in cloud environment
CN109961290A (en) A kind of user information safety management method based on block chain technology
Pooja et al. Privacy Preserved Effective Bill Collection System Using Blockchain
CN107748846A (en) A kind of management method for protecting consumer privacy information under express delivery system of real name
Ghiţă et al. A new DRM architecture based on mobilel code and white-box encryption
Phu et al. Encryption Algorithm Selection to Protect IoT Devices from Local Network Attacking using Analytic Network Process and BCR Model