GB2472491B - System and method for multilevel secure object management - Google Patents
System and method for multilevel secure object managementInfo
- Publication number
- GB2472491B GB2472491B GB1012190.3A GB201012190A GB2472491B GB 2472491 B GB2472491 B GB 2472491B GB 201012190 A GB201012190 A GB 201012190A GB 2472491 B GB2472491 B GB 2472491B
- Authority
- GB
- United Kingdom
- Prior art keywords
- broker
- consumer
- producer
- key generation
- registers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
- H04L63/064—Hierarchical key distribution, e.g. by multi-tier trusted parties
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Abstract
The invention discloses a system for the distribution of secure containers comprising multiple elements each encrypted with a key derived from the access policy for that element. A container producer 100 registers with a broker 101 and exchanges a key generation secret. The producer broker then handles the checking of access policies and issuing of decryption keys to consumers 102. The consumer 102 registers with a further broker 103. This consumer broker may act as a common authentication and access point for the consumer, avoiding the need to authenticate with multiple brokers and keeping sensitive information in one place. The producer broker may pass the key generation secret to the consumer broker and delegate key generation, subject to trust limitations. Brokers may handle payment and billing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1012190.3A GB2472491B (en) | 2009-02-06 | 2009-02-06 | System and method for multilevel secure object management |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0902029.8A GB2467580B (en) | 2009-02-06 | 2009-02-06 | System and method for multilevel secure object management |
GB1012190.3A GB2472491B (en) | 2009-02-06 | 2009-02-06 | System and method for multilevel secure object management |
Publications (3)
Publication Number | Publication Date |
---|---|
GB201012190D0 GB201012190D0 (en) | 2010-09-08 |
GB2472491A GB2472491A (en) | 2011-02-09 |
GB2472491B true GB2472491B (en) | 2013-09-18 |
Family
ID=42752533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1012190.3A Active GB2472491B (en) | 2009-02-06 | 2009-02-06 | System and method for multilevel secure object management |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2472491B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10630686B2 (en) | 2015-03-12 | 2020-04-21 | Fornetix Llc | Systems and methods for organizing devices in a policy hierarchy |
US10713077B2 (en) | 2017-01-26 | 2020-07-14 | Semper Fortis Solutions, LLC | Multiple single levels of security (MSLS) in a multi-tenant cloud |
US10742689B2 (en) | 2013-10-07 | 2020-08-11 | Fornetix Llc | System and method for encryption key management, federation and distribution |
US10860086B2 (en) | 2016-02-26 | 2020-12-08 | Fornetix Llc | Policy-enabled encryption keys having complex logical operations |
US10880281B2 (en) | 2016-02-26 | 2020-12-29 | Fornetix Llc | Structure of policies for evaluating key attributes of encryption keys |
US10917239B2 (en) | 2016-02-26 | 2021-02-09 | Fornetix Llc | Policy-enabled encryption keys having ephemeral policies |
US10931653B2 (en) | 2016-02-26 | 2021-02-23 | Fornetix Llc | System and method for hierarchy manipulation in an encryption key management system |
US10965459B2 (en) | 2015-03-13 | 2021-03-30 | Fornetix Llc | Server-client key escrow for applied key management system and process |
US11063980B2 (en) | 2016-02-26 | 2021-07-13 | Fornetix Llc | System and method for associating encryption key management policy with device activity |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019206524A1 (en) * | 2018-04-25 | 2019-10-31 | British Telecommunications Public Limited Company | Data message sharing |
US11451387B2 (en) | 2018-05-24 | 2022-09-20 | British Telecommunications Public Limited Company | Cryptographic key generation and storage |
WO2019223980A1 (en) | 2018-05-24 | 2019-11-28 | British Telecommunications Public Limited Company | Cryptographic key generation using multiple random sources |
WO2021099561A1 (en) * | 2019-11-21 | 2021-05-27 | Inventio Ag | Method for secure data communication in a computer network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002001271A1 (en) * | 2000-06-29 | 2002-01-03 | Koninkl Philips Electronics Nv | Multiple encryption of a single document providing multiple level access privileges |
US6598161B1 (en) * | 1999-08-09 | 2003-07-22 | International Business Machines Corporation | Methods, systems and computer program products for multi-level encryption |
US20040133785A1 (en) * | 2002-11-07 | 2004-07-08 | Masami Kugai | Content utilizing method |
US20050039031A1 (en) * | 2003-01-31 | 2005-02-17 | Mont Marco Casassa | Privacy management of personal data |
EP2015214A2 (en) * | 1995-02-13 | 2009-01-14 | Intertrust Technologies Corp | Systems and methods for secure transaction management and electronic rights protection |
-
2009
- 2009-02-06 GB GB1012190.3A patent/GB2472491B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2015214A2 (en) * | 1995-02-13 | 2009-01-14 | Intertrust Technologies Corp | Systems and methods for secure transaction management and electronic rights protection |
US6598161B1 (en) * | 1999-08-09 | 2003-07-22 | International Business Machines Corporation | Methods, systems and computer program products for multi-level encryption |
WO2002001271A1 (en) * | 2000-06-29 | 2002-01-03 | Koninkl Philips Electronics Nv | Multiple encryption of a single document providing multiple level access privileges |
US20040133785A1 (en) * | 2002-11-07 | 2004-07-08 | Masami Kugai | Content utilizing method |
US20050039031A1 (en) * | 2003-01-31 | 2005-02-17 | Mont Marco Casassa | Privacy management of personal data |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10742689B2 (en) | 2013-10-07 | 2020-08-11 | Fornetix Llc | System and method for encryption key management, federation and distribution |
US11503076B2 (en) | 2013-10-07 | 2022-11-15 | Fornetix Llc | System and method for encryption key management, federation and distribution |
US10630686B2 (en) | 2015-03-12 | 2020-04-21 | Fornetix Llc | Systems and methods for organizing devices in a policy hierarchy |
US11470086B2 (en) | 2015-03-12 | 2022-10-11 | Fornetix Llc | Systems and methods for organizing devices in a policy hierarchy |
US10965459B2 (en) | 2015-03-13 | 2021-03-30 | Fornetix Llc | Server-client key escrow for applied key management system and process |
US11924345B2 (en) | 2015-03-13 | 2024-03-05 | Fornetix Llc | Server-client key escrow for applied key management system and process |
US10860086B2 (en) | 2016-02-26 | 2020-12-08 | Fornetix Llc | Policy-enabled encryption keys having complex logical operations |
US10931653B2 (en) | 2016-02-26 | 2021-02-23 | Fornetix Llc | System and method for hierarchy manipulation in an encryption key management system |
US11063980B2 (en) | 2016-02-26 | 2021-07-13 | Fornetix Llc | System and method for associating encryption key management policy with device activity |
US10917239B2 (en) | 2016-02-26 | 2021-02-09 | Fornetix Llc | Policy-enabled encryption keys having ephemeral policies |
US10880281B2 (en) | 2016-02-26 | 2020-12-29 | Fornetix Llc | Structure of policies for evaluating key attributes of encryption keys |
US11537195B2 (en) | 2016-02-26 | 2022-12-27 | Fornetix Llc | Policy-enabled encryption keys having complex logical operations |
US11700244B2 (en) | 2016-02-26 | 2023-07-11 | Fornetix Llc | Structure of policies for evaluating key attributes of encryption keys |
US11775327B2 (en) | 2017-01-26 | 2023-10-03 | Semper Fortis Solutions, LLC | Multiple single levels of security (MSLS) in a multi-tenant cloud |
US10713077B2 (en) | 2017-01-26 | 2020-07-14 | Semper Fortis Solutions, LLC | Multiple single levels of security (MSLS) in a multi-tenant cloud |
Also Published As
Publication number | Publication date |
---|---|
GB201012190D0 (en) | 2010-09-08 |
GB2472491A (en) | 2011-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2472491B (en) | System and method for multilevel secure object management | |
US10523644B2 (en) | System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key | |
WO2007125486A3 (en) | Improved access to authorized domains | |
CN106063182B (en) | Electric endorsement method, system and equipment | |
Louk et al. | Homomorphic encryption in mobile multi cloud computing | |
CN109479001A (en) | Exit passageway is established | |
WO2010141501A3 (en) | Purchase transaction system with encrypted payment card data | |
CN102594824A (en) | Security electronic document distribution method based on multiple security protection mechanisms | |
CA2714196A1 (en) | Information distribution system and program for the same | |
US20090315686A1 (en) | Rfid tag using encrypted value | |
CN101304569A (en) | Mobile authentication system based on intelligent mobile phone | |
Mylrea | AI enabled blockchain smart contracts: Cyber resilient energy infrastructure and IoT | |
CN102542645B (en) | A kind of entrance guard authentication method and Verification System | |
Kadam et al. | Security issues in cloud computing | |
Shahgholi et al. | A new soa security framework defending web services against wsdl attacks | |
KR102055888B1 (en) | Encryption and decryption method for protecting information | |
Hardjono | Future Directions for Regulated Private Wallets and VASP Trust Infrastructures | |
US20150082023A1 (en) | Aggregator Node, Method for Aggregating Data, and Computer Program Product | |
CN109558702A (en) | A kind of digitized content guard method and device | |
Upadhyaya et al. | Deployment of secure sharing: Authenticity and authorization using cryptography in cloud environment | |
CN109961290A (en) | A kind of user information safety management method based on block chain technology | |
Pooja et al. | Privacy Preserved Effective Bill Collection System Using Blockchain | |
CN107748846A (en) | A kind of management method for protecting consumer privacy information under express delivery system of real name | |
Ghiţă et al. | A new DRM architecture based on mobilel code and white-box encryption | |
Phu et al. | Encryption Algorithm Selection to Protect IoT Devices from Local Network Attacking using Analytic Network Process and BCR Model |