WO2010076831A1 - Stockage sûr à distance de documents numériques avec garantie de confidentialité - Google Patents

Stockage sûr à distance de documents numériques avec garantie de confidentialité Download PDF

Info

Publication number
WO2010076831A1
WO2010076831A1 PCT/IT2008/000820 IT2008000820W WO2010076831A1 WO 2010076831 A1 WO2010076831 A1 WO 2010076831A1 IT 2008000820 W IT2008000820 W IT 2008000820W WO 2010076831 A1 WO2010076831 A1 WO 2010076831A1
Authority
WO
WIPO (PCT)
Prior art keywords
document
server
local computer
connection
remote
Prior art date
Application number
PCT/IT2008/000820
Other languages
English (en)
Inventor
Alberto Borciani
Original Assignee
Alberto Borciani
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alberto Borciani filed Critical Alberto Borciani
Priority to PCT/IT2008/000820 priority Critical patent/WO2010076831A1/fr
Priority to EP08876169A priority patent/EP2370927A1/fr
Publication of WO2010076831A1 publication Critical patent/WO2010076831A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention lies in the field of storage and protection of digital documents, with particular reference to remote management solutions.
  • data backup techniques i.e., activities aimed at duplicating on different memory media information that is present on the hard disk, so as to allow its recovery in case of malfunctions or tampering
  • traditional backup devices such as external hard disks, CDs, DVDs, USB pen drives
  • online backup services which allow to store one's data on suitable remote servers via an Internet connection, are becoming increasingly popular.
  • the advantages of online backup services are several: first of all, the data are physically in different locations with respect to the originals; moreover, they allow to access one's own data, with confidential credentials, from any station connected to the Internet, and facilitate the sharing of information among a plurality of users.
  • deletion is not sufficient: all the files that are present on any storage medium, even when they are deleted by using the "traditional" controls made available by the operating system, continue to leave traces on the disk: the deleted items are simply flagged as no longer present, and the occupied space is made available again, but until such files are overwritten, they can be restored by using suitable data recovery programs.
  • the aim of the present invention is to provide a system and a method for secure storing of documents that minimize the risks of third-party accessibility to private or confidential documents and at the same time allow immediate access to the owner of the documents or to authorized third parties.
  • an object of the present invention is to provide a new storage technique that is simple to apply and provide and can be integrated easily with existing hardware and software devices.
  • a system for storing documents which comprises means for selecting the document to be stored from a local computer, means for encrypting the document, means for connection between the local computer and a remote server and for saving
  • the means for connection between the local computer and the remote server comprise an Internet connection and preferably a connection via a secure communication channel, such as FTPS or HTTPS.
  • the means for deleting the document from the local computer comprise means for irreversible deletion of the document that are adapted to make it impossible to recover said document after its deletion by means of known methods.
  • a method for remote management of digital documents comprises the steps that consist in: selecting a document to be transferred from a local computer to a server; encrypting said document; establishing a connection between said local computer and said server and transmitting the document to the remote computer; deleting said document from said local computer.
  • Figure 1 is a block diagram related to the architecture of the system according to the present invention.
  • Figure 2 is a block diagram that illustrates in greater detail an aspect of the architecture of the system according to the present invention
  • Figure 3 is a block diagram that illustrates in greater detail another aspect of the architecture of the system according to the present invention.
  • Figure 4 is a flowchart that illustrates an embodiment of the method for storing a document according to the present invention
  • Figure 5 is a flowchart that illustrates an alternative embodiment of the method for storing a document according to the present invention
  • Figure 6 is a flowchart that illustrates an embodiment of the method for sending an e-mail message according to the present invention
  • Figure 7 is a flowchart that illustrates an embodiment of the method for sending an e-mail message with an attachment according to the present invention.
  • Figure 1 illustrates an architecture of the client-server type, which comprises a plurality of client computers 10, 1 1 , 12, 13 and 14, which are connected via respective communication channels 4 to a computer network
  • client computer is understood to reference any electronic computer provided with a CPU, memory means and a display, such as electronic computers of the fixed type, electronic computers of the portable type, PDAs, hand-held devices and smartphones.
  • the network 5 in turn is connected by means of a communication channel 4' to a global server 50.
  • the computer network 5 and the communication channels 4 and 4' are provided in such a manner as to establish a secure connection between the client computers 10-14 and the global server 50.
  • the network 5 can be the
  • Internet and the communication channels 4 and 4' can be provided by means of a secure connection, for example a connection that uses HTTPS or FTPS transmission protocols or in any case encrypted protocols, even proprietary ones.
  • the network can also be a Virtual Private Network or an equivalent network.
  • the clients 10- 14 represent any portable and non-portable electronic device that is adapted to establish a remote connection, either directly or by means of conventional gateways, to the global server 50, including fixed and portable personal computers, hand-held devices and smartphones.
  • each one of the clients 10, 1 1 , 12, 13 and 14 in Figure 1 represents a possible configuration of a user device on the client side according to the present invention, illustrated merely by way of example.
  • the client 10 comprises a storage device 20 according to the present invention and memory means 40, such as volatile memory and mass storage means, for example a hard disk, memory cards or USB pen drives.
  • the client 1 1 in addition to the storage device 20 and the memory means 40, also comprises an e-mail client or a secure e-mail management device 30 according to the present invention.
  • Such secure e-mail management device 30 can be installed or be present in a client computer 10-14 as an alternative to, or in addition to, one of the known e-mail management programs 31 , such as for example Microsoft OutlookTM or Mozilla ThunderbirdTM.
  • the client computer 12 comprises only the secure e-mail management device 30, the client computer 13 comprises the storage device 20, the secure e-mail management device 30 according to the invention and a conventional e-mail program 31 , while the client computer 14 comprises only a conventional e-mail program 31.
  • the global server 50 comprises a remote document storage system 51 according to the present invention and a remote e-mail storage system 52 according to the present invention.
  • the global server 50 further comprises, or has access to, means for storing documents 60 and means for storing e-mail 61 , within which separate storage areas 70 and 71 for each user are shown.
  • the e-mail storage means can further comprise a lookup table 72 or the like.
  • the table 72 can contain an association between the public e-mail addresses of users and other information, such as their private addresses and their encryption keys, as will become better apparent hereafter.
  • Figure 2 is a view, in greater detail, of the architecture of the system according to the invention, which comprises the storage device 20 and the remote document storage system 51 of Figure 1.
  • the storage device 20 can comprise a selection module 21 , an encryption module 22, a connection module 23 and a deletion module 24.
  • the storage device 20 can also comprise a splitter module 25.
  • the encryption module 22 comprises means for encrypting a document, which can implement any one of the known encryption algorithms.
  • the encryption module 22 uses a private-key symmetric encryption algorithm, such as DES (Data Encryption Standard) or AES (Advanced Encryption Standard), as known in the background art, but can also use any encryption algorithm of an asymmetric type.
  • DES Data Encryption Standard
  • AES Advanced Encryption Standard
  • the encryption module 22 can also use encryption algorithms of the asymmetric type and require the entry of a password or of an alphanumeric key.
  • the encryption module 22 can perform sequentially multiple encryption algorithms, including repetitions of a same algorithm at successive times. Each one of these algorithms can require its own encryption key that is different from the key related to the other algorithms used in the sequence. The case is also considered in which the encryption key for an algorithm in the encryption sequence is in turn encrypted by means of another algorithm.
  • the deletion module 24 can comprise means for the irreversible deletion of documents, so as to not allow recovery of deleted documents by using conventional programs for recovering deleted files.
  • the means for secure deletion can implement so-called wiping algorithms, i.e., algorithms which, by overwriting data in one or more passes, make it impossible to retrieve the deleted information.
  • the deletion means use the "pseudorandom" algorithm with 7 overwriting passes or the US DoD 5220.22. M algorithm with 7 overwriting passes.
  • the storage device 20 is preferably a software program, which can be delivered on a client computer 10, 1 1 or 13 in a plurality of ways. For example, it can be stored on a mass storage medium and installed, or it can be downloaded from an Internet site. The program can be downloaded onto a number of computers or a number of times onto the same computer. The program may also not reside permanently on the client computer but might be downloaded at each connection or be embedded in a web page.
  • the remote storage system 51 can comprise a connection module 53, an authentication module 54 and a transfer module 55.
  • connection module 53 can comprise means of a known type for the interfacing with the connection module 23 of a client computer 10-14, in order to establish and maintain a secure connection between the client and the server.
  • connection module 53 comprises means for providing an FTPS or HTTPS connection, or in any case a connection of the encrypted type, even a proprietary one.
  • the authentication module 54 can comprise means for user access to their own private storage area 70, preferably, the authentication module 54 implements one of the known authentication protocols, for example of the type with entry of a personal password and user name.
  • the transfer module 55 can comprise means for uploading and downloading files from a client computer 10-14 to the user's personal area.
  • Figure 3 illustrates in greater detail the architecture of the secure e- mail management device 30 according to the invention and the remote e- mail storage system 52 of Figure 1.
  • the secure e-mail management device 30 can comprise an encryption module 22', a connection module 23 and a deletion module 24'.
  • the secure e-mail management device 30 is preferably a software program, which comprises means for providing the traditional functions of an e-mail program, such as the creation of messages, searching and sorting within messages, and so forth.
  • the encryption module 22' comprises means for encrypting a message, which implement one of the known encryption algorithms, preferably a public-key asymmetric encryption algorithm, such as for example RSA, OpenPGP or S-MIME.
  • a public-key asymmetric encryption algorithm such as for example RSA, OpenPGP or S-MIME.
  • communication occurs exclusively with the remote e-mail storage system 52, so that the only public key that has to be stored by the e-mail client 30 is the key of the remote e-mail storage system 52; the remote e-mail storage system 52 will handle the encryption of the messages with the public keys of the actual recipients of an e-mail message.
  • the deletion module 24 * comprises means that are similar to those of the deletion module 24, extended so that when the secure e-mail management device 30 closes, or on command of the user even while the program is open, all sent or received messages and/or the associated attachments are deleted, preferably in a secure manner as understood above.
  • the remote e-mail storage system 52 can comprise a connection module 53, an authentication module 54, a transfer module 55, an encryption module 56 and a routing module 57.
  • connection module 53 can comprise known means for interfacing with the connection module 23 of the client computer 10-14 in order to establish and maintain a secure connection between the client and the server, and comprises for example means for providing a connection with FTPS or HTTPS protocol.
  • the authentication module 54 can comprise means for user access to their own private storage area 70; preferably, the authentication module 54 implements one of the known authentication protocols, for example of the type with entry of personal username and password.
  • the transfer module 55 can comprise means for sending and receiving e-mail messages from a client computer 10-14 to the global server 50.
  • the encryption module 56 can comprise means for decrypting the encrypted messages received by the server 50 by using the public key of a client computer 10- 14 as supplied to the server 50, means for finding in the lookup table 72 the public key of the client/recipient 10- 14, and means for encrypting the message with such public key.
  • the routing module 57 can comprise means for identifying in the message the public address of the recipient, means for finding in the lookup table 72 the private address of the recipient, means for storing the message in the confidential area 71 or for sending the message to the client.
  • step 100 the selection module 21 of the storage device 20 of a client computer 10, 1 1 or 13 selects from the memory means 40 a digital document to be stored, this expression being used to reference any file, including compressed files and folders, or a plurality of files or folders.
  • step 1 10 the encryption module 22 encrypts the digital document selected in the preceding step by means of the selected encryption algorithm, by using a key of the alphanumeric type that is entered by the user or a private key of the user made available on the client.
  • the encryption module performs encryption by using the key defined at the current algorithm or current step.
  • connection module 23 establishes a secure connection 4, 4' with the remote document storage system 51 , by using for example an FTPS connection or an HTTPS connection.
  • step 130 the connection module 23 sends the document selected previously in step 100 and encrypted in step 1 10 over the secure connection established in step 120.
  • step 140 the deletion module 24 deletes securely the document from the memory means 40 by means of the selected wiping technique.
  • step 200 begins in a manner similar to what has been described with reference to Figure 4, in which the document to be stored is selected.
  • the splitter module 25 splits the document into a plurality of packets.
  • step 220 the method considers the i-th packet, then in steps 230,
  • the packet is encrypted, a connection to the server is established and the packet is sent to the server in a manner similar to what has been described in the corresponding steps of Figure 4.
  • step 220 in which it is established whether another packet to be sent exists: if there is, steps 230, 240 and 250 are repeated until the packets are finished; otherwise, after all the packets have been sent, the method performs a step 260 for irreversible deletion that is similar to the one described in Figure 4. As an alternative, deletion can be performed progressively as one packet has been sent successfully.
  • This embodiment has the advantage of minimizing the consecutive time period in which the connection to the server remains open and accordingly the risks of intrusion into the local computer. Moreover, it offers an additional protection to the stored document, since even in case of intrusion into the server the document, by being archived in packets, is unusable.
  • step 300 the e-mail management system 30 or 31 creates the message to be sent.
  • step 310 the e-mail management system encrypts the message by adopting a public-key encryption algorithm and by using the public key of the server 50 for encryption.
  • step 315 it is established whether the e-mail management system from which the message is being sent is a system according to the invention
  • step 320 in the first case, in step 320 the message is transferred to the server 50 via the channel 4, 4' and the secure connection described earlier; in the second case, in step 330 the message is sent as a normal e-mail message and received by the server 50, using communication channels and security measures used conventionally in the transmission of e-mail.
  • step 340 the e-mail management system 52 of the server 50 decrypts the message by using the private key of the server, then in step 350 it performs a search in the lookup table 72 to find the public key of the recipient.
  • step 360 the e-mail management system 52 encrypts the message by using such public key.
  • step 370 the e-mail management system 52 performs a search in the lookup table 72 to find the e-mail address of the recipient.
  • step 380 on the basis of the found address, the e-mail management system 52 establishes whether the recipient is of the internal type, i.e., has available a reserved area on the server 50, or of the external type. In the first case, in step 390 the system saves the message in the reserved area of the recipient, otherwise in step 400 the system sends the message by e-mail to the recipient.
  • step 300 the e-mail management system 30 or 31 creates the message to be sent.
  • step 305 the e-mail management system selects the document to be attached to the message.
  • step 310 the e-mail management system encrypts the message by using a public-key encryption algorithm and by using the public key of the server 50 for encryption.
  • step 312 the e-mail management system encrypts the attached document by using a public-key encryption algorithm and by using the public key of the server 50 for encryption.
  • step 315 it is established whether the system from which the message is being sent is an e-mail management system according to the invention 30 or a known type of e-mail management system 31 : in the first case, in step 320 the message is transferred to the server 50 via the channel 4, 4' and the secure connection described earlier; in the second case, in step 330 the message is sent as a normal e-mail message and received by the server 50.
  • step 340 the e-mail management system 52 decrypts the message by using the private key of the server, and in step 345 the e-mail management system 52 decrypts the attached document by using the private key of the server.
  • step 350 the e-mail management system 52 performs a search in the lookup table 72 to find the public key of the recipient and in step 360 it encrypts the message by using such public key.
  • step 370 the system 52 performs a search in the lookup table 72 to find the e-mail address of the recipient.
  • step 380 on the basis of the found address, the e-mail management system 52 establishes whether the recipient is of the internal type, i.e., has available a reserved area on said server, or of the external type, i.e., does not have an area of his own on said server.
  • the system 52 can store the attachment in the private area 70 of the recipient, insert in the e-mail message a link to the saved attachment (step 387) and save the message in the reserved area 71 of the recipient (step 390).
  • the system 52 sends, in step 400, both the message and the attachment by e-mail to the recipient.
  • the e-mail message and/or the corresponding attachment are stored in the reserved e-mail area 71 to be then copied or transferred, when requested by the authorized user, to the private area 70 of said user.
  • the messages sent by one user to another user are encrypted by using symmetric or asymmetric encryption algorithms, which are run by using personal keys that are known to the sender and the recipient and thus can also be unknown to the server 50.
  • the server 50 does not perform the steps described above with reference to the decryption of the message of the sender with its own key and to the new encryption of the message with the key of the recipient, but merely stores the message and/or its attachment in the reserved e-mail area 71 or, if present, also or alternately in the private area 70 of the recipient.
  • the recipient upon connection, works in the manners already described above to access and retrieve the information of interest to him.
  • the invention further comprises means for performing the download of stored files.
  • the document storage device 20 can connect to the server 50 by means of the network 5 and a secure connection 4, 4'.
  • the user is required to enter suitable credentials and, after recognition by the server, the user can thus access his own reserved area 70.
  • the user can now view all the stored documents and select the ones of interest.
  • the selected documents are downloaded onto the client computer 10, 1 1 or 13, where the document storage device 20 decrypts the file by means of the encryption module 22 and makes it available to the user.
  • each packet is downloaded and decrypted and then the splitter module 25 reassembles the original document according to the packets.
  • the system can comprise means for viewing received e-mail messages.
  • the e-mail management system 30 connects to the server 50 via the network 5 and the secure connection 4, 4'.
  • the user enters suitable credentials, accesses his own reserved area
  • the e-mail management system 30 decrypts the messages by means of the encryption module 22' and makes them available to the user.
  • the messages contain a link that activates the document storage device 20 and the attachment is downloaded from the reserved area 70 of the user in the manner described above.
  • the system according to the invention can be provided in a manner that is transparent for the user, activating it automatically on a given network volume or peripheral storage unit, for example by activating a so-called "service" in the operating system.
  • a service in the operating system.
  • dragging or copying a digital document, always understood as being one or more files, within the volume that has been mapped for secure use would activate automatically the secure remote storage procedure described above.
  • a user might define a volume, for example
  • the present invention achieves the intended aim and objects.
  • the system and the method thus conceived allow to overcome the qualitative limitations of the background art thanks to the fact that they allow secure storage of documents and simultaneously their irreversible deletion from a local computer, so as to make it impossible to access confidential documents in case of intrusion or theft of the computers or hand-held devices or smartphones of the user.
  • the documents to be stored might be compressed without losing information before sending to the server, so as to minimize the amount of band that is used.
  • a client module that applies the method described above not only to a single file but also to multiple files or folders simultaneously.
  • the system can be extended easily to a multi-user version, in which the stored documents are shared among a plurality of users.
  • inventive concept on which the present invention is based is independent of the actual implementation of the software modules, which can be provided in any language and on any hardware platform, as well as firmware that can be applied to modern electronic devices.
  • the secure e-mail management device 30 can also be provided as an e-mail module to access e-mail via the Web, in an execution mode known as "Webmail".
  • Webmail an execution mode
  • access to a dedicated web page would allow or begin the download of a plug-in for the navigation program used by the user, which, even transparently for the user, would then allow the management of his messages like traditional Webmail, with the advantages described above that derive from the use of the management modes according to the invention.
  • the encryption modes used by the server 50 can also comprise multiple steps or encryption algorithms that are performed in sequence, each option possibly requiring its own key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention porte sur un système de stockage de documents comprenant un moyen (21) pour sélectionner au moins un document devant être stocké à partir de l'ordinateur local (10-14), un moyen (22) pour crypter ledit document, un moyen (23) pour établir une connexion entre ledit ordinateur local (10-14) et un serveur à distance (50), un moyen (24) pour une suppression automatique dudit document à partir dudit ordinateur local (10-14).
PCT/IT2008/000820 2008-12-30 2008-12-30 Stockage sûr à distance de documents numériques avec garantie de confidentialité WO2010076831A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/IT2008/000820 WO2010076831A1 (fr) 2008-12-30 2008-12-30 Stockage sûr à distance de documents numériques avec garantie de confidentialité
EP08876169A EP2370927A1 (fr) 2008-12-30 2008-12-30 Stockage sûr à distance de documents numériques avec garantie de confidentialité

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IT2008/000820 WO2010076831A1 (fr) 2008-12-30 2008-12-30 Stockage sûr à distance de documents numériques avec garantie de confidentialité

Publications (1)

Publication Number Publication Date
WO2010076831A1 true WO2010076831A1 (fr) 2010-07-08

Family

ID=40793630

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2008/000820 WO2010076831A1 (fr) 2008-12-30 2008-12-30 Stockage sûr à distance de documents numériques avec garantie de confidentialité

Country Status (2)

Country Link
EP (1) EP2370927A1 (fr)
WO (1) WO2010076831A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020033838A1 (en) 2000-05-15 2002-03-21 Scott Krueger Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program
US20080177811A1 (en) 2007-01-22 2008-07-24 David Maxwell Cannon Method and system for policy-based secure destruction of data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020033838A1 (en) 2000-05-15 2002-03-21 Scott Krueger Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program
US20080177811A1 (en) 2007-01-22 2008-07-24 David Maxwell Cannon Method and system for policy-based secure destruction of data

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Digital File Shredder Pro -- Military and Professional Grade Data Shredding For Consumers", INTERNET CITATION, 7 October 2005 (2005-10-07), pages 1, XP002503226, Retrieved from the Internet <URL:http://www.ccnmag.com/article/digital_file_shredder_pro_--_military_a nd_professional_grade_data_shredding_for_consumers> [retrieved on 20081110] *
GUTMANN P: "Secure Deletion of Data from Magnetic and Solid-State Memory", PROCEEDINGS OF THE USENIX SECURITY SYMPOSIUM, XX, 22 July 1996 (1996-07-22), pages 14COMPLETE, XP002190890 *

Also Published As

Publication number Publication date
EP2370927A1 (fr) 2011-10-05

Similar Documents

Publication Publication Date Title
JP6383019B2 (ja) 複数許可データセキュリティ及びアクセス
CN104662870B (zh) 数据安全管理系统
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
US9432346B2 (en) Protocol for controlling access to encryption keys
US20190205317A1 (en) Systems and methods for secure storage and retrieval of data objects
US8984611B2 (en) System, apparatus and method for securing electronic data independent of their location
US20070005974A1 (en) Method for transferring encrypted data and information processing system
US9015483B2 (en) Method and system for secured data storage and sharing over cloud based network
JP5000658B2 (ja) 防護電子通信の処理
KR20080095866A (ko) 컴퓨터 세션 관리 장치 및 시스템
EP3035641A1 (fr) Procédé de téléchargement vers l&#39;amont de fichier dans un système de stockage en nuage, procédé et dispositif de téléchargement vers l&#39;aval
WO2008088400A1 (fr) Système de protection d&#39;informations numériques
US20080044023A1 (en) Secure Data Transmission
CN101083524A (zh) 一种电子邮件的加密解密方法及系统
CN114175580B (zh) 增强的安全加密和解密系统
JP4755737B2 (ja) 可搬記憶媒体暗号化システム及び該システムを用いたデータ持ち運び方法並びに可搬記憶媒体
US10623400B2 (en) Method and device for credential and data protection
JP4471129B2 (ja) 文書管理システム及び文書管理方法、文書管理サーバ、作業端末、並びにプログラム
EP3282670B1 (fr) Maintien de la sécurité des données dans un dispositif de réseau
KR101497067B1 (ko) 디지털 포렌식 기반의 전자기록물 이관 방법 및 이관 장치
CN103379133A (zh) 一种安全可信的云存储系统
CN105187379B (zh) 基于多方互不信任的密码拆分管理方法
WO2019216847A2 (fr) Système de sécurité de données basé sur sim
JP5162396B2 (ja) ストレージサービスシステム及びファイル保護プログラム
EP2370927A1 (fr) Stockage sûr à distance de documents numériques avec garantie de confidentialité

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08876169

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008876169

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE