WO2013020178A1 - Système et procédé de distribution de données sécurisées - Google Patents

Système et procédé de distribution de données sécurisées Download PDF

Info

Publication number
WO2013020178A1
WO2013020178A1 PCT/AU2012/000944 AU2012000944W WO2013020178A1 WO 2013020178 A1 WO2013020178 A1 WO 2013020178A1 AU 2012000944 W AU2012000944 W AU 2012000944W WO 2013020178 A1 WO2013020178 A1 WO 2013020178A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
accordance
recipient
key
decrypted
Prior art date
Application number
PCT/AU2012/000944
Other languages
English (en)
Inventor
Lawrence Edward Nussbaum
Stephen Thompson
Original Assignee
Cocoon Data Holdings Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2011903219A external-priority patent/AU2011903219A0/en
Application filed by Cocoon Data Holdings Limited filed Critical Cocoon Data Holdings Limited
Priority to AU2013200771A priority Critical patent/AU2013200771A1/en
Publication of WO2013020178A1 publication Critical patent/WO2013020178A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • the present invention relates to a system and method for distributing secured data, and particularly, although not exclusively to a system and method for distributing secured data objects which are encrypted.
  • Transferring information electronically through the Internet or another public telecommunication network is a cost effective solution for distributing information.
  • sensitive or confidential information sent through the Internet may be accessible to unauthorised parties.
  • corporations and other users may choose to encrypt the information before transmitting the data over a public network.
  • One approach is to use encryption software, such as "Zip" programs that offer an encryption routine to encrypt the data before it is transmitted over the public network.
  • encryption software provides some level of security, all such software has a fundamental flaw, in that the
  • encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the data object since the necessary components to decrypt the data object are all integrated within the encrypted object.
  • encryption and decryption of data objects usually requires the use of software which must be installed and verified on a user's computer. This increases the cost of purchase and maintenance from the user's point of view and thereby reduces the market uptake of such encryption and decryption technologies.
  • the user may be
  • a method for distributing secured data comprising the steps of:
  • the key is retrieved from a first location.
  • the encrypted data is stored in a second location.
  • the decrypted data is distributed to the data recipient over a
  • the decrypted data is distributed over the communications network through a secure channel. In an embodiment of the first aspect, the decrypted data is streamed via the communications network to the data recipient. In an embodiment of the first aspect, the key is arranged to remain effective for a pre-determined period of time.
  • the method further includes a step of deleting the decrypted data after the decrypted data has been transmitted to the recipient user.
  • the encrypted data is generated by encrypting the data such that the key to decrypt the data is omitted from_ the encrypted data.
  • - a module arranged to receive a request from a data recipient to access encrypted data
  • an authentication routine arranged to authenticate the request and where upon the request is authenticated, retrieve a key to decrypt the encrypted data into
  • the key is retrieved from a first location.
  • the encrypted data is stored in a second location.
  • the decrypted data is distributed to the data recipient over a
  • the decrypted data is distributed via the communications network through a secure channel .
  • the decrypted data is streamed over the communication network to the data recipient.
  • the key is arranged to remain effective for. a pre-determined period of time.
  • system further includes a purge module arranged to delete the decrypted data after the decrypted data has been
  • the encrypted data is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data.
  • a computer program comprising at least one instruction for controlling a computer system to implement a method in accordance with any one of any one of the embodiments of the first aspect of the present invention .
  • a computer readable medium providing a computer program in accordance with the third aspect of the present invention.
  • a communication signal transmitted by an electronic system implementing a method in accordance with , any one embodiment of the first aspect.
  • Figure 1 is a schematic block diagram of a system for distributing secured data in accordance with one
  • Figure 2 is a block diagram of a system for securing data in accordance with one embodiment of the present invention
  • Figure 3 is a block diagram of a system for
  • Figure 4A is a collection of example screenshots shown to a user of a system in accordance with Figure 3.
  • Figure 4B is a flow diagram of a system in accordance with Figure 3.
  • This embodiment is arranged to provide a system for distributing secured data comprising: - a module arranged to receive a request from a data recipient to access the encrypted data; - an authentication routine arranged to authenticate the request and whereupon the request is authenticated; - a decrypting processor arranged to retrieve a key to decrypt the encrypted data into decrypted data; and - a
  • the module In this example embodiment, the module,
  • decrypting processor may be implemented by one or more electronics circuits, computers or computing devices having an appropriate logic,
  • the computer may be implemented by any computing architecture, including stand-alone PC, client/server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture.
  • the computing device may also be appropriately programmed to implement the invention.
  • the server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions.
  • the components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc.
  • Display 112 such as a liquid crystal display, a light emitting display or any. other suitable display and communications links 114.
  • the server 100 includes instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102.
  • a plurality of communication links 114 may variously connect to one or more computing devices such as a server, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communications link may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communications link.
  • the server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system 116 which resides on the disk drive or in the ROM of the server 100.
  • the system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data.
  • the database 120 is in communication with an interface 202, which is implemented by computer software residing on the server 100.
  • the interface 202 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing.
  • the interface 202 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the . interface 202 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.
  • a network connection including Ethernet, Wi-Fi, Fire-wire, USB or the like.
  • communication network such as the Internet, Intranet, VPN etc or any communication network which operates with any communication protocol, including Internet Protocol
  • IPv4 Version 4
  • IPv6 Version 6
  • server 200 is arranged to communicate with other computing or communication devices 204, 206 via the communication network.
  • this embodiment comprises a server 200 which is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt data object for transmission to another recipient user 206, computer, processor or controller.
  • the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not limited to:
  • the server 200 is arranged to generate a key which can be used to encrypt the data object.
  • the key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
  • the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any ⁇ way integrated into the encrypted data object 210.
  • the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file.
  • This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 210 needed to decrypt the file is not incorporated within the " object 210 itself.
  • the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206.
  • the encrypted data object 210 may be sent through a computer network email, virtual storage servers or provided to the
  • the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210.
  • the server 200 may enforce an authentication process (212) on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient.
  • the authentication process (212) may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of the systems described thereof.
  • a key 214 may be provided to the recipient user 206 to decrypt the file.
  • the recipient user 206 may be given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206.
  • the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206.
  • the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206.
  • hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object.
  • the dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose.
  • system 300 for distributing secured data comprising a system 200 for securing data.
  • system 300 comprises a remote client module 306, a storage module 304 and a security module 302.
  • These three modules 302, 304, 306 may be implemented with computer software, hardware or a combination of software and hardware operating on a single computing device or multiple computing devices.
  • each of the modules 302, 304, 306 are implemented on individual computing devices, such as servers or banks of servers and deployed at one or more geographical locations, although for costs or technical reasons, each of the modules may be implemented together or separately on one or more servers being located on one or more physical or network
  • the remote client module 306, the storage module 304 and the security module 302 are implemented on individual servers being disposed at different physical and/or network locations whilst allowing recipients or users of the system 308A, 308B to at least communicate with the remote client module 306 from a fourth physical and/or network location.
  • the security module 302 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object.
  • the security module 302 may be a server arranged to receive a request for a key to encrypt a data file, after which when the file is
  • the security module 302 may be a server 302 connected to a network arranged to allow other computers 308A, 308B operated by users, routines, processors or the like to connect to the server with requests to generate or obtain a key to encrypt or decrypt a data object.
  • the security module 302 is implemented based on the server 200 described above, or in another embodiment, the security module 302 is implemented based on a system for securing data described with reference to WO/2009/079708.
  • the storage module 304 is arranged to store data objects, and preferably, the module stores encrypted or secured data objects ⁇ which have been encrypted with the encryption methods mentioned above.
  • the encryption methods used to encrypt the data objects are arranged to encrypt the data objects without incorporating the key to decrypt the object within the encrypted data object, thus reducing the chances of decrypting the encrypted data object should the object be intercepted by a hacker or malicious user.
  • the storage module 304 is arranged to be connected on a communication network such as a public network or private network such that the module 304 can communicate with the secure module 302 and/or the remote client module 306.
  • the storage module 304 is a server 304 having one or more storage devices such as a disk, database or storage array.
  • the module 304 is arranged to include a gatekeeper or firewall services which allows connections to only the security module 302 and the remote client 306.
  • the storage module may proceed to transfer the requested encrypted data object to the remote client module 306 for decryption.
  • the remote client module may proceed to transfer the requested encrypted data object to the remote client module 306 for decryption.
  • the remote client module 306 is arranged to decrypt encrypted data objects and transmit the decrypted data object to an authorized user.
  • the remote client module 306 communicates with the security module 302, the storage module 304 and any computing devices belonging to users or processes or routines which are using the system to distribute
  • the remote client module 306 is a server arranged to receive requests (310) from a recipient user to obtain a data object from the storage module 304.
  • the remote client module 306 may be connected to the recipient user after the recipient has been authenticated by the secure module 302 via a secured connection over a communication network such as Hypertext Transfer Protocol Secure (HTTPS) , Secured Shell session (SSH) , Secure
  • S-HTTP Hypertext Transfer Protocol
  • the remote client module 306 may then proceed to communicate with the storage module 304 to obtain the associated encrypted data object and communicate with the secure module 302 to obtain a key associated with the data objects that the authenticated recipient wishes to obtain.
  • the remote client module 306 may also communicate with the secure module 302 to obtain a location reference and/or file pointer which directs the remote client module 306 to connect with the correct storage module 304 and/or retrieve the- correct data from the file system of the storage module 304.
  • each location file system and/or file pointer may also be a unique URL which may be changed over time to thereby minimise unauthorised access to the storage module 304.
  • the data is decrypted and transmitted to the recipient (314) .
  • the data may be streamed over a communication network to the recipient user such that the recipient may be able to start processing the data before the entire data object is decrypted, thus offering advantages in the processing of large files such as multimedia files or the like.
  • the remote client module 306 is arranged to delete the key and/or decrypted data object once it has been transferred to the recipient. This is because the combination of the key and the decrypted data object within the same location may increase the security risk of data from being accessed by unauthorised parties.
  • the remote client module 306 may include a self purging function which ensures the duration period of the module 306 being in possession of both the key and the data object to be minimised to acceptable standards in
  • the remote client module 306 is also arranged to encrypt data or a data object to create a secured data object or secured data.
  • the secured data can be stored in the storage module 304.
  • the remote client module 306 can be utilised by a user (e.g. 308A) to encrypt a data object and store the secured data object on the storage module.
  • the user can request an encryption key via the remote client module 306.
  • the remote client module 306 transmits a request for a key to the security module 302.
  • the security module authenticates the user and provides an encryption key.
  • the data is encrypted using any suitable encryption key.
  • the remote client module 306 is arranged to encrypt the data using the key.
  • the key is stored in a separate server or on the security module 302.
  • the secured data is stored in the storage module 304.
  • the user can also define a plurality of rules or permissions that to constrain the manner in which a data recipient (e.g. 308B) can- interact with the data.
  • rules or permissions can be stored as an access control list on the security module 302 or alternatively on the remote client module 306.
  • the access control list can also comprise a list of allowed data recipients and define the particular data the recipients can access.
  • the data recipient is first authenticated by the security module 302 (as described). Authentication can be done by any suitable process such as password verification.
  • Authentication validates the identity of the recipient (i.e. user) .
  • the access control list can further define varying levels or authorisations for data recipients.
  • Authorisation defines the entitlement a particular data recipient has to data stored in the storage array 303.
  • the various authorisations can be defined as rules or
  • permissions i.e., the permissions (i.e., the permissions).
  • authorisations may demand that a particular data file or data object within the storage module 304 is read only or print only.
  • the permissions may demand that a particular data object can only be accessed by a particular recipient if that recipient is at a specific geographic location and the data is inaccessible if the recipient is not at that location.
  • the permissions may demand that a particular piece of data (e.g. a data file or data object) can only be accessed by a specific recipient.
  • the permissions may demand that a data recipient may only access a particular piece of data at a specified time of day.
  • Many other such authorisations can be created and stored in the access control list.
  • These rules or permissions may be defined by the data sender, i.e. person who is transmitting secured data.
  • the rules and permissions constrain the manner in which at least one recipient can interact with the data.
  • These rules are enforced by the remote client module 306 but are preferably also applied by the security sever 302 or alternatively by a client application operating on the user's computing device.
  • the system is advantageous because access to the data is controlled by the sender via the rules or permissions.
  • the rules and permissions are also enforced once the decryption key is passed to the recipient and after the recipient has received the data.
  • the rules control the type of interaction the recipient has with the data.
  • the system for distributing encrypted data operates by firstly allowing a recipient user to access the remote client module 302 through a web browser on their internet or network enabled computing device.
  • the recipient user 308A, 308B may then proceed to authenticate itself with the remote client module or be rerouted to the security module for authentication (400) .
  • Examples of login screens which allow a user to login to the remote client module 302 and undertake the authentication process is shown in Figure 4A.1 and Figure 4A.2.
  • the session information of the recipient user is recorded by the remote client module (402) .
  • This information may then be used by the remote client module 302 to identify the recipient during the duration of the encryption or decryption process.
  • the recipient user's web browser may then display information including a directory listing of the data objects (as shown in Figure 4A.3 and Figure 4A.4) or a reference link (e.g. URL, web link) to data objects which are intended for the recipient user.
  • the recipient may then submit a request through their web browser for the data objects which are intended for delivery to them (404) .
  • the remote client module 302 may then connect with the storage module 304 to retrieve the specific encrypted data object associated with the request (406) .
  • This encrypted data object is then transmitted to the remote client module 306 for temporary storage in its encrypted state (408) .
  • the encrypted data object is
  • a secure link such as HTTPS or the like such that the encrypted data is encrypted a second time to increase security.
  • the remote client module 306 may then proceed to obtain necessary information (such as the key) from the security module 302 to decrypt the encrypted data object (410).
  • the remote client module 306 may decrypt a portion of the encrypted data object (412) and proceed to transmit this portion to the recipient user through a communication link (414) which is preferably, also secured.
  • the remote client module 306 is further . arranged to apply or enforce the one or more rules or permissions defined in the access control list. These rules constrain the manner in which the recipient can interact with the data. These rules can also define when or what type of data is transferred to the user (or remote client module 306) from the storage module 304.
  • the decrypted data, encrypted data portion and the key is immediately purged (416) from the remote client module.
  • This is advantageous in that the chances of the remote client module being a potential target for hackers may be reduced.
  • An advantage of at least one of these embodiments is that by decrypting the encrypted data objects on the remote client module 306 is that a recipient user does not need to have any specialised decryption software to be installed on the recipient computer system or device. The user can perform all the functions (described earlier) via a web browser. As such, the costs to use the system for distributing secured data is reduced as the cost of additional software and its associated maintenance and training is avoided.
  • the remote client module 306 functions as a virtual client in the system 300. Therefore no software is required to be downloaded and installed onto the users computing devices. This is advantageous as no "foot print" is left on the user's computing device and hence provides security since hackers or malicious parties cannot access any information by obtaining the user's computing device.
  • An executive e.g. CEO
  • An executive being remote to the company's office can use a computing device and access secure data using the system of Figure 3.
  • the executive does not require any software installed on his/her device since the executive can use the remote client module 306 to either secure data or access secured data.
  • a further advantage is that there is no foot print of left of the executive's, i.e. no software or secured data is installed or maintained on the
  • the remote client module 306 displays the data to a user (e.g. a soldier) via the user's device.
  • the remote client module 306 may be a web server.
  • API application programming interface
  • program modules include routines, programs, objects, components and data files assisting in the performance of particular
  • the user computer device (308A, 308B) can comprise a web application such as -a web browser to communicate with the remote client module. It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and
  • computing device are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système et un procédé de distribution de données sécurisées, et, en particulier, bien que non exclusivement, un système et un procédé de distribution d'objet de données sécurisées qui sont chiffrés. Le procédé comprend les étapes consistant à recevoir une requête d'un destinataire de données pour accéder à des données chiffrées; à authentifier la requête et, lorsque la requête est authentifiée, à extraire une clé pour déchiffrer les données chiffrées en données déchiffrées; à distribuer les données déchiffrées au destinataire de données par l'intermédiaire d'un module à distance. Le destinataire est apte à accéder aux données par l'intermédiaire du module à distance.
PCT/AU2012/000944 2011-08-11 2012-08-10 Système et procédé de distribution de données sécurisées WO2013020178A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2013200771A AU2013200771A1 (en) 2011-08-11 2013-02-13 System and method for distributing secured data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2011903219 2011-08-11
AU2011903219A AU2011903219A0 (en) 2011-08-11 A system and method for distributing secured data

Related Child Applications (1)

Application Number Title Priority Date Filing Date
AU2013200771A Division AU2013200771A1 (en) 2011-08-11 2013-02-13 System and method for distributing secured data

Publications (1)

Publication Number Publication Date
WO2013020178A1 true WO2013020178A1 (fr) 2013-02-14

Family

ID=47667777

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2012/000944 WO2013020178A1 (fr) 2011-08-11 2012-08-10 Système et procédé de distribution de données sécurisées

Country Status (1)

Country Link
WO (1) WO2013020178A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9246676B2 (en) 2013-11-22 2016-01-26 Cisco Technology, Inc. Secure access for encrypted data
WO2017106938A1 (fr) * 2015-12-24 2017-06-29 Haventec Pty Ltd Système de mémorisation amélioré
WO2018107248A1 (fr) * 2016-12-16 2018-06-21 Haventec Pty Ltd Système de stockage sécurisé de données côté client
WO2021028831A1 (fr) * 2019-08-12 2021-02-18 Pi-Taa Technology Ltd. Système de déchiffrement en temps réel et son procédé d'utilisation
US10944819B2 (en) 2018-10-26 2021-03-09 Hewlett Packard Enterprise Development Lp Replication of an encrypted volume
US20220012348A1 (en) * 2020-07-09 2022-01-13 Andrew Douglas Kirkwood Method and system for maintaining digital rights management of data files
US11233850B2 (en) 2018-04-17 2022-01-25 Hewlett Packard Enterprise Development Lp Replicating data over a public network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7519810B2 (en) * 1999-06-30 2009-04-14 Educational Testing Service Methods for conducting server-side encryption/decryption-on-demand
WO2009079708A1 (fr) * 2007-12-21 2009-07-02 Cocoon Data Pty Limited Système et procédé pour sécuriser des données

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7519810B2 (en) * 1999-06-30 2009-04-14 Educational Testing Service Methods for conducting server-side encryption/decryption-on-demand
WO2009079708A1 (fr) * 2007-12-21 2009-07-02 Cocoon Data Pty Limited Système et procédé pour sécuriser des données

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9246676B2 (en) 2013-11-22 2016-01-26 Cisco Technology, Inc. Secure access for encrypted data
WO2017106938A1 (fr) * 2015-12-24 2017-06-29 Haventec Pty Ltd Système de mémorisation amélioré
US11314873B2 (en) 2015-12-24 2022-04-26 Haventec Pty Ltd Storage system
WO2018107248A1 (fr) * 2016-12-16 2018-06-21 Haventec Pty Ltd Système de stockage sécurisé de données côté client
US11233850B2 (en) 2018-04-17 2022-01-25 Hewlett Packard Enterprise Development Lp Replicating data over a public network
US10944819B2 (en) 2018-10-26 2021-03-09 Hewlett Packard Enterprise Development Lp Replication of an encrypted volume
WO2021028831A1 (fr) * 2019-08-12 2021-02-18 Pi-Taa Technology Ltd. Système de déchiffrement en temps réel et son procédé d'utilisation
US20220012348A1 (en) * 2020-07-09 2022-01-13 Andrew Douglas Kirkwood Method and system for maintaining digital rights management of data files

Similar Documents

Publication Publication Date Title
AU2008341026C1 (en) System and method for securing data
JP6383019B2 (ja) 複数許可データセキュリティ及びアクセス
US9165152B2 (en) Secure non-invasive method and system for distribution of digital assets
US8862889B2 (en) Protocol for controlling access to encryption keys
EP2483791B1 (fr) Logiciel intégré d'authentification de dispositif modulaire
US10397008B2 (en) Management of secret data items used for server authentication
WO2013020178A1 (fr) Système et procédé de distribution de données sécurisées
CN104662870A (zh) 数据安全管理系统
US7587045B2 (en) System and method for securing document transmittal
JP2009508240A (ja) 電子情報の配信を制御するためのシステムおよび方法
JP2004509399A (ja) ネットワークにわたって配布されるオブジェクトを保護するためのシステム
WO2013020177A1 (fr) Système et procédé d'accès à des données stockées de manière sécurisée
CN109981665A (zh) 资源提供方法及装置、资源访问方法及装置和系统
CN110572454A (zh) 一种保障广告投放过程安全的广告投放系统
WO2010103800A1 (fr) Serveur, terminal, programme et procédé de fourniture de service
WO2013006907A1 (fr) Système et procédé pour la diffusion des données sécurisées en flux continu
WO2013044311A1 (fr) Système et procédé de distribution de données sécurisées
KR20010095907A (ko) 새로운 보안 기술을 이용한 컨텐츠 제공 시스템 및 그제공 방법
AU2013200771A1 (en) System and method for distributing secured data
Howard et al. Cyber fraud trends and mitigation
WO2013044307A1 (fr) Système et procédé de distribution de données sécurisées
WO2013044312A1 (fr) Système et procédé de distribution de données sécurisées
WO2013044302A2 (fr) Système et procédé de distribution de données sécurisées
WO2013044310A1 (fr) Système et procédé de distribution de données sécurisées
WO2013044306A1 (fr) Système et procédé de distribution de données sécurisées

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12822104

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12822104

Country of ref document: EP

Kind code of ref document: A1