WO2013044312A1 - A system and method for distributing secured data - Google Patents

A system and method for distributing secured data Download PDF

Info

Publication number
WO2013044312A1
WO2013044312A1 PCT/AU2012/001177 AU2012001177W WO2013044312A1 WO 2013044312 A1 WO2013044312 A1 WO 2013044312A1 AU 2012001177 W AU2012001177 W AU 2012001177W WO 2013044312 A1 WO2013044312 A1 WO 2013044312A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing device
designated information
data
trigger condition
information
Prior art date
Application number
PCT/AU2012/001177
Other languages
French (fr)
Inventor
Stephen Thompson
Lawrence Edward Nussbaum
Original Assignee
Cocoon Data Holdings Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2011904059A external-priority patent/AU2011904059A0/en
Application filed by Cocoon Data Holdings Limited filed Critical Cocoon Data Holdings Limited
Publication of WO2013044312A1 publication Critical patent/WO2013044312A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/81Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates to a system and method for distributing secured data, and particularly, although not exclusively, to a system and method for distributing secured data objects which are encrypted.
  • Transferring information electronically through the Internet or another public telecommunication network is a cost- effective solution for distributing information.
  • sensitive or confidential information sent through the Internet may be accessible to unauthorised parties.
  • corporations and other users may choose to encrypt the information before transmitting the data over a public network.
  • One approach is to use encryption software, such as "Zip" programs that offer an encryption routine to encrypt the data before it is transmitted over the public network.
  • encryption software provides some level of security, all such software has a fundamental flaw, in that the
  • encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the data object since the necessary components to decrypt the data object are all integrated within the encrypted object.
  • encryption and decryption of data objects usually reguires the use of software which must be installed and verified on a user's computer. This increases the cost of purchase and maintenance from the user' s point of view and thereby reduces the market uptake of such encryption and decryption technologies.
  • the user may be
  • a number of additional challenges are presented when communicating secured data to a mobile computing device.
  • One such challenge is created by the fact that a mobile computing device can fall into the wrong hands much more easily than a desktop computer. If a mobile computing device is lost or stolen after secured data has been opened, contents of the secured data would no longer be secure. Further, if a recipient of the secured data is logged into an application for receiving or using secured data and is reading the contents of the secured data at the time the mobile computing device is lost or stolen, those contents can be easily read. The latter scenario could arise in a military combat situation if a person is attacked while in the process of reading secured data, for example .
  • a computing device In accordance with a first aspect of the present invention, there is provided a computing device
  • a trigger condition detection module arranged to detect a trigger condition
  • the computing device is arranged so as to erase at least a portion of designated information stored in the data storage in response to detection of a trigger condition .
  • the data storage in which the designated information is stored is a volatile data storage type, such as random access memory (RAM) .
  • the designated information may be confidential information, or information that is otherwise sensitive.
  • the trigger condition comprises at least one of the following:
  • the invention is not limited to these trigger conditions, and other trigger conditions may be utilised.
  • the computing device may be configurable so as to erase the at least a portion of designated information when at least one particular trigger condition exists.
  • the computing device may also be configurable to erase certain types of designated information when a trigger condition is detected.
  • the computing device is arranged to erase the at least a portion of the designated information when at least one particular trigger condition exists, the at least one particular trigger condition being defined in trigger condition data.
  • the trigger condition data may be created by a creator or sender of the designated information. In this way, the creator or sender of the designated information may exert some control over how a computing device that receives the designated information and the trigger condition data will erase the designated information.
  • the trigger condition data may be a portion of the designated information, separate to the designated information, or both.
  • the computing device is arranged such that a user of the computing device is unable to override the trigger condition data. For example, if a creator of the designated information defines a trigger condition as reading or otherwise using the designated information, then the computing device will erase the designated information after the user has read or otherwise used the designated information regardless of how the user has configured the computing device. It will be appreciated, however, that the user may still configure the computing device to erase the designated information in response to trigger conditions in addition to those defined in the trigger condition data.
  • condition data may be arranged to apply to particular types of designated information, recipients or groups of recipients of the designated information, software applications associated with allowing the user to receive and/or use the designated information, or hardware of the computing device.
  • trigger condition data may be used to take into account various scenarios at the recipient' s end, for example situations that may not have been known or envisaged by the creator or sender of the designated information.
  • the computing device of the recipient is a particular type of mobile phone
  • the trigger condition data may be arranged to handle trigger conditions that may be applicable to that particular type of mobile phone.
  • the trigger condition data may comprise instructions to erase certain types of designated information when the at least one trigger condition is detected.
  • the designated information may, for example, include encryptable data and authentication information associated with receiving and/or decrypting the designated
  • Types of designated information that may be erased by the computing device as defined by the trigger condition data or configuration of the computing device may include, but not be limited to:
  • the computing device may be arranged so as to erase authentication information associated with receiving and/or decrypting the designated information as soon as the authentication information has been used and/or is no longer reguired. Erasing the authentication information in this manner is advantageous since, if the computing device is obtained by an unauthorised user, the unauthorised user does not have access to the authentication information and is consequently unable to receive and/or decrypt any further designated information.
  • the computing device may comprise an accelerometer and be arranged to detect acceleration profiles, wherein the computing device is arranged to perform a
  • the predetermined action performed by the computing device may be to log out of or close a software
  • the predetermined action performed by the computing device may include, but not be limited to, the following examples: immediately logging out of the software application associated with receiving or using the designated
  • the computing device is arranged to compare acceleration profiles of the computing device with acceleration profile data stored on the computing device so as to allow detection of the particular acceleration profiles.
  • the acceleration profile data may also comprise instructions for performing the predetermined action in response to detection of a particular acceleration profile .
  • the acceleration profile data may be indicative of particular acceleration profiles such as, but not limited to:
  • dropping the computing device from a height of at least 0.5m (useful in a combat situation where dropping the computing device may indicate being injured or killed) ;
  • the computing device may be configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device.
  • the computing device may be arranged to receive the designated information, trigger condition data, and/or acceleration profile data through the Internet.
  • the computing device may be any appropriate computing device such as a personal computer, a PDA, a mobile device such as a mobile phone or a laptop or tablet computer with network connectivity and/or any suitable device that is capable of establishing a network connection.
  • the computing device may be arranged to facilitate network communications, such as through the Internet, intranet, VPN or any communication network using an appropriate communication protocol such as Internet
  • IPv4 Protocol Version 4
  • IPv6 Version 6
  • a communications interface arranged to facilitate network communications between the system and a computing device of the first aspect of the present invention
  • the system is arranged so as to communicate designated information and trigger condition data to the computing device.
  • the trigger condition data is communicated to the computing device separately to the designated information.
  • the trigger condition data is communicated to the computing device from a first server of the system, and the
  • designated information is thereafter communicated to the computing device from a second server of the system.
  • the system may also be arranged so as to communicate acceleration profile data to the computing device, for example by a creator or sender of the designated
  • the acceleration profile data is communicated to the computing device as part of the designated information. It will be appreciated, however, that the acceleration profile data may be communicated to the computing device separately to the designated information.
  • a method of distributing secured data comprising the steps of:
  • a computer program arranged when loaded into a computing device to instruct the computing device to operate in accordance with the computing device of the first aspect.
  • a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device of the first aspect.
  • a data signal having a computer readable program code embodied therein to cause computing device to operate in accordance with the computing device of the first aspect.
  • Figure 1 is a schematic diagram of a system for distributing secured data in accordance with one
  • Figure 2 is a block diagram of a system for securing data in accordance with one embodiment of the present invention
  • Figure 3 is a block diagram of a system for
  • Figure 4 is a flow diagram of a method of
  • FIG. 1 there is illustrated a system for distributing secured data.
  • Components of the system may be implemented by one or more electronic circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the computing devices.
  • the computer may be implemented by any computing architecture, including a stand-alone PC, client/ server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture.
  • the computing device is also appropriately programmed to implement the invention.
  • FIG. 1 there is shown a schematic diagram of a system for accessing secured data which in this embodiment comprises a server 100.
  • the server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions .
  • the components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106,
  • the server 100 includes disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc, a display 112 such as a liquid crystal display, a light emitting display or any other suitable display, and communication links 114.
  • the server 100 includes
  • ROM 104 Read Only Memory 104
  • RAM 106 Random Access Memory 106
  • disk drives 108 There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communication links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication.
  • the server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104.
  • the system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data.
  • the database 120 is in communication with an interface 122, which is implemented by computer software residing on the server 100.
  • the interface 122 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing.
  • the interface 122 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 122 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.
  • FIG. 2 there is illustrated a block diagram of an embodiment of a system for securing data.
  • the system is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or
  • IPv4 Internet Protocol Version 4
  • IPv6 Version 6
  • the server 200 may have the same configuration as the system of Figure 1 described above.
  • the server 200 is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another
  • the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not be limited to:
  • the server 200 is arranged to generate a key which can be used to encrypt the data object.
  • the key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
  • the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210.
  • the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file.
  • This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 208 needed to decrypt the file is not incorporated within the object 210 itself.
  • the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200.
  • the encrypted data object 210 may be sent through a public or private computer network, or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.
  • the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210.
  • the server 200 enforces an authentication process 212 on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient.
  • the authentication process 212 may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .
  • a key 214 may be provided to the recipient user 206 to decrypt the file.
  • the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206.
  • the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206.
  • the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206.
  • hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object.
  • the dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose.
  • the recipient's computing device 206 may be misplaced or stolen after the encrypted data has been decrypted and stored on the computing device 206.
  • the decrypted data might then be accessed by an unauthorised person.
  • This problem is exacerbated when the recipient's computing device 206 is a mobile computing device, such as a mobile telephone, laptop or tablet computer and/or the recipient is operating in a hostile environment .
  • a recipient operating in a military combat zone and using a mobile computing device to receive sensitive military information may be attacked while they are accessing the sensitive information. If the mobile computing device is dropped, or otherwise falls into the hands of the opposing forces, then the sensitive military information may be accessible by the opposing forces.
  • a computing device 300 that is arranged to provide additional security in respect of preventing access to confidential information is illustrated in Figure 3.
  • the computing device 300 is arranged so as to erase designated information, referred to hereinafter as confidential information, stored in the computing device 300 when a trigger condition is detected in accordance with a method 400 as illustrated in Figure 4.
  • the method 400 comprises storing 402 confidential information in a data storage of the computing device 300. After detecting 404 a trigger condition, the method 400 comprises erasing 406 at least a portion of confidential information stored in the data storage when or after the trigger condition has been detected.
  • the computing device 300 may be arranged to detect the computing device 300 falling through a particular height, which may be indicative of the
  • computing device 300 being dropped, and to erase any confidential information stored in the computing device 300 in response to the computing device 300 being dropped.
  • the computing device 300 is a mobile telephone, however it will be appreciated that the computing device may be any appropriate computing device including, but not limited to, a laptop computer, a tablet computer, or any of a variety of telemetry devices including smart electrical meters, airborne military reconnaissance systems and live reporting systems for military personnel .
  • the computing device 300 is in communication, via a network 302, with a server 304.
  • the network 302 is the Internet, however it will be
  • any appropriate network may be used such as an intranet or a virtual private network, or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6 ) .
  • IPv4 Internet Protocol Version 4
  • IPv6 Version 6
  • the computing device 300 comprises a memory 306 arranged to store programs including, for example, a software application for receiving and/or using
  • the memory 306 may also comprise a volatile memory 308, such as random access memory (RAM), for storing confidential information.
  • RAM random access memory
  • the stored programs and any stored confidential information are accessible by a processor 310 for operating the computing device 300.
  • the computing device 300 also comprises a display 312 to which the processor 306 is arranged to output program related information and the confidential information for viewing by the recipient.
  • the computing device 300 also comprises an input interface 314, in this example a touch screen interface integrated with the display 312, so as to allow the recipient to interact with the computing device 300.
  • the computing device 300 also comprises a network interface 316 that is controllable by the processor 310 and that is in communication with the network 302 so as to allow the computing device 300 to be in network
  • the server 304 is arranged so as to communicate confidential information to the computing device 300.
  • the server 304 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object.
  • the server 304 may be arranged to receive a request for a key to encrypt a data file after which, when the file is encrypted and is required to be decrypted, the key is then provided to a recipient of the file after the recipient has been authenticated.
  • the server 304 may be connected to a network arranged to allow further computing devices (not shown) operated by users, routines,
  • the server 304 is implemented based on the server 200 described above, or in another embodiment, the server 304 is implemented based on a system for securing data described with reference to WO/2009/079708.
  • the computing device 300 comprises a trigger
  • detection module implemented in this example as a software module, arranged so as to detect a trigger condition, such as the aforementioned example of the computing device 300 being dropped.
  • the computing device 300 is arranged, in response to detection of a trigger condition, to erase at least a portion of confidential information stored in the memory 306.
  • the confidential information can be stored in any part of the memory 306, it is advantageous for the computing device 300 to be arranged so as to only store the confidential information in the volatile memory 308. In this way, any confidential information stored in the volatile memory 308 will be erased when the computing device 300 is powered down.
  • the trigger detection module may be arranged so as to detect any appropriate trigger condition including, but not limited to:
  • the computing device 300 may be configurable so as to erase the at least a portion of confidential information when at least one particular trigger condition exists. For example, the recipient may select one or more trigger conditions for which it is desirable, upon their
  • the computing device 300 may be configurable to erase certain types of
  • a third party such as the creator or sender of the confidential information, to determine trigger conditions for erasing the confidential information and/or to determine certain types of
  • trigger condition data This may be done by specifying trigger condition data that is communicated by the third party to the computing device 300 and is usable by the programs stored therein.
  • the trigger condition data overrides any settings of the recipient such that the third party controls conditions under which confidential information is erased rather than the recipient. The user may still configure the computing device 300 to erase the
  • the trigger condition data may be a portion of the confidential information, separate to the confidential information, or both.
  • the trigger condition data is communicated to the computing device 300 separately to the confidential information.
  • the trigger condition data is communicated to the computing device 300 from a further server 318 via the network 302, and the confidential information is
  • condition data may be arranged to apply to particular types of confidential information, recipients or groups of recipients of the confidential information, software applications associated with allowing the user to receive and/or use the confidential information, or hardware of the computing device 300.
  • trigger condition data may be used to take into account various scenarios at the recipient's end, for example situations that may not have been known or envisaged by the creator or sender of the confidential information. For example, if the
  • the trigger condition data may be arranged to handle trigger conditions that may be
  • the confidential information may, for example, include encryptable data and authentication information associated with receiving and/or decrypting the
  • Types of confidential information that may be erased by the computing device 300 as defined by the trigger condition data or configuration of the computing device may include, but not be limited to:
  • the computing device 300 may be arranged so as to erase authentication information associated with receiving and/or decrypting the confidential information as soon as the authentication information has been used and/or is no longer required. Erasing the authentication information in this manner is advantageous since, if the computing device 300 is obtained by an unauthorised user, the unauthorised user does not have access to the authentication
  • the computing device 300 may also be arranged so as to store authentication information in the volatile memory 308 such that the authentication information is erased when the computing device 300 is powered down.
  • the computing device 300 comprises an accelerometer 320 that is used as an input to the processor 310 so as to allow the computing device 300 to detect acceleration profiles, wherein the computing device 300 is arranged to perform a predetermined action, such as erasing confidential information, in response to detection of a particular acceleration profile.
  • a predetermined action such as erasing confidential information
  • the predetermined action performed by the computing device 300 may be to log out of or close the software application associated with receiving or using the confidential information, and/or erase at least a portion of the confidential information stored on the computing device .
  • the predetermined action performed by the computing device 300 may include, but not be limited to, the following examples :
  • the computing device 300 is arranged to compare acceleration profiles of the computing device 300 with acceleration profile data stored in the memory 306 of the computing device 300 so as to allow detection of the particular acceleration profiles.
  • the acceleration profile data may also comprise instructions for performing the predetermined action in response to detection of a particular acceleration profile
  • the acceleration profile data may be indicative of particular acceleration profiles such as, but not limited to:
  • the computing device 300 may be configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device 300.
  • the acceleration profile data may be communicated to the computing device 300, for example by a creator or sender of the confidential information in a similar manner to the trigger condition data.
  • the acceleration profile data is communicated to the computing device as part of the confidential information.
  • the acceleration profile data is communicated to the computing device 300 separately to the confidential information via the further server 318, and is
  • computing device 300 may be implemented as a computer program arranged, when loaded into a computing device, to instruct the computing device to operate in accordance with the computing device 300 of Figure 3.
  • computing device 300 may be implemented as a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device 300 of Figure 3.
  • computing device 300 may be implemented as a data signal having a computer readable program code embodied therein to cause a
  • API application programming interface
  • program modules include routines, programs, objects, components and data files assisting in the performance of particular
  • computing device are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.

Abstract

A computing device comprising data storage for storing designated information, and a trigger condition detection module arranged to detect a trigger condition, wherein the computing device is arranged so as to erase at least a portion of designated information stored in the data storage in response to detection of a trigger condition.

Description

A SYSTEM AND METHOD FOR DISTRIBUTING SECURED DATA
TECHNICAL FIELD The present invention relates to a system and method for distributing secured data, and particularly, although not exclusively, to a system and method for distributing secured data objects which are encrypted. BACKGROUND
Transferring information electronically through the Internet or another public telecommunication network (such as wired or wireless telephone services) is a cost- effective solution for distributing information. However, as much of the Internet operates on public infrastructure, sensitive or confidential information sent through the Internet may be accessible to unauthorised parties. To address these security concerns, corporations and other users may choose to encrypt the information before transmitting the data over a public network. One approach is to use encryption software, such as "Zip" programs that offer an encryption routine to encrypt the data before it is transmitted over the public network. Although such encryption software provides some level of security, all such software has a fundamental flaw, in that the
encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the data object since the necessary components to decrypt the data object are all integrated within the encrypted object. In addition, encryption and decryption of data objects usually reguires the use of software which must be installed and verified on a user's computer. This increases the cost of purchase and maintenance from the user' s point of view and thereby reduces the market uptake of such encryption and decryption technologies. Moreover, in some instances, the user may be
utilising a computing system which does not possess the necessary software for the encryption and decryption of files . A number of additional challenges are presented when communicating secured data to a mobile computing device. One such challenge is created by the fact that a mobile computing device can fall into the wrong hands much more easily than a desktop computer. If a mobile computing device is lost or stolen after secured data has been opened, contents of the secured data would no longer be secure. Further, if a recipient of the secured data is logged into an application for receiving or using secured data and is reading the contents of the secured data at the time the mobile computing device is lost or stolen, those contents can be easily read. The latter scenario could arise in a military combat situation if a person is attacked while in the process of reading secured data, for example .
SUMMARY OF THE INVENTION
In accordance with a first aspect of the present invention, there is provided a computing device
comprising:
data storage for storing designated information; and a trigger condition detection module arranged to detect a trigger condition;
wherein the computing device is arranged so as to erase at least a portion of designated information stored in the data storage in response to detection of a trigger condition . In one example, the data storage in which the designated information is stored is a volatile data storage type, such as random access memory (RAM) .
The designated information may be confidential information, or information that is otherwise sensitive.
In one example, the trigger condition comprises at least one of the following:
turning off power to the computing device;
putting the computing device into sleep mode;
reading or otherwise using designated information stored in the computing device;
inputting a command into the computing device to erase designated information;
moving the computing device in a particular fashion; using a data item of the designated information for a specific purpose after which the data item is no longer required;
closing a software application associated with receiving or using the designated information;
switching from a software application associated with receiving or using the designated information to another application e.g. taking a phone call on the computing device while using the designated information;
entering a specific geographical area; and
a certain period in time, or during specific
intervals of time.
The invention is not limited to these trigger conditions, and other trigger conditions may be utilised.
The computing device may be configurable so as to erase the at least a portion of designated information when at least one particular trigger condition exists. The computing device may also be configurable to erase certain types of designated information when a trigger condition is detected. In one example, the computing device is arranged to erase the at least a portion of the designated information when at least one particular trigger condition exists, the at least one particular trigger condition being defined in trigger condition data.
The trigger condition data may be created by a creator or sender of the designated information. In this way, the creator or sender of the designated information may exert some control over how a computing device that receives the designated information and the trigger condition data will erase the designated information.
The trigger condition data may be a portion of the designated information, separate to the designated information, or both.
In one example, the computing device is arranged such that a user of the computing device is unable to override the trigger condition data. For example, if a creator of the designated information defines a trigger condition as reading or otherwise using the designated information, then the computing device will erase the designated information after the user has read or otherwise used the designated information regardless of how the user has configured the computing device. It will be appreciated, however, that the user may still configure the computing device to erase the designated information in response to trigger conditions in addition to those defined in the trigger condition data.
It will also be appreciated that the trigger
condition data may be arranged to apply to particular types of designated information, recipients or groups of recipients of the designated information, software applications associated with allowing the user to receive and/or use the designated information, or hardware of the computing device. In this way, trigger condition data may be used to take into account various scenarios at the recipient' s end, for example situations that may not have been known or envisaged by the creator or sender of the designated information. For example, if the computing device of the recipient is a particular type of mobile phone, then the trigger condition data may be arranged to handle trigger conditions that may be applicable to that particular type of mobile phone. The trigger condition data may comprise instructions to erase certain types of designated information when the at least one trigger condition is detected.
The designated information may, for example, include encryptable data and authentication information associated with receiving and/or decrypting the designated
information .
Types of designated information that may be erased by the computing device as defined by the trigger condition data or configuration of the computing device may include, but not be limited to:
the authentication information;
data items of the designated information that are in the process of being used by the user;
all opened designated information;
all designated information within a certain data range ;
all designated information created or modified within a specific interval of time; all designated information created or modified with specified hardware or hardware types, software or software types, or by specified people or groups of people;
all designated information created or modified with hardware or software when located in a specified range of geographical locations; and
all designated information stored in the computing device .
The computing device may be arranged so as to erase authentication information associated with receiving and/or decrypting the designated information as soon as the authentication information has been used and/or is no longer reguired. Erasing the authentication information in this manner is advantageous since, if the computing device is obtained by an unauthorised user, the unauthorised user does not have access to the authentication information and is consequently unable to receive and/or decrypt any further designated information.
The computing device may comprise an accelerometer and be arranged to detect acceleration profiles, wherein the computing device is arranged to perform a
predetermined action in response to detection of a particular acceleration profile.
The predetermined action performed by the computing device may be to log out of or close a software
application associated with receiving or using the designated information, and/or erase at least a portion of the designated information stored on the computing device.
The predetermined action performed by the computing device may include, but not be limited to, the following examples: immediately logging out of the software application associated with receiving or using the designated
information (a quick way to terminate the session) ;
requesting re-entry of a password or passcode before continuing;
erasing any designated information that is in the process of being read;
erasing all opened designated information; and erasing all designated information stored on the computing device.
In one example, the computing device is arranged to compare acceleration profiles of the computing device with acceleration profile data stored on the computing device so as to allow detection of the particular acceleration profiles. The acceleration profile data may also comprise instructions for performing the predetermined action in response to detection of a particular acceleration profile .
The acceleration profile data may be indicative of particular acceleration profiles such as, but not limited to:
dropping the computing device from a height of at least 0.5m (useful in a combat situation where dropping the computing device may indicate being injured or killed) ;
moving the computing device in a figure-of-eight motion;
shaking the computing device back and forth at least twice with a specified minimum acceleration;
rapidly tilting the computing device through an angle of at least 30° and back again, two times in a row;
dropping the computing device from one hand to the other by a height of at least 10 cm, then repeating;
and/or tapping the computing device on a hard surface three times with a maximum force greater than a preset
threshold . The computing device may be configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device.
The computing device may be arranged to receive the designated information, trigger condition data, and/or acceleration profile data through the Internet.
The computing device may be any appropriate computing device such as a personal computer, a PDA, a mobile device such as a mobile phone or a laptop or tablet computer with network connectivity and/or any suitable device that is capable of establishing a network connection.
The computing device may be arranged to facilitate network communications, such as through the Internet, intranet, VPN or any communication network using an appropriate communication protocol such as Internet
Protocol Version 4 (IPv4) or Version 6 (IPv6) . In accordance with a second aspect of the present invention, there is provided a system for distributing secured data, the system comprising:
a communications interface arranged to facilitate network communications between the system and a computing device of the first aspect of the present invention;
wherein the system is arranged so as to communicate designated information and trigger condition data to the computing device. In one embodiment, the trigger condition data is communicated to the computing device separately to the designated information. In one particular example, the trigger condition data is communicated to the computing device from a first server of the system, and the
designated information is thereafter communicated to the computing device from a second server of the system.
The system may also be arranged so as to communicate acceleration profile data to the computing device, for example by a creator or sender of the designated
information. In one example, the acceleration profile data is communicated to the computing device as part of the designated information. It will be appreciated, however, that the acceleration profile data may be communicated to the computing device separately to the designated
information, and may be communicated along with the trigger condition data.
In accordance with a third aspect of the present invention, there is provided a method of distributing secured data, the method comprising the steps of:
storing designated information in a data storage of a computing device;
detecting a trigger condition;
erasing at least a portion of designated information stored in the data storage in response to detection of a trigger condition.
In accordance with a fourth aspect of the present invention, there is provided a computer program arranged when loaded into a computing device to instruct the computing device to operate in accordance with the computing device of the first aspect.
In accordance with a fifth aspect of the present invention, there is provided a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device of the first aspect. In accordance with a sixth aspect of the present invention, there is provided a data signal having a computer readable program code embodied therein to cause computing device to operate in accordance with the computing device of the first aspect.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:
Figure 1 is a schematic diagram of a system for distributing secured data in accordance with one
embodiment of the present invention;
Figure 2 is a block diagram of a system for securing data in accordance with one embodiment of the present invention;
Figure 3 is a block diagram of a system for
distributing secured data in accordance with an embodiment of the present invention; and
Figure 4 is a flow diagram of a method of
distributing secured data in accordance with an embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Referring to Figure 1, there is illustrated a system for distributing secured data. Components of the system may be implemented by one or more electronic circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the computing devices. The computer may be implemented by any computing architecture, including a stand-alone PC, client/ server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture. In some embodiments, the computing device is also appropriately programmed to implement the invention.
Referring to Figure 1 there is shown a schematic diagram of a system for accessing secured data which in this embodiment comprises a server 100. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions . The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106,
input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc, a display 112 such as a liquid crystal display, a light emitting display or any other suitable display, and communication links 114. The server 100 includes
instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communication links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication.
The server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104. The system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data. The database 120 is in communication with an interface 122, which is implemented by computer software residing on the server 100. The interface 122 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing. The interface 122 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 122 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.
With reference to Figure 2, there is illustrated a block diagram of an embodiment of a system for securing data. In this embodiment, the system is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or
communication devices 204, 206 via the communication network. The server 200 may have the same configuration as the system of Figure 1 described above. The server 200 is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another
recipient user 206, computer, processor or controller. In this example embodiment, the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not be limited to:
1- Filenames of any files to be encrypted;
2- File size, dates, properties, permissions
settings and other attributes;
3- The identity of the recipient 206 of the file;
4- The access permissions of the recipient 206;
5- The address or reference of the recipient 206; and
6- Any other information relating to the security settings or the data object that is to be encrypted which may be reguired to encrypt the file .
Once the encryption reguest 202 is received by the server 200, the server 200 is arranged to generate a key which can be used to encrypt the data object. The key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
Preferably, the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210. As a result, the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file. This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 208 needed to decrypt the file is not incorporated within the object 210 itself.
After the data object is encrypted, the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200. Alternatively, as the encrypted data object 210 is now secured, it may be sent through a public or private computer network, or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.
Preferably, in some situations, some form of security consideration is still put into practice with the
transmission of the encrypted data object 210 for best practice . Once the recipient user 206 receives the encrypted data object 210, the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210. In one embodiment, the server 200 enforces an authentication process 212 on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient. The authentication process 212 may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .
After the recipient user 206 is authenticated by the server 200 and is authorized to decrypt the data object 210, a key 214 may be provided to the recipient user 206 to decrypt the file. In one example embodiment, the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206. In another embodiment, the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206. In these examples, it may be necessary to encrypt the data object with necessary information for third party software to control and enforce these permission settings. Examples of these third party software includes Secure Word™ or Adobe Acrobat™ reader which have permission controls capable of limiting the manipulation of a data file.
Alternative embodiments of a system for securing data are also described in WO2009/079708 which is incorporated herein by reference. These embodiments are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is transmitted separately from the encrypted data object 210. As such, the encrypted data object 210 may be transmitted in a less secure but more convenient channel. Even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of decryption since the key 208 is not within the encrypted object .
In another embodiment, the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206. By transmitting and utilising dummy keys in the encryption process, hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object. The dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose. Although the above provides improvements in
transmitting sensitive information, there is still a danger that the recipient's computing device 206, or parts thereof, may be misplaced or stolen after the encrypted data has been decrypted and stored on the computing device 206. The decrypted data might then be accessed by an unauthorised person. This problem is exacerbated when the recipient's computing device 206 is a mobile computing device, such as a mobile telephone, laptop or tablet computer and/or the recipient is operating in a hostile environment .
For example, a recipient operating in a military combat zone and using a mobile computing device to receive sensitive military information may be attacked while they are accessing the sensitive information. If the mobile computing device is dropped, or otherwise falls into the hands of the opposing forces, then the sensitive military information may be accessible by the opposing forces.
A computing device 300 that is arranged to provide additional security in respect of preventing access to confidential information is illustrated in Figure 3. In general, the computing device 300 is arranged so as to erase designated information, referred to hereinafter as confidential information, stored in the computing device 300 when a trigger condition is detected in accordance with a method 400 as illustrated in Figure 4.
It will be appreciated that, although the designated information is referred to hereinafter as confidential information, the designated information may be any appropriate information, including sensitive information or information of a private nature. In accordance with one embodiment, the method 400 comprises storing 402 confidential information in a data storage of the computing device 300. After detecting 404 a trigger condition, the method 400 comprises erasing 406 at least a portion of confidential information stored in the data storage when or after the trigger condition has been detected.
For example, the computing device 300 may be arranged to detect the computing device 300 falling through a particular height, which may be indicative of the
computing device 300 being dropped, and to erase any confidential information stored in the computing device 300 in response to the computing device 300 being dropped.
In this example, the computing device 300 is a mobile telephone, however it will be appreciated that the computing device may be any appropriate computing device including, but not limited to, a laptop computer, a tablet computer, or any of a variety of telemetry devices including smart electrical meters, airborne military reconnaissance systems and live reporting systems for military personnel .
The computing device 300 is in communication, via a network 302, with a server 304. In this example the network 302 is the Internet, however it will be
appreciated that any appropriate network may be used such as an intranet or a virtual private network, or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6 ) .
The computing device 300 comprises a memory 306 arranged to store programs including, for example, a software application for receiving and/or using
confidential information communicated to the computing device 300. The memory 306 may also comprise a volatile memory 308, such as random access memory (RAM), for storing confidential information. The stored programs and any stored confidential information are accessible by a processor 310 for operating the computing device 300.
The computing device 300 also comprises a display 312 to which the processor 306 is arranged to output program related information and the confidential information for viewing by the recipient. The computing device 300 also comprises an input interface 314, in this example a touch screen interface integrated with the display 312, so as to allow the recipient to interact with the computing device 300.
The computing device 300 also comprises a network interface 316 that is controllable by the processor 310 and that is in communication with the network 302 so as to allow the computing device 300 to be in network
communication with the server 304 and to receive
confidential information from the server 304.
The server 304 is arranged so as to communicate confidential information to the computing device 300. In this example, the server 304 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object. The server 304 may be arranged to receive a request for a key to encrypt a data file after which, when the file is encrypted and is required to be decrypted, the key is then provided to a recipient of the file after the recipient has been authenticated. The server 304 may be connected to a network arranged to allow further computing devices (not shown) operated by users, routines,
processors or the like to connect to the server 304 with requests to generate or obtain a key to encrypt or decrypt a data object. In one embodiment, the server 304 is implemented based on the server 200 described above, or in another embodiment, the server 304 is implemented based on a system for securing data described with reference to WO/2009/079708. The computing device 300 comprises a trigger
detection module, implemented in this example as a software module, arranged so as to detect a trigger condition, such as the aforementioned example of the computing device 300 being dropped. The computing device 300 is arranged, in response to detection of a trigger condition, to erase at least a portion of confidential information stored in the memory 306.
Although it will be appreciated that the confidential information can be stored in any part of the memory 306, it is advantageous for the computing device 300 to be arranged so as to only store the confidential information in the volatile memory 308. In this way, any confidential information stored in the volatile memory 308 will be erased when the computing device 300 is powered down.
The trigger detection module may be arranged so as to detect any appropriate trigger condition including, but not limited to:
turning off power to the computing device;
putting the computing device into sleep mode;
reading or otherwise using confidential information stored in the computing device;
inputting a command into the computing device to erase confidential information;
moving the computing device in a particular fashion; using a data item of the confidential information for a specific purpose after which the data item is no longer required;
closing a software application associated with receiving or using the confidential information; switching from a software application associated with receiving or using the confidential information to another application e.g. taking a phone call while using the confidential information;
entering a specific geographical area; and
a certain period in time, or during specific
intervals of time.
The computing device 300 may be configurable so as to erase the at least a portion of confidential information when at least one particular trigger condition exists. For example, the recipient may select one or more trigger conditions for which it is desirable, upon their
detection, for confidential information to be erased.
In addition, or alternatively, the computing device 300 may be configurable to erase certain types of
confidential information when a trigger condition is detected.
It may also be desirable for a third party, such as the creator or sender of the confidential information, to determine trigger conditions for erasing the confidential information and/or to determine certain types of
confidential information to be erased when a trigger condition is detected.
This may be done by specifying trigger condition data that is communicated by the third party to the computing device 300 and is usable by the programs stored therein. In this example, the trigger condition data overrides any settings of the recipient such that the third party controls conditions under which confidential information is erased rather than the recipient. The user may still configure the computing device 300 to erase the
confidential information in response to trigger conditions in addition to those defined in the trigger condition data .
The trigger condition data may be a portion of the confidential information, separate to the confidential information, or both. In one embodiment, the trigger condition data is communicated to the computing device 300 separately to the confidential information. In the example of Figure 3, the trigger condition data is communicated to the computing device 300 from a further server 318 via the network 302, and the confidential information is
thereafter communicated to the computing device from the server 304.
It will also be appreciated that the trigger
condition data may be arranged to apply to particular types of confidential information, recipients or groups of recipients of the confidential information, software applications associated with allowing the user to receive and/or use the confidential information, or hardware of the computing device 300. In this way, trigger condition data may be used to take into account various scenarios at the recipient's end, for example situations that may not have been known or envisaged by the creator or sender of the confidential information. For example, if the
computing device 300 of the recipient is a particular type of mobile phone, then the trigger condition data may be arranged to handle trigger conditions that may be
applicable to that particular type of mobile phone.
The confidential information may, for example, include encryptable data and authentication information associated with receiving and/or decrypting the
confidential information.
Types of confidential information that may be erased by the computing device 300 as defined by the trigger condition data or configuration of the computing device may include, but not be limited to:
the authentication information;
data items of the confidential information that are in the process of being used by the user;
all opened confidential information;
all confidential information within a certain data range ;
all designated information created or modified within a specific interval of time;
all designated information created or modified with specified hardware or hardware types, software or software types, or by specified people or groups of people;
all designated information created or modified with hardware or software when located in a specified range of geographical locations; and
all confidential information stored in the computing device . The computing device 300 may be arranged so as to erase authentication information associated with receiving and/or decrypting the confidential information as soon as the authentication information has been used and/or is no longer required. Erasing the authentication information in this manner is advantageous since, if the computing device 300 is obtained by an unauthorised user, the unauthorised user does not have access to the authentication
information and is consequently unable to receive and/or decrypt any further confidential information.
The computing device 300 may also be arranged so as to store authentication information in the volatile memory 308 such that the authentication information is erased when the computing device 300 is powered down.
In this example, the computing device 300 comprises an accelerometer 320 that is used as an input to the processor 310 so as to allow the computing device 300 to detect acceleration profiles, wherein the computing device 300 is arranged to perform a predetermined action, such as erasing confidential information, in response to detection of a particular acceleration profile.
The predetermined action performed by the computing device 300 may be to log out of or close the software application associated with receiving or using the confidential information, and/or erase at least a portion of the confidential information stored on the computing device .
The predetermined action performed by the computing device 300 may include, but not be limited to, the following examples :
immediately logging out of the software application associated with receiving or using the confidential information (a quick way to terminate the session) ;
requesting re-entry of a password or passcode before continuing;
erasing any confidential information that is in the process of being read;
erasing all opened confidential information; and erasing all confidential information stored on the computing device 300.
In one example, the computing device 300 is arranged to compare acceleration profiles of the computing device 300 with acceleration profile data stored in the memory 306 of the computing device 300 so as to allow detection of the particular acceleration profiles. The acceleration profile data may also comprise instructions for performing the predetermined action in response to detection of a particular acceleration profile The acceleration profile data may be indicative of particular acceleration profiles such as, but not limited to:
dropping the computing device 300 from a height of at least 0.5m, which may be useful in a combat situation wherein dropping the computing device 300 may be
indicative of the recipient being injured or killed;
moving the computing device 300 in a figure-of-eight motion;
shaking the computing device 300 back and forth at least twice with a specified minimum acceleration;
rapidly tilting the computing device 300 through an angle of at least 30° and back again, two times in a row; dropping the computing device 300 from one hand to the other by a height of at least 10 cm, then repeating; and/or
tapping the computing device 300 on a hard surface three times with a maximum force greater than a preset threshold .
The computing device 300 may be configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device 300.
The acceleration profile data may be communicated to the computing device 300, for example by a creator or sender of the confidential information in a similar manner to the trigger condition data. In one example, the acceleration profile data is communicated to the computing device as part of the confidential information. In another example, the acceleration profile data is communicated to the computing device 300 separately to the confidential information via the further server 318, and is
communicated along with the trigger condition data.
It will be appreciated that the computing device 300 may be implemented as a computer program arranged, when loaded into a computing device, to instruct the computing device to operate in accordance with the computing device 300 of Figure 3.
It will also be appreciated that the computing device 300 may be implemented as a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device 300 of Figure 3.
It will also be appreciated that the computing device 300 may be implemented as a data signal having a computer readable program code embodied therein to cause a
computing device to operate in accordance with the computing device 300 of Figure 3.
Although not required, the embodiments described with reference to the Figures can be implemented as an
application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular
functions, the skilled person will understand that the functionality of the software application may be
distributed across a number of routines, objects or components to achieve the same functionality desired herein .
It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and
"computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.
It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the
invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated.
Although not required, embodiments described with reference to the Figures can be implemented to operate with any form of communication network operating with any type of communication protocol. Generally, where the underlying communication network or communication protocol includes additional routines, functionalities,
infrastructure or packet formats, the skilled person will understand that the implementation of embodiments
described with reference to the Figures may be modified or optimized for operation with these additional routines, functionalities, infrastructure or packet formats.
Although embodiments of this invention are useful with mobile devices, it will be appreciated that the invention may also be applied with non-mobile devices.

Claims

CLAIMS :
1. A computing device comprising:
data storage for storing designated information; and a trigger condition detection module arranged to detect a trigger condition;
wherein the computing device is arranged so as to erase at least a portion of designated information stored in the data storage in response to detection of a trigger condition.
2. The computing device of claim 1, wherein the data storage in which the designated information is stored is a volatile data storage type.
3. The computing device of claim 1 or claim 2, wherein the trigger condition comprises at least one of the following :
turning off power to the computing device;
putting the computing device into sleep mode;
reading or otherwise using designated information stored in the computing device;
inputting a command into the computing device to erase designated information;
moving the computing device in a particular fashion; using a data item of the designated information for a specific purpose after which the data item is no longer required;
closing a software application associated with receiving or using the designated information;
switching from a software application associated with receiving or using the designated information to another application e.g. taking a phone call on the computing device while using the designated information;
entering a specific geographical area; and
a certain period in time, or during specific
intervals of time.
4. The computing device of any one of the preceding claims, wherein the computing device is configurable so as to erase the at least a portion of designated information when at least one particular trigger condition exists.
5. The computing device of any one of the preceding claims, wherein the computing device is configurable to erase certain types of designated information when a trigger condition is detected.
6. The computing device of any one of the preceding claims, wherein the computing device is arranged to erase the at least a portion of the designated information when at least one particular trigger condition exists, the at least one particular trigger condition being defined in trigger condition data.
7. The computing device of claim 6, wherein the trigger condition data is created by a creator or sender of the designated information.
8. The computing device of claim 6 or claim 7, wherein the trigger condition data is a portion of the designated information, separate to the designated information, or both .
9. The computing device of any one of claims 6 to 8, wherein the computing device is arranged such that a user of the computing device is unable to override the trigger condition data.
10. The computing device of claim 9, wherein the
computing device is configurable by a user to erase the designated information in response to trigger conditions in addition to those defined in the trigger condition data .
11. The computing device of any one of claims 6 to 10, wherein the trigger condition data is arranged to apply to particular types of designated information, recipients or groups of recipients of the designated information, software applications associated with allowing the user to receive and/or use the designated information, or hardware of the computing device.
12. The computing device of any one of claims 6 to 11, wherein the trigger condition data comprises instructions to erase certain types of designated information when the at least one trigger condition is detected.
13. The computing device of claim 12, wherein the certain types of designated information comprises at least one of: authentication information;
data items of the designated information that are in the process of being used by the user;
all opened designated information;
all designated information within a certain data range ;
all designated information created or modified within a specific interval of time;
all designated information created or modified with specified hardware or hardware types, software or software types, or by specified people or groups of people;
all designated information created or modified with hardware or software when located in a specified range of geographical locations; and
all designated information stored in the computing device .
14. The computing device of any one of the preceding claims, wherein the computing device is arranged so as to erase authentication information associated with receiving and/or decrypting the designated information as soon as the authentication information has been used and/or is no longer required.
15. The computing device of any one of the preceding claims, wherein the computing device comprises an
accelerometer and is arranged to detect acceleration profiles, wherein the computing device is arranged to perform a predetermined action in response to detection of a particular acceleration profile.
16. The computing device of claim 15, wherein the predetermined action performed by the computing device is to log out of or close a software application associated with receiving or using the designated information, and/or erase at least a portion of the designated information stored on the computing device.
17. The computing device of claim 15, wherein the predetermined action performed by the computing device comprises at least one of:
logging out of the software application associated with receiving or using the designated information;
requesting re-entry of a password or passcode before continuing;
erasing any designated information that is in the process of being read;
erasing all opened designated information; and erasing all designated information stored on the computing device.
18. The computing device of any one of claims 15 to 17, wherein the computing device is arranged to compare acceleration profiles of the computing device with acceleration profile data stored on the computing device so as to allow detection of the particular acceleration profiles .
19. The computing device of claim 18, wherein the acceleration profile data comprises instructions for performing the predetermined action in response to detection of a particular acceleration profile.
20. The computing device of claim 18 or claim 19, wherein the acceleration profile data is indicative of particular acceleration profiles comprising at least one of:
dropping the computing device from a height of at least 0.5m;
moving the computing device in a figure-of-eight motion;
shaking the computing device back and forth at least twice with a specified minimum acceleration;
rapidly tilting the computing device through an angle of at least 30° and back again, two times in a row;
dropping the computing device from one hand to the other by a height of at least 10 cm, then repeating; and tapping the computing device on a hard surface three times with a maximum force greater than a preset
threshold .
21. The computing device of any one of claims 18 to 20, wherein the computing device is configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device.
22. The computing device of any one of the preceding claims, wherein the computing device is arranged to receive designated information, trigger condition data, and/or acceleration profile data through the Internet.
23. The computing device of any one of the preceding claims, wherein the computing device is a mobile computing device.
24. A system for distributing secured data, the system comprising :
a communications interface arranged to facilitate network communications between the system and a computing device of any one of the preceding claims;
wherein the system is arranged so as to communicate designated information and trigger condition data to the computing device.
25. The system of claim 24, wherein the trigger condition data is communicated to the computing device separately to the designated information.
26. The system of claim 25, wherein the trigger condition data is communicated to the computing device from a first server of the system, and the designated information is thereafter communicated to the computing device from a second server of the system.
27. The system of any one of claims 24 to 26, wherein the system is arranged so as to communicate acceleration profile data to the computing device.
28. The system of claim 27, wherein the acceleration profile data is communicated to the computing device as part of the designated information.
29. The system of claim 27, wherein the acceleration profile data is communicated to the computing device separately to the designated information.
30. A method of distributing secured data, the method comprising the steps of:
storing designated information in a data storage of a computing device;
detecting a trigger condition; erasing at least a portion of designated information stored in the data storage in response to detection of a trigger condition.
31. A computer program arranged when loaded into a computing device to instruct the computing device to operate in accordance with the computing device of any one of claims 1 to 23.
32. A computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device of any one of claims 1 to 23.
33. A data signal having a computer readable program code embodied therein to cause a computing device to operate in accordance with the computing device of any one of claims
1 to 23.
PCT/AU2012/001177 2011-09-30 2012-09-28 A system and method for distributing secured data WO2013044312A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2011904059A AU2011904059A0 (en) 2011-09-30 A system and method for distributing secured data
AU2011904059 2011-09-30

Publications (1)

Publication Number Publication Date
WO2013044312A1 true WO2013044312A1 (en) 2013-04-04

Family

ID=47994029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2012/001177 WO2013044312A1 (en) 2011-09-30 2012-09-28 A system and method for distributing secured data

Country Status (1)

Country Link
WO (1) WO2013044312A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140122118A1 (en) * 2012-10-25 2014-05-01 Intelligent ID Solutions Personal medical information storage device and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050020315A1 (en) * 2003-07-22 2005-01-27 Robertson Ian M. Security for mobile communications device
US20090132197A1 (en) * 2007-11-09 2009-05-21 Google Inc. Activating Applications Based on Accelerometer Data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050020315A1 (en) * 2003-07-22 2005-01-27 Robertson Ian M. Security for mobile communications device
US20090132197A1 (en) * 2007-11-09 2009-05-21 Google Inc. Activating Applications Based on Accelerometer Data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140122118A1 (en) * 2012-10-25 2014-05-01 Intelligent ID Solutions Personal medical information storage device and system
US9858631B2 (en) * 2012-10-25 2018-01-02 Intelligent ID Solutions, LLC Personal medical information storage device and system

Similar Documents

Publication Publication Date Title
JP6606156B2 (en) Data security service
US11093623B2 (en) System and methods for using cipher objects to protect data
AU2008341026B2 (en) System and method for securing data
US9146881B2 (en) Mobile data vault
Lee et al. Reverse‐safe authentication protocol for secure USB memories
JP2016508699A (en) Data security service
WO2013020178A1 (en) A system and method for distributing secured data
WO2013020177A1 (en) System and method for accessing securely stored data
WO2013044312A1 (en) A system and method for distributing secured data
JP6982142B2 (en) Systems and methods for protecting data using cryptographic objects
CN110263553B (en) Database access control method and device based on public key verification and electronic equipment
WO2013044310A1 (en) A system and method for distributing secured data
WO2013044311A1 (en) A system and method for distributing secured data
WO2013044307A1 (en) A system and method for distributing secured data
WO2013044302A2 (en) A system and method for distributing secured data
AU2013200771A1 (en) System and method for distributing secured data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12835931

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12835931

Country of ref document: EP

Kind code of ref document: A1