View All Documents & Correspondence
A Security System And A Method For Controlling Access To Encrypted Information By A Plurality Of Users
The invention relates to a method of controlling the propagation of decryptionkeys to a plurality of users for allowing access to encrypted data, comprising thesteps of storing at least one data unit on a hardware device, the at least onedata unit comprising a decryption key, having a propagation control word withthe decryption key in the data unit, and in response to an instruction to send thedata unit to a specified recipient, checking the status of the control word todetermine if propagation is allowed, comprising checking that the specifiedrecipient is within an acceptable range of recipients indicated as a group code inthe control word, and if so, modifying the control word and encrypting the dataunit comprising the control word and decryption key with a recipient's public keyand sending the data unit.
Notices, Deadlines & Correspondence
Patent Information
Applicants
DATA ENCRYPTION SYSTEMS LIMITED
Inventors
1. TOMLINSON, DAVID ROBIN
Specification
The present invention relates to an apparatus for and a method of controlling
propagation of decryption keys or access to encrypted information.
There is often a need to control access to data. In some computing
environments this goal has been achieved by virtue of limiting the physical
access to a machine, to a data carrier, or to parts of a local area network.
However such systems can be unnecessarily rigid and cumbersome, especially
when the class of persons to whom access may be allowed or denied to a
particular item of data is ill defined.
Another approach to security is the use of encryption. In a secure system, the
identities of the or each person who should have access to a document or other
item of encrypted data needs to be defined at the time of encryption. This can,
once again, be difficult where the class of people who should receive the data is
ill defined.
Neither of these themes works particularly well in a "generally trusted"
environment where absolute security is not necessary. An example of a generally
trusted environment is a company where a manager may be dealing with a
commercially sensitive document, and may wish to share this with other
managers and in turn recognises that they may need to share the document with
other individuals where they deem this to be necessary or desirable. Thus the
document cannot be "open" such that everyone can view it, as it may be
commercially sensitive, but neither can the recipient list be accurately defined
right from the outset.
According to a first aspect of the; present invention, there is provided a security
system for controlling access to encrypted information by a plurality of users,
comprising a hardware device for storing at least one data unit comprising a
decryption key and an associated security code, in which the decryption key is
used in decrypting an encrypting an encrypted item of information and the
security code controls the number of times that the decryption key can be
propagated, and the hardware device examines the security code which code
includes a group code as an indication of an acceptable range of recipients to
determine whether it is authorized to send encrypted copies of the decryption
key to those recipients.
It is thus possible to give the originator of an item of information control over the
number of times that item of information may be pleased from one person to
another or how many times the decryption key can be passed from one person
to another, under circumstances where the item of information is in an encrypted
form.
Preferably the decryption key is related to a specific project or task. Thus the
controller or originator of a task can generate a key which can be used for
encryption and decryption of documents within that project or task.
The data unit may be a logical association between the decryption key and the
security code.
Advantageously the decryption key or the data unit may also include a further
identifier which is unique to an entity, such as a company, so that only people
having a corresponding code portion in their security device can decrypt the key
for the documents.
Preferably, when a further person wishes to receive a copy of the encrypted
information, the decryption key for the encrypted information is sent to that
other user in an encrypted form. Advantageously the decryption key is itself
encrypted with the recipient's public encryption key. The transfer of the
decryption key can be achieved by transferring the data unit.
Advantageously the hardware device further modifies the security code each
time it sends the decryption key to another user. It is thus possible to keep a
track on the number of times the decryption key is propagated from one person
to another. This security code may, for example, be "generation limit" set by the
originator of the document, and each time the decryption key is propagated, the
generation limit is decremented. Once the generation limit reaches zero, further
propagation of the decryption ke/ is inhibited by the hardware device.
Advantageously the decryption
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 448-KOLNP-2004-PA.pdf | 2011-10-06 |
| 2 | 448-KOLNP-2004-PA 1.1.pdf | 2011-10-06 |
| 3 | 448-kolnp-2004-granted-specification.pdf | 2011-10-06 |
| 4 | 448-kolnp-2004-granted-reply to examination report.pdf | 2011-10-06 |
| 5 | 448-kolnp-2004-granted-form 5.pdf | 2011-10-06 |
| 6 | 448-kolnp-2004-granted-form 3.pdf | 2011-10-06 |
| 7 | 448-kolnp-2004-granted-form 26.pdf | 2011-10-06 |
| 8 | 448-kolnp-2004-granted-form 2.pdf | 2011-10-06 |
| 9 | 448-kolnp-2004-granted-form 18.pdf | 2011-10-06 |
| 10 | 448-kolnp-2004-granted-form 1.pdf | 2011-10-06 |
| 11 | 448-kolnp-2004-granted-examination report.pdf | 2011-10-06 |
| 12 | 448-kolnp-2004-granted-drawings.pdf | 2011-10-06 |
| 13 | 448-kolnp-2004-granted-description (complete).pdf | 2011-10-06 |
| 14 | 448-kolnp-2004-granted-correspondence.pdf | 2011-10-06 |
| 15 | 448-kolnp-2004-granted-claims.pdf | 2011-10-06 |
| 16 | 448-kolnp-2004-granted-abstract.pdf | 2011-10-06 |
| 17 | 448-KOLNP-2004-FORM 27.pdf | 2011-10-06 |
| 18 | 448-KOLNP-2004-FORM 27-1.1.pdf | 2011-10-06 |
| 19 | 448-KOLNP-2004-FORM 27 1.2.pdf | 2011-10-06 |
| 20 | 448-KOLNP-2004-CORRESPONDENCE.pdf | 2011-10-06 |
| 21 | 448-KOLNP-2004-CORRESPONDENCE 1.1.pdf | 2011-10-06 |
| 22 | 448-KOLNP-2004-FORM-27.pdf | 2012-07-17 |
| 23 | 448-KOLNP-2004-(07-01-2013)-PA.pdf | 2013-01-07 |
| 24 | 448-KOLNP-2004-(07-01-2013)-FORM-16.pdf | 2013-01-07 |
| 25 | 448-KOLNP-2004-(07-01-2013)-CORRESPONDENCE.pdf | 2013-01-07 |
| 26 | 448-KOLNP-2004-(07-01-2013)-ASSIGNMENT.pdf | 2013-01-07 |
| 27 | 448-KOLNP-2004-(08-03-2013)-CORRESPONDENCE.pdf | 2013-03-08 |
| 28 | 448-KOLNP-2004-(25-11-2014)-PA.pdf | 2014-11-25 |
| 29 | 448-KOLNP-2004-(25-11-2014)-CORRESPONDENCE.pdf | 2014-11-25 |
| 30 | 448-KOLNP-2004-(06-04-2015)-FORM-27.pdf | 2015-04-06 |
| 31 | 448-KOLNP-2004-(31-03-2016)-FORM-27.pdf | 2016-03-31 |
| 32 | Form 27 [18-02-2017(online)].pdf | 2017-02-18 |
| 33 | Other Document [24-02-2017(online)].pdf | 2017-02-24 |
| 34 | AlterationInregister94(1).pdf_1.pdf | 2017-05-18 |
| 35 | AlterationInregister94(1).pdf | 2017-05-18 |
| 36 | 448-KOLNP-2004-RELEVANT DOCUMENTS [11-01-2018(online)].pdf | 2018-01-11 |
| 37 | 448-KOLNP-2004-RELEVANT DOCUMENTS [30-04-2019(online)].pdf | 2019-04-30 |
| 38 | 448-KOLNP-2004-PETITION UNDER RULE 138 [30-04-2019(online)].pdf | 2019-04-30 |
| 39 | 448-KOLNP-2004-POWER OF AUTHORITY [31-10-2019(online)].pdf | 2019-10-31 |
| 40 | 448-KOLNP-2004-FORM-16 [31-10-2019(online)].pdf | 2019-10-31 |
| 41 | 448-KOLNP-2004-ASSIGNMENT WITH VERIFIED COPY [31-10-2019(online)].pdf | 2019-10-31 |
| 42 | 448-KOLNP-2004-RELEVANT DOCUMENTS [26-03-2020(online)].pdf | 2020-03-26 |
| 43 | 448-KOLNP-2004-RELEVANT DOCUMENTS [15-09-2021(online)].pdf | 2021-09-15 |
| 44 | 448-KOLNP-2004-RELEVANT DOCUMENTS [24-08-2022(online)].pdf | 2022-08-24 |
| 45 | 448-KOLNP-2004-16-01-2023-RELEVANT DOCUMENTS.pdf | 2023-01-16 |