Data access levels

US 10,686,765 B2
Filed: 04/19/2017
Issued: 06/16/2020
Est. Priority Date: 04/19/2017
Status: Active Grant

First Claim

Patent Images

1. A method for securing and accessing a plurality of data levels, the method comprising:

gathering, by a network device, a plurality of data for transmission across an unsecured zone;

identifying a potential security risk based on the unsecured zone;

determining to encrypt the plurality of data with more than one level of encryption based on the identified security risk;

encrypting, by a network device, a first section of data within the gathered plurality of data with a first level encryption key;

encrypting, by a network device, a second section of data within the gathered plurality of data with a second level encryption key, wherein the first section of data is a progressively encrypted section of data with the first level encryption key and the second level encryption key associated with accessing the first section of data, wherein the first level encryption key and the second level encryption key include a validity key that is associated with one or more roles of a multi-role recipient device, wherein the validity key allows the recipient device to perform multiple roles concurrently; and

transmitting, in a single transmission across the unsecured zone, a combined batch of data to a plurality of recipient devices and a validity key for the multi-role recipient device, wherein the combined batch of data includes the progressively encrypted first section of data, the encrypted second section of data, and an unencrypted section of data, wherein each of the plurality of recipient devices is configured to access different sections of the combined batch of data in the single transmission and the multi-role recipient device changes roles using the validity key and has access to each section of the combined batch of data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer system, and a computer program product for securing and accessing a plurality of data levels is provided. The present invention may include gathering, by a network device, data. The present invention may also include encrypting, by a network device, a first section of data within the gathered data with a level 1 encryption key. The present invention may then include encrypting, by a network device, a second section of data within the gathered data with a level 2 encryption key. The present invention may further include transmitting, by a network device, the data to a recipient device. The present invention may also include decrypting, by the recipient device, the second section of data with the level 2 encryption key. The present invention may then include decrypting, by the recipient device, the first section of data with the level 1 encryption key.

40 Citations

View as Search Results

20 Claims

1. A method for securing and accessing a plurality of data levels, the method comprising:
- gathering, by a network device, a plurality of data for transmission across an unsecured zone;
  
  identifying a potential security risk based on the unsecured zone;
  
  determining to encrypt the plurality of data with more than one level of encryption based on the identified security risk;
  
  encrypting, by a network device, a first section of data within the gathered plurality of data with a first level encryption key;
  
  encrypting, by a network device, a second section of data within the gathered plurality of data with a second level encryption key, wherein the first section of data is a progressively encrypted section of data with the first level encryption key and the second level encryption key associated with accessing the first section of data, wherein the first level encryption key and the second level encryption key include a validity key that is associated with one or more roles of a multi-role recipient device, wherein the validity key allows the recipient device to perform multiple roles concurrently; and
  
  transmitting, in a single transmission across the unsecured zone, a combined batch of data to a plurality of recipient devices and a validity key for the multi-role recipient device, wherein the combined batch of data includes the progressively encrypted first section of data, the encrypted second section of data, and an unencrypted section of data, wherein each of the plurality of recipient devices is configured to access different sections of the combined batch of data in the single transmission and the multi-role recipient device changes roles using the validity key and has access to each section of the combined batch of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - decrypting, by the recipient device, the second section of data with the second level encryption key; and
      
      decrypting, by the recipient device, the first section of data with the first level encryption key.
  - 3. The method of claim 1, wherein the plurality of data is encrypted with more than two levels of encryption, and wherein the network device transmits data with more than two levels of encryption in a single transmission.
  - 4. The method of claim 1, wherein the encrypted first section of data is associated with the first level encryption key, the encrypted second section of data is associated with the second level encryption key, and wherein the first level encryption key is a progressive encryption key.
  - 5. The method of claim 1, wherein the network device has a hierarchical supervisory role over at least one other device, and wherein the network device has access to the encryption keys of at least one other device.
  - 6. The method of claim 1, wherein the encryption key is chosen based on the role of a device that is encrypting data, wherein the role is a functional role, and wherein the functional role is based on the type of data gathered by the network device.
  - 7. The method of claim 1, wherein an alternative encryption key is chosen based on a risk perceived by the network device sending data, and wherein the network device determines a level of risk.

8. A computer system for securing and accessing a plurality of data levels, comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising;
  
  gathering, by a network device, a plurality of data for transmission across an unsecured zone;
  
  identifying a potential security risk based on the unsecured zone;
  
  determining to encrypt the plurality of data with more than one level of encryption based on the identified security risk;
  
  encrypting, by a network device, a first section of data within the gathered plurality of data with a first level encryption key;
  
  encrypting, by a network device, a second section of data within the gathered plurality of data with a second level encryption key, wherein the first section of data is a progressively encrypted section of data with the first level encryption key and the second level encryption key associated with accessing the first section of data, wherein the first level encryption key and the second level encryption key include a validity key that is associated with one or more roles of a multi-role recipient device, wherein the validity key allows the recipient device to perform multiple roles concurrently; and
  
  transmitting, in a single transmission across the unsecured zone, a combined batch of data to a plurality of recipient devices and a validity key for the multi-role recipient device, wherein the combined batch of data includes the progressively encrypted first section of data, the encrypted second section of data, and an unencrypted section of data, wherein each of the plurality of recipient devices is configured to access different sections of the combined batch of data in the single transmission and the multi-role recipient device changes roles using the validity key and has access to each section of the combined batch of data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer system of claim 8, further comprising:
    - decrypting, by the recipient device, the second section of data with the second level encryption key; and
      
      decrypting, by the recipient device, the first section of data with the first level encryption key.
  - 10. The computer system of claim 8, wherein the plurality of data is encrypted with more than two levels of encryption, and wherein the network device transmits data with more than two levels of encryption in a single transmission.
  - 11. The computer system of claim 8, wherein the encrypted first section of data is associated with the first level encryption key, the encrypted second section of data is associated with the second level encryption key, and wherein the first level encryption key is a progressive encryption key.
  - 12. The computer system of claim 8, wherein the network device has a hierarchical supervisory role over at least one other device, and wherein the network device has access to the encryption keys of at least one other device.
  - 13. The computer system of claim 8, wherein the encryption key is chosen based on the role of a device that is encrypting data, wherein the role is a functional role, and wherein the functional role is based on the type of data gathered by the network device.
  - 14. The computer system of claim 8, wherein an alternative encryption key is chosen based on a risk perceived by the network device sending data, and wherein the network device determines a level of risk.

15. A computer program product for securing and accessing a plurality of data levels, comprising:
- one or more computer-readable storage medium and program instructions stored on at least one of the one or more tangible storage medium, the program instructions executable by a processor, the program instructions comprising;
  
  program instructions to gather, by a network device, a plurality of data for transmission across an unsecured zone;
  
  program instructions to identify a potential security risk based on the unsecured zone;
  
  program instructions to determine to encrypt the plurality of data with more than one level of encryption based on the identified security risk;
  
  program instructions to encrypt, by a network device, a first section of data within the gathered plurality of data with a first level encryption key;
  
  program instructions to encrypt, by a network device, a second section of data within the gathered plurality of data with a second level encryption key, wherein the first section of data is a progressively encrypted section of data with the first level encryption key and the second level encryption key associated with accessing the first section of data, wherein the first level encryption key and the second level encryption key include a validity key that is associated with one or more roles of a multi-role recipient device, wherein the validity key allows the recipient device to perform multiple roles concurrently; and
  
  program instructions to transmit, in a single transmission across the unsecured zone, a combined batch of data to a plurality of recipient devices and a validity key for the multi-role recipient device, wherein the combined batch of data includes the progressively encrypted first section of data, the encrypted second section of data, and an unencrypted section of data, wherein each of the plurality of recipient devices is configured to access different sections of the combined batch of data in the single transmission and the multi-role recipient device changes roles using the validity key and has access to each section of the combined batch of data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising:
    - program instructions to decrypt, by the recipient device, the second section of data with the second level encryption key; and
      
      program instructions to decrypt, by the recipient device, the first section of data with the first level encryption key.
  - 17. The computer program product of claim 15, wherein the encrypted first section of data is associated with the first level encryption key, the encrypted second section of data is associated with the second level encryption key, and wherein the first level encryption key is a progressive encryption key.
  - 18. The computer program product of claim 15, wherein the network device has a hierarchical supervisory role over at least one other device, and wherein the network device has access to the encryption keys of at least one other device.
  - 19. The computer program product of claim 15, wherein the encryption key is chosen based on the role of a device that is encrypting data, wherein the role is a functional role, and wherein the functional role is based on the type of data gathered by the network device.
  - 20. The computer program product of claim 15, wherein an alternative encryption key is chosen based on a risk perceived by the network device sending data, and wherein the network device determines a level of risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kumhyr, David B., Mathieu, Arnaud A., Mukherjee, Maharaj, Robertson, Michael P.
Primary Examiner(s)
Lanier, Benjamin E

Application Number

US15/490,972
Publication Number

US 20180309738A1
Time in Patent Office

1,154 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0478   applying multiple layers of...

H04L 63/06   for supporting key manageme...

H04L 63/1433   Vulnerability analysis

H04L 9/0836   using tree structure or hie...

H04L 9/088   Usage controlling of secret...

Data access levels

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data access levels

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links