ACCESS-CONTROLLED ENCRYPTED RECORDING SYSTEM FOR SITE, INTERACTION AND PROCESS MONITORING

US 20080310636A1
Filed: 03/19/2008
Published: 12/18/2008
Est. Priority Date: 01/19/2005
Status: Active Grant

First Claim

Patent Images

1. A recording system includinga data acquisition device,an encryption processor close-coupled with said data acquisition device by a trusted/protected communication linkage,means for controlling encryption by said encryption processor using an encryption key to produce encrypted data,storage means for recording said encrypted data, andmeans for controlling access to data stored in said storage means with a right of access key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A high level of security for access to recorded information is provided by provision of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information.

Citations

20 Claims

1. A recording system includinga data acquisition device,an encryption processor close-coupled with said data acquisition device by a trusted/protected communication linkage,means for controlling encryption by said encryption processor using an encryption key to produce encrypted data,storage means for recording said encrypted data, andmeans for controlling access to data stored in said storage means with a right of access key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A recording system as recited in claim 1, further including means for encrypting data with a random key,means for encrypting said random key with said encryption key to produce an encrypted random key and storing said encrypted random key with said encrypted data,means for decrypting said encrypted random key with a right of access key to obtain said random key, andmeans for decrypting said encrypted data with said random key.
  - 3. A recording device as recited in claim 1 wherein said data acquisition device includes a video camera, microphone and/or a transducer for measuring a physical parameter.
  - 4. A recording device as recited in claim 1, further including means for identifying parties present in an area monitored by said data acquisition device.
  - 5. A recording device as recited in claim 4 wherein said means for identifying parties includes an RFID tag and/or a biometric access control device.
  - 6. A recording device as recited in claim 1 wherein said trusted/protected communication linkage includes a tamper-resistant or tamper-evident enclosure.
  - 7. A recording device as recited in claim 1 wherein said trusted/protected communication linkage includes an end-to-end encrypted digital network link.
  - 8. A recording device as recited in claim 1 wherein said trusted/protected communication linkage includes obfuscated code.
  - 9. A recording device as recited in claim 1 wherein said encryption key is a session key or segment key.
  - 10. A recording device as recited in claim 9 wherein said session key or segment key is a random number.
  - 11. A recording device as recited in claim 1 wherein said encryption by said encryption processor is symmetrical.
  - 12. A recording device as recited in claim 9 wherein said session key or segment key is encrypted with said right of access key to form an encrypted session key or encrypted segment key which is recorded with said encrypted data.
  - 13. A recording device as recited in claim 12 wherein said encrypted session key or encrypted segment key is asymmetrically encrypted.
  - 14. A recording device as recited in claim 9 wherein said encrypted session key or encrypted segment key is encrypted with a public key such that it can be decrypted only with a private key.

15. A method of producing a recording of an information stream which can be authenticated, said stream of data being produced in association with one or more interested parties which may be in the presence of each other or authenticated to each other over a network through a trusted process or device running on a server or pool of servers, said method comprising steps ofselecting a master policy that specifies, for each time segment of the information stream, the rights of each interested party to control decryption and/or authentication of a corresponding segment of the information stream,generating segment keys for encrypting or authenticating each said time segment of said information stream,destroying the information stream,distributing the information stream to interested parties,generating a keyshare log or access right log comprising, for each time segment, a set of keyshares or access rights implementing said master policy for respective time segments of said information stream, anddistributing respective keyshares to or evaluating access rights of interested parties for respective time segments of said information stream.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A method as recited in claim 15, including the further step of protecting said information stream with a tamper resistant or tamper evident enclosure and wherein said keyshare log and private authentication keys are destroyed upon detection of tampering.
  - 17. A method as recited in claim 15 including the further step ofencrypting respective time segments of said information stream with corresponding segment keys to form an encrypted information stream.
  - 18. A method as recited in claim 15 including the further step ofdigitally signing the encrypted information stream and keyshare log or access rights log by said trusted process or device.
  - 19. A method as recited in claim 15 including the further steps ofreceiving through said trusted process or device requests for access to segment keys for at least one time segment from interested parties, and releasing said segment keys if said requests represent a quorum under said master policy.
  - 20. A method as recited in claim 15 wherein said information stream includes information providing non-transferable confidence in the identities of interested parties and the contents and integrity of the information stream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Charles H. Bennett
Original Assignee
Charles H. Bennett
Inventors
BENNETT, Charles H.

Granted Patent

US 7,792,296 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/85   interconnection devices, e....

ACCESS-CONTROLLED ENCRYPTED RECORDING SYSTEM FOR SITE, INTERACTION AND PROCESS MONITORING

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS-CONTROLLED ENCRYPTED RECORDING SYSTEM FOR SITE, INTERACTION AND PROCESS MONITORING

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links