ACCESS-CONTROLLED ENCRYPTED RECORDING SYSTEM FOR SITE, INTERACTION AND PROCESS MONITORING
First Claim
1. A recording system includinga data acquisition device,an encryption processor close-coupled with said data acquisition device by a trusted/protected communication linkage,means for controlling encryption by said encryption processor using an encryption key to produce encrypted data,storage means for recording said encrypted data, andmeans for controlling access to data stored in said storage means with a right of access key.
0 Assignments
0 Petitions
Accused Products
Abstract
A high level of security for access to recorded information is provided by provision of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information.
-
Citations
20 Claims
-
1. A recording system including
a data acquisition device, an encryption processor close-coupled with said data acquisition device by a trusted/protected communication linkage, means for controlling encryption by said encryption processor using an encryption key to produce encrypted data, storage means for recording said encrypted data, and means for controlling access to data stored in said storage means with a right of access key.
-
15. A method of producing a recording of an information stream which can be authenticated, said stream of data being produced in association with one or more interested parties which may be in the presence of each other or authenticated to each other over a network through a trusted process or device running on a server or pool of servers, said method comprising steps of
selecting a master policy that specifies, for each time segment of the information stream, the rights of each interested party to control decryption and/or authentication of a corresponding segment of the information stream, generating segment keys for encrypting or authenticating each said time segment of said information stream, destroying the information stream, distributing the information stream to interested parties, generating a keyshare log or access right log comprising, for each time segment, a set of keyshares or access rights implementing said master policy for respective time segments of said information stream, and distributing respective keyshares to or evaluating access rights of interested parties for respective time segments of said information stream.
Specification