SYSTEM AND METHOD FOR SECURE DIGITAL SHARING BASED ON AN INTER-SYSTEM EXCHANGE OF A TWO-TIER DOUBLE ENCRYPTED DIGITAL INFORMATION KEY

US 20170093826A1
Filed: 10/03/2016
Published: 03/30/2017
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A system based on layered, two-tier double cryptographic keys providing a closed cryptosystem for secure content distribution within a secured network environment, the system comprising:

a digital key management device including digital key management circuitry configured togenerate a first-tier cryptographic key and make the first-tier cryptographic key publicly accessible within a first secured walled region, wherein the first secured walled region is accessible to a supply network node registered to a first authentication database associated with an access server of the system,encrypt a first content with the first-tier cryptographic key,generate encrypted first content,generate a second-tier cryptographic key and make the second-tier cryptographic key publicly accessible to the supply network node within a second secured walled region,encrypt a second content with the second-tier cryptographic key, andgenerate encrypted second content,a network node including node circuitry configured torequest, via a network interface, access to the first secured walled region, wherein the access server enables access to the first secured walled region for the supply network node upon authentication and/or authorization by the first authentication database,access the first-tier cryptographic key via the first secured walled region,access and decrypt the encrypted first content using the first-tier cryptographic keygenerate a first data container based on the decrypted first content,transfer the first data container to a client device, wherein the digital key management circuitry assigns the client device the first-tier cryptographic key, and wherein the assignment is accessible to the network node circuitry registered to the first authentication database,request access to the second secured walled region, wherein the access server enables access to the second secured walled region for the supply node upon authentication and/or authorization from a second authentication database associated with the access server,access the second-tier cryptographic key via the secured second walled region,access and decrypt the encrypted second content using the second-tier cryptographic key,generate a second data container based on the decrypted second content, andtransfer the second data container to the client device,wherein the digital key management circuitry is further configured to receive a first acceptance-confirmation of the content of the first data container, via a network interface, from the client device, and receive a second acceptance-confirmation of the content of the second data container, via the network interface, from the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system based on layered, two-tier double cryptographic keys providing a closed cryptosystem within a secured network environment, the system including a digital key management device and a network node. The digital key management device generates a first-tier cryptographic key, a second-tier cryptographic key and makes the first-tier and second-tier cryptographic keys publicly accessible within a first and a second secured walled regions that are accessible to a network node registered to a first authentication database associated with an access server of the system, encrypts a first and second content with the first-tier and second-tier cryptographic keys, and generates encrypted first and second content. The network node requests access to the first secured walled region, accesses the first-tier and the second-tier cryptographic keys, decrypts the first and second content, generates first and second data containers based on the decrypted content, and transfers the data containers to a client device.

25 Citations

View as Search Results

17 Claims

1. A system based on layered, two-tier double cryptographic keys providing a closed cryptosystem for secure content distribution within a secured network environment, the system comprising:
- a digital key management device including digital key management circuitry configured togenerate a first-tier cryptographic key and make the first-tier cryptographic key publicly accessible within a first secured walled region, wherein the first secured walled region is accessible to a supply network node registered to a first authentication database associated with an access server of the system,encrypt a first content with the first-tier cryptographic key,generate encrypted first content,generate a second-tier cryptographic key and make the second-tier cryptographic key publicly accessible to the supply network node within a second secured walled region,encrypt a second content with the second-tier cryptographic key, andgenerate encrypted second content,a network node including node circuitry configured torequest, via a network interface, access to the first secured walled region, wherein the access server enables access to the first secured walled region for the supply network node upon authentication and/or authorization by the first authentication database,access the first-tier cryptographic key via the first secured walled region,access and decrypt the encrypted first content using the first-tier cryptographic keygenerate a first data container based on the decrypted first content,transfer the first data container to a client device, wherein the digital key management circuitry assigns the client device the first-tier cryptographic key, and wherein the assignment is accessible to the network node circuitry registered to the first authentication database,request access to the second secured walled region, wherein the access server enables access to the second secured walled region for the supply node upon authentication and/or authorization from a second authentication database associated with the access server,access the second-tier cryptographic key via the secured second walled region,access and decrypt the encrypted second content using the second-tier cryptographic key,generate a second data container based on the decrypted second content, andtransfer the second data container to the client device,wherein the digital key management circuitry is further configured to receive a first acceptance-confirmation of the content of the first data container, via a network interface, from the client device, and receive a second acceptance-confirmation of the content of the second data container, via the network interface, from the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system according to claim 1, the system further comprising:
    - a billing gateway interface including billing gateway circuitry configured to access the access server and retrieve first access detail records of the supply network node; and
      
      an assigned billing management database with first access and billing control data of each supply network node based on the access of the supply network node to the first-tier cryptographic key and/or encrypted first content.
  - 3. The system according to claim 2, wherein the first access detail records are generated upon the authentication and/or authorization from the first authentication database.
  - 4. The system according to claim 2, wherein the billing gateway circuitry is further configured to:
    - access the access server and retrieve second access detail records of the supply network node,the billing management database comprising second access control data of each supply network node based on the access of the supply network node to the second-tier cryptographic key and/or encrypted second content.
  - 5. The system according to claim 4, wherein the second access detail records are generated upon the authentication and/or authorization by the second authentication database.
  - 6. The system according to claim 5, wherein the billing gateway circuitry is further configured to bill the supply network node for the access to the obtained first-tier cryptographic key and/or the obtained second-tier cryptographic key.
  - 7. The system according to claim 6, wherein only access to the second-tier cryptographic key and/or encrypted second content is billed, while the first-tier cryptographic key is made publicly accessible within a first secured walled region without billing.
  - 8. The system according to claim 1, wherein the first secured walled region and/or the second secured walled region is realized as a secured network region or a secured memory region blocked by controlling data transfers using a secure gateway control circuit or a Memory Management Unit (MMU).
  - 9. The system according to claim 1, wherein the first and/or second acceptance-confirmation is realized as transfer of a secured data packet structure comprising the acceptance-confirmation.
  - 10. The digital key management system according to claim 9, wherein the secured data packet structure includes secured packets containing application messages to which specific mechanisms are applicable,wherein the application messages comprise commands and/or data exchanged between an application resident in the digital key management circuitry, andwherein the digital key management circuitry is further configured to apply one or more security mechanisms to the application messages to turn the application messages into secured packets.
  - 11. The system according to claim 10, wherein the first authentication database includes first authentication circuitry configured to:
    - receive a license number associated with the network node,retrieve a hardware fingerprint associated with the network node based on the license number, the hardware fingerprint being a unique identifier associated with the network node, anddetermine whether the network node is registered with the digital key management circuitry based on the hardware fingerprint and the license number.
  - 12. The system according to claim 1, wherein the encryption of the first content with the first-tier cryptographic key and the encryption of the second content with the second-tier cryptographic key uses a single type of encryption,wherein the digital key management circuitry is further configured to provide the encrypted content to the network node associated with the first-tier cryptographic key and the second-tier cryptographic key, andwherein the first-tier cryptographic key and the second-tier cryptographic key are encrypted based on a hardware fingerprint of the network node and a private key stored at the network node.
  - 13. The system according to claim 12, wherein the digital key management circuitry is further configured to:
    - generate a first data stream including the encrypted first data content,generate a locator for the encrypted first data content, andgenerate a second data stream including the first cryptographic key and the locator of the content.
  - 14. The system according to claim 12, wherein the digital key management circuitry is further configured togenerate a third data stream including the encrypted second data content;
    - generate a locator for the encrypted first data content, andgenerate a third data stream including the second cryptographic key and the locator of the content.
  - 15. The system according to claim 12, wherein the private key stored in the network node is in an encrypted format, andwherein the network node circuitry is further configured todecrypt the encrypted private key using a key derived from a the hardware fingerprint of the network node, anddecrypt the encrypted first cryptographic key and/or second cryptographic key using the decrypted stored private key.
  - 16. The system according to claim 1, wherein the second data container comprises different policies, wherein each of the different policies controls consumption of automatic risk transfer between the network node and the client device.
  - 17. The system according to claim 1, wherein the first secured walled region and/or the second secured walled region are segregated physically and/or logically from the rest of the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Swiss Reinsurance Company
Original Assignee
Swiss Reinsurance Company
Inventors
WERNEYER, Oliver

Granted Patent

US 10,523,644 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/60   Digital content management,...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 9/083   involving central third par...

SYSTEM AND METHOD FOR SECURE DIGITAL SHARING BASED ON AN INTER-SYSTEM EXCHANGE OF A TWO-TIER DOUBLE ENCRYPTED DIGITAL INFORMATION KEY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURE DIGITAL SHARING BASED ON AN INTER-SYSTEM EXCHANGE OF A TWO-TIER DOUBLE ENCRYPTED DIGITAL INFORMATION KEY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links