WO2013044306A1 - A system and method for distributing secured data - Google Patents

A system and method for distributing secured data Download PDF

Info

Publication number
WO2013044306A1
WO2013044306A1 PCT/AU2012/001171 AU2012001171W WO2013044306A1 WO 2013044306 A1 WO2013044306 A1 WO 2013044306A1 AU 2012001171 W AU2012001171 W AU 2012001171W WO 2013044306 A1 WO2013044306 A1 WO 2013044306A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
accordance
email
recipient
transmission
Prior art date
Application number
PCT/AU2012/001171
Other languages
French (fr)
Inventor
Stephen Thompson
Lawrence Edward Nussbaum
Original Assignee
Cocoon Data Holdings Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2011904016A external-priority patent/AU2011904016A0/en
Application filed by Cocoon Data Holdings Limited filed Critical Cocoon Data Holdings Limited
Priority to AU2013202208A priority Critical patent/AU2013202208A1/en
Publication of WO2013044306A1 publication Critical patent/WO2013044306A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/214Monitoring or handling of messages using selective forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to a system and method for distributing secured data, and particularly, although not exclusively to a system and method for distributing secured data objects through electronic mail.
  • emails also introduces new problems of congestion and bottlenecks. This is because emails are generally perceived by users to be a high speed form of communication. As such, given its speed and ease of use, users may heavily use an email service to communicate with friends, family and
  • a method for distributing secured data comprising the steps of:
  • the step of generating the transmission object includes the steps of:
  • the secured data object is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data .
  • the step of generating the transmission object further includes the step of storing the location of the key in a secured location wherein an address of the secured location is provided to the recipient upon the authentication of the recipient .
  • the method further includes a step of authenticating a security status of an apparatus arranged to generate the
  • the data for transmission to a recipient relates to an email message.
  • the data for transmission to a recipient is received from an email sender .
  • the selection criteria include conditions relating to the:
  • transmission object is transmitted via a communication network .
  • the method is arranged to be integrated with an email service.
  • a system for distributing secured data comprising:
  • a gateway arranged to receive data for transmission to a recipient
  • a selection routine arranged to compare the data against at least one selection criterion to determine a security requirement relating to the data
  • a secure object module arranged to generate a transmission object by processing the data in accordance with the security requirement of the data
  • a transmission interface arranged to transmit the transmission object to the recipient.
  • the secured object module includes: an encryption process arranged to encrypt the data with a key to generate a secured data object in accordance with the security requirement and output the secured data object as the transmission.
  • the secured data object is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data.
  • the secured data module further includes the step of storing the location of the key in a secured location wherein an address of the secured location is provided to the recipient upon the authentication of the recipient.
  • the secured data object includes an authenticating routine arranged to authenticate a security status of the encryption process.
  • the data for transmission to a recipient describes an email message.
  • the data for transmission to a recipient is received from an email sender .
  • the selection criteria include criteria conditions relating to the:
  • transmission object is transmitted via a communication network.
  • system is arranged to be integrated with an email service.
  • gateway and selection routine are arranged to be implemented within an email client.
  • the gateway is arranged to interrupt the email client.
  • gateway and selection routine are arranged to be
  • the gateway is arranged to interrupt the email server. In an embodiment of the second aspect, the gateway is arranged to alter the data to trigger the encryption process to generate a secured data object.
  • Figure 1 is a schematic block diagram of a system for distributing secured data in accordance with one
  • Figure 2 is a block diagram of a system for securing data in accordance with one embodiment of the present invention
  • Figure 3 is a block diagram of a system for
  • Figure 4 is a flow diagram illustrating the process flow of an embodiment of the system illustrated in Figure 3 when implemented for use with an electronic mail (email) service ;
  • Figure 5A is a block diagram illustrating an
  • Figure 5B is a block diagram illustrating an
  • Figure 5C is a block diagram illustrating an
  • FIG. 1 there is illustrated an embodiment of a computing device in the form of a computer server which may be arranged to operate as a system for distributing secured data.
  • the system for distributing secured data is arranged to intercept data relating to an email or any other forms of electronic communications and apply a security process on the data depending on whether the email or other forms electronic communications meets a pre-defined selection criteria.
  • the security process applied on the data may include an encryption process whereby the data is encrypted to generate a secured data object whilst the selection criteria may include a set of rules or conditions which may be used to determine if a particular set of data requires security processing.
  • the system may be arranged to operate with an email system with specific modules, gateways, routines,
  • the system for for:
  • distributing secured data and its component modules, gateways, routines, functions, processes or interfaces may be implemented by one or more electronics circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the one or more computers or computing devices.
  • Each of the computers or computing devices may be implemented by any computing architecture, including stand-alone PC, tablet computers, smart phones, client/server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture.
  • the computing device is also appropriately programmed to implement the invention.
  • the system for distributing secured data is implemented on a computer server 100.
  • the server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions.
  • the components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc.
  • the server may also have or more displays 112 such as a liquid crystal display, a light emitting display or any other suitable displays.
  • the server 100 may also have one or more communications links 114.
  • the server 100 may also include instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the
  • a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, smart phones, tablet computers, wireless or handheld computing devices. At least one of a plurality of communications links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication .
  • the server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives.
  • the server 100 may also use a single disk drive or multiple disk drives.
  • the server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104.
  • the system may also have a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for distributing secured data.
  • the database 120 is in communication with an interface 202, which is implemented by computer software residing on the server 100.
  • the interface 202 provides a means by which a user may input commands, instructions or reguests to the server 100 for execution or processing.
  • the interface 202 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 202 may be arranged to receive inputs, reguests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.
  • FIG. 2 there is illustrated a block diagram of an embodiment of a system for securing data and distributing it thereof.
  • This system may be used to generate and/or distribute a secured data object.
  • the system for securing data and distributing it thereof is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol, such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or
  • IPv4 Internet Protocol Version 4
  • IPv6 Version 6
  • the server 200 may have the same configuration as the system of Figure 1.
  • the server 200 which is arranged to receive an encryption reguest 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object (such as a data stream, data document, file, message, email or any other data object) for transmission to another recipient user 206, computer, processor or controller.
  • a data object such as a data stream, data document, file, message, email or any other data object
  • the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but is not limited to:
  • the server 200 is arranged to generate a key which can be used to encrypt the data object.
  • the key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200.
  • the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
  • the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210.
  • the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file.
  • This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 210 needed to decrypt the file is not incorporated within the object 210 itself .
  • the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200.
  • the encrypted data object 210 may be sent through a public or private computer network or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.
  • the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210.
  • the server 200 enforce an authentication process (212) on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient.
  • the authentication process (212) may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .
  • a key 214 may be provided to the recipient user 206 to decrypt the file.
  • the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206.
  • the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206.
  • WO/2009/079708 Alternative embodiments of a system for securing data are also described in WO/2009/079708 which is incorporated herein by reference. These embodiments are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is transmitted separately from the encrypted data object 210. As such, the encrypted data object may be transmitted in a less secure but more convenient channel. Even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of decryption since the key is not within the encrypted object .
  • the server 200 may be arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206.
  • hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object.
  • the dummy keys may also be integrated with the genuine key such that the
  • the user computing devices 204, 206 may be any computing device of any architecture, such as a PC, laptop, tablet or any other computing device.
  • the system 300 comprises an agent module 301 arranged to receive electronic communications 304 through a gateway implemented within the agent module 301.
  • the agent module 301 is arranged to operate with a secure object module 302 and a transmission interface 308 to distribute data or secured data to the recipient 310.
  • These modules, interface and their associated components which may include other gateways, modules, interfaces, routines, functions, processes, processors or other logical functional devices (301, 302, 304 and 308) may be implemented as a single computing package comprising one or more computer software functions or programmed objects deployed on one or more electronic, processing or
  • each of these modules and interfaces 301, 302, 304 and 308 and its associated component gateways, modules, functions, interfaces, routines and processes are implemented as individual computer programs arranged to operate on individual computer servers which are connected to each other through a secured communications link.
  • the architecture of the system 300 including the number of computer servers, amount of computing hardware, implementation and deployment methods will depend on the necessary user reguirements . Servers used may be similar in configuration to the server 200 of Figure 2.
  • the agent module 301 may be implemented as a computer process operating on a computing device such as a computer server.
  • the agent module 301 includes a gateway which is arranged to receive electronic communications from a sender.
  • communications may be in the form of electronic mail (email) or another form of data, such as messages, requests, transmissions, data streams or data files which were sent by a sender, computer, communication device, interface or any other persons, operators or any computer, electronic or processing device or apparatus.
  • the agent module 301 may intercept the electronic communications sent by a sender so that the intercepted electronic communications are received by the gateway of the agent module 301.
  • the agent module 301 may interrupt the email messages in the email queue so as to allow these messages to be accessed by its gateway or transferred to its gateway. Once these electronic communications are accessed or received by the agent module 301, the agent module 301 may proceed to use a selection routine to scan the contents and properties of the electronic communications against one or more
  • selection criteria 306. are, in one embodiment, a set of conditions or rules which specify the security requirements in relation to the electronic communications or data which are about to be transmitted from a sender to a recipient.
  • the selection criteria 306 is a database of rules or conditions which can be used to compare with the contents or properties of an electronic communication so that it may be determined whether any security processes needs to be carried out on the communication. These security processes can include encryption, rejection, amendments or the issuance of alerts for the electronic communication .
  • the agent module 301 will determine that the electronic communication does not require any security clearance and the communication is then transmitted to the recipient 310 by a transmission interface 308. In examples where the system 300 is arranged to operate with emails, the agent module 301 may simply return the communication (email) back to the transmission queue of an email server.
  • the agent module 301 then proceeds to undertake one of a number of different options. These options may include raising specific alarms or alerts, updating of any logs, rejecting the email request and terminating the transmission, or interacting with the secure object module 302 so as to generate a secure data object for
  • agent module 301 and its functions are described below with reference to Figure 4.
  • the secure object module 302 is arranged to interact with the agent module 301 when one or more selection criteria 306 are met.
  • the secure object module 302 is arranged to generate a secure data object with the electronic communications by applying a security process on the electronic communications if the one or more selection criteria 306 are met.
  • the secure object module 302 is a module implemented as a single computing function operating on one or more computing devices which are connected together by communication links.
  • the module 302 may be arranged to generate and store a key which can be utilised to encrypt or decrypt a data object.
  • the module 302 may be arranged to contact a remote server which is arranged to generate and store a key to provide the module 302 with a key to encrypt or decrypt a data object, such as an electronic communications.
  • the module 302 may encrypt the electronic communications so as to generate a secured data object.
  • the module 302 may provide the key to the agent module 301 so that the agent module 301 is able to encrypt the electronic
  • the object may then be transmitted via the secure object module 302 or the transmission interface to the recipient 310.
  • the recipient 310 Once received by the recipient 310, the recipient 310 must in turn obtain a key to decrypt the secured data object so as to obtain the electronic communications.
  • the recipient 310 may contact the secure data module to undertake an authentication process, and if authenticated, the key, or a location of the key if the key is stored on a remote server, is then provided to the recipient 310.
  • the secure object module 302 may be a server 302 connected to a network arranged to allow other modules such as the agent module 301 or other routines, processors or the like to connect to the server with requests to generate or obtain a key to encrypt or decrypt a data object.
  • the secure object module 302 may also be arranged to encrypt data objects.
  • the secure object module 302 may be implemented based on the server 200 described above with the agent module 301 operating as the sender 204 and the recipient being a computing device of a recipient 310. In another embodiment, the secure object module 302 is implemented based on a system for securing data described with reference to WO/2009/079708.
  • the secure object module 302 may transmit a secured data object directly to a recipient 310, or, may also utilise the transmission module 308 to transmit the secure data object. Either option is suitable depending on user requirements and security preference of each individual user .
  • An advantage of these embodiments of the system 300 for distributing secured data is that data, such as electronic mail (email), messages, communications, data streams, multimedia and other data feeds or transmissions can be intercepted and selectively secured before the data is transmitted to an external location.
  • data such as electronic mail (email), messages, communications, data streams, multimedia and other data feeds or transmissions
  • some embodiments of the system 300 are able to automatically intercept the data transmission request and encrypt the data prior to its transmission if it is deemed necessary after the data has been assessed against one or more selection criteria which can also be adjusted as required by the management of an organisation.
  • some embodiments of the system 300 do not require additional applications to be installed but may be integrated with existing user infrastructure as a plug in, add-on or upgrade, these embodiments also remove barriers to adoption by organisations as well as any barriers to uptake by users .
  • Figure 4 there is illustrated a flow chart illustrating the operational processes of one embodiment of the system 300 for distributing secured data, and particularly, although not exclusively, when used in an electronic mail environment.
  • the agent module 301 of the system 300 awaits for an email message to be received by its gateway (400) .
  • a mail server may be programmed so that when an email transmission is received from an email sender, the mail server is interrupted so that the transmission of the email message is suspended. In one example, this may be implemented by programming an interrupt into the email server so that the email message submitted by an email sender is refrained from placement into an email queue for transmission over a communication network, whilst allowing the agent module 301 to scan the message against the selection criteria 306 or transferring the message to the agent module 301 for analysis.
  • the agent module 301 proceeds to scan the email message (401) and check whether any of the selection criteria have been met. These selection criteria may include, without limitation:
  • strings within the email such as in the x-header, subject line, body of the message, or within attached documents ;
  • attachments with a particular file size, e.g. when an attachment is larger than 1 Mb; whether the email message is outgoing or internal to an organisation e.g. it may only be necessary to send outgoing email messages as Secure Envelopes and not internal email messages;
  • the email address of the sender e.g. all outgoing email messages of a particular person or group can be sent as Secure Envelopes;
  • the email message does not meet any of the selection criteria, the email message is deemed to not be of any significant security concern and it is then sent through the email server as a conventional email message (402) .
  • the secure object module 302 proceeds to request authentication from another server called the "Auth" (Authentication) server to authenticate whether the secure object module 302 has the correct credentials, such as an X.509 certificate. This is to ensure the secure object module 302 interacting with the agent module 301 is operating correctly and is the intended and/or approved module for encrypting the email message. In some cases, this may be a test to determine if the module 302 has or has not been hijacked or replaced with a dummy module which could then be used for
  • the email message is returned to the sender with a message about the failed authentication of the module 302 and the transmission of the email message is terminated (404) .
  • the agent module 301 may proceed to request permission to be delegated to send the email message as a secured data object on behalf of the sender (405) .
  • the agent module 301 may provide the Auth server with
  • the agent module 301 removes that message from the email queue (406) and instructs the secure object module 302 to convert the removed email message into a secured data object (407) . In one
  • this may be a process in which the secure object module 302 proceeds to encrypt the email message in a similar manner described with reference to Figure 2 in which a key used to encrypt the secured data object is not encrypted within the secured data object and that the location of the key is not made known to a recipient until the recipient is authenticated.
  • the object Once the email message is encrypted as a secured data object (407), the object may then be returned to the agent module 301, which may in turn, transfer the object to the email server's queue for transmission to the recipient.
  • the secured data object may also be transferred directly by the secure module 302 through its dedicated own transmission process (408) .
  • an advisory email may be generated by the agent module 301 and sent to the recipient 310 through the email server (409) .
  • the advisory email may state that a Secure Envelope has been transmitted, but does not include any sensitive information.
  • Information on how the recipient may be authenticated so as access the secure module 302 or to obtain a key necessary to decrypt the secured data object may also be provided to the recipient.
  • an email system may comprise an email client 502, which may include an email user's computer, browser or application used to compose or send messages and an email server 504 which is arranged to receive the email messages from an email client 502 and transmit the email messages via a communication network to a recipient.
  • the email server 504 and client 502 may be implemented in separated computing devices connected together by a communication network, or may be implemented on a single computing device connected to the
  • the email server interacts with the agent module 301 so that the method for distributing secured data as
  • the agent module 301 is implemented as a plug-in to the email server 504 so that when a email message is received by the email server 504 for processing, the agent module 301 interrupts the normal processing of the email server so that the comparison between the email message with the criteria is undertaken and where appropriate, encrypting the email message into a secured data object.
  • this may be processed by having each email message generated by the user with an email client 502 and transmitted to the email server 504, where it waits in an email queue. While email messages are in the email queue, the agent module 301 scans each message to check whether it meets one or more of the selection criteria for a message which should be to be converted into a secured data object.
  • the agent module 301 automatically removes it from the email queue and then goes through the process of converting it into a secured data object and sending it via the secure object module 302. However, if an email message does not meet any of the selection criteria it is transmitted as an email message via the email server 504 to the internet.
  • the users may be able to manually instruct the agent module 301 to generate a secured data object by typing predefined keywords in the subject line.
  • One of the features of this implementation is that users are not able to change the selection criteria from their email client 502. Therefore, users cannot prevent an email message from being sent as a secured data object if it meets the selection criteria. This is useful and advantageous for some organisations where the management is not able to risk non-compliance by individual users.
  • agent module 301 since the agent module 301 is centralised on the email server 504, it can be installed, updated or modified without disturbing each of the many email users. For example, the selection criteria can be modified centrally without email client 502 users from being affected.
  • the email client interacts with the agent module 301 so that the method for distributing secured data as illustrated in the embodiments with reference to Figure 4 can be carried out on email messages.
  • the email client interacts with the agent module 301 so that the agent module 301 may process the email messages sent through the email client in accordance with the processes outlined in the flow diagrams of Figure 4.
  • the agent module 301 is installed locally on the user's computer as a plug-to the user's email client 502 and is not installed on an email server 504. All emails are scanned locally and checked against the selection criteria. When an eligible email message is found, the plug-in goes through the process of connecting with a secure object module 302 to generate a secured data object and transmits the object via the secure object module 302 or the email server. Messages that do not meet the selection criteria are sent from the email client 502 to the email server 504 where they are sent over the internet .
  • the agent module 301 functionality is presented as an extension of existing email client 502 and requires little or no training on the part of the email user. Also, in some examples, this embodiment is able to provide email users with full control over the selection criteria by providing settings within the email client 502 so that the user can decide when the email is deemed to be necessary for encryption. This implementation is
  • email users can manually instruct the agent to generate a secured data object by typing predefined keywords in the subject line.
  • the agent also creates a software button in the email client 502 to offer this functionality to the user. When the user depresses this button, the agent automatically inserts a security tag into the message that makes it eligible to be sent as a secured data object.
  • the email server interacts with the agent module 301 so that the method for distributing secured data as
  • the agent module 301 is implemented with two plug-ins: one for the email server 504 (the "server plug-in” 301PS) and one for the email client 502 (the "client plug-in” 301PC) .
  • the server plug-in either runs on the email server or with the secure object module 302, and the client plug-in runs locally the user's computer.
  • the client plug-in 301PC scans all email messages locally on the user' s computer and checks them against the selection criteria. When an eligible email message is found, the plug-in inserts a security tag (e.g. a keyword) into part of the outgoing email message such as the x-header or subject line. Messages that do not meet the selection criteria are not altered. All messages generated by the email client 502 are sent via the client plug-in 301PS to the email server.
  • the server plug-in 301PS scans the x- header and subject line of each email in the email queue to check for the presence of a security tag. If a security tag is detected, the server plug-in 301PS removes the message from the email queue and goes through the process of converting the message into a secured data object and sending it.
  • this embodiment is advantageous in that it gives both local control (user) and central control (server) over the selection criteria.
  • the selection criteria can be adjusted locally by users of the email client 502, and centrally by those with authorised access to the email server 504 or secure object module 302.
  • the centrally-controlled selection criteria apply to all users going through the email server but individual users may impose additional automatic selection criteria.
  • the individual users cannot avoid the centrally-controlled selection criteria unless they are given appropriate authority, or that the email messages are sent from and to a controlled geographic location, such as, internal or intra office emails .
  • Another advantage found in this embodiment is that the scanning of email messages in the email queue is more efficient as it only involves checking the x-header and subject line. The slower scanning processes occur locally on the user's computer and thus do not delay messages in the email queue .
  • email users can manually instruct the agent to generate a secured data object by typing predefined keywords in the subject line.
  • the agent module 301 also includes a software button in the email client 502 such that when the button is selected by the user, the agent automatically inserts a security tag into the message that makes it eligible to be sent as a secured data object.
  • API application programming interface
  • program modules include routines, programs, objects, components and data files assisting in the performance of particular
  • computing device are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.

Abstract

A method for distributing secured data comprising the steps of accessing or receiving data for transmission to a recipient; comparing the data against at least one selection criterion to determine a security requirement relating to the data; generating a transmission object by processing the data in accordance with the security requirement; and transmitting the transmission object to the recipient.

Description

A SYSTEM AND METHOD FOR DISTRIBUTING SECURED DATA
TECHNICAL FIELD The present invention relates to a system and method for distributing secured data, and particularly, although not exclusively to a system and method for distributing secured data objects through electronic mail. BACKGROUND
Transferring information electronically through an email service is a cost effective solution for
distributing information. However, email services operate on public infrastructure such as the Internet. This has caused security concerns as sensitive or confidential information sent by email may be intercepted or accessed by unauthorised parties . To address these security concerns, corporations and other users may choose to encrypt the information before transmitting the data over a public network. Whilst encryption of the information may increase the security of the data transmission, such encryption methods have a fundamental flaw in that the encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the encrypted data object since the necessary components to decrypt the data object are all integrated within the encrypted data object .
In addition, the encryption of emails also introduces new problems of congestion and bottlenecks. This is because emails are generally perceived by users to be a high speed form of communication. As such, given its speed and ease of use, users may heavily use an email service to communicate with friends, family and
colleagues. As a result, email traffic may increase to levels which existing hardware and bandwidth is already unable to handle. Once coupled with encryption and decryption methods, these problems regarding computational problems caused by email traffic will only be made worse, requiring powerful servers and computing hardware to handle the added processing and traffic required by additional security measures.
SUMMARY OF THE INVENTION
In accordance with a first aspect of the present invention, there is provided a method for distributing secured data comprising the steps of:
- accessing or receiving data for transmission to a recipient;
- comparing the data against at least one selection criterion to determine a security requirement relating to the data;
- generating a transmission object by processing the data in accordance with the security requirement; and
- transmitting the transmission object to the recipient .
In an embodiment of the first aspect, the step of generating the transmission object includes the steps of:
- encrypting the data with a key to generate a secured data object in accordance with the security requirement; and
- outputting the secured data object as the transmission object.
In an embodiment of the first aspect, the secured data object is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data . In an embodiment of the first aspect, the step of generating the transmission object further includes the step of storing the location of the key in a secured location wherein an address of the secured location is provided to the recipient upon the authentication of the recipient .
In an embodiment of the first aspect, the method further includes a step of authenticating a security status of an apparatus arranged to generate the
transmission object.
In an embodiment of the first aspect, the data for transmission to a recipient relates to an email message.
In an embodiment of the first aspect, the data for transmission to a recipient is received from an email sender .
In an embodiment of the first aspect, the selection criteria include conditions relating to the:
- contents of the email message,
- properties of the email message,
- author of the email message,
- origins of the email message,
- recipient of the email message,
- transmission date of the email message; or any one or more thereof.
In an embodiment of the first aspect, the
transmission object is transmitted via a communication network .
In an embodiment of the first aspect, the method is arranged to be integrated with an email service. In accordance with a second aspect of the present invention, there is provided a system for distributing secured data comprising:
- a gateway arranged to receive data for transmission to a recipient;
- a selection routine arranged to compare the data against at least one selection criterion to determine a security requirement relating to the data;
- a secure object module arranged to generate a transmission object by processing the data in accordance with the security requirement of the data; and
- a transmission interface arranged to transmit the transmission object to the recipient.
In an embodiment of the second aspect, the secured object module includes: an encryption process arranged to encrypt the data with a key to generate a secured data object in accordance with the security requirement and output the secured data object as the transmission.
In an embodiment of the second aspect, the secured data object is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data.
In an embodiment of the second aspect, the secured data module further includes the step of storing the location of the key in a secured location wherein an address of the secured location is provided to the recipient upon the authentication of the recipient.
In an embodiment of the second aspect, the secured data object includes an authenticating routine arranged to authenticate a security status of the encryption process. In an embodiment of the second aspect, the data for transmission to a recipient describes an email message.
In an embodiment of the second aspect, the data for transmission to a recipient is received from an email sender .
In an embodiment of the second aspect, the selection criteria include criteria conditions relating to the:
- contents of the email message,
- properties of the email message,
- author of the email message,
- origins of the email message,
- recipient of the email message,
- transmission date of the email message; or any one or more thereof.
In an embodiment of the second aspect, the
transmission object is transmitted via a communication network.
In an embodiment of the second aspect the system is arranged to be integrated with an email service. In an embodiment of the second aspect, the gateway and selection routine are arranged to be implemented within an email client.
In an embodiment of the second aspect, the gateway is arranged to interrupt the email client.
In an embodiment of the second aspect, wherein the gateway and selection routine are arranged to be
implemented within an email server.
In an embodiment of the second aspect, the gateway is arranged to interrupt the email server. In an embodiment of the second aspect, the gateway is arranged to alter the data to trigger the encryption process to generate a secured data object.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:
Figure 1 is a schematic block diagram of a system for distributing secured data in accordance with one
embodiment of the present invention;
Figure 2 is a block diagram of a system for securing data in accordance with one embodiment of the present invention; Figure 3 is a block diagram of a system for
distributing secured data in accordance with one
embodiment of the present invention;
Figure 4 is a flow diagram illustrating the process flow of an embodiment of the system illustrated in Figure 3 when implemented for use with an electronic mail (email) service ;
Figure 5A is a block diagram illustrating an
embodiment of the system of Figure 3 when implemented on an email server;
Figure 5B is a block diagram illustrating an
embodiment of the system of Figure 3 when implemented on an email client; and Figure 5C is a block diagram illustrating an
embodiment of the system of Figure 3 when implemented on both an email client and email server.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Referring to Figure 1, there is illustrated an embodiment of a computing device in the form of a computer server which may be arranged to operate as a system for distributing secured data.
In one embodiment, the system for distributing secured data is arranged to intercept data relating to an email or any other forms of electronic communications and apply a security process on the data depending on whether the email or other forms electronic communications meets a pre-defined selection criteria. The security process applied on the data may include an encryption process whereby the data is encrypted to generate a secured data object whilst the selection criteria may include a set of rules or conditions which may be used to determine if a particular set of data requires security processing.
The system may be arranged to operate with an email system with specific modules, gateways, routines,
functions, processes or interfaces which perform specific functions of the system to be implemented within an email system or implemented on one or more separate computing devices which operates with the email system.
In one example embodiment, the system for
distributing secured data and its component modules, gateways, routines, functions, processes or interfaces may be implemented by one or more electronics circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the one or more computers or computing devices. Each of the computers or computing devices may be implemented by any computing architecture, including stand-alone PC, tablet computers, smart phones, client/server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture.
In some embodiments, the computing device is also appropriately programmed to implement the invention. As shown in Figure 1, the system for distributing secured data is implemented on a computer server 100. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions. The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc. The server may also have or more displays 112 such as a liquid crystal display, a light emitting display or any other suitable displays. The server 100 may also have one or more communications links 114. The server 100 may also include instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the
processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, smart phones, tablet computers, wireless or handheld computing devices. At least one of a plurality of communications links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication .
The server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104.
The system may also have a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for distributing secured data. The database 120 is in communication with an interface 202, which is implemented by computer software residing on the server 100. The interface 202 provides a means by which a user may input commands, instructions or reguests to the server 100 for execution or processing. The interface 202 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 202 may be arranged to receive inputs, reguests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like. With reference to Figure 2, there is illustrated a block diagram of an embodiment of a system for securing data and distributing it thereof. This system may be used to generate and/or distribute a secured data object. In this example as shown in Figure 2, the system for securing data and distributing it thereof is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol, such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or
communication devices 204, 206 via the communication network. The server 200 may have the same configuration as the system of Figure 1.
The server 200 which is arranged to receive an encryption reguest 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object (such as a data stream, data document, file, message, email or any other data object) for transmission to another recipient user 206, computer, processor or controller. In this example embodiment, the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but is not limited to:
1- Names or references of any files, data or
messages to be encrypted;
2- File, data, or message sizes, dates, properties, permissions settings and other attributes;
3- The identity of the author of the data, file or message;
4- The identification of the recipient 206 of the data, file or message;
5- The access permissions of the recipient 206;
6- The address or reference of the recipient 206; and
7- Any other information relating to the security settings or the data object that is to be encrypted which may be required to encrypt the file, data or message.
Once the encryption request 202 is received by the server 200, the server 200 is arranged to generate a key which can be used to encrypt the data object. The key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated. Preferably, the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210. As a result, the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file. This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 210 needed to decrypt the file is not incorporated within the object 210 itself .
After the data object is encrypted, the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200. Alternatively, as the encrypted data object 210 is now secured, it may be sent through a public or private computer network or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.
Preferably, in some situations, some form of security consideration is still put into practice with the
transmission of the encrypted data object 210 for best practice.
Once the recipient user 206 receives the encrypted data object 210, the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210. In one embodiment, the server 200 enforce an authentication process (212) on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient. The authentication process (212) may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .
After the recipient user 206 is authenticated by the server 200 and is authorized to decrypt the data object 210, a key 214 may be provided to the recipient user 206 to decrypt the file. In one example embodiment, the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206. In another embodiment, the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206. In these examples, it may be necessary to encrypt the data object with necessary information for third party software to control and enforce these permission settings. Examples of these third party software includes Secure Word(TM) or Adobe Acrobat <TM) reader which have permission controls capable of limited the manipulation of a data file . Alternative embodiments of a system for securing data are also described in WO/2009/079708 which is incorporated herein by reference. These embodiments are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is transmitted separately from the encrypted data object 210. As such, the encrypted data object may be transmitted in a less secure but more convenient channel. Even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of decryption since the key is not within the encrypted object . The server 200 may be arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206. By transmitting and utilising dummy keys in the encryption process, hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object. The dummy keys may also be integrated with the genuine key such that the
permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose whilst providing an authorised party to obtain addition information which will allow the authorised party to identify the genuine key.
The user computing devices 204, 206 may be any computing device of any architecture, such as a PC, laptop, tablet or any other computing device.
With reference to Figure 3, there is illustrated an embodiment of a system 300 for distributing secured data. In this embodiment, the system 300 comprises an agent module 301 arranged to receive electronic communications 304 through a gateway implemented within the agent module 301. The agent module 301 is arranged to operate with a secure object module 302 and a transmission interface 308 to distribute data or secured data to the recipient 310. These modules, interface and their associated components which may include other gateways, modules, interfaces, routines, functions, processes, processors or other logical functional devices (301, 302, 304 and 308) may be implemented as a single computing package comprising one or more computer software functions or programmed objects deployed on one or more electronic, processing or
computing devices which may be linked by one or more communication links. Preferably, each of these modules and interfaces 301, 302, 304 and 308 and its associated component gateways, modules, functions, interfaces, routines and processes are implemented as individual computer programs arranged to operate on individual computer servers which are connected to each other through a secured communications link. As the person skilled in the art will appreciate, the architecture of the system 300, including the number of computer servers, amount of computing hardware, implementation and deployment methods will depend on the necessary user reguirements . Servers used may be similar in configuration to the server 200 of Figure 2.
As shown in Figure 3, the agent module 301 may be implemented as a computer process operating on a computing device such as a computer server. The agent module 301 includes a gateway which is arranged to receive electronic communications from a sender. These electronic
communications may be in the form of electronic mail (email) or another form of data, such as messages, requests, transmissions, data streams or data files which were sent by a sender, computer, communication device, interface or any other persons, operators or any computer, electronic or processing device or apparatus. The agent module 301 may intercept the electronic communications sent by a sender so that the intercepted electronic communications are received by the gateway of the agent module 301. In email systems, the agent module 301 may interrupt the email messages in the email queue so as to allow these messages to be accessed by its gateway or transferred to its gateway. Once these electronic communications are accessed or received by the agent module 301, the agent module 301 may proceed to use a selection routine to scan the contents and properties of the electronic communications against one or more
selection criteria 306. These one or more selection criteria 306, are, in one embodiment, a set of conditions or rules which specify the security requirements in relation to the electronic communications or data which are about to be transmitted from a sender to a recipient. Preferably the selection criteria 306 is a database of rules or conditions which can be used to compare with the contents or properties of an electronic communication so that it may be determined whether any security processes needs to be carried out on the communication. These security processes can include encryption, rejection, amendments or the issuance of alerts for the electronic communication .
If none of the one or more criteria 306 are met, then the agent module 301 will determine that the electronic communication does not require any security clearance and the communication is then transmitted to the recipient 310 by a transmission interface 308. In examples where the system 300 is arranged to operate with emails, the agent module 301 may simply return the communication (email) back to the transmission queue of an email server.
However, if one or more selection criteria 306 are met, the agent module 301 then proceeds to undertake one of a number of different options. These options may include raising specific alarms or alerts, updating of any logs, rejecting the email request and terminating the transmission, or interacting with the secure object module 302 so as to generate a secure data object for
transmission to the recipient 310. A more detailed description of the agent module 301 and its functions are described below with reference to Figure 4.
As shown in Figure 3, the secure object module 302 is arranged to interact with the agent module 301 when one or more selection criteria 306 are met. In this example, the secure object module 302 is arranged to generate a secure data object with the electronic communications by applying a security process on the electronic communications if the one or more selection criteria 306 are met.
Preferably, the secure object module 302 is a module implemented as a single computing function operating on one or more computing devices which are connected together by communication links. The module 302 may be arranged to generate and store a key which can be utilised to encrypt or decrypt a data object. Alternatively, the module 302 may be arranged to contact a remote server which is arranged to generate and store a key to provide the module 302 with a key to encrypt or decrypt a data object, such as an electronic communications. Once a key is obtained or generated by the module 302, the module 302 may encrypt the electronic communications so as to generate a secured data object. In another embodiment, the module 302 may provide the key to the agent module 301 so that the agent module 301 is able to encrypt the electronic
communications
Once the electronic communications is encrypted to generate the secured data object, the object may then be transmitted via the secure object module 302 or the transmission interface to the recipient 310. Once received by the recipient 310, the recipient 310 must in turn obtain a key to decrypt the secured data object so as to obtain the electronic communications. The recipient 310 may contact the secure data module to undertake an authentication process, and if authenticated, the key, or a location of the key if the key is stored on a remote server, is then provided to the recipient 310.
In one example embodiment, the secure object module 302 may be a server 302 connected to a network arranged to allow other modules such as the agent module 301 or other routines, processors or the like to connect to the server with requests to generate or obtain a key to encrypt or decrypt a data object. The secure object module 302 may also be arranged to encrypt data objects. In some
examples, the secure object module 302 may be implemented based on the server 200 described above with the agent module 301 operating as the sender 204 and the recipient being a computing device of a recipient 310. In another embodiment, the secure object module 302 is implemented based on a system for securing data described with reference to WO/2009/079708.
In some embodiments, the secure object module 302 may transmit a secured data object directly to a recipient 310, or, may also utilise the transmission module 308 to transmit the secure data object. Either option is suitable depending on user requirements and security preference of each individual user .
An advantage of these embodiments of the system 300 for distributing secured data is that data, such as electronic mail (email), messages, communications, data streams, multimedia and other data feeds or transmissions can be intercepted and selectively secured before the data is transmitted to an external location. This is
particularly the case in large organisations where some individual users may not have the skills, time or
resources to assess the security of each communication or data transmission. In these situations, some embodiments of the system 300 are able to automatically intercept the data transmission request and encrypt the data prior to its transmission if it is deemed necessary after the data has been assessed against one or more selection criteria which can also be adjusted as required by the management of an organisation. In addition, as some embodiments of the system 300 do not require additional applications to be installed but may be integrated with existing user infrastructure as a plug in, add-on or upgrade, these embodiments also remove barriers to adoption by organisations as well as any barriers to uptake by users . With reference to Figure 4, there is illustrated a flow chart illustrating the operational processes of one embodiment of the system 300 for distributing secured data, and particularly, although not exclusively, when used in an electronic mail environment.
In this embodiment, the agent module 301 of the system 300 awaits for an email message to be received by its gateway (400) . In some examples, a mail server may be programmed so that when an email transmission is received from an email sender, the mail server is interrupted so that the transmission of the email message is suspended. In one example, this may be implemented by programming an interrupt into the email server so that the email message submitted by an email sender is refrained from placement into an email queue for transmission over a communication network, whilst allowing the agent module 301 to scan the message against the selection criteria 306 or transferring the message to the agent module 301 for analysis. Once the email message is accessed by the agent module 301, the agent module 301 proceeds to scan the email message (401) and check whether any of the selection criteria have been met. These selection criteria may include, without limitation:
- the presence of particular keywords or character
strings within the email, such as in the x-header, subject line, body of the message, or within attached documents ;
- the presence of any type of materials of interests within the contents of the email, including a parsing process to process the natural language stored within the email or its attachments in an attempt to interpret its meaning, or analysis of the images stored within the email for recognition of persons, shapes, items etc;
the presence of particular types of attachments, such as certain file types (e.g. PDF files or documents containing photos);
the presence of attachments with a particular file size, e.g. when an attachment is larger than 1 Mb; whether the email message is outgoing or internal to an organisation e.g. it may only be necessary to send outgoing email messages as Secure Envelopes and not internal email messages;
the email address of the sender e.g. all outgoing email messages of a particular person or group can be sent as Secure Envelopes;
the email address of the recipient;
the domain of the sender or recipient;
the geographical location of the computer using the email client;
the geographic location of the sender and/or
recipient;
the time and date of the email being sent; and any other information about the sender or recipient e.g. security classification.
In examples where the email message does not meet any of the selection criteria, the email message is deemed to not be of any significant security concern and it is then sent through the email server as a conventional email message (402) .
However, if any of the one or more selection criteria are met (403), a number of actions may be taken by the agent module 301. In one example, alerts, logs or alarms may be raised. In another example, the secure object module 302 proceeds to request authentication from another server called the "Auth" (Authentication) server to authenticate whether the secure object module 302 has the correct credentials, such as an X.509 certificate. This is to ensure the secure object module 302 interacting with the agent module 301 is operating correctly and is the intended and/or approved module for encrypting the email message. In some cases, this may be a test to determine if the module 302 has or has not been hijacked or replaced with a dummy module which could then be used for
unauthorised access to the email messages. If the secure object module 302 is not successfully authenticated, the email message is returned to the sender with a message about the failed authentication of the module 302 and the transmission of the email message is terminated (404) .
If the secure object module 302 is authenticated, the agent module 301 may proceed to request permission to be delegated to send the email message as a secured data object on behalf of the sender (405) . In this example, the agent module 301 may provide the Auth server with
information such as the sender's email address. If the Auth server does not authenticate the email address the email message is returned to the sender (step 404) with a message about the failed authentication. However, if the authentication is successful, the agent module 301 removes that message from the email queue (406) and instructs the secure object module 302 to convert the removed email message into a secured data object (407) . In one
embodiment, this may be a process in which the secure object module 302 proceeds to encrypt the email message in a similar manner described with reference to Figure 2 in which a key used to encrypt the secured data object is not encrypted within the secured data object and that the location of the key is not made known to a recipient until the recipient is authenticated. Once the email message is encrypted as a secured data object (407), the object may then be returned to the agent module 301, which may in turn, transfer the object to the email server's queue for transmission to the recipient. However, in other examples, the secured data object may also be transferred directly by the secure module 302 through its dedicated own transmission process (408) .
Once the secured data object has been transmitted, an advisory email may be generated by the agent module 301 and sent to the recipient 310 through the email server (409) . The advisory email may state that a Secure Envelope has been transmitted, but does not include any sensitive information. Information on how the recipient may be authenticated so as access the secure module 302 or to obtain a key necessary to decrypt the secured data object may also be provided to the recipient.
With reference to Figure 5A, 5B and 5C, there are illustrated three different implementations of the agent module 301 with respect to operating with an email system so as to intercept emails which have been send for comparison against a selection criteria, and based on the results of this comparison, encrypting the intercepted emails
As shown in Figures 5A to 5C, an email system may comprise an email client 502, which may include an email user's computer, browser or application used to compose or send messages and an email server 504 which is arranged to receive the email messages from an email client 502 and transmit the email messages via a communication network to a recipient. The email server 504 and client 502 may be implemented in separated computing devices connected together by a communication network, or may be implemented on a single computing device connected to the
communication network. As shown m the embodiment illustrated m Figures 5A, the email server interacts with the agent module 301 so that the method for distributing secured data as
illustrated in the embodiments with reference to Figure 4 can be carried out on email messages. In this embodiment, the agent module 301 is implemented as a plug-in to the email server 504 so that when a email message is received by the email server 504 for processing, the agent module 301 interrupts the normal processing of the email server so that the comparison between the email message with the criteria is undertaken and where appropriate, encrypting the email message into a secured data object. In one example, this may be processed by having each email message generated by the user with an email client 502 and transmitted to the email server 504, where it waits in an email queue. While email messages are in the email queue, the agent module 301 scans each message to check whether it meets one or more of the selection criteria for a message which should be to be converted into a secured data object. When such a message is found, the agent module 301 automatically removes it from the email queue and then goes through the process of converting it into a secured data object and sending it via the secure object module 302. However, if an email message does not meet any of the selection criteria it is transmitted as an email message via the email server 504 to the internet.
The users may be able to manually instruct the agent module 301 to generate a secured data object by typing predefined keywords in the subject line. One of the features of this implementation is that users are not able to change the selection criteria from their email client 502. Therefore, users cannot prevent an email message from being sent as a secured data object if it meets the selection criteria. This is useful and advantageous for some organisations where the management is not able to risk non-compliance by individual users.
Another advantage of this embodiment is that, since the agent module 301 is centralised on the email server 504, it can be installed, updated or modified without disturbing each of the many email users. For example, the selection criteria can be modified centrally without email client 502 users from being affected.
As illustrated in Figures 5B, another embodiment of the system for distributing secured data is shown. In this embodiment, the email client interacts with the agent module 301 so that the method for distributing secured data as illustrated in the embodiments with reference to Figure 4 can be carried out on email messages. In this example embodiment, the email client interacts with the agent module 301 so that the agent module 301 may process the email messages sent through the email client in accordance with the processes outlined in the flow diagrams of Figure 4.
In this embodiment, the agent module 301 is installed locally on the user's computer as a plug-to the user's email client 502 and is not installed on an email server 504. All emails are scanned locally and checked against the selection criteria. When an eligible email message is found, the plug-in goes through the process of connecting with a secure object module 302 to generate a secured data object and transmits the object via the secure object module 302 or the email server. Messages that do not meet the selection criteria are sent from the email client 502 to the email server 504 where they are sent over the internet .
In one example, the agent module 301 functionality is presented as an extension of existing email client 502 and requires little or no training on the part of the email user. Also, in some examples, this embodiment is able to provide email users with full control over the selection criteria by providing settings within the email client 502 so that the user can decide when the email is deemed to be necessary for encryption. This implementation is
particularly advantageous for independent users as greater flexibility is provided for individual users with regards to the choosing of the selection criteria.
In some embodiments, email users can manually instruct the agent to generate a secured data object by typing predefined keywords in the subject line. The agent also creates a software button in the email client 502 to offer this functionality to the user. When the user depresses this button, the agent automatically inserts a security tag into the message that makes it eligible to be sent as a secured data object. As shown in the embodiment illustrated in Figures 5C, the email server interacts with the agent module 301 so that the method for distributing secured data as
illustrated in the embodiments with reference to Figure 4 can be carried out on email messages. In this embodiment, the agent module 301 is implemented with two plug-ins: one for the email server 504 (the "server plug-in" 301PS) and one for the email client 502 (the "client plug-in" 301PC) . The server plug-in either runs on the email server or with the secure object module 302, and the client plug-in runs locally the user's computer.
In this example embodiment, the client plug-in 301PC scans all email messages locally on the user' s computer and checks them against the selection criteria. When an eligible email message is found, the plug-in inserts a security tag (e.g. a keyword) into part of the outgoing email message such as the x-header or subject line. Messages that do not meet the selection criteria are not altered. All messages generated by the email client 502 are sent via the client plug-in 301PS to the email server. Preferably, the server plug-in 301PS scans the x- header and subject line of each email in the email queue to check for the presence of a security tag. If a security tag is detected, the server plug-in 301PS removes the message from the email queue and goes through the process of converting the message into a secured data object and sending it.
In one example, this embodiment is advantageous in that it gives both local control (user) and central control (server) over the selection criteria. In other words, the selection criteria can be adjusted locally by users of the email client 502, and centrally by those with authorised access to the email server 504 or secure object module 302. In one example, the centrally-controlled selection criteria apply to all users going through the email server but individual users may impose additional automatic selection criteria. Preferably, the individual users cannot avoid the centrally-controlled selection criteria unless they are given appropriate authority, or that the email messages are sent from and to a controlled geographic location, such as, internal or intra office emails .
Another advantage found in this embodiment is that the scanning of email messages in the email queue is more efficient as it only involves checking the x-header and subject line. The slower scanning processes occur locally on the user's computer and thus do not delay messages in the email queue .
In some alternative example embodiments, email users can manually instruct the agent to generate a secured data object by typing predefined keywords in the subject line. Preferably, the agent module 301 also includes a software button in the email client 502 such that when the button is selected by the user, the agent automatically inserts a security tag into the message that makes it eligible to be sent as a secured data object.
Although not required, the embodiments described with reference to the Figures can be implemented as an
application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular
functions, the skilled person will understand that the functionality of the software application may be
distributed across a number of routines, objects or components to achieve the same functionality desired herein .
It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and
"computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.
It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive. Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated.
Although not required, embodiments described with reference to the Figures can be implemented to operate with any form of communication network operating with any type of communication protocol. Generally, where the underlying communication network or communication protocol includes additional routines, functionalities,
infrastructure or packet formats, the skilled person will understand that the implementation of embodiments
described with reference to the Figures may be modified or optimized for operation with these additional routines, functionalities, infrastructure or packet formats.

Claims

CLAIMS :
1. A method for distributing secured data comprising the steps of:
- accessing or receiving data for transmission to a recipient;
- comparing the data against at least one selection criterion to determine a security reguirement relating to the data;
- generating a transmission object by processing the data in accordance with the security requirement; and
- transmitting the transmission object to the recipient .
2. A method in accordance with claim 1, wherein the step of generating the transmission object includes the steps of:
- encrypting the data with a key to generate a secured data object in accordance with the security requirement; and
- outputting the secured data object as the
transmissions object.
3. A method in accordance with claim 2, wherein the secured data object is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data.
4. A method in accordance with claim 2 or 3, wherein the step of generating the transmission object further includes the step of storing the location of the key in a secured location wherein an address of the secured location is provided to the recipient upon the
authentication of the recipient.
5. A method in accordance with one of the preceding claims further including a step of authenticating a security status of an apparatus arranged to generate the transmission object.
6. A method in accordance with any one of the preceding claims, wherein the data for transmission to a recipient relates to an email message.
7. A method in accordance with any one of the preceding claims, wherein the data for transmission to a recipient is received from an email sender.
8. A method in accordance with one of claim 6 or 7, wherein the selection condition include criteria
conditions relating to the:
- contents of the email message,
- properties of the email message,
- author of the email message,
- origins of the email message,
- recipient of the email message,
- transmission date of the email message; or any one or more thereof.
9. A method in accordance with any one of the preceding claims, wherein the transmission object is transmitted via a communication network.
10. A method in accordance with any one of the preceding claims arranged to be integrated with an email service.
11. A system for distributing secured data comprising:
- a gateway arranged to access or receive data for transmission to a recipient;
- a selection routine arranged to compare the data against at least one selection criterion to determine a security requirement relating to the data;
- a secure object module arranged to generate a transmission object by processing the data in accordance with the security requirement; and
- a transmission interface arranged to transmit the transmission object to the recipient.
12. A system in accordance with claim 11, wherein the secured data module includes: an encryption process arrange encrypt the data with a key to generate a secured data object in accordance with the security and outputting the secured data object as the transmission.
13. A system in accordance with claim 12, wherein the secured data object is generated by encrypting the data such that the key to decrypt the data is omitted from the encrypted data.
14. A system in accordance with claim 12 or 13, wherein the secured data module further includes the step of storing the location of the key in a secured location wherein an address of the secured location is provided to the recipient upon the authentication of the recipient.
15. A system in accordance with one of the preceding claims, further including an authenticating routine arranged to authenticate a security status of the
encryption process .
16. A system in accordance with any one of the preceding claims, wherein the data for transmission to a recipient relates an email message.
17. A system in accordance with any one of the preceding claims, wherein the data for transmission to a recipient is received from an email sender.
18. A system in accordance with one of claim 16 or 17, wherein the selection condition include criteria
conditions relating to the: - contents of the email message,
- properties of the email message,
- author of the email message,
- origins of the email message,
- recipient of the email message,
- transmission date of the email message; or any one or more thereof.
19. A system in accordance with any one of the preceding claims, wherein the transmission object is transmitted via a communication network.
20. A system in accordance with any one of the preceding claims arranged to be integrated with an email service.
21. A system in accordance with any one of claims 11 to 20, wherein the gateway and selection routine are arranged to be implemented within an email client.
22. A system in accordance with any one of claims 21, wherein the gateway is arranged to interrupt the email client .
23. A system in accordance with any one of claims 11 to 22, wherein the gateway and selection routine are arranged to be implemented within an email server.
24. A system in accordance with any one of claims 23, wherein the gateway is arranged to interrupt the email server.
25. A system in accordance with any one of claims 12 to 24, wherein the gateway is arranged to alter the data to trigger the encryption process to generate a secured data object.
26. A computer program comprising at least one instruction for controlling a computer system to implement a method in accordance with any one of claims 1 to 10.
27. A computer readable medium providing a computer program in accordance with claim 26.
28. A communication signal transmitted by a computer system executing a computer program in accordance with claim 26.
29. A communication signal transmitted by an electronic system implementing a method in accordance with any one of claims 1 to 10.
30. A system in accordance with any one of claims 11 to 25, wherein the system is arranged to operate with
Internet Protocol Version 6.
31. A system in accordance with claim 30, wherein the system is optimized for Internet Protocol Version 6.
PCT/AU2012/001171 2011-09-30 2012-09-28 A system and method for distributing secured data WO2013044306A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2013202208A AU2013202208A1 (en) 2011-09-30 2013-03-28 Systems and methods for securing and/or distributing secured data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2011904016 2011-09-30
AU2011904016A AU2011904016A0 (en) 2011-09-30 A system ad method for distributing secured data

Related Child Applications (1)

Application Number Title Priority Date Filing Date
AU2013202208A Division AU2013202208A1 (en) 2011-09-30 2013-03-28 Systems and methods for securing and/or distributing secured data

Publications (1)

Publication Number Publication Date
WO2013044306A1 true WO2013044306A1 (en) 2013-04-04

Family

ID=47994023

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2012/001171 WO2013044306A1 (en) 2011-09-30 2012-09-28 A system and method for distributing secured data

Country Status (1)

Country Link
WO (1) WO2013044306A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071632A1 (en) * 2003-09-25 2005-03-31 Pauker Matthew J. Secure message system with remote decryption service
US20110040964A1 (en) * 2007-12-21 2011-02-17 Lawrence Edward Nussbaum System and method for securing data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071632A1 (en) * 2003-09-25 2005-03-31 Pauker Matthew J. Secure message system with remote decryption service
US20110040964A1 (en) * 2007-12-21 2011-02-17 Lawrence Edward Nussbaum System and method for securing data

Similar Documents

Publication Publication Date Title
US11489874B2 (en) Trusted-code generated requests
US11855767B2 (en) Methods and systems for distributing encrypted cryptographic data
US9578021B2 (en) Methods and systems for distributing cryptographic data to authenticated recipients
AU2008341026B2 (en) System and method for securing data
US9124641B2 (en) System and method for securing the data and information transmitted as email attachments
US10673906B2 (en) Access control using impersonization
US20100058435A1 (en) System and method for virtual information cards
US9917817B1 (en) Selective encryption of outgoing data
JP2005192198A (en) Secure data transmission in network system of image processing device
CN102469080A (en) Method for pass user to realize safety login application client and system thereof
US8353053B1 (en) Computer program product and method for permanently storing data based on whether a device is protected with an encryption mechanism and whether data in a data structure requires encryption
WO2013020177A1 (en) System and method for accessing securely stored data
WO2013020178A1 (en) A system and method for distributing secured data
US20130177156A1 (en) Encrypted Data Processing
WO2015074450A1 (en) Instant messaging (im) client side data transmission processprocess and apparatus
WO2013044306A1 (en) A system and method for distributing secured data
AU2013202208A1 (en) Systems and methods for securing and/or distributing secured data
WO2013044311A1 (en) A system and method for distributing secured data
WO2013044312A1 (en) A system and method for distributing secured data
WO2013044307A1 (en) A system and method for distributing secured data
WO2013044302A2 (en) A system and method for distributing secured data
WO2013044310A1 (en) A system and method for distributing secured data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12835117

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12835117

Country of ref document: EP

Kind code of ref document: A1