WO2013044310A1 - A system and method for distributing secured data - Google Patents

A system and method for distributing secured data Download PDF

Info

Publication number
WO2013044310A1
WO2013044310A1 PCT/AU2012/001175 AU2012001175W WO2013044310A1 WO 2013044310 A1 WO2013044310 A1 WO 2013044310A1 AU 2012001175 W AU2012001175 W AU 2012001175W WO 2013044310 A1 WO2013044310 A1 WO 2013044310A1
Authority
WO
WIPO (PCT)
Prior art keywords
recipient
computing device
authentication
authentication information
information items
Prior art date
Application number
PCT/AU2012/001175
Other languages
French (fr)
Inventor
Stephen Thompson
Lawrence Edward Nussbaum
Original Assignee
Cocoon Data Holdings Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2011904033A external-priority patent/AU2011904033A0/en
Application filed by Cocoon Data Holdings Limited filed Critical Cocoon Data Holdings Limited
Publication of WO2013044310A1 publication Critical patent/WO2013044310A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/68Gesture-dependent or behaviour-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to a system and method for distributing secured data, and particularly, although not exclusively to a system and method for distributing secured data objects which are encrypted.
  • Transferring information electronically through the Internet or another public telecommunication network is a cost- effective solution for distributing information.
  • sensitive or confidential information sent through the Internet may be accessible to unauthorised parties.
  • corporations and other users may choose to encrypt the information before transmitting the data over a public network.
  • One approach is to use encryption software, such as "Zip" programs that offer an encryption routine to encrypt the data before it is transmitted over the public network.
  • encryption software provides some level of security, all such software has a fundamental flaw, in that the
  • encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the data object since the necessary components to decrypt the data object are all integrated within the encrypted object.
  • encryption and decryption of data objects usually reguires the use of software which must be installed and verified on a user's computer. This increases the cost of purchase and maintenance from the user' s point of view and thereby reduces the market uptake of such encryption and decryption technologies.
  • the user may be
  • a number of additional challenges are presented when communicating secured data to a mobile computing device.
  • One such challenge relates to the authentication of a recipient who is using a mobile computing device.
  • One approach is to send an SMS or email containing a one-time password to the recipient that is usable to access the secured data.
  • the steps of the process can be summarised as follows :
  • the recipient uses a client (running on the mobile computing device) to send an alias (username) from the mobile computing device to a remote server;
  • a remote server sends a password challenge to the client
  • a remote server sends a one-time password by email or SMS to the recipient;
  • the recipient responds to the password challenge with the one-time password and submits the password to the remote server.
  • SMS or email is sent to the same mobile computing device that will be used to open secured data
  • the information in the SMS or email can potentially be used by anyone who holds the mobile computing device. If the mobile computing device falls into the wrong hands, the security of the secured data will be compromised.
  • a system for distributing secured data comprising:
  • a communications interface arranged to facilitate communications between the system and a computing device associated with a recipient of the secured data
  • an authentication system for authenticating the recipient the authentication system being arranged to store a plurality of reference authentication information items associated with the recipient, the reference authentication information items comprising a
  • system is arranged to receive a plurality of authentication information items from the recipient, the communicated authentication information items
  • the system may be arranged to communicate secured data to the recipient.
  • the communications interface is a wireless communications interface arranged to facilitate wireless network communications between the system and the computing device associated with the recipient.
  • a password is communicated to the computing device and this password is used to access the secured data. This is disadvantageous since an unauthorised person may obtain the computing device to which both the password and the secured data are communicated and use the password to access the secured data.
  • the system of the present invention avoids this potential scenario by requiring a recipient of the secured data to communicate a plurality of authentication items to the authentication system before the secured data is communicated to the computing device .
  • the plurality of authentication information items may be communicated to the system in a single communication, rather than as a series of communications. This is particularly advantageous when the recipient is
  • the authentication information items may comprise an alias for the recipient, hardware identification
  • the hardware identification information may comprise: an international mobile equipment identity
  • IMEI associated with the computing device
  • UUID universally unique identifier
  • the hardware identification information is automatically communicated to the system along with the recipient alias and confidential
  • the authentication information items may also comprise geographical information indicative of a
  • the geographical information may be automatically sent by the computing device and can be used by the authentication system as a further determination of whether to
  • authentication system may store geographical information indicative of a last known or suspected geographical location of the computing device and to compare the communicated geographical information with the stored geographical location. If the difference between the communicated and stored geographical information is within a predetermined threshold, then the system may permit authentication or further authentication processes .
  • the computing device comprises an accelerometer and the confidential information supplied by, or otherwise associated with, the recipient comprises accelerometer data.
  • the authentication system or the computing device may store an acceleration profile indicative of a particular motion or motion sequence of the computing device . The recipient may then move the computing device through a substantially similar motion or motion sequence so as to record a substantially similar acceleration profile on the computing device for
  • the system may be arranged to use this match in authenticating the recipient.
  • the acceleration profile stored in the authentication system or the computing device may be indicative of a motion or motion sequence including, but not limited to: rapidly tilting the computing device through an angle of at least 30° and back again, two times in a row;
  • the motion or motion sequence can be any appropriate motion or motion sequence.
  • the motion or motion sequence is such that it is detectable by the system but can be performed in a relatively discreet manner so as not to attract attention.
  • a plurality of acceleration profiles can be stored in the authentication system or the computing device such that the recipient can choose between a plurality of motions or motion sequences to perform as part of the authentication process.
  • Providing a plurality of acceleration profiles will avoid the recipient having to repeatedly perform the same motion or motion sequence in public. This is advantageous as an unauthorised person may learn the motion or motion sequence by viewing a repeatedly performed motion or motion sequence .
  • motion or motion sequence may be authenticated at the computing device, for example prior to communicating the plurality of
  • authentication system will be reduced, which is particularly advantageous when the communication between the computing device and the system has relatively high latency and/or low bandwidth.
  • the plurality of authentication information items may be communicated to the system in combination with further information, such as session identification information indicative of a time at which the communication is made. Further, the communicated authentication information items, or the combined information, may be encrypted. The encryption may use a cryptographic hash function such as SHA-512. In this way, each communication of authentication information items is a unique packet of information which is challenging to decode, even though the same
  • authentication information items may be communicated by the recipient each time the recipient performs the authentication process.
  • the system may be accessible by the user via a computing device such as a personal computer, a PDA, a mobile device such as a mobile phone or a laptop or tablet computer with network connectivity and/or any suitable device that is capable of establishing a network
  • a computing device such as a personal computer, a PDA, a mobile device such as a mobile phone or a laptop or tablet computer with network connectivity and/or any suitable device that is capable of establishing a network
  • the system may be accessible through the Internet,
  • the communication interface may be arranged to facilitate network communications through the Internet, intranet, VPN or any communication network which operates with an appropriate communication protocol such as
  • IPv4 Internet Protocol Version 4
  • IPv6 Version 6
  • a method of distributing secured data comprising:
  • the reference authentication information items comprising a username/password type authentication item and a further authentication item;
  • the communicated authentication information items comprising a username/password type authentication item and a further authentication item; comparing the received authentication information items to the stored reference authentication information items;
  • the plurality of authentication information items received from the recipient may be communicated to the system in a single communication.
  • the method may comprise the step of communicating the secured data to the recipient if the authenticating step is successful.
  • a computer program arranged when loaded into a computing device to instruct the computer to operate in accordance with the system of the first aspect.
  • a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the system of the first aspect.
  • a data signal having a computer readable program code embodied therein to cause a computing device to operate in accordance with the system of the first aspect.
  • Figure 1 is a schematic diagram of a system for distributing secured data in accordance with one
  • Figure 2 is a schematic diagram of a system for securing data in accordance with one embodiment of the present invention
  • Figure 3 is a block diagram of a system for
  • Figure 4 is a flow diagram of a method of
  • FIG. 1 there is illustrated a system for distributing secured data.
  • Components of the system may be implemented by one or more electronic circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the computing devices.
  • the computer may be implemented by any computing architecture, including a stand-alone PC, client/ server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture.
  • the computing device is also appropriately programmed to implement the invention.
  • FIG. 1 there is shown a schematic diagram of a system for accessing secured data which in this embodiment comprises a server 100.
  • the server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions .
  • the components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106,
  • the server 100 includes disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc, a display 112 such as a liquid crystal display, a light emitting display or any other suitable display, and communication links 114.
  • the server 100 includes
  • ROM 104 Read Only Memory 104
  • RAM 106 Random Access Memory 106
  • disk drives 108 There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communication links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication.
  • the server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives.
  • the server 100 may also use a single disk drive or multiple disk drives.
  • the server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104.
  • the system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data.
  • the database 120 is in communication with an interface 122, which is implemented by computer software residing on the server 100.
  • the interface 122 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing.
  • the interface 122 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 122 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.
  • FIG. 2 there is illustrated a block diagram of an embodiment of a system for securing data.
  • the system is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or
  • IPv4 Internet Protocol Version 4
  • IPv6 Version 6
  • the server 200 may have the same configurations as the system of Figure 1 described above.
  • the server 200 is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another
  • the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not be limited to:
  • the server 200 is arranged to generate a key which can be used to encrypt the data object.
  • the key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
  • the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210.
  • the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file.
  • This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 208 needed to decrypt the file is not incorporated within the object 210 itself .
  • the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200.
  • the encrypted data object 210 may be sent through a public or private computer network, or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.
  • the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210.
  • the server 200 enforces an authentication process 212 on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient.
  • the authentication process 212 may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .
  • a key 214 may be provided to the recipient user 206 to decrypt the file.
  • the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206.
  • the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206.
  • the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206.
  • hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object.
  • the dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose.
  • the recipient's computing device 206 may be misplaced or stolen and authentication information communicated to the recipient's computing device, such as via short message service (SMS) or email, used by an unauthorised person to decrypt or otherwise access the sensitive information.
  • SMS short message service
  • This problem is exacerbated when the recipient's computing device 206 is a mobile computing device, such as a mobile telephone, laptop or tablet computer and/or the recipient is operating in a hostile environment.
  • the authentication process may take a relatively long time, particularly if the recipient's computing device 206 is communicating with the server 200 by a communication channel that has relatively high latency and/or low bandwidth due to the number of
  • a system 300 that is arranged to provide additional security in respect of preventing access to secured data is illustrated in Figure 3.
  • the system 300 is arranged such that a plurality of authentication
  • the authentication information items are communicated from a recipient's computing device 301.
  • the authentication information items which are associated with the recipient and/or the recipient's computing device 301, are compared with stored authentication information items stored in the system 300. If the communicated and stored authentication information items match, or at least only differ by a predetermined threshold, then secured data is communicated to the recipient's computing device 301.
  • This is in contrast to some systems for distributing secured data wherein a password is communicated to a recipient' s computing device and this password is used to access the secured data.
  • the system 300 avoids the potential scenario wherein an unauthorised person obtains the computing device to which both the password and the secured data are communicated and uses the password to access the secured data.
  • the system 300 is arranged to operate in accordance with a method 400 as illustrated in Figure 4.
  • the method 400 comprises facilitating 402 network communications between the system 300 and the computing device 301 associated with the recipient of the secured data.
  • authentication information items associated with the recipient are stored 404, for example in a server 304 of the system 300.
  • the received authentication information items are compared 408 to the stored authentication information items.
  • the method 400 comprises a step of authenticating 410 the recipient if the received and stored authentication items match.
  • the system 300 may be arranged to communicate the secured data to the recipient.
  • the computing device 301 is a mobile telephone, however it will be appreciated that the computing device 301 may be any appropriate computing device including, but not limited to, a laptop computer, a tablet computer, or any of a variety of telemetry devices including smart electrical meters, airborne military reconnaissance systems and live reporting systems for military personnel .
  • the computing device 301 is in communication, via a network 302, with a server 304.
  • the network 302 is the Internet, however it will be
  • any appropriate communication network may be used such as an intranet, a virtual private network, or any communication network which operates with an
  • IPv4 Protocol Version 4
  • IPv6 Version 6
  • the computing device 301 comprises a memory 306 arranged to store programs including, for example, a software application for receiving and/or using secured data communicated to the computing device 300.
  • the memory 306 may also comprise a volatile memory 308, such as random access memory (RAM), for storing secured data.
  • RAM random access memory
  • the stored programs and any stored secured data are accessible by a processor 310 for operating the computing device 300.
  • the memory 306 may also be arranged to store
  • acceleration profile data that is indicative of a motion or motion sequence that the recipient can move the computing device 301 through and that can be used, at least in part, to authenticate the recipient.
  • the computing device 301 also comprises a display 312 to which the processor 306 is arranged to output program related information and the secured data for viewing by the recipient.
  • the computing device 301 also comprises an input interface 314, in this example a touch screen interface integrated with the display 312, so as to allow the recipient to interact with the computing device 301.
  • the computing device 301 also comprises a network interface 316 that is controllable by the processor 310 and that is in communication with the network 302 so as to allow the computing device 301 to be in network
  • the network interface 316 also allows the recipient to communicate the plurality of authentication information items to the server 304 for authentication of the recipient.
  • the server 304 is arranged so as to communicate the secured data to the computing device 300.
  • the server 304 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object.
  • the server 304 may be arranged to receive a request for a key to encrypt a data file after which, when the file is encrypted and is required to be decrypted, the key is then provided to a recipient of the file after the recipient has been authenticated.
  • the server 304 may be connected to a network arranged to allow further computing devices (not shown) operated by users, routines, processors or the like to connect to the server 304 with requests to generate or obtain a key to encrypt or decrypt a data object.
  • the server 304 is implemented based on the server 200 described above, or in another embodiment, the server 304 is implemented based on a system for securing data described with reference to WO2009/079708.
  • the server 304 is arranged to operate as an
  • a further server may function as an authentication server, the further server being in communication with the server 304 and being arranged to communicate successful authentication of the recipient to the server 304 such that the server 304 may then communicate the secured data to the recipient.
  • the server 304 is arranged to receive a plurality of authentication information items communicated thereto by the recipient, to compare the communicated and stored authentication information items, and to authenticate the recipient if the communicated and stored authentication items match. After successful authentication, the server 304 may communicate secured data to the recipient' s computing device 301 via the network 302.
  • the system 300 is arranged such that a plurality of authentication information items are communicated from the recipient' s computing device 301 to the server 304 for authentication in a single communication.
  • This provides an advantage, particularly for this example wherein the computing device 301 is a mobile telephone and the network communications between the computing device 301 and the server 304 may be subjected to relatively high latency and/or low bandwidth, of reducing the number of
  • a conventional authentication process may involve: the recipient communicating an alias (e.g., a username) to a remote server system for distributing secured data;
  • an alias e.g., a username
  • the remote server communicating a password challenge to the recipient
  • the remote server separately communicating a one-time password to the recipient via email or SMS;
  • the recipient responding to the password challenge by communicating the one-time password to the remote server.
  • This conventional authentication process required four separate communications between the recipient and the system.
  • the system 300 of embodiments of the present invention requires only one communication from the recipient to the system 300.
  • the authentication information items may comprise an alias for the recipient, hardware identification
  • the hardware information for identifying the recipient's computing device 301 includes confidential information supplied by, or otherwise associated with, the recipient.
  • the hardware information for identifying the recipient includes confidential information for identifying the recipient's computing device 301, and confidential information supplied by, or otherwise associated with, the recipient.
  • recipient's computing device 301 may comprise:
  • IMEI international mobile equipment identity
  • UUID universally unique identifier
  • the computing device 301 may be arranged so as to automatically communicate the hardware identification information to the system 300 along with the recipient alias and confidential information without requiring the recipient to input the hardware identification
  • the authentication information items may also comprise geographical information indicative of a
  • the geographical information may be automatically sent by the computing device 301 and can be used by the system 300 as a further determination of whether to authenticate the recipient.
  • the authentication system may store geographical information indicative of a last known or suspected geographical location of the computing device 301 and to compare the communicated geographical
  • the system may permit authentication or further authentication processes.
  • system 300 may be arranged to deny authentication if the geographical location information communicated to the system 300 by the computing device 301 corresponds to a predetermined geographical location. For example, it may be desirable to deny authentication if the computing device 301 is located in a particular region.
  • the computing device 301 of Figure 3 furthermore, the computing device 301 of Figure 3 furthermore, the computing device 301 of Figure 3 furthermore, and the computing device 301 of Figure 3 furthermore.
  • the server 304 or the computing device 301 may store an acceleration profile indicative of a particular motion or motion sequence of the computing device 301. The recipient may then move the computing device 301 through a substantially similar motion or motion sequence so as to record a substantially similar acceleration profile on the
  • computing device 301 for communication as an
  • the system 300 is arranged to use this match in authenticating the recipient.
  • the acceleration profile stored in the server 304 or the computing device 301 may be indicative of a motion or motion sequence including, but not limited to: rapidly tilting the computing device 301 through an angle of at least 30° and back again, two times in a row; dropping the computing device 301 from one hand to the other by a height of at least 10cm, then repeating; titling the computing device 301 from a landscape mode to a portrait mode and back again immediately before entering further authentication information;
  • the motion or motion sequence can be any appropriate motion or motion sequence.
  • the motion or motion sequence is such that it is detectable by the system 300 but can be performed in a relatively discreet manner so as not to attract
  • a plurality of acceleration profiles can be stored in the server 304 or the computing device 301 such that the recipient can choose between a plurality of motions or motion sequences to perform as part of the authentication process.
  • Providing a plurality of acceleration profiles will avoid the recipient having to repeatedly perform the same motion or motion sequence in public. This is advantageous as a potential unauthorised user may learn the motion or motion sequence by repeated viewing of the performed motion or motion sequence .
  • the motion or motion sequence may be authenticated at the computing device 301, for example prior to communicating the plurality of authentication information to the server 304.
  • the amount of authentication information communicated from the computing device 301 to the server 304 will be reduced, which is particularly advantageous when the communication between the computing device 301 and the server 304 has relatively high latency and/or low
  • either the computing device 301 or the server 304 may prompt the recipient to communicate the plurality of authentication information to the server 304.
  • the plurality of authentication information items may be communicated to the system 300 in combination with further information, such as session identification information indicative of a time at which the
  • each communication of authentication information items is a unique packet of information which is challenging to decode, even though the same authentication information items may be communicated by the recipient each time the recipient performs the authentication process.
  • SHA-512 a cryptographic hash function
  • each communication of authentication information items is a unique packet of information which is challenging to decode, even though the same authentication information items may be communicated by the recipient each time the recipient performs the authentication process.
  • the above embodiments of the present invention have been described in relation to use with mobile devices. The invention is not limited to use with mobile devices and embodiments may be used with non-mobile devices.
  • the system 300 may be implemented as a computer program arranged, when loaded into a computing device, to instruct the computing device to operate in accordance with the system 300 of Figure 3.
  • system 300 may be implemented as a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the system 300 of Figure 3.
  • system 300 may be implemented as a data signal having a computer readable program code embodied therein to cause a computing device to operate in accordance with the system 300 of Figure 3.
  • API application programming interface
  • program modules include routines, programs, objects, components and data files assisting in the performance of particular

Abstract

The present invention relates to a system and method for distributing secured data. In order to ensure authentication of a mobile user of secured data, the plurality of authentication information items associated with the user are stored. The plurality of authentication items are received by an authentication system and compared with pre-stored reference authentication information. The recipient is authenticated if the plurality of reference authentication information items match the received authentication information items.

Description

A SYSTEM AND METHOD FOR DISTRIBUTING SECURED DATA
TECHNICAL FIELD The present invention relates to a system and method for distributing secured data, and particularly, although not exclusively to a system and method for distributing secured data objects which are encrypted. BACKGROUND
Transferring information electronically through the Internet or another public telecommunication network (such as wired or wireless telephone services) is a cost- effective solution for distributing information. However, as much of the Internet operates on public infrastructure, sensitive or confidential information sent through the Internet may be accessible to unauthorised parties. To address these security concerns, corporations and other users may choose to encrypt the information before transmitting the data over a public network. One approach is to use encryption software, such as "Zip" programs that offer an encryption routine to encrypt the data before it is transmitted over the public network. Although such encryption software provides some level of security, all such software has a fundamental flaw, in that the
encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the data object since the necessary components to decrypt the data object are all integrated within the encrypted object. In addition, encryption and decryption of data objects usually reguires the use of software which must be installed and verified on a user's computer. This increases the cost of purchase and maintenance from the user' s point of view and thereby reduces the market uptake of such encryption and decryption technologies. Moreover, in some instances, the user may be
utilising a computing system which does not possess the necessary software for the encryption and decryption of files . A number of additional challenges are presented when communicating secured data to a mobile computing device. One such challenge relates to the authentication of a recipient who is using a mobile computing device. One approach is to send an SMS or email containing a one-time password to the recipient that is usable to access the secured data. The steps of the process can be summarised as follows :
the recipient uses a client (running on the mobile computing device) to send an alias (username) from the mobile computing device to a remote server;
a remote server sends a password challenge to the client;
a remote server sends a one-time password by email or SMS to the recipient;
the recipient responds to the password challenge with the one-time password and submits the password to the remote server.
However, if the SMS or email is sent to the same mobile computing device that will be used to open secured data, the information in the SMS or email can potentially be used by anyone who holds the mobile computing device. If the mobile computing device falls into the wrong hands, the security of the secured data will be compromised. SUMMARY OF THE INVENTION
In accordance with a first aspect of the present invention, there is provided a system for distributing secured data, the system comprising:
a communications interface arranged to facilitate communications between the system and a computing device associated with a recipient of the secured data; and
an authentication system for authenticating the recipient, the authentication system being arranged to store a plurality of reference authentication information items associated with the recipient, the reference authentication information items comprising a
username/password type authentication item and a further authentication item;
wherein the system is arranged to receive a plurality of authentication information items from the recipient, the communicated authentication information items
comprising a username/password type authentication item and a further authentication item, and to authenticate the recipient if the communicated authentication information items match the stored reference authentication
information items. After successful authentication, the system may be arranged to communicate secured data to the recipient.
In an embodiment, the communications interface is a wireless communications interface arranged to facilitate wireless network communications between the system and the computing device associated with the recipient.
In some systems for distributing secured data, a password is communicated to the computing device and this password is used to access the secured data. This is disadvantageous since an unauthorised person may obtain the computing device to which both the password and the secured data are communicated and use the password to access the secured data. The system of the present invention avoids this potential scenario by requiring a recipient of the secured data to communicate a plurality of authentication items to the authentication system before the secured data is communicated to the computing device .
The plurality of authentication information items may be communicated to the system in a single communication, rather than as a series of communications. This is particularly advantageous when the recipient is
communicating with the system via a communication channel that has relatively high latency and/or relatively low bandwidth as it will speed up the authentication process.
The authentication information items may comprise an alias for the recipient, hardware identification
information for identifying the recipient's computing device, and confidential information supplied by, or otherwise associated with, the recipient.
The hardware identification information may comprise: an international mobile equipment identity
(IMEI) associated with the computing device;
a universally unique identifier (UUID) associated with the computing device; or
a phone number associated with the computing device .
In one embodiment, the hardware identification information is automatically communicated to the system along with the recipient alias and confidential
information without requiring the recipient to input the hardware identification information. The authentication information items may also comprise geographical information indicative of a
geographical location of the computing device . The geographical information may be automatically sent by the computing device and can be used by the authentication system as a further determination of whether to
authenticate the recipient. For example, the
authentication system may store geographical information indicative of a last known or suspected geographical location of the computing device and to compare the communicated geographical information with the stored geographical location. If the difference between the communicated and stored geographical information is within a predetermined threshold, then the system may permit authentication or further authentication processes .
In one embodiment, the computing device comprises an accelerometer and the confidential information supplied by, or otherwise associated with, the recipient comprises accelerometer data. For example, the authentication system or the computing device may store an acceleration profile indicative of a particular motion or motion sequence of the computing device . The recipient may then move the computing device through a substantially similar motion or motion sequence so as to record a substantially similar acceleration profile on the computing device for
communication as an authentication information item. If the motion performed by the recipient substantially matches the acceleration profile stored in the
authentication system or the computing device, then the system may be arranged to use this match in authenticating the recipient.
The acceleration profile stored in the authentication system or the computing device may be indicative of a motion or motion sequence including, but not limited to: rapidly tilting the computing device through an angle of at least 30° and back again, two times in a row;
dropping the computing device from one hand to the other by a height of at least 10cm, then repeating;
titling the computing device from a landscape mode to a portrait mode and back again immediately before entering further authentication information;
entering further authentication information when the computing device is in a landscape mode; and
tapping the computing device on a hard surface three times with a force greater than a preset threshold.
It will be appreciated that the motion or motion sequence can be any appropriate motion or motion sequence. In one example, the motion or motion sequence is such that it is detectable by the system but can be performed in a relatively discreet manner so as not to attract attention.
It will also be appreciated that a plurality of acceleration profiles can be stored in the authentication system or the computing device such that the recipient can choose between a plurality of motions or motion sequences to perform as part of the authentication process.
Providing a plurality of acceleration profiles will avoid the recipient having to repeatedly perform the same motion or motion sequence in public. This is advantageous as an unauthorised person may learn the motion or motion sequence by viewing a repeatedly performed motion or motion sequence .
It will be appreciated that the motion or motion sequence may be authenticated at the computing device, for example prior to communicating the plurality of
authentication information to the authentication system. In this way, the amount of authentication information communicated from the computing device to the
authentication system will be reduced, which is particularly advantageous when the communication between the computing device and the system has relatively high latency and/or low bandwidth.
It will also be appreciated that either the computing device or the system may prompt the recipient to
communicate the plurality of authentication information items to the system.
The plurality of authentication information items may be communicated to the system in combination with further information, such as session identification information indicative of a time at which the communication is made. Further, the communicated authentication information items, or the combined information, may be encrypted. The encryption may use a cryptographic hash function such as SHA-512. In this way, each communication of authentication information items is a unique packet of information which is challenging to decode, even though the same
authentication information items may be communicated by the recipient each time the recipient performs the authentication process.
The system may be accessible by the user via a computing device such as a personal computer, a PDA, a mobile device such as a mobile phone or a laptop or tablet computer with network connectivity and/or any suitable device that is capable of establishing a network
connection .
The system may be accessible through the Internet,
The communication interface may be arranged to facilitate network communications through the Internet, intranet, VPN or any communication network which operates with an appropriate communication protocol such as
Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) . In accordance with a second aspect of the present
invention, there is provided a method of distributing secured data, the method comprising:
storing a plurality of reference authentication information items associated with a recipient of the secured data, the reference authentication information items comprising a username/password type authentication item and a further authentication item;
receiving a plurality of authentication information items from the recipient, the communicated authentication information items comprising a username/password type authentication item and a further authentication item; comparing the received authentication information items to the stored reference authentication information items; and
authenticating the recipient if the received and reference authentication information items match. The plurality of authentication information items received from the recipient may be communicated to the system in a single communication.
The method may comprise the step of communicating the secured data to the recipient if the authenticating step is successful.
In accordance with a third aspect of the present invention, there is provided a computer program arranged when loaded into a computing device to instruct the computer to operate in accordance with the system of the first aspect.
In accordance with a fourth aspect of the present invention, there is provided a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the system of the first aspect.
In accordance with a fifth aspect of the present invention, there is provided a data signal having a computer readable program code embodied therein to cause a computing device to operate in accordance with the system of the first aspect. BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:
Figure 1 is a schematic diagram of a system for distributing secured data in accordance with one
embodiment of the present invention; Figure 2 is a schematic diagram of a system for securing data in accordance with one embodiment of the present invention;
Figure 3 is a block diagram of a system for
distributing secured data in accordance with an embodiment of the present invention; and
Figure 4 is a flow diagram of a method of
distributing secured data in accordance with an embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Referring to Figure 1, there is illustrated a system for distributing secured data. Components of the system may be implemented by one or more electronic circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the computing devices. The computer may be implemented by any computing architecture, including a stand-alone PC, client/ server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture. In some embodiments, the computing device is also appropriately programmed to implement the invention. Referring to Figure 1 there is shown a schematic diagram of a system for accessing secured data which in this embodiment comprises a server 100. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions . The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106,
input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc, a display 112 such as a liquid crystal display, a light emitting display or any other suitable display, and communication links 114. The server 100 includes
instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communication links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication.
The server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104.
The system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data. The database 120 is in communication with an interface 122, which is implemented by computer software residing on the server 100. The interface 122 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing. The interface 122 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 122 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.
With reference to Figure 2, there is illustrated a block diagram of an embodiment of a system for securing data. In this embodiment, the system is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or
communication devices 204, 206 via the communication network. The server 200 may have the same configurations as the system of Figure 1 described above.
The server 200 is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another
recipient user 206, computer, processor or controller. In this example embodiment, the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not be limited to:
1- Filenames of any files to be encrypted;
2- File size, dates, properties, permissions
settings and other attributes;
3- The identity of the recipient 206 of the file;
4- The access permissions of the recipient 206;
5- The address or reference of the recipient 206; and
6- Any other information relating to the security settings or the data object that is to be encrypted which may be required to encrypt the file .
Once the encryption request 202 is received by the server 200, the server 200 is arranged to generate a key which can be used to encrypt the data object. The key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
Preferably, the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210. As a result, the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file. This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 208 needed to decrypt the file is not incorporated within the object 210 itself .
After the data object is encrypted, the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200. Alternatively, as the encrypted data object 210 is now secured, it may be sent through a public or private computer network, or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.
Preferably, in some situations, some form of security consideration is still put into practice with the
transmission of the encrypted data object 210 for best practice .
Once the recipient user 206 receives the encrypted data object 210, the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210. In one embodiment, the server 200 enforces an authentication process 212 on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient. The authentication process 212 may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .
After the recipient user 206 is authenticated by the server 200 and is authorized to decrypt the data object 210, a key 214 may be provided to the recipient user 206 to decrypt the file. In one example embodiment, the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206. In another embodiment, the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206. In these examples, it may be necessary to encrypt the data object with necessary information for third party software to control and enforce these permission settings. Examples of these third party software includes Secure Word™ or Adobe Acrobat™ reader which have permission controls capable of limiting the manipulation of a data file.
Alternative embodiments of a system for securing data are also described in WO2009/079708 which is incorporated herein by reference. These embodiments are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is transmitted separately from the encrypted data object 210. As such, the encrypted data object 210 may be transmitted in a less secure but more convenient channel. Even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of decryption since the key 208 is not within the encrypted object.
In another embodiment, the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206. By transmitting and utilising dummy keys in the encryption process, hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object. The dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose.
Although the above provides improvements in
transmitting sensitive information, there is still a danger that the recipient's computing device 206 may be misplaced or stolen and authentication information communicated to the recipient's computing device, such as via short message service (SMS) or email, used by an unauthorised person to decrypt or otherwise access the sensitive information. This problem is exacerbated when the recipient's computing device 206 is a mobile computing device, such as a mobile telephone, laptop or tablet computer and/or the recipient is operating in a hostile environment.
Further, the authentication process may take a relatively long time, particularly if the recipient's computing device 206 is communicating with the server 200 by a communication channel that has relatively high latency and/or low bandwidth due to the number of
communications that are required to successfully
authenticate the recipient. A system 300 that is arranged to provide additional security in respect of preventing access to secured data is illustrated in Figure 3. In general, the system 300 is arranged such that a plurality of authentication
information items are communicated from a recipient's computing device 301. The authentication information items, which are associated with the recipient and/or the recipient's computing device 301, are compared with stored authentication information items stored in the system 300. If the communicated and stored authentication information items match, or at least only differ by a predetermined threshold, then secured data is communicated to the recipient's computing device 301. This is in contrast to some systems for distributing secured data wherein a password is communicated to a recipient' s computing device and this password is used to access the secured data. As such, the system 300 avoids the potential scenario wherein an unauthorised person obtains the computing device to which both the password and the secured data are communicated and uses the password to access the secured data.
The system 300 is arranged to operate in accordance with a method 400 as illustrated in Figure 4. In
accordance with one embodiment, the method 400 comprises facilitating 402 network communications between the system 300 and the computing device 301 associated with the recipient of the secured data. The plurality of
authentication information items associated with the recipient are stored 404, for example in a server 304 of the system 300. After receiving 406 a plurality of authentication information items from the recipient, the plurality of authentication items being communicated to the system 300 in a single communication, the received authentication information items are compared 408 to the stored authentication information items. The method 400 comprises a step of authenticating 410 the recipient if the received and stored authentication items match. After successful authentication, the system 300 may be arranged to communicate the secured data to the recipient. In this example, the computing device 301 is a mobile telephone, however it will be appreciated that the computing device 301 may be any appropriate computing device including, but not limited to, a laptop computer, a tablet computer, or any of a variety of telemetry devices including smart electrical meters, airborne military reconnaissance systems and live reporting systems for military personnel . The computing device 301 is in communication, via a network 302, with a server 304. In this example the network 302 is the Internet, however it will be
appreciated that any appropriate communication network may be used such as an intranet, a virtual private network, or any communication network which operates with an
appropriate communication protocol such as Internet
Protocol Version 4 (IPv4) or Version 6 (IPv6) .
The computing device 301 comprises a memory 306 arranged to store programs including, for example, a software application for receiving and/or using secured data communicated to the computing device 300. The memory 306 may also comprise a volatile memory 308, such as random access memory (RAM), for storing secured data. The stored programs and any stored secured data are accessible by a processor 310 for operating the computing device 300. The memory 306 may also be arranged to store
acceleration profile data that is indicative of a motion or motion sequence that the recipient can move the computing device 301 through and that can be used, at least in part, to authenticate the recipient.
Authenticating the recipient using the acceleration profile data will be described in more detail later.
The computing device 301 also comprises a display 312 to which the processor 306 is arranged to output program related information and the secured data for viewing by the recipient. The computing device 301 also comprises an input interface 314, in this example a touch screen interface integrated with the display 312, so as to allow the recipient to interact with the computing device 301.
The computing device 301 also comprises a network interface 316 that is controllable by the processor 310 and that is in communication with the network 302 so as to allow the computing device 301 to be in network
communication with the server 304 and to receive secured data from the server 304. The network interface 316 also allows the recipient to communicate the plurality of authentication information items to the server 304 for authentication of the recipient.
The server 304 is arranged so as to communicate the secured data to the computing device 300. In this example, the server 304 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object. The server 304 may be arranged to receive a request for a key to encrypt a data file after which, when the file is encrypted and is required to be decrypted, the key is then provided to a recipient of the file after the recipient has been authenticated. The server 304 may be connected to a network arranged to allow further computing devices (not shown) operated by users, routines, processors or the like to connect to the server 304 with requests to generate or obtain a key to encrypt or decrypt a data object. In one embodiment, the server 304 is implemented based on the server 200 described above, or in another embodiment, the server 304 is implemented based on a system for securing data described with reference to WO2009/079708.
The server 304 is arranged to operate as an
authentication system and stores therein the plurality of authentication information items associated with the recipient. It will also be appreciated that a further server (not shown) may function as an authentication server, the further server being in communication with the server 304 and being arranged to communicate successful authentication of the recipient to the server 304 such that the server 304 may then communicate the secured data to the recipient. The server 304 is arranged to receive a plurality of authentication information items communicated thereto by the recipient, to compare the communicated and stored authentication information items, and to authenticate the recipient if the communicated and stored authentication items match. After successful authentication, the server 304 may communicate secured data to the recipient' s computing device 301 via the network 302. The system 300 is arranged such that a plurality of authentication information items are communicated from the recipient' s computing device 301 to the server 304 for authentication in a single communication. This provides an advantage, particularly for this example wherein the computing device 301 is a mobile telephone and the network communications between the computing device 301 and the server 304 may be subjected to relatively high latency and/or low bandwidth, of reducing the number of
communications between the computing device 301 and the server 304, as may be the case in a conventional password challenge authentication system.
For example, before a recipient can access secured data, a conventional authentication process may involve: the recipient communicating an alias (e.g., a username) to a remote server system for distributing secured data;
the remote server communicating a password challenge to the recipient;
the remote server separately communicating a one-time password to the recipient via email or SMS; and
the recipient responding to the password challenge by communicating the one-time password to the remote server. This conventional authentication process required four separate communications between the recipient and the system. In contrast, the system 300 of embodiments of the present invention requires only one communication from the recipient to the system 300.
The authentication information items may comprise an alias for the recipient, hardware identification
information for identifying the recipient's computing device 301, and confidential information supplied by, or otherwise associated with, the recipient. The hardware information for identifying the
recipient's computing device 301 may comprise:
an international mobile equipment identity (IMEI) associated with the computing device 301, the IMEI being a number to identify GSM, WCDMA, and IDEN mobile phones as well as some satellite phones;
a universally unique identifier (UUID) associated with the computing device 301, the UUID being an identifier standard used in software construction; or
a phone number associated with the computing device 301.
The computing device 301 may be arranged so as to automatically communicate the hardware identification information to the system 300 along with the recipient alias and confidential information without requiring the recipient to input the hardware identification
information . The authentication information items may also comprise geographical information indicative of a
geographical location of the computing device 301. The geographical information may be automatically sent by the computing device 301 and can be used by the system 300 as a further determination of whether to authenticate the recipient. For example, the authentication system may store geographical information indicative of a last known or suspected geographical location of the computing device 301 and to compare the communicated geographical
information with the stored geographical location. If the difference between the communicated and stored
geographical information is within a predetermined threshold, then the system may permit authentication or further authentication processes.
Further, or alternatively, the system 300 may be arranged to deny authentication if the geographical location information communicated to the system 300 by the computing device 301 corresponds to a predetermined geographical location. For example, it may be desirable to deny authentication if the computing device 301 is located in a particular region.
The computing device 301 of Figure 3 further
comprises an accelerometer 318. Data obtained from the accelerometer can be used to provide at least one of the authentication information items. For example, the server 304 or the computing device 301 may store an acceleration profile indicative of a particular motion or motion sequence of the computing device 301. The recipient may then move the computing device 301 through a substantially similar motion or motion sequence so as to record a substantially similar acceleration profile on the
computing device 301 for communication as an
authentication information item. If the motion performed by the recipient substantially matches the acceleration profile stored in the server 304 or the computing device 301, then the system 300 is arranged to use this match in authenticating the recipient.
The acceleration profile stored in the server 304 or the computing device 301 may be indicative of a motion or motion sequence including, but not limited to: rapidly tilting the computing device 301 through an angle of at least 30° and back again, two times in a row; dropping the computing device 301 from one hand to the other by a height of at least 10cm, then repeating; titling the computing device 301 from a landscape mode to a portrait mode and back again immediately before entering further authentication information;
entering further authentication information when the computing device 301 is in a landscape mode; and
tapping the computing device 301 on a hard surface three times with a force greater than a preset threshold.
It will be appreciated that the motion or motion sequence can be any appropriate motion or motion sequence. In one example, the motion or motion sequence is such that it is detectable by the system 300 but can be performed in a relatively discreet manner so as not to attract
attention . It will also be appreciated that a plurality of acceleration profiles can be stored in the server 304 or the computing device 301 such that the recipient can choose between a plurality of motions or motion sequences to perform as part of the authentication process.
Providing a plurality of acceleration profiles will avoid the recipient having to repeatedly perform the same motion or motion sequence in public. This is advantageous as a potential unauthorised user may learn the motion or motion sequence by repeated viewing of the performed motion or motion sequence .
It will be appreciated that the motion or motion sequence may be authenticated at the computing device 301, for example prior to communicating the plurality of authentication information to the server 304. In this way, the amount of authentication information communicated from the computing device 301 to the server 304 will be reduced, which is particularly advantageous when the communication between the computing device 301 and the server 304 has relatively high latency and/or low
bandwidth .
It will also be appreciated that either the computing device 301 or the server 304 may prompt the recipient to communicate the plurality of authentication information to the server 304.
The plurality of authentication information items may be communicated to the system 300 in combination with further information, such as session identification information indicative of a time at which the
communication is made. Further, the communicated
authentication information items, or the combined
information, may be encrypted. The encryption may use a cryptographic hash function such as SHA-512. In this way, each communication of authentication information items is a unique packet of information which is challenging to decode, even though the same authentication information items may be communicated by the recipient each time the recipient performs the authentication process. The above embodiments of the present invention have been described in relation to use with mobile devices. The invention is not limited to use with mobile devices and embodiments may be used with non-mobile devices. It will be appreciated that the system 300 may be implemented as a computer program arranged, when loaded into a computing device, to instruct the computing device to operate in accordance with the system 300 of Figure 3.
It will also be appreciated that the system 300 may be implemented as a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the system 300 of Figure 3.
It will also be appreciated that the system 300 may be implemented as a data signal having a computer readable program code embodied therein to cause a computing device to operate in accordance with the system 300 of Figure 3.
Although not required, the embodiments described with reference to the Figures can be implemented as an
application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular
functions, the skilled person will understand that the functionality of the software application may be
distributed across a number of routines, objects or components to achieve the same functionality desired herein .
It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and
"computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described. It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the
invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated. Although not required, embodiments described with reference to the Figures can be implemented to operate with any form of communication network operating with any type of communication protocol. Generally, where the underlying communication network or communication protocol includes additional routines, functionalities,
infrastructure or packet formats, the skilled person will understand that the implementation of embodiments
described with reference to the Figures may be modified or optimized for operation with these additional routines, functionalities, infrastructure or packet formats.

Claims

CLAIMS :
1. A system for distributing secured data, the system comprising :
a communications interface arranged to facilitate communications between the system and a computing device associated with a recipient of the secured data; and
an authentication system for authenticating the recipient, the authentication system being arranged to store a plurality of reference authentication information items associated with the recipient, the reference authentication information items comprising a
username/password type authentication item and a further authentication item;
wherein the system is arranged to receive a plurality of authentication information items from the recipient, the communicated authentication information items
comprising a username/password type authentication item and a further authentication item, in a single
communication and to authenticate the recipient if the communicated authentication information items match the stored reference authentication information items.
2. The system of claim 1, wherein the system is arranged to receive the plurality of authentication information items from the recipient in a single communication.
3. The system of claim 1 or claim 2, wherein the system is arranged to communicate secured data to the recipient.
4. The system of any one of the preceding claims, wherein the authentication information items comprise an alias for the recipient, hardware identification
information for identifying the recipient's computing device, and confidential information supplied by, or otherwise associated with, the recipient.
5. The system of claim 4, wherein the hardware
identification information comprises at least one of:
an international mobile equipment identity (IMEI) associated with the computing device;
a universally unique identifier (UUID) associated with the computing device; or
a phone number associated with the computing device.
6. The system of claim 4 or claim 5, wherein the system is arranged such that hardware identification information is automatically communicated to the system along with the recipient alias and confidential information without requiring the recipient to input the hardware
identification information.
7. The system of any one of the preceding claims, wherein the authentication information items comprise geographical information indicative of a geographical location of the computing device.
8. The system of claim 7, wherein the system is arranged such that the geographical information is automatically sent by the computing device and is used by the
authentication system as a further determination of whether to authenticate the recipient.
9. The system of any one of the preceding claims, wherein the computing device comprises an accelerometer and the confidential information supplied by, or otherwise associated with, the recipient comprises accelerometer data .
10. The system of claim 9, wherein the system is arranged to compare an acceleration profile received from the recipient and to compare the received acceleration profile data with reference acceleration profile data and to use this comparison in authenticating the recipient.
11. The system of claim 10, wherein the acceleration profile is stored in the authentication system and/or the computing device and is indicative of at least one of the following:
rapidly tilting the computing device through an angle of at least 30° and back again, two times in a row;
dropping the computing device from one hand to the other by a height of at least 10cm, then repeating;
titling the computing device from a landscape mode to a portrait mode and back again immediately before entering further authentication information;
entering further authentication information when the computing device is in a landscape mode; and
tapping the computing device on a hard surface three times with a force greater than a preset threshold.
12. The system of claim 10 or claim 11, wherein a plurality of the acceleration profiles are stored in the authentication system and/or the computing device such that the recipient can choose between a plurality of motions or motion sequences to perform as part of the authentication process.
13. The system of any one of the preceding claims, wherein the system is arranged such that the computing device associated with the recipient comprises an
accelerometer and is arranged so as to compare an input acceleration profile with a stored acceleration profile and to use this comparison to determine whether or not to communicate the plurality of authentication information to the authentication system.
14. The system of any one of the preceding claims, wherein the system is arranged such that the computing device associated with the recipient prompts the recipient to communicate the plurality of authentication information items to the system.
15. The system of any one of claims 1 to 13, wherein the system is arranged so as to prompt the recipient to communicate the plurality of authentication information items to the system.
16. The system of any one of the preceding claims, wherein the plurality of communicated authentication items are encrypted.
17. The system of any one of the preceding claims, wherein the plurality of authentication information items are communicated to the system in combination with further information .
18. The system of claim 17, wherein the combined
information is encrypted prior to communication to the system.
19. The system of claim 16 or claim 18, wherein the encryption uses a cryptographic hash function.
20. The system of any one of the preceding claims, wherein the system is accessible by the user via a mobile computing device.
21. A method of distributing secured data, the method comprising:
storing a plurality of reference authentication information items associated with a recipient of the secured data, the reference authentication information items comprising a username/password type authentication item and a further authentication item;
receiving a plurality of authentication information items from the recipient, the communicated authentication information items comprising a username/password type authentication item and a further authentication item; comparing the received authentication information items to the stored reference authentication information items; and
authenticating the recipient if the received and reference authentication information items match.
22. The method of claim 21, wherein the plurality of authentication information items received from the recipient are communicated to the system in a single communication .
23. The method of claim 21 or claim 22, wherein the method comprises the step of communicating the secured data to the recipient if the authenticating step is successful .
24. A computer program arranged when loaded into a computing device to instruct the computer to operate in accordance with the system of any one of claims 1 to 20.
25. A computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the system of any one of claims 1 to 20.
26. A data signal having a computer readable program code embodied therein to cause a computing device to operate in accordance with the system of any one of claims 1 to 20.
PCT/AU2012/001175 2011-09-30 2012-09-28 A system and method for distributing secured data WO2013044310A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2011904033 2011-09-30
AU2011904033A AU2011904033A0 (en) 2011-09-30 A system and method for distributing secured data

Publications (1)

Publication Number Publication Date
WO2013044310A1 true WO2013044310A1 (en) 2013-04-04

Family

ID=47994027

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2012/001175 WO2013044310A1 (en) 2011-09-30 2012-09-28 A system and method for distributing secured data

Country Status (1)

Country Link
WO (1) WO2013044310A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040187018A1 (en) * 2001-10-09 2004-09-23 Owen William N. Multi-factor authentication system
US20050212757A1 (en) * 2004-03-23 2005-09-29 Marvit David L Distinguishing tilt and translation motion components in handheld devices
US20070118745A1 (en) * 2005-11-16 2007-05-24 Broadcom Corporation Multi-factor authentication using a smartcard
WO2010056548A1 (en) * 2008-10-29 2010-05-20 Invensense Inc. Controlling and accessing content using motion processing on mobile devices
US20110040964A1 (en) * 2007-12-21 2011-02-17 Lawrence Edward Nussbaum System and method for securing data
WO2011057287A1 (en) * 2009-11-09 2011-05-12 Invensense, Inc. Handheld computer systems and techniques for character and command recognition related to human movements
US7991388B1 (en) * 2011-05-10 2011-08-02 CommerceTel, Inc. Geo-bio-metric PIN

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040187018A1 (en) * 2001-10-09 2004-09-23 Owen William N. Multi-factor authentication system
US20050212757A1 (en) * 2004-03-23 2005-09-29 Marvit David L Distinguishing tilt and translation motion components in handheld devices
US20070118745A1 (en) * 2005-11-16 2007-05-24 Broadcom Corporation Multi-factor authentication using a smartcard
US20110040964A1 (en) * 2007-12-21 2011-02-17 Lawrence Edward Nussbaum System and method for securing data
WO2010056548A1 (en) * 2008-10-29 2010-05-20 Invensense Inc. Controlling and accessing content using motion processing on mobile devices
WO2011057287A1 (en) * 2009-11-09 2011-05-12 Invensense, Inc. Handheld computer systems and techniques for character and command recognition related to human movements
US7991388B1 (en) * 2011-05-10 2011-08-02 CommerceTel, Inc. Geo-bio-metric PIN

Similar Documents

Publication Publication Date Title
US11470054B2 (en) Key rotation techniques
US10404670B2 (en) Data security service
US20190089527A1 (en) System and method of enforcing a computer policy
EP2798777B1 (en) Method and system for distributed off-line logon using one-time passwords
EP2314090B1 (en) Portable device association
EP2905925B1 (en) System and method for remote access, Remote digital signature
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
US10432600B2 (en) Network-based key distribution system, method, and apparatus
US8904195B1 (en) Methods and systems for secure communications between client applications and secure elements in mobile devices
KR20080065964A (en) Apparatus and methods for securing architectures in wireless networks
CN104662870A (en) Data security management system
US10579809B2 (en) National identification number based authentication and content delivery
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
CN114070571B (en) Method, device, terminal and storage medium for establishing connection
WO2015124798A2 (en) Method & system for enabling authenticated operation of a data processing device
WO2013044310A1 (en) A system and method for distributing secured data
US11621848B1 (en) Stateless system to protect data
US11528144B1 (en) Optimized access in a service environment
WO2013044312A1 (en) A system and method for distributing secured data
CN110263553B (en) Database access control method and device based on public key verification and electronic equipment
US11652611B2 (en) Sharing access to data
WO2013044311A1 (en) A system and method for distributing secured data
WO2013044307A1 (en) A system and method for distributing secured data
AU2013200771A1 (en) System and method for distributing secured data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12834796

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12834796

Country of ref document: EP

Kind code of ref document: A1