| Method and system for secure data collection and distribution -> Monitor Keywords |
|
|
Method and system for secure data collection and distributionMethod and system for secure data collection and distribution description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20080066184, Method and system for secure data collection and distribution. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD AND BACKGROUND OF THE INVENTION [0001]The present invention relates to a method and system for collecting data at a source and distributing the data to one or more destinations and, more particularly, to such a method and system in which the data are protected from eavesdropping and from unauthorized changes from when the data leave the source until the data arrive at their ultimate destination(s). [0002]The efficient storage and retrieval of multi-channel data communications, and especially of voice data, are critically important in many modern business and government applications. For example, financial institutions record instructions from clients as a protection against fraud and as evidence in legal proceedings about the content of telephone conversations; public safety agencies record emergency calls for event reconstruction and future investigations; commercial entities monitor transactions over the phone to evaluate salespersons' efficiency, to ensure customer satisfaction and to develop training programs. [0003]Data logging and retrieval systems for capturing, recording and retrieving data transmitted over multiple communication lines are known in the art. See for example Henits, U.S. Pat. No. 6,775,372, which patent is incorporated by reference for all purposes as if fully set forth herein, and the references cited therein. FIG. 1 is a high-level schematic block diagram of an exemplary prior art system 10 for capturing, storing and retrieving telephone conversations. System 10 is based on a Local Area Network (LAN) 12 that uses the IP protocol to transfer digital data, borne by IP packets, among the other components of system 10. System 10 includes several loggers 14, as described for example in the Henits patent, for capturing digital data that represent telephone conversations. Digital records of the telephone conversations are stored in an archive 18. A controller 16 manages LAN 12. [0004]LAN 12 is connected to the outside world, specifically to a Wide Area Network (WAN) 22 such as the worldwide Internet, by a Web server 20. User terminals 24, represented as personal computers, also are connected to WAN 22. A user of a terminal 24 uses a standard Web browser to access data stored in archive 18 via Web server 20. [0005]System 10 is vulnerable to eavesdropping. Even if, as is usually the case, data captured by loggers 14 is encrypted and is stored in an encrypted form in archive 14, Web server 20 typically decrypts data requested by a user of a terminal 24 before exporting the data to WAN 22. There are many ways in which eavesdroppers can intercept the data on WAN 22, especially if WAN 22 is the worldwide Internet. [0006]System 10 also is vulnerable to unauthorized modification of the data. This is true even if access to data in archive 18 were to be limited to terminals connected to LAN 12. For example, if archive 14 is responsible for encryption, data can be tampered with in transit from loggers 14 to archive 18. [0007]There is thus a widely recognized need for, and it would be highly advantageous to have, a data collection and distribution system in which the data are continuously protected from eavesdropping and unauthorized modification, from when the data leave their original source until the data arrive at their ultimate destination. SUMMARY OF THE INVENTION [0008]The present invention defends data against eavesdropping by encrypting the data as soon as the data are collected or generated and then keeping the data encrypted at all times until the data actually are displayed to an authorized user. [0009]According to the present invention there is provided a method of distributing data, including the steps of: (a) encrypting the data, using a data encryption key, thereby providing encrypted data; (b) requesting the data, by a data requester; (c) in response to the request, sending the encrypted data to the data requester; (d) authenticating the data requester, by a crypto information server; and (e) contingent on the authenticating, sending the data encryption key to the data requestor, by the crypto information server. [0010]According to the present invention there is provided a system for secure distribution of data, including: (a) a data requestor; (b) a data provider operative: (i) to encrypt the data using a data encryption key, thereby providing encrypted data, and (ii) to send the encrypted data to the data requestor; and (c) a crypto information server operative: (i) to authenticate the data requester, and (ii) contingent on the authentication, to send the data encryption key to the data requester. [0011]According to the present invention there is provided a method of collecting and distributing a plurality of instances of data, including the steps of: (a) for each instance: (i) generating a respective data encryption key, and (ii) encrypting the each instance, using the respective data encryption key, thereby providing respective encrypted data; (b) requesting at least a portion of one of the instances, by a data requester; and (c) in response to the request, sending a corresponding portion of the respective encrypted data of the one instance to the data requester. [0012]According to the present invention there is provided a system for secure collection and distribution of a plurality of instances of data, including: (a) a set, of at least one data provider, operative: (i) to capture the instances, and (ii) for each instance: (A) to generate a respective data encryption key, and (B) to encrypt the each instance, using the respective data encryption key, thereby providing respective encrypted data; (b) a data requestor operative: (i) to request at least a portion of one of the instances; and (c) an archive operative: (i) to store the encrypted data; and (ii) in response to the request of the at least portion of the one instance by the data requester: to send a corresponding portion of the respective encrypted data of the one instance to the data requester. [0013]The first method of the present invention is a method of distributing data such as voice data, voice over IP (VoIP) data, video data and screen data, among others. According to the basic embodiment of the first method, the data are encrypted, using a data encryption key, to provide encrypted data. When a data requestor requests the data, the encrypted data are sent to the data requester. A crypto information server authenticates the data requestor. Contingent on the authenticating, i.e., if the crypto information server determines that the data requestor is authorized to receive the data, the crypto information server sends the data encryption key to the data requestor. Preferably, the data encryption key is a symmetric key, to enable the data requester to decrypt the encrypted data. In the preferred embodiments below, user terminals 34 and 112 are the data requesters. [0014]Preferably, the data encryption key is sent to the data requester in encrypted form. [0015]Preferably, the data requestor requests the data encryption key, and the authentication of the data requestor is in response to that request. [0016]Preferably, the method includes generating the data encryption key and associating the data encryption key with a respective identifier. Most preferably, the data encryption keys are generated according to a predefined key granularity. [0017]More preferably, the identifier is sent to the data requestor along with the encrypted data; and the data requester sends the identifier to the crypto information server to request the data encryption key. The authentication of the data requestor is in response to receipt of the identifier from the data requestor by the crypto information server. [0018]Also more preferably, the crypto information server stores the data encryption key and the identifier in a database. Most preferably, the data encryption key is stored in the database in encrypted form, to prevent unauthorized access of the data encryption key. [0019]Preferably, the data are encrypted by a data provider, and the encrypted data also are stored in an archive that is separate from the data provider. When the data requestor requests the data, the encrypted data are sent to the data requester from the archive. In the preferred embodiments below, loggers 32 are the data providers. [0020]Preferably, a message authentication code is attached to the data prior to encrypting the data, so that the message authentication code becomes part of the data and is encrypted along with the data. The attaching of the message authentication code to the data may be, for example, by appending the message authentication code to the data, by prepending the message authentication code to the data or by inserting the message authentication code in the data. Contingent on the authenticating, the crypto information server sends a message authentication code key of the message authentication code to the data requestor. [0021]More preferably, the method includes the steps of generating the data encryption key and the message authentication code key and associating the data encryption key and the message authentication code key with a common respective identifier. The identifier is sent to the data requestor along with the encrypted data; and the data requestor sends the identifier to the crypto information server to request the data encryption key and the message authentication code key. The authentication of the data requester is in response to receipt of the identifier from the data requester by the crypto information server. Most preferably, the data encryption key and the message authentication code key are generated according to a predefined key granularity. [0022]Also more preferably, the crypto information server stores the data encryption key, the message authentication code key and the identifier in a database. Most preferably, the data encryption key and the message authentication code key are stored in the database in encrypted form, to prevent unauthorized access of the data encryption key and the message authentication code key. Continue reading about Method and system for secure data collection and distribution... Full patent description for Method and system for secure data collection and distribution Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Method and system for secure data collection and distribution patent application. Patent Applications in related categories: 20090293132 - Microprocessor apparatus for secure on-die real-time clock - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and an external crystal. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus and the secure application ... ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Method and system for secure data collection and distribution or other areas of interest. ### Previous Patent Application: Master device for manually enabling and disabling read and write protection to parts of a storage disk or disks for users Next Patent Application: Selective access to portions of digital content Industry Class: ### FreshPatents.com Support Thank you for viewing the Method and system for secure data collection and distribution patent info. IP-related news and info Results in 0.18216 seconds Other interesting Feshpatents.com categories: Electronics: Semiconductor , Audio , Illumination , Connectors , Crypto , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
