4,962.533 16/1996 Krueger Et Al...307 Multi-Level Multimedia Security

4,962.533 16/1996 Krueger Et Al...307 Multi-Level Multimedia Security

USOO5369702A United States Patent 19 11 Patent Number: 5,369,7029 9 Shanton 45 Date of Patent: Nov. 29, 1994 54 DISTRIBUTED CRYPTOGRAPHIC OBJECT 5,204,961 4/1993 Barlow ............................... 380/4X METHOD OTHER PUBLICATIONS 75 Inventor: M. Greg Shanton, Fairfax, Va. Massey, "An Introduction to Contemporary Cryptol 73 Assignee: TECSEC Incorporated, Vienna, Va. ogy,” Proceeding of the IEEE, May 1988, pp. 533-549. a Schneier, “Untangling Public-Key Cryptography,” Dr. 21 Appl. No.: 138,857 Dobb's Journal, May 1992, pp. 16-28. 22 Filed: Oct. 18, 1993 Primary Examiner-Bernarr E. Gregory 51) Int. C. ............................................... H04L 9/00 Attorney, Agent, or Firm-Thomas M. Champagne; Jon 52 U.S. C. ........................................... 380/4; 380/9, L. Roberts 380/21: 380/23;380/56,346/8353.340/825.34 380/25; 380/28; 380/49; 57 ABSTRACT 58 Field of Search ..................... 380/4, 9, 21, 23, 25, A system for increasing the security of a computer 380/28, 30, 43, 49, 50, 340/825.31, 825.34 system, while giving an individual user a large amount 56 Ref Ci of flexibility and power. To give users the most power 56) eferences Cited and flexibility, a standard object that has the capability U.S. PATENT DOCUMENTS to embed objects is used. To allow users even more 4,218,582 8/1980 Hellman et al. ...................... 380/30 flexibility, a standard object tracking mechanism is used 4,405,829 9/1983 Rivest et al. .......................... 380/30 that allows users to distribute multiple encrypted em 4,424,414 1/1984 Hellman et al. ...................... 380/30 bedded objects to other individuals in a single se E. 3. I real a - a 3. crypted object. By effecting compartmentalization of 4555,082 9/1990 Hattorietal.".455/33.3 every object by label attributes and algorithm attributes, 4,962.533 16/1996 Krueger et al... .307 multi-level multimedia security is achieved. 4,984,272 1/1991 McIlroy et al........................ 380/25 5,052,040 9/1991 Preston et al. .......................... 380/4 15 Claims, 8 Drawing Sheets O 8 6 OBJECT CONTAINER CIPHERTEXT EBEDDING OBJEC ATA CBEC MECHANISM EPORARY EBEDED CBEC OOKEYMAN I-LEVE I-MEDIA SECURITY INTERFACE OOKEYMAN OBJECT EPORARY PREVIEW PLAN EXT S DATA OBEC ECRYPT OOKEYMAN AUTO-APPLICATION INTERFACE AUTHENCATED PLAINTEXT APPLICATION CBECT DATA OBJEC U.S. Patent Nov. 29, 1994 Sheet 1 of 8 5,369,702 O 8 6 CONTAINER CIPHER EXT OBJECT OBJECT DATA OBJECT ES TEMPORARY EMBEDDED OBJECT OOKEYMAN MULTI-LEVEL MULTI-MEDIA SECURITY INTERFACE 6 2 OOKEYMAN OBJECT TEMPORARY PLAIN TEXT Pre DATA OBJECT DECRYPT 4 OOKEYMAN AUTO-APPLICATION INTERFACE 8 AUTHENTICATED APPLICATION PLAIN TEXT OBJECT DATA OBJECT FIG. U.S. Patent Nov. 29, 1994 Sheet 2 of 8 5,369,702 CONTAINER CIPHER TEXT OBJECT TEMPORARY OBJEC DATA OBJECT ES EE STANDARD FILE ASSOCIATION OOKEYMAN OOKEYMAN GET OBJECT TEMPORARY OBJECT PATH PREVIEW OECRYPT DATA OBJECT MATCH DATA OBJECT TO APPROPRIATE APPLICATION OBJECT AUTHENTICATED APPLICATION PLAIN TEXT OBJECT DATA OBJECT FIG. 2 U.S. Patent Nov. 29, 1994 Sheet 3 of 8 5,369,702 ( LEVE 5 LEVE 4 (s LEVE 4 LEVE A LEVEL 3 LEVEL 3 LEVEL 2 LEVEL FIG. 3 U.S. Patent Nov. 29, 1994 Sheet 4 of 8 5,369,702 U.S. Patent Nov. 29, 1994 Sheet 6 of 8 5,369,702 &) &) & &) & & &) @ & &) U.S. Patent Nov. 29, 1994 Sheet 8 of 8 5,369,702 HEJM0dNOIIWIS §NIHBHNI9NGTIMIO & NOIIWHI?INIWOW &) 103HIONI 5,369,702 1. 2 the algorithm used to encrypt and decrypt plain text DISTRIBUTED CRYPTOGRAPHIC OBJECT objects. Thus, a user who wants to encrypt an object or METHOD decrypt an object must first access the key manager so that an encryption algorithm may be chosen. FIELD OF THE INVENTION Simple encryption of data being communicated be The present invention relates generally to a system tween two points only provides one level of security, that can be used to restrict access to computer data. In however. Encryption limits data communication to particular, the system of the present invention restricts those who have the key. Anyone who has the key is access in a flexible way, identifying objects for restric privy to any communication at any location. That is, if tion and nesting restriction requirements through the 0. a group of people are working on a particular project, use of embedded objects. they will all presumably share a key for decrypting information relating to the project. Some of the project BACKGROUND OF THE INVENTION group may be working in one location, while the rest of While the specter of “spies' eagerly trying to obtain the group may be located in a distant city. If one mem the defense information of various countries is very 15 ber of the group wants to send a communication to a much still present in the defense and intelligence com particular member in the other city, the key will afford munity, an equally massive threat now exists from tech him no protection because everyone in the project nological or commercial “spies' who desire to obtain shares the same key. Likewise, if someone wants to commercial and technical information from competing communicate a message to a subset of the group, for companies. These agents use sophisticated means simi 20 example, only to management personnel, this key would lar to those used by the defense and intelligence com again provide her with no extra security. In another munity in order to obtain commercially valuable infor case, someone may want to send a message that is capa mation that reveals the plans and commercial activities ble of being read only at a particular computer terminal, of competitors thereby allowing the aggressor company or of being printed only at a particular printer. In these to obtain a competitive advantage in the marketplace. 25 Theft of commercially valuable information is a very and other cases, multilevel multimedia key access, or real and ever present threat. individual keys issued to each person, would provide a To combat this type of commercial spying, various solution, albeit one that is quite unwieldy, inflexible, and complex systems have evolved to protect company difficult to manage by a security officer or key adminis proprietary information. These systems involve physi 30 trator. cal controls over personnel as well as over the data A secure method of labelling files or messages that flowing in and out of a company. For example, most are sent from a sending user to a receiving user over a computer systems used within companies require a pass network can provide a level of protection in addition to word to be entered before the system can be accessed. It cryptographic protection. A file "label' for purposes of is frequently the case that confidential or company 35 this invention means a series of letters or numbers, proprietary information must be passed electronically which may or may not be encrypted, separate from but from one location to another in order to convey that associated with the sending of a message, which identi information within the company in a timely fashion. fies the person, location, equipment, and/or organiza Such electronic communication is easily susceptible to tion which is permitted to receive the associated mes interception if not protected in some other form. Sage. Using a secure labelling regimen, a network man Cryptographic systems have evolved to fill the needs ager or user can be assured that only those messages of companies and individuals wanting to protect the meant for a certain person, group of persons, and/or proprietary commercial information of a company from location(s) are in fact received, decrypted, and read by competitors and those who generally should not have the intended receiver. Thus, a sending user can specify that information. 45 label conditions that limit access to the transmitted Encryption of data is therefore a critical requirement message. For example, many people within a company in denying access to confidential information from those may have the key necessary to read a data file that a who are not so authorized. Cryptographic "keys” are sender may transmit from his computer terminal to an essential part of the information encryption process. other terminals at another site within his company. The The cryptographic key, or "key' for short, is a se 50 sender may, however, wish to restrict reception to quence of letters, numbers, or bytes of information those persons present at a particular terminal. By em which are manipulated by a cryptographic algorithm to ploying a secure labelling technique in addition to en transform data from plain (readable) text to a series of cryption, the sender can be assured that people having unintelligible text or signals known as encrypted or the correct key to decrypt the message but working at cipher text. The key is then used by the receiver of the 55 different terminals will not receive or be allowed to cipher text to decrypt the message back to plain text. access the communication. Access may be limited to However, for two people to communicate successfully particular people as well. using keys, each must use the same key, assuming that A system such as that described above is disclosed in the same encryption/decryption algorithm is used on U.S. patent application Ser. No. 08/009,741, filed Jan. both ends of the communication. 27, 1993, the specification of which is incorporated by Various methods have evolved to manage the distri reference herein. bution of keys. Such methods of distribution are collec A system that can limit access on an object level tively referred to as "key management'. The function would be more flexible and would offer still more pro of key management is to perform the process of generat tection.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    16 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us