The present application relates to secure access control to data.
Securing access to sensitive data, whether in network storage or on physical media, is important in a variety of applications.
Applicant has proposed in WO2017/083980, published 26 May 2017, data encryption in which random symmetric encryption keys are generated for encrypting blocks of data, while the random symmetric encryption keys are then encrypted using the asymmetric public encryption key of a party authorized to decrypt the random symmetric encryption keys using the corresponding private key, and thus gain access to the encrypted blocks of data. The encrypted data and the encrypted keys can be transmitted together or separately as desired. In most cases, both the encrypted data and the encrypted keys are sufficiently secured to be stored with much lower security levels than for sensitive data storage.
An advantage of the data encryption system disclosed in WO2017/083980 is that security of the sensitive data can be shifted from data access control to possession of keys that allow a user or process to decrypt the data. Data access control is often a centralized process that adds overhead in a secure data storage system.
A disadvantage of the data encryption system disclosed in WO2017/083980 is that security of the sensitive data depends on possession of a single decryption key alone. A user is either granted access or not, and when a user was not originally authorized, the decryption key must be given from a party who had authorization in order to access the data.
Applicant has discovered that secret shares can be used to provide users with access to decryption of sensitive data without requiring a centralized data access controller to act as a gatekeeper to grant a user access to sensitive data.
A number of at least two fiduciaries are created who have shares that when combined will permit access to the symmetric encryption keys. As an example, the data source that can create the random symmetric encryption key can, instead of using a public key of an authorized user to asymmetrically encrypt the symmetric key for that user, use a public key of each of a group of ‘m’ authorized users to encrypt a value of a function, for example a polynomial function of degree one or more up to m−1. When the degree is one, the function is a line, and each user receives but one point on the line. An intercept of the line (or any other property) can be the symmetric key.
When a user knows one point on the line, it is not possible to guess the key, however, with a second point shared by another user, it is possible to calculate the key value. The number of fiduciaries can be large if desired. The order or degree of the function determines how many fiduciaries must combine their information to obtain the symmetric key. With the function being known to the user, or encrypted for the user, the receipt of the block data and the key data encrypted for the user only provides a potential for access without actually creating immediate conditions for access. The user must ask one or more other users to share the key data that the other users received in order to compute the symmetric key for the block. Asking for another key share may be done through a network, where communications are encrypted, or it may otherwise be performed physically, by an exchange of keys residing in physical mediums (e.g. usb key).
Alternatively to the use of a polynomial function, the symmetric encryption key can be made the sum or other function of two or more values used as the shares.
A first broad aspect is a method for controlling access to data by users, including, at an encryption computer system obtaining from a key generator a first symmetric encryption key stream including a first plurality of distinct symmetric encryption keys, wherein for each of the symmetric encryption keys, a number of ‘n’ shares are issued of which a number ‘m’ are required to calculate each of the symmetric encryption keys, and the shares represent the first symmetric encryption key stream; encrypting respective sequential portions of a first data file or stream to create a first symmetrically encrypted data file or stream including sequential portions of encrypted data; receiving at least one public asymmetric encryption key; generating asymmetrically encrypted key stream data by digitally encrypting by the encryption computer system the first symmetric encryption key stream using each one of the at least one public asymmetric encryption keys to create respective asymmetrically encrypted first key streams wherein each of the asymmetrically encrypted first key streams is encrypted with a respective one of the at least one public asymmetric encryption keys, the asymmetrically encrypted key stream data including each of the asymmetrically encrypted first key streams; and from the encryption computer system, transmitting the asymmetrically encrypted key stream data and the first symmetrically encrypted data file or stream including sequential portions of encrypted data to a data storage for access by parties associated with the at least one public asymmetric encryption key.
In some embodiments, the shares are values of a polynomial function of an order equal to m−1.
In some embodiments, n is greater than m.
In some embodiments, the shares are values than can be combined by an arithmetic or logical function to calculate the first symmetric encryption key stream.
In some embodiments, the encryption computer system issuing the number of ‘n’ shares further issues, for each of the ‘n’ shares, a number of ‘g’ sub-shares of which a number ‘h’ are required to calculate each of the ‘n’ shares, and the sub-shares represent the shares.
In some embodiments, the sub-shares are values of a polynomial function of an order equal to h−1.
In some embodiments, g is greater than h.
In some embodiments, the sub-shares are values than can be combined by an arithmetic or logical function to calculate the first symmetric encryption key stream.
Another broad aspect is a computer-readable non-transitional memory storing instructions executable by a computer device, including: at least one instruction for causing an encryption computer system to obtain, from a key generator, a first symmetric encryption key stream including a first plurality of distinct symmetric encryption keys, wherein for each of the symmetric encryption keys, a number of ‘n’ shares are issued of which a number ‘m’ are required to calculate each of the symmetric encryption keys, and the shares represent the first symmetric encryption key stream; at least one instruction for encrypting respective sequential portions of a first data file or stream to create a first symmetrically encrypted data file or stream including sequential portions of encrypted data; at least one instruction for receiving at least one public asymmetric encryption key; at least one instruction for generating asymmetrically encrypted key stream data by digitally encrypting by the encryption computer system the first symmetric encryption key stream using each one of the at least one public asymmetric encryption keys to create respective asymmetrically encrypted first key streams wherein each of the asymmetrically encrypted first key streams is encrypted with a respective one of the at least one public asymmetric encryption keys, the asymmetrically encrypted key stream data including each of the asymmetrically encrypted first key streams; and at least one instruction for transmitting the asymmetrically encrypted key stream data and the first symmetrically encrypted data file or stream, from the encryption computer system, including sequential portions of encrypted data to a data storage for access by parties associated with the at least one public asymmetric encryption key.
The proposed solutions will be better understood by way of the following detailed description of embodiments of the invention with reference to the appended drawings, in which:
As is known in the art, the Shamir Secret Sharing algorithm provides a way to divide a given secret, herein the Session Key, into unique parts that are passed down to different participants. In order to reconstruct the secret, a minimum number of participants need to come together and provide their unique part. This technique ensures that even if a share, or multiple shares, has been compromised, it remains impossible to access the encrypted sensitive data if the threshold of required shares is not reached. This threshold of required shares is further defined as the fiduciary parameter.
The implementation of SSS is done through the definition of a polynomial of the order that is equivalent to the fiduciary parameter minus one. As will be further illustrated in
In an embodiment of the present application, the Session Key is randomly generated to be a randomized 512-bit integer value. The space in which the mathematical calculations for the SSS implementation are being computed may also comprise values ranging from 0 to 2512-1 both in the horizontal and vertical axes. Computer extensions to perform calculations on 512-bit vectors on processors, such as Intel's AVX-512, may be used. It will be appreciated by someone skilled in the art that the implementation of this solution may be done using different bit lengths, whether to a lesser or greater length, as this only affect the level of security by reducing or increasing the amount of possible encryption key.
An example of a situation for which the sub-shares may be useful is for the access to encrypted data, such as video surveillance footage, in a police investigation. During an investigation, an investigator may require access to sensitive data that requires authorization from either his supervisor, a judge, both or any number of supervisors and judges. If every participant receives a unique share of the Session Key required to decrypt the requested video surveillance footage, a number of participants from only one of the categories, such as multiple investigators, may come together and be able to solve the Session Key secret without inputs from a supervisor and a judge.
The embodiment of
In yet another embodiment, the nested SSS system implementation may be replaced by using non-unique fiduciary shares, such that a number of parties have the same fiduciary share. In this embodiment, all the categories from the previous example may have a single fiduciary share per category, thus effectively preventing multiple parties from a given category from having access by itself to the Session Key. This embodiment has the disadvantage of not being able to track which specific parties gave their authorization to access the encrypted data, although this may be done through any other means.
The embodiments illustrated in
In another embodiment, the process illustrated in
In another embodiment, the process illustrated in
In the embodiment shown in
It will be appreciated by someone skilled in the art that, in other embodiments, the reconstruction of the polynomial may be made using any other polynomial interpolation methods, such as Newton polynomials.
In another embodiment, the polynomial function may be of any higher polynomial order, as would be defined by the fiduciary parameter input. In some embodiments, the secret may be any point along the polynomial function. The point may be defined as the function result at a randomized location or at a location that may be defined by an administrator of the security system.
In this embodiment of the data access process, the requested fiduciary shares may be transmitted to the requesting user 45 after being encrypted with the public key of the requesting user 44. Thereafter, the requesting user may proceed with the share solver 46 in order to determine the Session Key with which the requested sensitive data has been encrypted. The Session Key determined, the requesting user may then decrypt 47 and view the sensitive data 48.
In some embodiments, the sensitive data 48 may be a single data file whereas, in other embodiments, the sensitive data 48 may be a data stream. Streams of data, such as security camera video footage, may be separated in multiple data files each containing a given amount of data (e.g. separated when reaching a certain time length or when reaching a certain file size). The separation and encryption of multiple data files of a data stream may significantly increase the security of data access, since gaining access to a single data file does not grant access to the whole data stream (i.e. an unauthorized user finding the decryption key for a data file may only view a 5 second video clip of a security camera video footage instead of a full day of video surveillance).
In order to view a requested data stream, the requesting user may receive the plurality of fiduciary shares required to find all the Session Keys necessary to decrypt the sequential portion of the data stream that was requested. This may be implemented in order for the requesting user to be able to watch continuous footage without the system having to process new queries each time a data file from the requested data stream is finished playing.
The Share Exchange Facilitator module 54 accesses the information on how the data from the Block ID was encrypted, namely the fiduciary parameter that was defined based on the desired number of trusted parties that are required to come together in order to unlock the secret of the Session Key. In an embodiment in which multiple categories of trusted parties exists, as shown in
It will be appreciated that the Share Exchange Facilitator 54 is only one of the possible ways for a requesting user 58 to obtain the required fiduciary shares to unlock the Session Key and access the sensitive data. The Share Exchange Facilitator 54 provides an automated service that may very well be replaced by any other means, such as the requesting user personally asking trusted parties 57 from other categories to provide him with their fiduciary share. The trusted parties 57 may then provide their fiduciary share to the requesting user 58 through the Encrypter 56, such that their fiduciary shares are not being transmitted unencrypted. In such embodiment, the users would have access to a repository of data concerning the fiduciary parameters for each Block ID of encrypted data. Furthermore, the users may have access to a list of trusted fiduciary share holders from each category, in order for them to know which trusted parties 57 they would need to contact.
This second set of Authenticator 55 provides the authorization request to the trusted parties 57 of its category and further provides the User ID to an Encrypter unit 56. Once the authorizing users 57 agree to authorize the data access, their fiduciary share is transferred to the Encrypter unit 56 to be encrypted with the requesting user's public key. It will be appreciated that the Encrypter unit 56 may be a separate module for the category or may be implemented in each trusted party 57 computer unit.
Furthermore, the embodiment presented in
It will be appreciated that the embodiment illustrated in
In another embodiment, the Store of Sensitive Data 52 may be separated in two entities, one in which the encrypted data resides and another in which the fiduciary share parameters reside. This embodiment may allow quicker access to the sensitive data and the distribution of the information on the fiduciary parameters in an embodiment for which a Share Exchange Facilitator 54 would be the connecting service between the requesting user 58 and the trusted parties 57 holding the necessary fiduciary shares.
It will be appreciated by someone skilled in the art that the Store of Sensitive Data 52, as shown in the embodiment of
In some embodiments, the requestor unit may incorporate the solver and the data decrypter inside the CPU. Using some implementations of secure data processing already included by manufacturers in their processor (include AMD secure processing reference?) may ensure that no rogue computer programs may access the Session Key decryption secret.
In some embodiments, the control user may be a server. This implementation of the system allows the tracking of who requests access to what sensitive data and, more importantly, may be used to prevent someone who would have stolen a computer to have the ability to access the sensitive data in cases where a user's private key is implemented for calculations directly inside the CPU. The control server may then refuse all the authorization requests from a given compromised user.
Nesting a share solving step for the different categories may result in increased security when deciding who, from the trusted parties, may access the sensitive data. It will be appreciated that different embodiments may allow different distribution of access and authorizing rights to different categories. In an embodiment, the users from one category may have enough fiduciary shares to solve between themselves the Session Key secret, whereas other trusted parties from other categories may yet require a fiduciary part from the first independent category in order to have enough information to solve the Session Key secret.
In the embodiment of
The requestor unit 49 comprises a key solver 59, which may solve input fiduciary shares and sub-shares 70, which may include nested categories share solving, to ultimately result in the session key required to decrypt the requested sensitive data. Once the key solver 59 outputs the session key, a data decrypter 60 may use it to decrypt the requested sensitive data received from the store of sensitive data 52, such that the requesting user may view the sensitive data on a content viewer 61.
Now referring to
A user desiring to gain access to sensitive data that has been encrypted with a session key as described herein must first request such access 40, which may be as simple as a user asking a supervisor's approval, filling necessary paperwork or filing a request on a network program. This request step 40 also provides the requesting user with the possibility of identifying the fiduciary parameters and the required fiduciary shares and sub-shares to decrypt the desired data 71.
The user may thereafter retrieve the fiduciary shares or sub-shares, from the key share holders, which may be included on physical mediums (e.g. usb key) 72. Once retrieved, the key shares and sub-shares may be input in the requestor unit 73, which may be done by connecting the usb key to the requestor unit, by manually entering the keys with the keyboard or in any other related physical manner.
Following this, the requestor unit may access the fiduciary shares or sub-shares 74 such that they may be used in the user share solving process 46. In some embodiments, a nested category share solving process 68 may also be included prior to the user share solving process 46. The decryption of the requested sensitive data 47 may then be done with the solved session key and therefore the requesting user may view the sensitive data 48 at his discretion.
This application is a continuation of U.S. patent application Ser. No. 16/810,438 filed Mar. 5, 2020, that in turn claims priority of U.S. provisional patent application Ser. No. 62/927,276 filed on Oct. 29, 2019, the contents of which are hereby incorporated by reference.
Number | Date | Country | |
---|---|---|---|
62927276 | Oct 2019 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 16810438 | Mar 2020 | US |
Child | 17820712 | US |