• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    method for handling privacy data. the present invention aims to improve data protection against illegal access by strongly differentiating the specific security level in a data type so that when protection in a part of the data is breached, the remaining data is still inaccessible. a method for controlling access, through an open communication network, to private user data, comprising steps of: dividing private user data into a plurality of categories, each category defining a level of data privacy; encrypt private user data for each category with a category key belonging to the data category; assign to an interested party an entity configured to access at least one category of private user data, and authorize access to at least one category of private user data for the interested party's entity, providing the interested party with the category keys required to decrypt the data. private user data of the corresponding category.
    公开号:BR112013028844B1
    申请号:R112013028844-2
    申请日:2012-05-09
    公开日:2021-04-27
    发明作者:Antoine Burckard
    申请人:Nagravision S.A.;
    IPC主号:
    专利说明:

    FIELD OF THE INVENTION
    The present invention relates to the protection of private user data in the context of open or distributed networks, smart grids or the cloud. TECHNICAL FUNDAMENTALS
    As an increasing number and variety of devices are interconnected through open or distributed networks, any information exchanged between the devices becomes potentially accessible to anyone for any purpose. Certain types of information, particularly personal data of device users, subscribers or contributors, require specific protection through efficient access control.
    The usual solutions to protect sensitive personal data are based on encryption in their transmission from a source device to a centralized storage device, which, however, can be accessible to any third party even to unrelated persons.
    Document US2005 / 0216313A1, discloses an electronic medical record maintenance system including a central data collection and data storage server connected via a network to different sources of health data entry. Each source provides unidirectional input data, controlled via a first encryption key code for individual patients thereby enabling data to be assimilated on the central server only for each patient segregated from all other patient data. The sources can also include a second encryption key code for the patient related to the first key code to enable the launch of a set of toolbar screens at a terminal accessed by the patient or doctor if authorized and bidirectional network connection for unique patient data stored on the remote server.
    Document WO2003 / 049000A1 discloses a method allowing users to store portions of their identity information with one or more identity providers. The identity information includes attributes such as the user's name, mailing address, email, telephone number and credit card number. An identity provider is an entity that creates, manages and stores identity information for a plurality of users. A service provider is an entity that provides a service to a user and makes use of aspects of the user's identity that the user has been authorized to access. A user can authenticate with an identity provider using, for example, a password-based credential or any other authentication mechanism. Service providers can then rely on that authentication to provide access to authorized resources without requiring additional authentication. In some modalities, however, additional authentication is performed due to the quality of the credential that the user initially used to connect to the identity provider. Sensitive data like this has perfect encryption protection and is accessible only to users who have the necessary credentials.
    In this system, user data is stored in several distributed databases that have specific access controls requiring authentication either with an identity provider or more vigorous signature authentication.
    Document US79496191B1 discloses a method for managing customer data. This method includes assigning one or more roles to entities wishing to access customer data, the entities including at least one application. The method provides the determination of a category associated with at least some of the customer data, defining an access level for each function based on the category associated with at least some of the customer data, and restricting access by the application to one system maintaining customer data based on whether the application is authorized to access the system.
    In this document, the mechanism of access levels for customer data is defined as categories based on the rules. Customer data is protected in the same way through access control to a centralized database where all customer data is stored. If a third party attempts to circumvent the rules, all data that is controlled by the rules in question can become accessible at the same time.
    The document “Access Control: Principles and Practice”, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine reveals an access control coupled with a user's authentication with a reference monitor linked with an authorization database. Objects are protected with access rights such as read, read / write, so that each user has their own access rights depending on the class of the object. An access matrix is thus defined with the rights assigned to each user to access different files and accounts.
    Document EP1320012A2 discloses a system and method for providing distributed access control. Some local servers are employed to operate widely on behalf of a central server responsible for managing centralized access control. Such a distributed form guarantees the security, reliability and scalability of the access control management undertaken by the central server. According to one embodiment, a distributed access control system that restricts access to protected items can include at least one central server having a server module that provides global access control, and a plurality of local servers. Each local server can include a local module providing local access control. Access control, carried out by the central server or local servers, operates to allow or deny requests for access to items protected by applicants.
    According to an additional modality, a protected document includes a header and a portion of encrypted data. The header includes codified security information to control access to the encrypted data portion. A user key associated with an authenticated user must be retrieved to decrypt the encrypted security information.
    According to an additional modality, a protected file or protected document includes two parts: an attachment, referred to as a header, and a cryptographed document or piece of data. The header includes security information that indicates or includes the access rules and the file key. Access rules facilitate restrictive access to the protected document and essentially determine who, when, how, where the protected document can be accessed. The file key is used to encrypt / decrypt the portion of encrypted data.
    The EP1320012A2 method thus appears to be more properly complex with at least two levels of encryption: encryption of the security information in a header portion and encryption of the data portion with a key defined by the security information. Access rules are also used after decoding the header. SUMMARY OF THE INVENTION
    An objective of the present invention is to improve data protection against illegal access by vigorously differentiating the specific security level on a data type so that when protection on a part of the data is breached, the remaining data is still inaccessible. .
    The objective is achieved through a method to control access, through an open communication network, to private user data with a significant differentiation of the security level for the data sharing a common level of privacy and a high granularity of protection through a variety of encryption / decryption keys, private user data being provided by a plurality of originating entities, comprising the steps of: - splitting private user data into a plurality of categories, each category defining a level of data privacy, - encrypt, through each source entity, the private user data of each category with a category key belonging to the data category, - assign to an interested party at least one entity configured to access at least one category of private user data, - authorize access to at least one category of private data and user for at least one entity of the interested party, by providing at least one entity with the category keys required to decrypt the private user data of the corresponding category.
    An advantage of the method is that the data is not necessarily stored in a centralized database, but can be located on a plurality of devices, nodes or local storage devices connected to the network. These distributed data are then organized into different categories related to the level of privacy and encrypted accordingly. Access to data by an entity of a first interested party is thus made selective through the possession of keys capable of decrypting the category of data that the first interested party is authorized to access. The other categories of data remain inaccessible to this first entity since each of them is encrypted by different keys. A second entity from a second party having a different set of keys can decrypt all or part of those categories that have been banned for the first entity.
    An interested party is a generic term for an authorized person, group or intermediary company in an open or distributed network where private user data is available. A telephone operator, a utility provider, a service provider, a health care provider, a doctor, a banker, a lawyer, political authorities, a superior, parent, friend or other relative of a person determined etc., are examples of stakeholders who may have selective rights to access the private data of their related users, subscribers, customers, customers, etc.
    An entity is defined here as any device providing, processing, storing, managing, receiving or accessing the data available on the open network.
    An open or distributed communication network also called a cloud is a concept consisting of transferring data processing to distant server entities that is normally located on local servers or on a user device. Cloud computing is a specific way of managing data when the location of the data is not known to users or customers. Interested parties are no longer managers of their server entities, but can evolutionarily access various online services without managing a complex structure supporting these services. Applications and data are not recorded on a local computer, but on a cloud composed of a number of distant server entities interconnected through high-bandwidth communication channels, necessary for efficient system fluidity. Access to the cloud is usually obtained using network-based applications using, for example, an Internet browser.
    The computing cloud is comparable to an electricity distribution network. The capacity for processing and storing information is proposed for consumption by providers or specialized operators and billed according to actual use. Therefore, interested parties no longer require their own server entities, but outsource this resource to a trusted company, guaranteeing processing and storage capacity on demand. This notion is also known by the term “elastic computing capacity” because cloud computing is a convenient demand model for establishing network access to configurable storage, shared information resources that are quickly available by minimizing management efforts and contacts with the service provider.
    The network where the method of the invention applies can also be a part or an entire smart grid as well as a part or an entire home area network.
    A smart grid usually defines an in-teligent electricity distribution network using computer technologies to optimize production and distribution and better supply and demand for links between electricity providers and consumers. In addition, computer technologies aim to save energy, protect the network and reduce management and operating costs. The smart grid concept is also associated with smart meters capable of providing a time slice charge allowing consumers to choose the best tariff among the various electricity providers and select the hours of consumption allowing a better use of the electricity grid. Such a system can also allow the mapping of consumption in a more improved way to predict future needs at more local scales.
    A home area network or home network is a residential local area network (LAN). It allows communication between digital devices typically installed in the home, usually a small number of personal computers and accessories, such as printers, and mobile computing devices. An important function is the sharing of Internet access, usually a broadband service through a Digital Subscriber Line (DSL) or cable TV provider. In addition, a home server can be added for added functionality. Home networks can use wired or wireless technologies using, among others, for example, WiFi communication protocols (IEEE 802.11).
    In the document “Access Control: Principles and Practice”, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, no data encryption with a specific key for the data category is mentioned. The differentiation in the level of security seems to be more properly weak. In reality, if a read right on certain files is changed to a read and write right, other files that have the same read right can also be modified. This means that the “granularity” to differentiate rights over files is very low. An additional objective of the present invention is also to increase this granularity by multiplying the number of categories and in parallel, the corresponding keys to decrypt the data according to their categories.
    Document EP1320012A2 does not mention the steps of dividing private user data into a plurality of categories where each category defines a privacy level of private user data and encrypts the private user data of each category with a category key belonging to the category of private user data.
    The problem solved by the present invention is to efficiently improve the security of private user data with a vigorous differentiation of the security level for each category of data, that is, data sharing a common level of privacy. Access to data is controlled by assigning a specific set of category keys to interested participants. If a key is discovered, only one category of data is participating without any loss of security in other categories.
    The present invention allows a high granularity of protection thanks to the diversity of keys. The data can be distributed over a wide network (cloud) and can be accessed from any location on the network in condition to have the appropriate category key. The security of the storage location may also vary by category. BRIEF DESCRIPTION OF THE DRAWINGS
    The invention will be better understood with the following detailed description, which refers to the accompanying figure provided as a non-limiting example.
    Figure 1 shows a block diagram of an open network (cloud, smart grid, home area network, etc.) comprising data processing entities and storage devices providing private user data accessible by authorized stakeholders.
    Figure 2 shows an example of an open network in which the various categories of encrypted data are made available to interested parties with the appropriate keys to decrypt the categories of data to which they are authorized to access. DETAILED DESCRIPTION OF THE INVENTION
    Figure 1 illustrates an example of an open network C comprising a plurality of data processing, interconnected entities and DB databases controlled by entities E. Stakeholders S1, S2, S3 have access to data provided directly by entities And either the data stored in the DB databases or the data sets provided by both E entities and DB databases. Access to data depends on authorizations provided to interested parties S1, S2, S3 in the form of keys, enabling the decoding of one or more categories of data.
    An example of an open network is detailed in Figure 2 where source entities SE1, SE2, SE3, SE4, SE5, SE6 and SE7 provide private user data (dC1, dC2, ... dCn) of predetermined categories (C1, C2 , ... Cn). Each category of private user data (dC1, dC2, ... dCn) is encoded by the originating entity related to a category key (KC1, KC2, ... KCn).
    In a smart grid context, these home entities can, for example, consist of smart meters measuring values corresponding to the consumption of energy, fluid, heat or multimedia communication data. These values are divided into categories (C1, C2, ... Cn) depending on their nature, service provider or privacy. For example, electricity consumption is not a concern of the same provider or operator as multimedia communication data. In addition, a combination of one category of data with another may have a certain level of privacy requiring specific protection.
    According to other examples, the originating entities (SE1, SE2, ... SEn) can be electric vehicles, or RFID devices or any device providing private data to be protected which are associated with one or more users.
    Since private user data organized into categories refers to different users U1, U2, ... Uk, category keys can be used in combination with other keys such as user-related keys. Categories and users are orthogonal divisions of data. Category keys can be used on a dedicated layer of a key ladder.
    In the example in Figure 2, source entities SE5, SE6 produce private data dC1 and dC2 of category C1 and C2 each encrypted with a respective category key KC1 and KC2.
    The source entities SE1, SE2 and SE3 produce data dC1, dC2 and dC3 of category C1, C2 and C3 each encoded with their respective category key KC1, KC2 and KC3.
    The source entity SE4 produces category C2 dC2 data encrypted with its respective category key KC2.
    The parent entity SE7 produces dC1 data from category C1 encoded with its respective category key KC1.
    Category keys (KC1, KC2, ... KCn) are either symmetric or asymmetric or a combination of symmetric and asymmetric keys. In a configuration example, public keys are stored in the originating entities while the corresponding private keys are stored in entities controlled by the interested parties authorized to access data dC1, dC2 and dC3.
    DBCE database control entities or management centers, process, manage, classify the data produced which can be stored temporarily or permanently in the DB databases. In the example, user data such as identifier, name, address, smart meter identifier, type, location, etc., is stored in the databases in conjunction with smart meter value data compiled by database control entities. DBCE data. These user data considered as having a high level of privacy are from categories C1, C2 and C3 encrypted by the corresponding category keys KC1, KC2 and KC3.
    In other examples, the categories (C1, C2, ... Cn) are user preferences, usage statistics, location, presence information, pseudo, each of these categories being coded by the originating entity (SE1, SE2, ... SEn) with a category key (KC1, KC2, ... KCn) belonging to the data category (C1, C2, ... Cn).
    According to one modality, the database (DB1, DB2, ... DBn) is distributed in a plurality of storage locations in the open communication network (C), the storage locations may depend on the category (C1, C2 , ... Cn) of private user data (dC1, dC2, ... dCn). For example, categories corresponding to sensitive data are located in a more protected place than categories of data that have a low level of privacy or can be easily reproduced if lost or corrupted. The location can also be determined for accessibility and performance purposes.
    According to another modality, the database (DB1, DB2, ... DBn) is stored partially or completely on at least one remote storage device in a predetermined location on the open communication network (C).
    DBCE database control entities update DB databases at scheduled time or upon request with the most recent values produced by source entities SE1, SE2, SE3, SE4, SE5, SE6 and SE7 as well as with any changes to user data. These update operations can be carried out automatically or manually or a combination of both by stakeholders who have specific rights or authorization to send specific update commands to DBCE database control entities.
    An interested party S1 sends a request Rq (dC1, dC2, dC3) with a client entity CE1 to network C. The request Rq (dC1, dC2, dC3) including at least one instruction to access the data of an identified user by an identifier ID Uj is sent to a DBCE database control entity that returns a response Rp [(dC1) KC1, (dC2) KC2, (dC3) KC3] by sending data related to the user Uj of categories CA, C2, C3, that is, private user data [(dC1) KC1, (dC2) KC2, (dC3) KC3] each encrypted by the respective category key KC1, KC2, KC3.
    The client entity CE1 of the interested party S1 has only the category keys KC1 and KC3 so that only the data of the categories C1 and C3 can be decrypted by the interested party S1, the encrypted data (dC2) KC2 remaining inaccessible once the category key KC2 is not available.
    The CE client entity can consist of any server or terminal device capable of connecting to the open network and receiving previously requested data such as a personal computer, a personal digital assistant or a smartphone.
    SE origin entities and CE client entities can be located anywhere on the open network, for example, on a smart grid or on a local area network.
    According to a modality, an entity of origin SE and an entity of client CE are located on the same physical device or server.
    According to one modality, in a home area network, the entity is a home network access gateway or home energy gateway.
    According to one modality, DBCE database control entities filter the interested party's request in such a way as to return only the category of private user data that the interested party can decrypt; the other categories are not being sent. In this case, the configuration of the CE customer entity including the available KC category keys of the interested party is recorded in a network database accessible to the DBCE database control entities.
    In Figure 2, the interested party S2 sends an Rq [dC2] request to access data from a set of users and receives an Rp [(dC2) KC2] response including only the C2 category of dC2 data that the client entity CE2 can decrypt. In reality, only the category key KC2 is available for that customer entity CE2.
    The interested party S3 sends a request Rq [(dC1) KC1] for the data of a set of users and receives in response Rp [(dC1) KC1, (dC2) KC2] the data of categories C1 and C2. The customer entity CE3 has the category keys KC1 and KC2 necessary to decrypt categories C1 and C2.
    In an additional modality, the encrypted categories of the requested private user data are accompanied by a cryptogram including the necessary categorical keys, encrypted with a personal key of the interested party.
    For example, the interested party S1 receives the response Rp [(dC1) KC1, (dC2) KC2, (dC3) KC3] with a cryptogram (KC1, KC3) KS1 where KS1 is a personal key of interest S1. In this case, only the personal key KS1 is stored in the customer entity CE1 since the category keys are provided by the DBCE database control entities where the interested party S1 can also be registered.
    权利要求:
    Claims (15)
    [0001]
    1. Method for controlling access, through an open communication network (C), to private user data (dC1, dC2, ... dCn) with a strong differentiation of the security level for data sharing a level of security. common privacy and high granularity of protection by a variety of encryption / decryption keys, said private user data (dC1, dC2, ... dCn) being provided by a plurality of originating entities (SE1, SE2, ... SEn), the method being CHARACTERIZED by the fact that it comprises the steps of: dividing private user data (dC1, dC2, ... dCn) into a plurality of categories (C1, C2 ,. ..Cn), each category (C1, C2, ... Cn) defining a privacy level of private user data (dC1, dC2, ... dCn), encrypt through each source entity (SE1, SE2 , ... SEn) the private user data (dC1, dC2, ... dCn) of each category (C1, C2, ... Cn) with a category key (KC1, KC2, ... KCn) belonging to category (C1, C2, ... Cn ) of private user data (dC1, dC2, ... dCn), temporarily or permanently store encrypted private user data ((dC1) KC1, (dC2) KC2, ... (dCn) KCn) in at least one database (DB1, DB2, ... DBn) controlled by at least one database control entity (DBCE), assign to an interested party (S1, S2, ... Sn) at least one entity (CE1, CE2, ... Cn) configured to access at least one category (C1, C2, ... Cn) of private user data (dC1, dC2, ... dCn), through at least one control entity database (DBCE), according to the categories (C1, C2, ... Cn) corresponding to the category key (KC1, KC2, ... KCn), authorize access to at least one category (C1, C2 , ... Cn) of private user data (dC1, dC2, ... dCn) for at least one entity (CE1, CE2, ... Cn) of the interested party (S1, S2, ... Sn), by providing at least one entity (CE1, CE2, ... Cn) with the category keys (KC1, KC2, ... KCn) required to decrypt the private user data (dC1, dC2, ... dCn) of the corresponding category (C1, C2, ... Cn).
    [0002]
    2. Method according to claim 1, CHARACTERIZED by the fact that the database (DB1, DB2, ... DBn) is distributed in a plurality of storage locations in the open communication network (C).
    [0003]
    3. Method according to claim 1, CHARACTERIZED by the fact that the database (DB1, DB2, ... DBn) is partially or completely stored on at least one remote storage device at a predetermined location on the communication network open (C).
    [0004]
    Method according to any one of claims 1 to 3, CHARACTERIZED by the fact that the communication network (C) is completely or partially a smart grid network.
    [0005]
    5. Method according to any one of claims 1 to 3, CHARACTERIZED by the fact that the communication network (C) is completely or partially a home area network.
    [0006]
    6. Method according to any one of claims 1 to 5, CHARACTERIZED by the fact that the category keys (KC1, KC2, ... KCn) are either of a symmetrical type or of an asymmetric type or of a combination of keys symmetrical and asymmetric.
    [0007]
    7. Method according to any one of claims 1 to 6, CHARACTERIZED by the fact that category keys (KC1, KC2, ... KCn) are used in combination with other keys such as keys related to the interested or keys related to the user.
    [0008]
    8. Method according to any one of claims 1 to 7, CHARACTERIZED by the fact that at least one database control entity (DBCE) consists of a management center that manages a plurality of originating entities (SE1, SE2, ... SEn) each sending, periodically or at a scheduled time, data to at least one database control entity (DBCE) that feeds the database (DB1, DB2, ... DBn).
    [0009]
    9. Method according to claim 8, CHARACTERIZED by the fact that the originating entities (SE1, SE2, ... SEn) are either smart meters, electric vehicles or RFID devices.
    [0010]
    10. Method according to any one of claims 4 to 9, CHARACTERIZED by the fact that the data are measurement data divided into a plurality of categories (C1, C2, ... Cn), the measurement data of each category being cryptographed by the smart meter source entity (SE1, SE2, ... SEn) with a category key (KC1, KC2, ... KCn) belonging to the category (C1, C2, ... Cn) measurement data.
    [0011]
    11. Method according to claim 1, CHARACTERIZED by the fact that the categories (C1, C2, ... Cn), are user preferences, usage statistics, location, presence information, pseudo, each of these categories being encrypted by the originating entity (SE1, SE2, ... SEn) with a category key (KC1, KC2, ... KCn) belonging to the category (C1, C2, ... Cn) of the data.
    [0012]
    12. Method according to any one of claims 1 to 11, CHARACTERIZED by the fact that at least one originating entity (SE1, SE2, ... SEn) and at least one customer entity (CE1, CE2, .. .Cn) are combined in the same physical entity.
    [0013]
    13. Method according to any one of claims 1 to 11, CHARACTERIZED by the fact that at least one originating entity (SE1, SE2, ... SEn) or client entities (CE1, CE2, ... Cn) it is combined with at least one database control entity (DBCE) in the same physical entity.
    [0014]
    14. Method according to claim 12 or 13, CHARACTERIZED by the fact that the entity is a home network access gateway or home energy gateway.
    [0015]
    15. System configured to control access, through an open communication network (C), to private user data (dC1, dC2, ... dCn) with a strong differentiation of the security level for data sharing a level of security. common privacy and a high granularity of protection by a variety of encryption / decryption keys, the system being CHARACTERIZED by the fact that it comprises: a plurality of originating entities (SE1, SE2, ... SEn), each configured to: provide private user data (dC1, dC2, ... dCn), divide private user data (dC1, dC2, ... dCn) into a plurality of categories (C1, C2, ... Cn), each category (C1, C2, ... Cn) defining a privacy level of private user data (dC1, dC2, ... dCn), encrypt private user data (dC1, dC2, ... dCn) from each category (C1, C2, ... Cn) with a category key (KC1, KC2, ... KCn), belonging to the category (C1, C2, ... Cn) of private user data (dC1 , dC2, ... dCn ), at least one database (DB1, DB2, ... DBn) controlled by at least one database control entity (DBCE) to temporarily or permanently store encrypted private user data ((dC1) KC1, (dC2) KC2,, ... (dCn) KCn), at least one entity (CE1, CE2, ... Cn) configured to access at least one category (C1, C2, ... Cn) of data private users (dC1, dC2, ... dCn), through at least one database control entity (DBCE), according to the categories (C1, C2, ... Cn) corresponding to the category (KC1, KC2, ... KCn), to at least one entity (CE1, CE2, ... Cn), being assigned to an interested party (S1, S2, ... Sn), is further configured to authorize the interested (S1, S2, ... Sn) to access at least one category (C1, C2, ... Cn) of private user data (dC1, dC2, ... dCn) providing at least one entity ( CE1, CE2, ... Cn) with category keys (KC1, KC2, ... KCn) required to decrypt private data from u swine (dC1, dC2, ... dCn) of the color-responding category (C1, C2, ... Cn).
    类似技术:
    公开号 | 公开日 | 专利标题
    BR112013028844B1|2021-04-27|METHOD AND SYSTEM FOR MANAGING PRIVACY DATA
    Fabian et al.2015|Collaborative and secure sharing of healthcare data in multi-clouds
    US10129024B2|2018-11-13|Encrypted file storage
    Seiger et al.2011|SecCSIE: a secure cloud storage integrator for enterprises
    CN110099043A|2019-08-06|The hiding more authorization center access control methods of support policy, cloud storage system
    US9088538B2|2015-07-21|Secure network storage
    US20150271146A1|2015-09-24|Methods and systems for the secure exchange of information
    CN104935590A|2015-09-23|HDFS access control method based on role and user trust value
    CN105516110A|2016-04-20|Mobile equipment secure data transmission method
    CN103220141A|2013-07-24|Sensitive data protecting method and system based on group key strategy
    CN107302524A|2017-10-27|A kind of ciphertext data-sharing systems under cloud computing environment
    CN110061983A|2019-07-26|A kind of data processing method and system
    CN106326666A|2017-01-11|Health record information management service system
    KR20120070829A|2012-07-02|Apparatus and method that publish and uses comment of contents in distributed network system
    CN105450750A|2016-03-30|Secure interaction method for intelligent terminal
    CN101291220B|2010-08-18|System, device and method for identity security authentication
    Adlam et al.2019|A permissioned blockchain approach to the authorization process in electronic health records
    CN113132103A|2021-07-16|Data cross-domain security sharing system and method
    Sayler et al.2014|Custos: Increasing security with secret storage as a service
    Lee et al.2012|Resource centric security to protect customer energy information in the smart grid
    Gao et al.2020|Blockchain based secure IoT data sharing framework for SDN-enabled smart communities
    Singh et al.2013|Dynamic federation in identity management for securing and sharing personal health records in a patient centric model in cloud
    Gaikwad et al.2013|Network Security Enhancement in Hadoop Clusters
    Andersen2019|Decentralized authorization with private delegation
    Agarwal2021|A Safe and Resilient Cryptographic System for Dynamic Cloud Groups with Secure Data Sharing and Efficient User Revocation
    同族专利:
    公开号 | 公开日
    AU2012252388B2|2015-11-05|
    US10853517B2|2020-12-01|
    EP2523139A1|2012-11-14|
    WO2012152845A1|2012-11-15|
    EP2710506B1|2018-10-03|
    US20210089679A1|2021-03-25|
    US20180082079A1|2018-03-22|
    AU2012252388A1|2013-11-21|
    CN103502994A|2014-01-08|
    CA2834785C|2019-06-18|
    US20140068257A1|2014-03-06|
    BR112013028844A2|2017-01-31|
    US9830472B2|2017-11-28|
    EP2710506A1|2014-03-26|
    CN103502994B|2017-02-15|
    CA2834785A1|2012-11-15|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US5375169A|1993-05-28|1994-12-20|Tecsec, Incorporated|Cryptographic key management method and apparatus|
    US6023765A|1996-12-06|2000-02-08|The United States Of America As Represented By The Secretary Of Commerce|Implementation of role-based access control in multi-level secure systems|
    US6363481B1|1998-08-03|2002-03-26|Nortel Networks Limited|Method and apparatus for secure data storage using distributed databases|
    US7949691B1|1999-09-02|2011-05-24|Cbs Interactive Inc.|Methods of catalog data maintenance, storage, and distribution|
    US6463417B1|2000-02-22|2002-10-08|Carekey.Com, Inc.|Method and system for distributing health information|
    GB2367387A|2000-09-27|2002-04-03|Int Computers Ltd|Personal data protection|
    US20030002668A1|2001-06-30|2003-01-02|Gary Graunke|Multi-level, multi-dimensional content protections|
    US20030051159A1|2001-09-11|2003-03-13|Mccown Steven H|Secure media transmission with incremental decryption|
    US7610390B2|2001-12-04|2009-10-27|Sun Microsystems, Inc.|Distributed network identity|
    US7921288B1|2001-12-12|2011-04-05|Hildebrand Hal S|System and method for providing different levels of key security for controlling access to secured items|
    US7921284B1|2001-12-12|2011-04-05|Gary Mark Kinghorn|Method and system for protecting electronic data in enterprise environment|
    US7783765B2|2001-12-12|2010-08-24|Hildebrand Hal S|System and method for providing distributed access control to secured documents|
    US20070195960A1|2002-04-12|2007-08-23|General Dynamics Advanced Information Systems|Apparatus and method for encrypting data|
    CN100511203C|2003-07-11|2009-07-08|日本电信电话株式会社|Database access control method, database access controller, agent processing server|
    US20050216313A1|2004-03-26|2005-09-29|Ecapable, Inc.|Method, device, and systems to facilitate identity management and bidirectional data flow within a patient electronic record keeping system|
    US7827234B2|2005-01-10|2010-11-02|International Business Machines Corporation|Privacy entitlement protocols for secure data exchange, collection, monitoring and/or alerting|
    JP5312771B2|2006-10-26|2013-10-09|株式会社エム・シー・エヌ|Technology that determines relevant ads in response to queries|
    US7949619B2|2008-01-31|2011-05-24|Computer Associates Think, Inc.|Business process analyzer that serializes obtained business process data and identifies patterns in serialized business processs data|
    CN101266609B|2008-04-30|2010-06-23|中山爱科数字科技有限公司|Method for accomplishing medical data external inquiry for digital remote medical treatment|
    US8027931B2|2008-06-26|2011-09-27|Yahoo! Inc.|Automated friend finder|
    US11075754B2|2009-01-15|2021-07-27|International Business Machines Corporation|Universal personal medical database access control|
    US20100293045A1|2009-05-14|2010-11-18|James Moeller Burns|Centralized Renewable Energy System With Fractional Ownership and a Method of Disaggregated Net Metering of its Renewable Energy Output Among Utility Customers Who Are Fractional Owners|
    KR101320350B1|2009-12-14|2013-10-23|한국전자통신연구원|Secure management server and video data managing method of secure management server|
    US8670946B2|2010-09-28|2014-03-11|Landis+Gyr Innovations, Inc.|Utility device management|
    WO2012048347A1|2010-10-08|2012-04-12|Brian Lee Moffat|Private data sharing system|US8713638B2|2012-06-30|2014-04-29|AT&T Intellectual Property I, L.L.P.|Managing personal information on a network|
    US20150199530A1|2014-01-10|2015-07-16|General Electric Company|Systems and Methods With Cryptography and Tamper Resistance Software Security|
    US9413536B2|2014-06-12|2016-08-09|Cisco Technology, Inc.|Remote secure device management in smart grid ami networks|
    CN105447050B|2014-09-15|2019-04-02|深圳Tcl新技术有限公司|The treating method and apparatus of client segmentation|
    US10802888B2|2014-09-19|2020-10-13|Nec Corporation|Information processing device and cooperative distributed storage system|
    GB2533098B|2014-12-09|2016-12-14|Ibm|Automated management of confidential data in cloud environments|
    DE102015200210A1|2015-01-09|2016-07-14|Siemens Aktiengesellschaft|Secure transmission of sensitive measurement data in an automation network|
    US9906361B1|2015-06-26|2018-02-27|EMC IP Holding Company LLC|Storage system with master key hierarchy configured for efficient shredding of stored encrypted data items|
    US10284534B1|2015-06-26|2019-05-07|EMC IP Holding Company LLC|Storage system with controller key wrapping of data encryption key in metadata of stored data item|
    US9659190B1|2015-06-26|2017-05-23|EMC IP Holding Company LLC|Storage system configured for encryption of data items using multidimensional keys having corresponding class keys|
    US9779269B1|2015-08-06|2017-10-03|EMC IP Holding Company LLC|Storage system comprising per-tenant encryption keys supporting deduplication across multiple tenants|
    EP3156932A1|2015-10-16|2017-04-19|Deutsche Telekom AG|Method and system for protecting confidential electronic data|
    CA2999104A1|2015-10-16|2017-04-20|Deutsche Telekom Ag|Method and system for the protection of confidential electronic data|
    SI3163705T1|2015-10-30|2018-05-31|Overas Invest Ab|An electricity supply control system and a method thereof|
    US10326744B1|2016-03-21|2019-06-18|EMC IP Holding Company LLC|Security layer for containers in multi-tenant environments|
    CN106571909A|2016-10-31|2017-04-19|中国联合网络通信集团有限公司|Data encryption method and device|
    US10284557B1|2016-11-17|2019-05-07|EMC IP Holding Company LLC|Secure data proxy for cloud computing environments|
    US10298551B1|2016-12-14|2019-05-21|EMC IP Holding Company LLC|Privacy-preserving policy enforcement for messaging|
    US11128437B1|2017-03-30|2021-09-21|EMC IP Holding Company LLC|Distributed ledger for peer-to-peer cloud resource sharing|
    CN107392043A|2017-06-30|2017-11-24|天脉聚源传媒科技有限公司|The method and device of the private object of user in a kind of protection system|
    US10938950B2|2017-11-14|2021-03-02|General Electric Company|Hierarchical data exchange management system|
    CN107944283B|2017-11-15|2021-01-01|中国农业银行股份有限公司|Data sensitivity identification method and device|
    US11063745B1|2018-02-13|2021-07-13|EMC IP Holding Company LLC|Distributed ledger for multi-cloud service automation|
    CN109165526A|2018-08-24|2019-01-08|武汉丰普科技股份有限公司|A kind of big data security and privacy guard method, device and storage medium|
    US10917413B2|2018-10-30|2021-02-09|Bank Of America Corporation|Neural mesh protection system for data transmission|
    US11030350B2|2018-11-29|2021-06-08|Visa International Service Association|System, method, and apparatus for securely outputting sensitive information|
    US11128460B2|2018-12-04|2021-09-21|EMC IP Holding Company LLC|Client-side encryption supporting deduplication across single or multiple tenants in a storage system|
    US11102187B2|2019-02-20|2021-08-24|Aetna Inc.|Systems and methods for managing workflow transactions including protected personal data in regulated computing environments|
    US20210150038A1|2019-11-20|2021-05-20|International Business Machines Corporation|Smart data protection|
    US11019033B1|2019-12-27|2021-05-25|EMC IP Holding Company LLC|Trust domain secure enclaves in cloud infrastructure|
    US20220004655A1|2020-07-03|2022-01-06|Huawei Technologies Co., Ltd.|Database access control service in networks|
    法律状态:
    2018-12-11| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|
    2019-10-29| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|
    2021-03-02| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|
    2021-03-23| B09X| Decision of grant: republication|Free format text: O PRESENTE PEDIDO TEVE UM PARECER DE DEFERIMENTO NOTIFICADO NA RPI NO 2617 DE02/03/2021, TENDO SIDO CONSTATADO QUE ESTA NOTIFICACAO FOI EFETUADA COM INCORRECOES,NOTADAMENTE ERROS DE TRADUCAO NA REINVINDICACAO 5 (ANTERIORMENTE DESCRITA COMO ?REDE LOCAL?,QUANDO QUE A REQUERENTE INDICA SER A TRADUCAO CORRETA ?REDE DOMESTICA?). DIANTE DISTO, CONCLUOPELA RETIFICACAO DO PARECER DE DEFERIMENTO, DEVENDO INTEGRAR A CARTA PATENTE OS DOCUMENTOSQUE CONSTAM NO QUADRO 1 DESTE PARECER. |
    2021-04-27| B16A| Patent or certificate of addition of invention granted|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 09/05/2012, OBSERVADAS AS CONDICOES LEGAIS. |
    优先权:
    申请号 | 申请日 | 专利标题
    US201161484266P| true| 2011-05-10|2011-05-10|
    EP11165570.0|2011-05-10|
    EP11165570A|EP2523139A1|2011-05-10|2011-05-10|Method for handling privacy data|
    US61/484,266|2011-05-10|
    PCT/EP2012/058580|WO2012152845A1|2011-05-10|2012-05-09|Method for handling privacy data|
    [返回顶部]