Very widely used forms of encryption use a key to encrypt data prior to transmission. Another key is used by the recipient to decrypt the data. Encryption may be symmetrical in which the sender and receiver exchange a key. However, it is difficult to provide a safe, robust system due to the inherent difficulty of creating, transferring, managing, storing, authenticating, revoking encryption keys, and revoking access to encrypted data once the encrypted data has been distributed. The complexity is compounded as the number of users and access points increases.
Encryption keys must be distributed. In various systems, methods of registering encryption keys and client identity are provided. A means for distributing encryption keys to other clients is established. A common method is Pretty Good Privacy (PGP). In this method, clients log onto their public server and register their encryption keys. However, such a system is subject to registration of the key for a particular client by a non-authorized third party. This is referred to as a spoof.
Authentication of keys is essential. In order to prevent spoofs, a Certificate Authority (CA) creates a digital certificate which is used to establish the authenticity of an individual client or system. The CA is a trusted third party. The CA creates a digital certificate and digitally signs it using the CA's private key. The CA uses an industry standard, e.g., an X.509 certificate. This certificate comprises a data structure in a public key system to uniquely associate a particular entity with a particular public key. Such a system provides a reasonable level of protection. However, the certificate system is very difficult to manage and to administer.
Since the system is focused on uniquely associating one entity with one key, simple and easy methods for “grouping” of encryption keys are not available in order to allow more than two users to share encrypted data. Another desired capability is the ability to provide a different level of access to different ones of multiple users, i.e., multi-level security.
Existing systems do not provide for an action to take in response to unauthorized attempts at access to encrypted data. The systems are also limited in the proactive steps they can take in response to further unauthorized access attempts.
Various disadvantages in communications have been addressed in part. However, a solution has not been provided to address provision of a comprehensive system in encryption networks utilizing keys.
For example, United States Patent Application Publication No. 2014/0169567 discloses granting access to a plurality of devices to a local area network with a single cryptographic key. However, in use of the key, the key is converted from digital form to graphic form when being transferred to an operating device. This does not provide for condition-responsive changes to access the network.
United States Patent Application Publication No. 2014/0003608 discloses a system in which an administrator may generate key managers. Key request users may be linked to particular cryptographic keys. The cryptographic keys may be stored on key exchange servers separate from the key management server. Responsive to a request for a cryptographic key, the key exchange servers may authenticate the key request user associated with the request. However, means are not provided for changing a key in response to predefined circumstances.
United States Patent Application Publication No. 2013/0272524 discloses a system in which quantum keys are distributed to a plurality of parties for secure multi-party communications. The quantum key does not work seamlessly with encryption methods.
United States Patent Application Publication No. 2012/0300939 discloses authentic occasion by recognition of node identity. However, a system providing for interaction of other parameters with the node identity is not provided.
United States Patent Application Publication No. 2014/0315514 discloses a wireless device including a subscriber identity module. The subscriber identity module stores rules defining an acceptable set of behaviors for a wireless module. Action is taken to avoid cooperation with a wireless module that manifests aggressive behavior based on the rules. The wireless modem is blocked from generating traffic in the offending wireless network. However, no specific affirmative action is taken.