Certains contenus de cette application ne sont pas disponibles pour le moment.
Si cette situation persiste, veuillez nous contacter àObservations et contact
1. (WO2019048829) PROCÉDÉS ET SYSTÈMES DE TRANSFERT SÉCURISÉ DE DONNÉES
Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

Claims:

1. A method of securely transferring master keying material between a master dongle and a slave dongle,

wherein the slave dongie contains a public key and a private key, wherein the master dongle contains master keying material, and wherein the master keying material is for allowing users of the dongles to securely access encrypted data;

the method comprising:

connecting the master dongle and the slave dongle to a data transfer system;

transferring the slave dongle's public key to the master dongle via the data transfer system;

using the slave dongle's public key at the master dongle to encrypt the master keying material and hence produce encrypted master keying material at the master dongle;

transferring the encrypted master keying material to the slave dongle via the data transfer system;

decrypting the encrypted master keying material with the slave dongle's private key at the slave dongle; and

storing the master keying material at the slave dongle;

such that a user of any of the dongles can use the master keying material to decrypt data encrypted by the same dongle or the other of the dongles.

2. The method of claim 1 wherein the master keying material is randomly generated when the master dongle is first used, preferably wherein the master keying material is generated using a FIPS random number generator.

3. The method of claim 1 or 2 wherein, before the step of transferring the slave dongle's public key to the master dongle over the data transfer system, the method may comprise the steps of:

unlocking the master dongle via a master dongle user authentication system, wherein unlocking the master dongle allows the master dongle to send and receive data;

and, in the case where the slave dongle is not factory reset, unlocking the slave dongle via a slave dongle user authentication system, wherein unlocking the slave dongle allows the slave dongle to send and receive data.

4. The method according to any preceding claim, comprising scrambling the slave dongle's public key using a predetermined scrambling algorithm prior to transferring the slave dongle's public key, and

unscrambling the slave dongle's public key at the master dongle after transferring slave dongle's public key and prior to encrypting the master keying material.

5. The method according to any preceding claim, wherein the master dongle is a first removable dongle, and wherein the slave dongle is a second removable dongle.

6. The method according to any preceding claim, wherein the slave dongle's private key and the unencrypted master keying material are not transferred to or read by the data transfer system.

7. The method according to any preceding claim, wherein a plurality of slave dongles are provided, each having a respective public key and a respective private key; and

wherein the method comprises, for each slave dongle in turn:

transferring the slave dongle's public key to the master dongle;

encrypting the master keying material with the slave dongle's public key at the master dongle;

transferring the encrypted master keying material to the slave dongle; and decrypting the encrypted master keying material with the slave dongle's private key at the slave dongle.

8. A method of sharing data securely between authorised computing devices, wherein

a first computing device is connected to a first slave dongle and a second computing device is connected to a second slave dongle,

the first and second slave dongles having been programmed with the same master keying material by the method of any preceding claim,

the method comprising:

encrypting first data using the first slave dongie with the master keying material stored in the first slave dongie;

transferring the encrypted first data, optionally across a network, to the second computing device;

decrypting the encrypted first data using the second slave dongie; and transferring the unencrypted first data from the second slave dong!e to the second computing device.

9. A system for securely transferring master keying material between a master dongie and a slave dongie, the system comprising:

a data transfer system;

a master dongie containing a master processor, and master keying material; and

a slave dongie containing a slave processor, a slave public key and a slave private key;

wherein the data transfer system has a plurality of ports for connecting to the master dongie and to the slave dongie;

the data transfer system being configured to transfer the slave dongle's public key to the master dongie;

the master dongie being configured to encrypt the master keying material using the slave dongle's public key to produce an encrypted master keying material;

the data transfer system being configured to transfer the encrypted master keying material to the slave dongie; and

the slave dongie being configured to decrypt the encrypted master keying material using the slave dongle's private key and to store the master keying material at the slave dongie such that a user of any of the dongles can use the master keying material to decrypt data encrypted by the same dongie or the other of the dongles.

10. The system of claim 9, wherein the master dongie comprises a master dongie user authentication system, the slave dongie comprises a slave dongie user authentication system, and/or the data transfer system comprises a data transfer system user authentication system, wherein the dongles and/or data transfer system are configured to require an authorisation code input at a respective user authentication system before allowing transfer of data between the dongles.

11. The system of claims 9 or 10 wherein the master dongle is configured to generate random keying material when the master dongle is first used, preferably wherein the master keying material is generated using a FIPS random number generator.

12. The system according to any of claims 9 to 11 , wherein the slave dongle is configured to scramble the slave dongle's public key using a

predetermined scrambling algorithm prior to transferring the slave dongle's public key, such that the data transfer system transfers a scrambled slave dongle's public key; and

the master dongle contains the scrambling algorithm and is configured to unscramble the scrambled slave dongle's public key prior to encrypting the master keying material.

13. The system according to any of claims 9 to 12, wherein the system comprises a plurality of slave dongles, each having a respective public key and a private key; and

the data transfer system contains at least three ports, wherein one port is for connecting to the master dongle and the at least two other ports are for connecting to at least two of the plurality of slave dongles;

wherein the system is configured to securely transfer the master keying material to each slave dongle in turn.

14. A system for securely communicating data between users, the system comprising:

a first computing device coupled to a first slave dongle,

a second computing device coupled to a second dongle, wherein the second dongle is a second slave dongle or a master dongle,

wherein the master and slave dongles have been configured using the method according to any of claims 1 to 7 or wherein the master and slave dongles have been configured by the system according to any of claims 9 to 13;

wherein, when the first computing device is used to send first data to the second computing device, the first computing device is configured to send the first data to the first slave dongle,

the first slave dongle is configured to encrypt the first data using the master keying material, and

the first device is configured to send the encrypted first data to the second computing device, optionally via a network, and wherein

the second computing device is configured to receive the first encrypted data and send the first encrypted data to the second dongle,

the second dongle is configured to decrypt the first encrypted data using the master keying material and to send the decrypted first data to the second computer device.

15. The system according to any of claims 13, wherein each dongle is configured to require a user identification to unlock the dongle for use, preferably wherein each dongle has a plurality of buttons and the user identification is a code to be input by pressing the buttons in a predetermined order.

16. The system of claim 3 or 14 further comprising a server, wherein each dongle is configured to have an identification and configured to require an authorisation code from the server in order to perform encryption and decryption, and

wherein the server is configured to have a whitelist or a blacklist of dongle identifications such that unauthorised dongles having the master keying material are excluded from communicating with authorised dongles having the master keying material.

17. A dedicated device for securely transferring master keying material between a master dongle and a slave dongle,

the dedicated device comprising a plurality of ports for connecting to the master dongle and to the slave dongle;

the dedicated device being configured to request a public key from the slave dongle and to transfer the public key to the master dongle, and to request encrypted master keying material from the master dongle and transfer the encrypted master keying material to the slave dongle.