Search

US-12619757-B1 - Secure control of access to data in an encrypted file

US12619757B1US 12619757 B1US12619757 B1US 12619757B1US-12619757-B1

Abstract

A security client of a mobile computing platform transmits a request for the secret key to a key server. The request includes environmental data characterizing a current state of the environment of the node and establishes a cryptographic heartbeat with the key server. The security client receives a secret key from the key server, stores the secret key in volatile memory and decrypts the encrypted file using the secret key to create a decrypted file in the volatile memory. The security client monitors a time since a last authenticated heartbeat message was received. Responsive to the time exceeding a predetermined timeout window or responsive to receiving a message from the key server indicating that authorization to the decrypted file is revoked or responsive to determining that the node is not in an authorized environment, the security client deletes the secret key from the volatile memory and closes the decrypted file.

Inventors

  • Brian J. Noe
  • Francis B. Afinidad
  • Hope Noe
  • Steven D. Ratts

Assignees

  • NORTHROP GRUMMAN SYSTEMS CORPORATION

Dates

Publication Date
20260505
Application Date
20241018

Claims (20)

  1. 1 . A system for controlling access to data, the system comprising: a node comprising: an environmental sensor that measures a feature of an environment of the node; a non-transitory non-volatile memory having machine-readable instructions and an encrypted file that is only decryptable with a secret key; a non-transitory volatile memory having machine-readable instructions; and a processor for accessing the machine-readable instructions in the non-transitory non-volatile memory and the non-transitory volatile memory, the machine-readable instructions comprising: operations for a security client executable by the processor, the operations for the security client comprising: transmitting a request for the secret key to a key server, wherein the request includes environmental data from the environmental sensor characterizing a current state of the environment of the node; establishing a cryptographic heartbeat with the key server; receiving the secret key from the key server and store the secret key in the non-transitory volatile memory; decrypting the encrypted file using the secret key to create a decrypted file in the non-transitory volatile memory; monitoring a time since a last authenticated heartbeat message was received from the key server; and deleting the secret key from the non-transitory volatile memory and closing the decrypted file in response to one or more selected from the group consisting of (i) the time exceeding a predetermined timeout window, (ii) receiving a message from the key server indicating that authorization to the decrypted file is revoked, and (iii) determining that the node is not in an authorized environment based on the environmental data, wherein the security client prevents the secret key and the decrypted file from being stored in the non-transitory non-volatile memory.
  2. 2 . The system of claim 1 , wherein the environmental sensor comprises a Global Navigation Satellite System (GNSS) sensor, and wherein the environmental data comprises location information.
  3. 3 . The system of claim 1 , wherein the operations of the security client further comprise: receiving a cryptographic heartbeat message from the key server; and resetting the time since the last authenticated heartbeat message was received in response to receiving the cryptographic heartbeat message.
  4. 4 . The system of claim 1 , wherein the machine-readable instructions further comprise a data consuming module for accessing and processing the decrypted file while the secret key is available in the non-transitory volatile memory.
  5. 5 . The system of claim 1 , wherein the operations of the security client further comprise: setting an authorization window based on instructions received from the key server; and removing the secret key from the non-transitory volatile memory and closing the decrypted file in response to an expiration of the authorization window.
  6. 6 . The system of claim 1 , wherein the node communicates with a first wireless access point over a first a secure communication channel, and the key server is a first key server, and the operations of the security client further comprise: detecting a second wireless access point; establishing a second secure communication channel with a second key server via the second wireless access point in response to the detecting; receiving a transfer authorization from the second key server; and continuing the cryptographic heartbeat with the second key server, wherein the continuing comprises receiving a next cryptographic heartbeat message from the second key server.
  7. 7 . The system of claim 1 , wherein the operations of the security client further comprise: re-encrypting the decrypted file with modifications to the decrypted file using the secret key to provide a re-encrypted file in the non-transitory volatile memory; and storing the re-encrypted file in the non-transitory non-volatile memory.
  8. 8 . The system of claim 1 , wherein the key server comprises a non-transitory memory and a processor to execute operations, the operations of the key server comprising: authenticating the security client based on user credentials and environmental data received from the security client; selecting the secret key based on an authorization level determined from the user credentials; and initiating a cryptographic heartbeat with the security client.
  9. 9 . The system of claim 1 , wherein the operations of the security client further comprise overwriting a memory space in the non-transitory volatile memory occupied by the decrypted file with random data in response to closing the decrypted file.
  10. 10 . A non-transitory machine-readable medium storing instructions that, when executed by a processor of a mobile computing platform, cause the processor to execute operations for a security client, the operations comprising: collecting environmental data from an environmental sensor of the mobile computing platform; transmitting the environmental data to a key server for authentication; receiving a secret key from the key server; decrypting an encrypted file stored in a non-transitory non-volatile memory of the mobile computing platform using the secret key to create a decrypted file in a non-transitory volatile memory of the mobile computing platform; monitoring a time since a last authenticated heartbeat message was received from the key server; monitoring for receipt of an authorization revocation message from the key server or generation of the authorization revocation message based on the environmental data; and in response to the time exceeding a predetermined timeout window or receiving or generating the authorization revocation message, removing the secret key from the non-transitory volatile memory and closing the decrypted file.
  11. 11 . The non-transitory machine-readable medium of claim 10 , wherein the environmental sensor comprises a Global Navigation Satellite System (GNSS) sensor, and wherein the environmental data comprises location information.
  12. 12 . The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise: receiving a cryptographic heartbeat message from the key server to establish a cryptographic heartbeat; and resetting the time since the last authenticated heartbeat message was received in response to receiving the cryptographic heartbeat message.
  13. 13 . The non-transitory machine-readable medium of claim 12 , wherein the mobile computing platform communicates with a first wireless access point over a first secure communication channel, and the key server is a first key server, and the operations of the security client further comprise: detecting a second wireless access point; establishing a second secure communication channel with a second key server via the second wireless access point; receiving a transfer authorization from the second key server; and continuing the cryptographic heartbeat with the second key server, wherein the continuing comprises receiving a next cryptographic heartbeat message from the second key server.
  14. 14 . The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise accessing and processing the decrypted file while the secret key is available in the non-transitory volatile memory.
  15. 15 . The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise: setting an authorization window based on instructions received from the key server; and removing the secret key from the non-transitory volatile memory and closing the decrypted file in response to expiration of the authorization window.
  16. 16 . The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise: re-encrypting the decrypted file with modifications to the decrypted file using the secret key to provide a re-encrypted file in the non-transitory volatile memory; and storing the re-encrypted file in the non-transitory non-volatile memory.
  17. 17 . The non-transitory machine-readable medium of claim 10 , wherein the operations further comprise: setting an authorization window based on instructions received from the key server; and removing the secret key from the non-transitory volatile memory and closing the decrypted file in response to expiration of the authorization window.
  18. 18 . A method for secure data management, the method comprising: collecting, by a mobile computing platform, environmental data from an environmental sensor associated with the mobile computing platform; transmitting, by the mobile computing platform, the environmental data to a key server for authentication; receiving, by the mobile computing platform, a secret key from the key server; decrypting, by the mobile computing platform, an encrypted file stored in a non-transitory non-volatile memory of the mobile computing platform using the secret key to create a decrypted file in a non-transitory volatile memory of the mobile computing platform; monitoring, by the mobile computing platform, a time since a last authenticated heartbeat message was received from the key server; periodically collecting and transmitting, by the mobile computing platform, updated environmental data to the key server for continued authentication; and in response to the time exceeding a predetermined timeout window, receiving an authorization revocation message from the key server based on the updated environmental data or generating the authorization revocation message based on the updated environmental data indicating that the mobile computing platform is not in an authorized environment, removing, by the mobile computing platform, the secret key from the non-transitory volatile memory and closing the decrypted file; wherein the mobile computing platform prevents the secret key and the decrypted file from being stored in the non-transitory non-volatile memory of the mobile computing platform.
  19. 19 . The method of claim 18 , further comprising: receiving, by the mobile computing platform, a cryptographic heartbeat message from the key server to establish a cryptographic heartbeat; resetting, by the mobile computing platform, the time since the last authenticated heartbeat message was received in response to receiving the cryptographic heartbeat message; and accessing and processing, by the mobile computing platform, the decrypted file while the secret key is available in the non-transitory volatile memory and the time since the last authenticated heartbeat message has not exceeded the predetermined timeout window.
  20. 20 . The method of claim 18 , wherein the mobile computing platform communicates with a first wireless access point through a first secure communication channel, and the key server is a first key server, and the method further comprises: detecting, by the mobile computing platform, a second wireless access point; establishing, by the mobile computing platform, a second secure communication channel with a second key server via the second wireless access point; receiving, by the mobile computing platform, a transfer authorization from the second key server; and continuing a cryptographic heartbeat with the second key server, wherein the continuing comprises receiving a next cryptographic heartbeat message from the second key server.

Description

TECHNICAL FIELD The present disclosure relates to data access. More particularly, this disclosure relates to systems and methods for securely controlling access to sensitive data in an encrypted file. BACKGROUND The widespread adoption of portable electronic devices has revolutionized how individuals and organizations access and manage sensitive information. These devices, including laptops, tablets and smartphones, offer flexibility and productivity in various environments, from corporate offices to remote field locations. As the capabilities of these devices have expanded, so too has the use of such portable electronic devices in handling increasingly sensitive and classified data. Concurrently, the field of cryptography has advanced significantly, providing robust methods for securing digital information. Modern encryption techniques allow for the protection of data both at rest and in transit, ensuring that sensitive information remains confidential even if a device is lost or stolen. These advancements have enabled the development of sophisticated key management systems that can dynamically control access to encrypted data. SUMMARY A first example relates to a system for controlling access to data that includes a node with an environmental sensor that measures a feature of the environment, a non-transitory non-volatile memory storing machine-readable instructions and an encrypted file only decryptable with a secret key. The system also includes a non-transitory volatile memory storing machine-readable instructions and a processor for accessing the instructions. The machine-readable instructions include operations for a security client executable by the processor. The operations for the security client include transmitting a request for the secret key to a key server with environmental data characterizing the current environment state, establishing a cryptographic heartbeat with the key server and receiving and storing the secret key in volatile memory. The operations for the security client also include decrypting the encrypted file to create a decrypted file in volatile memory, monitoring a time since a last authenticated heartbeat message was received from the key server and deleting the secret key and closing the decrypted file responsive to the time exceeding a timeout window, in response authorization being revoked or in response to determining that the node is not in an authorized environment based on the environmental data. The security client prevents storage of the secret key and decrypted file in non-volatile memory. A second example relates to a non-transitory machine-readable medium storing instructions that, when executed by a processor of a mobile computing platform, cause the processor to execute operations for a security client. The operations include collecting environmental data from an environmental sensor of the mobile computing platform and transmitting the environmental data to a key server for authentication. The operations also include receiving a secret key from the key server, decrypting an encrypted file stored in a non-transitory non-volatile memory of the mobile computing platform using the secret key to create a decrypted file in a non-transitory volatile memory of the mobile computing platform. The operations further include monitoring a time since a last authenticated heartbeat message was received from the key server and monitoring for receipt of an authorization revocation message from the key server or generation of the authorization revocation message based on the environmental data. The operations include in response to the time exceeding a predetermined timeout window or receiving or generating the authorization revocation message, removing the secret key from the non-transitory volatile memory and closing the decrypted file. A third example relates to a method for secure data management. The method includes collecting, by a mobile computing platform, environmental data from an environmental sensor associated with the mobile computing platform. The method includes transmitting, by the mobile computing platform, the environmental data to a key server for authentication and receiving, by the mobile computing platform, a secret key from the key server. The method includes decrypting, by the mobile computing platform, an encrypted file stored in a non-transitory non-volatile memory of the mobile computing platform using the secret key to create a decrypted file in a non-transitory volatile memory of the mobile computing platform. The method includes monitoring, by the mobile computing platform, a time since a last authenticated heartbeat message was received from the key server and periodically collecting and transmitting, by the mobile computing platform, updated environmental data to the key server for continued authentication. The method further includes in response to the time exceeding a predetermined timeout window, receiving an authorization revocation message f