Method for the secured recording of data, corresponding device and program

US 10,318,766 B2
Filed: 11/04/2016
Issued: 06/11/2019
Est. Priority Date: 11/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method for the secured recording of data, implemented in a data-recording device comprising a first non-secured memory and a second secured memory, the method comprising:

obtaining a derived key corresponding to the data recorded in the second secured memory from a root key recorded in the second secured memory;

encrypting the data using the derived key, thereby delivering encrypted data;

recording the encrypted data in the first non-secured memory;

determining a hash imprint of said data by applying a hash function to the data recorded in the second memory;

recording said hash imprint in association with the data in a hash file recorded in the first non-secured memory, the hash imprint for verifying the integrity of the data;

determining a general hash imprint, representing the content of the hash file comprising the hash imprint, by applying another hash function to the hash file;

recording the general hash imprint in the second secured memory, the general hash imprint for verifying the integrity of the hash file; and

subsequently to said recording of the encrypted data in the first non-secured memory, eliminating the data from the second secured memory, the data having been previously encrypted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for the secured recording of data, implemented in a data-recording device having a first non-secured memory and a second secured memory, is disclosed. The method has the steps of: obtaining a derived key corresponding to the data in the second memory from a root key recorded in the second memory; encrypting data using the derived key, delivering encrypted data; recording the encrypted data in the first memory; determining a hash imprint of said data; recording said hash imprint in a hash file recorded in the first memory; recording a general hash imprint, representing the content of the hash file comprising said hash imprint, in the second memory; and eliminating the data in the second memory.

8 Citations

12 Claims

1. A method for the secured recording of data, implemented in a data-recording device comprising a first non-secured memory and a second secured memory, the method comprising:
- obtaining a derived key corresponding to the data recorded in the second secured memory from a root key recorded in the second secured memory;
  
  encrypting the data using the derived key, thereby delivering encrypted data;
  
  recording the encrypted data in the first non-secured memory;
  
  determining a hash imprint of said data by applying a hash function to the data recorded in the second memory;
  
  recording said hash imprint in association with the data in a hash file recorded in the first non-secured memory, the hash imprint for verifying the integrity of the data;
  
  determining a general hash imprint, representing the content of the hash file comprising the hash imprint, by applying another hash function to the hash file;
  
  recording the general hash imprint in the second secured memory, the general hash imprint for verifying the integrity of the hash file; and
  
  subsequently to said recording of the encrypted data in the first non-secured memory, eliminating the data from the second secured memory, the data having been previously encrypted.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1 wherein, after it is obtained, the derived key is recorded in the second secured memory, the method furthermore comprises eliminating the derived key from the second secured memory after the encryption of said data.
  - 3. The method according of claim 1, wherein the root key is generated randomly in the data-recording device.
  - 4. The method according to claim 1 wherein, during the obtaining, the derived key is obtained from:
    - a user identifier representing a user of the data-recording device; and
      
      a data identifier.
  - 5. The method according to claim 4, wherein, during said recording of the encrypted data, said encrypted data are recorded in the first non-secured memory in the form of an encrypted file to which a file name is assigned comprising the user identifier and the data identifier.
  - 6. The method according to claim 1, the method comprising, after said recording of the hash imprint in the hash file, recording a copy of the hash file in a secured back-up memory of the data-recording device.

7. A method for the secured retrieval of data, implemented in a data-recording device comprising a first non-secured memory and a second secured memory, the method comprising:
- determining a general hash imprint of a hash file recorded in the first non-secured memory by applying a hash function to the hash file;
  
  verifying the integrity of the hash file recorded in the first non-secured memory by comparing the general hash imprint determined for the hash file with a recorded general hash imprint recorded in the second secured memory; and
  
  when the hash file is detected as having integrity, upon reception of a request for access to data;
  
  obtaining a derived key corresponding to encrypted data recorded in the first non-secured memory, from a root key recorded in the second secured memory;
  
  decrypting the encrypted data using the obtained derived key so as to retrieve said data;
  
  recording said data in the second secured memory;
  
  determining a hash imprint of said data by applying another hash function to said data recorded in the second memory;
  
  verifying the integrity of the data recorded in the second secured memory by comparing the hash imprint determined for the data with a recorded hash imprint recorded in the hash file in association with said data; and
  
  authorizing access to the data in the second secured memory in response to said access request, only if the data has been determined as having integrity.
- View Dependent Claims (8, 9, 10)
- - 8. The method according to claim 7, the method comprising obtaining a user identifier representing a user of the data-recording device and a data identifier, in which the derived key is obtained from the root key by using the user identifier and the data identifier.
  - 9. The method according to claim 7, the method comprising, subsequently to an access to the data:
    - encrypting data using the derived key, delivering encrypted data;
      
      recording the encrypted data in the first non-secured memory;
      
      determining the hash imprint of said data;
      
      recording said hash imprint in association with the data in the hash file recorded in the first non-secured memory;
      
      recording the general hash imprint, representing the content of the hash file comprising said hash imprint, in the second secured memory; and
      
      subsequently to said recording of the encrypted data in the first non-secured memory, eliminating the data that has been encrypted from the second secured memory.
  - 10. The method according to claim 7, the method further comprising after an access by the user to the data in the second secured memory:
    - determining a second hash imprint of said data following said access; and
      
      comparing said second hash imprint with the hash imprint recorded in the hash file in association with the data, in order to detect whether the data have been modified during said access;
      
      wherein, only if it has been detected that the data have been modified during said access;
      
      encrypting data using the derived key, delivering encrypted data;
      
      recording the encrypted data in the first non-secured memory;
      
      determining the hash imprint of said data;
      
      recording said hash imprint in association with the data in the hash file recorded in the first non-secured memory;
      
      recording the general hash imprint, representing the content of the hash file comprising said hash imprint, in the second secured memory; and
      
      subsequently to said recording of the encrypted data in the first non-secured memory, eliminating the data that has been encrypted from the second secured memory.

11. A data-recording device comprising:
- a first non-secured memory;
  
  a second secured memory; and
  
  a processor configured to;
  
  obtain a derived key corresponding to data recorded in the second secured memory from a root key recorded in the second secured memory;
  
  encrypt, using the derived key, said data so as to deliver encrypted data;
  
  record the encrypted data in the first non-secured memory;
  
  determine a hash imprint of said data by applying a hash function to the data recorded in the second secured memory;
  
  record said hash imprint, in association with the data, in a hash file recorded in the first non-secured memory, the hash imprint for verification of the integrity of the data;
  
  determine a general hash imprint, representing the content of the hash file comprising the hash imprint, by applying another hash function to the hash file;
  
  record, in the second secured memory, the general hash imprint, the general hash imprint for verification of the integrity of the hash file; and
  
  after said recording of the encrypted data in the first non-secured memory, eliminate the data from the second secured memory, the data having been previously encrypted.
- View Dependent Claims (12)
- - 12. The data-recording device according to claim 11, wherein the processor is further configured to:
    - record, in the second secured memory, said derived key obtained from the root key; and
      
      eliminate the derived key recorded in the second secured memory after the encryption of said data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Banks And Acquirers International Holding
Original Assignee
Ingenico Group
Inventors
Rolin, Christian, Muller, Laurent, Bellahcene, Mohammed, Royer, Jessica, Pommaret, Jean-Christophe
Primary Examiner(s)
Lemma, Samson B

Application Number

US15/344,067
Publication Number

US 20170132435A1
Time in Patent Office

949 Days
Field of Search

713193
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/62   Protecting access to data v...

G06F 21/64   Protecting data integrity, ...

G06F 21/78   to assure secure storage of...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3236   using cryptographic hash fu...

Method for the secured recording of data, corresponding device and program

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method for the secured recording of data, corresponding device and program

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links