Data management method

US 10,728,026 B2
Filed: 10/30/2017
Issued: 07/28/2020
Est. Priority Date: 11/24/2016
Status: Active Grant

First Claim

Patent Images

1. A data management method comprising:

storing a second encryption key (KEK) into an information management device for encrypting a first encryption key and a third encryption key for data encryption;

decrypting the first encryption key by using the second encryption key (KEK), in response to receiving the first key encrypted by the second key;

decrypting data by using the first encryption key based on verifying input, in response to receiving the data encrypted with the first encryption key;

encrypting the decrypted data with the third encryption key; and

inputting the data encrypted with the third encryption key to an electronic device external to the information management device, wherein the first encryption key is different from the third encryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data management method includes decrypting the first encryption key using the second encryption in response to receiving the first encryption key, decrypting the data by using the first encryption key in response to receiving the data encrypted with the first encryption key, and encrypting the data with the third encryption key and transmitting the data externally.

41 Citations

View as Search Results

20 Claims

1. A data management method comprising:
- storing a second encryption key (KEK) into an information management device for encrypting a first encryption key and a third encryption key for data encryption;
  
  decrypting the first encryption key by using the second encryption key (KEK), in response to receiving the first key encrypted by the second key;
  
  decrypting data by using the first encryption key based on verifying input, in response to receiving the data encrypted with the first encryption key;
  
  encrypting the decrypted data with the third encryption key; and
  
  inputting the data encrypted with the third encryption key to an electronic device external to the information management device, wherein the first encryption key is different from the third encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The data management method of claim 1, wherein the method is executed by a Hardware Security Module (HSM).
  - 3. The data management method of claim 1, wherein the data encrypted with the third encryption key is stored in an electronic device.
  - 4. The data management method of claim 3, wherein the electronic device includes, a processor having the third encryption key stored in a manufacturing operation, and a memory configured to store the data.
  - 5. The data management method of claim 4 further comprising:
    - decrypting the data by using the third encryption key by the processor; and
      
      storing the decrypted data in the memory.
  - 6. The data management method of claim 3 further comprising:
    - receiving and storing the third encryption key, the third encryption key being directly received from a manufacturer of the electronic device and stored.
  - 7. The data management method of claim 3 further comprising:
    - receiving and storing the second encryption key, the second encryption key being directly received from a buyer of the electronic device.
  - 8. The data management method of claim 3, wherein the data includes information required to allow the electronic device to provide an Internet of Things (IoT) service.
  - 9. The data management method of claim 3, wherein the data is encrypted with the third encryption key using an Advanced Encryption Standard in Cipher Block Chaining (AES-CBC) algorithm.

10. A data management method comprising:
- receiving an encryption key and data at an information management device, the encryption key being encrypted with a first transmission key, the data being encrypted with the encryption key;
  
  decrypting the encryption key using the first transmission key which is input directly by a user into the information management device;
  
  in response to receiving the data at the information management device, decrypting the data with the encryption key based on verifying input and encrypting the decrypted data by using a second transmission key and the encryption key, the second transmission key being different from the first transmission key; and
  
  inputting the encrypted data with the second transmission key, to an electronic device external to the information management device after encoding the data encrypted with the second transmission key in a transmission format.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The data management method of claim 10, wherein the transmission format includes verification information for verifying the inputting.
  - 12. The data management method of claim 11, wherein the verification information includes at least one of a data format, an initialization vector, a length of the second transmission key, and Hash-based Message Authentication Code (HMAC) information.
  - 13. The data management method of claim 11, further comprising:
    - extracting the verification information when the data is decoded by the electronic device, in response to the data encoded in the transmission format being input to the electronic device;
      
      confirming the inputting, using the verification information, by the electronic device; and
      
      decrypting the data encrypted with the second transmission key by the electronic device in response to determining that the inputting has been performed normally.
  - 14. The data management method of claim 10, wherein the method is executed by an HSM.
  - 15. The data management method of claim 14, wherein the encryption key and the first transmission key are input directly to the HSM by a buyer of the electronic device, and the second transmission key is input directly to the HSM by a manufacturer of the electronic device.

16. A data management method comprising:
- receiving, from a user and via direct input of an information management device, a first key for key encryption and a second key;
  
  receiving a third key encrypted with the first key;
  
  decrypting at the information management device the third key using the first key;
  
  in response to receiving data encrypted with the third key, decrypting the data with the third key based on verifying input; and
  
  encrypting the decrypted data with the second key; and
  
  inputting the data encrypted with the second key to an electronic device external to the information management device, wherein the second key is different from the first key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The data management method of claim 16 further comprising:
    - encoding the data encrypted with the second key into a transmission format.
  - 18. The data management method of claim 17, wherein the transmission format includes verification information for verifying the inputting.
  - 19. The data management method of claim 18, wherein the verification information includes at least one of a data format, an initialization vector, a length of the second key, and Hash-based Message Authentication Code (HMAC) information.
  - 20. The data management method of claim 18, further comprising:
    - extracting the verification information warm the data is decoded by the electronic device, in response to the data encoded in the transmission format being input to the electronic device;
      
      confirming the inputting, using the verification information by the electronic device; and
      
      decrypting the data encrypted with the second key by the electronic device in response to determining that the inputting has been performed normally.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Choi, Hye Hyun, Kang, Bo Gyeong
Primary Examiner(s)
Zhao, Don G

Application Number

US15/797,401
Publication Number

US 20180145829A1
Time in Patent Office

1,002 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04L 9/0631   Substitution permutation ne...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

H04L 9/0897   involving additional device...

H04L 9/14   using a plurality of keys o...

H04L 9/3242   involving keyed hash functi...

Data management method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Data management method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others