Public key infrastructure (PKI) based system, method, device and program

US 20030056099A1
Filed: 09/09/2002
Published: 03/20/2003
Est. Priority Date: 09/17/2001
Status: Abandoned Application

First Claim

Patent Images

1. A public key infrastructure (PKI) based system comprising an issue system to issue a portable device used for a public key cryptosystem, and a user terminal to input optional data into the portable device issued by said issue system, wherein said issue system comprising:

a means for issuing said portable device which has a first encryptor/decryptor for said public key cryptosystem, a second encryptor/decryptor for a symmetric cipher issuing system and a symmetric key used in said second encryptor/decryptor; and

a means for sending said user terminal an encrypted private key made by encrypting a private key used by said first encryptor/decryptor by said symmetric key and a public key certificate of a public key corresponding to said private key, concerning the portable device issued by said portable device issuing means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an embodiment of the present invention, an issue system previously issues a smart card, and sends an encrypted private key and a public key certificate to a user terminal, when issuing a new card or updating an old card. A user terminal inputs the received encrypted private key and public key certificate into a smart card. A smart card stores a public key certificate, and decrypts the inputted encrypted private key by an encryptor/decryptor based on a symmetric key, and stores the obtained private key. Therefore, collection and redistribution of a smart card becomes unnecessary, when updating a private key and a public key certificate, saving the time and labor.

99 Citations

View as Search Results

19 Claims

1. A public key infrastructure (PKI) based system comprising an issue system to issue a portable device used for a public key cryptosystem, and a user terminal to input optional data into the portable device issued by said issue system, wherein said issue system comprising:
- a means for issuing said portable device which has a first encryptor/decryptor for said public key cryptosystem, a second encryptor/decryptor for a symmetric cipher issuing system and a symmetric key used in said second encryptor/decryptor; and
  
  a means for sending said user terminal an encrypted private key made by encrypting a private key used by said first encryptor/decryptor by said symmetric key and a public key certificate of a public key corresponding to said private key, concerning the portable device issued by said portable device issuing means.

2. A method of issuing a portable device for a user terminal which can input optional data contents into said portable device used for a public key cryptosystem, said method comprising:
- issuing said portable device which has a first encryptor/decryptor for said public key cryptosystem, a second encryptor/decryptor for a symmetric cipher issuing system and a symmetric key used in said second encryptor/decryptor; and
  
  sending said user terminal an encrypted private key made by encrypting a private key used by said first encryptor/decryptor by said symmetric key and a public key certificate of a public key corresponding to said private key, concerning the portable device issued by said issuing means.
- View Dependent Claims (3, 4)
- - 3. The method for issuing a portable device according to claim 2, wherein said user terminal inputs said encrypted private key and a public key certificate into said portable device;
    - and said portable device stores said inputted public key certificate, and said second encryptor/decryptor decrypts said inputted encrypted private key based on said symmetric key, and stores the obtained private key.
  - 4. The method for issuing a portable device according to claim 2, further comprising:
    - sending said user terminal an encrypted private key made by encrypting another private key used by said first encryptor/decryptor by said symmetric key, and a public key certificate corresponding to said another private key, when updating the encrypted private key and public key certificate in said portable device.

5. A computer program saved in a computer readable medium and used in an issue system to issue said portable device for a user terminal which can input optional data contents into said portable device used for a public key cryptosystem, said computer program comprising:
- a first program code for issuing said portable device which has a first encryptor/decryptor for said public key cryptosystem, a second encryptor/decryptor for a symmetric cipher issuing system and a symmetric key used in said second encryptor/decryptor;
  
  a second program code for registering an encrypted private key made by encrypting a private key used by said first encryptor/decryptor based on said symmetric key and a public key certificate of a public key corresponding to said private key, concerning the portable device issued by said issuing means; and
  
  a third program code for sending said user terminal said registered encrypted private key and public key certificate.
- View Dependent Claims (6, 7)
- - 6. The computer program according to claim 5, further comprising:
    - a fourth program code for issuing another portable device which has said first encryptor/decryptor, said second encryptor/decryptor and said another symmetric key used in said second encryptor/decryptor, when updating said symmetric key to another symmetric key;
      
      a fifth program code for updating said registered encrypted private key to another encrypted private key made by encrypting said private key by said another symmetric key, concerning said another issued portable device; and
      
      a sixth program code for sending said user terminal said updated another encrypted private key and public key certificate.
  - 7. The computer program according to claim 5, further comprising:
    - a seventh program code for additionally registering said another encrypted private key and public key certificate corresponding to another private key different from said private key, when adding another encrypted private key and public key certificate to said portable device; and
      
      an eighth program code for sending said user terminal said additionally registered another encrypted private key and public key certificate.

8. A computer program saved in a computer readable medium used in a user terminal which can input/output predetermined contents into/from a portable device which is used for a public key cryptosystem and issued by an issue system, said computer program comprising:
- a first program code for inputting an encrypted private key and public key certificate received from said issue system into said portable device, when issuing or updating a key.
- View Dependent Claims (9)
- - 9. The computer program according to claim 8, further comprising:
    - a second program code for reading at least one pair of encrypted private key and public key certificate from said portable device and transferring it to an external memory, when the remaining memory space of said portable device becomes insufficient when adding a key; and
      
      a third program code for inputting said encrypted private key and public key certificate to be added into said portable device, when said transfer is completed.

10. A public key infrastructure (PKI) based system for a portable device having its own symmetric key and being applicable to either symmetric cipher issuing system or public key cryptosystem, said based system encrypting a private key used for said public key cryptosystem by said symmetric cipher issuing system based on said symmetric key, and distributing the obtained encrypted private key to said portable device.
- View Dependent Claims (11, 12)
- - 11. The public key infrastructure (PKI) based system according to claim 10, comprising:
    - an issue system which encrypts a private key used for said public key cryptosystem based on the symmetric key peculiar to each portable device and previously held by said each portable device, and sends the obtained encrypted private key to said portable device, when issuing or updating said portable device;
      
      a user terminal which receives the encrypted private key sent from said issue system, and inputs said encrypted private key into said portable device; and
      
      a portable device which decrypts the encrypted private key received from said user terminal based on said peculiar symmetric key, and writes the obtained private key into a memory.
  - 12. The public key infrastructure (PKI) based system according to claim 11, wherein said issue system comprises a means for sending said encrypted private key and the public key certificate corresponding thereto to said portable device, when sending said encrypted private key;
    - and said portable device includes a means for storing said public key certificate when said encrypted private key and said public key certificate are inputted.

13. A portable device having its own symmetric key, being applicable to a symmetric cipher issuing system, and using a public key cryptosystem based on a private key distributed under the symmetric cipher issuing system using said symmetric key, said portable device comprising:
- a memory; and
  
  a means for decrypting an input encrypted private key based on the symmetric key for said symmetric cipher issuing system, and writing the obtained private key in said memory, when a private key for said public key cryptosystem is inputted in being encrypted based on a symmetric cipher issuing system.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The portable device according to claim 13, further comprising:
    - a first encryptor/decryptor means for said public key cryptosystem; and
      
      a second encryptor/decryptor means for said symmetric cipher issuing system;
      
      wherein said memory includes a first area which previously stores a peculiar symmetric key used by said second encryptor/decryptor, and a second area to rewritably store said symmetric key and a private key decrypted based on said second encryptor/decryptor means.
  - 15. The portable device according to claim 14, wherein said memory includes a third area to store a public key certificate corresponding to said private key.
  - 16. The portable device according to claim 14, further comprising a means for encrypting said private key based on the symmetric key in said memory, and outputting the obtained encrypted private key to outside of said portable device, when outputting the private key in said memory to outside of said portable device.
  - 17. The portable device according to claim 14, further comprising a means for preventing the output of said symmetric key to outside of said portable device, regardless of whether said symmetric key is encrypted or not.
  - 18. The portable device according to claim 17, wherein said output preventing means has a tamperproof circuit which erases the symmetric key in said memory when receiving an external temper attack.
  - 19. The portable device according to claim 17, wherein said output preventing means comprising:
    - a means for judging whether an external input signal corresponds to the outputting of the symmetric key in said memory; and
      
      a circuit which erases the symmetric key in said memory when the input signal is judged to be corresponding to the outputting.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Ishihara, Tatsuya, Kitaori, Shoji, Asanoma, Toshiyuki, Fukushima, Shigeyuki

Application Number

US10/237,068
Publication Number

US 20030056099A1
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/60   Digital content management,...

H04L 9/006   involving public key infras...

H04L 9/0891   Revocation or update of sec...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Public key infrastructure (PKI) based system, method, device and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

99 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Public key infrastructure (PKI) based system, method, device and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links