Network system, terminal, and method for encryption and decryption

US 20030081789A1
Filed: 10/15/2002
Published: 05/01/2003
Est. Priority Date: 10/19/2001
Status: Active Grant

First Claim

Patent Images

3. A network system comprising:

a sender terminal for encrypting information by using a first key and sending the encrypted information over a network;

recipient terminals for receiving encrypted data sent from said sender terminal and decrypting said sent information by using a second key; and

a dealer for delivering said second key unique to each of said recipient terminals to each recipient terminal and delivering said first key to said sender terminal, said first key being used for encryption that can be decrypted by using said second key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provides encryption methods, and systems and apparatus corresponding decryption method systems and apparatus in which terminals belonging to a subset selected as a recipient group can collaborate to decrypt encrypted information. In an example embodiment, a sender and recipients communicate information over a network. The sender sends information encrypted by using a group key that can be decrypted by collaboration among a given number of recipients to the recipients in a predetermined recipient group. On the other hand, the recipients receive encrypted data from the sender, exchange partial information concerning the encrypted data among a plurality of recipients in the recipient group to obtain decryption information used for decrypting the encrypted data, and decrypt the sent information by using the decryption information.

51 Citations

View as Search Results

41 Claims

3. A network system comprising:
- a sender terminal for encrypting information by using a first key and sending the encrypted information over a network;
  
  recipient terminals for receiving encrypted data sent from said sender terminal and decrypting said sent information by using a second key; and
  
  a dealer for delivering said second key unique to each of said recipient terminals to each recipient terminal and delivering said first key to said sender terminal, said first key being used for encryption that can be decrypted by using said second key.
- View Dependent Claims (4, 5, 31)
- - 4. The network system according to claim 3, wherein said dealer generates said second key based on the ID information of said recipient terminals, constructs a polynomial passing through points having a value of said second key, and delivers a constant term of said polynomial as said first key to said sender terminal and recipient terminals.
  - 5. The network system according to claim 3, wherein said sender terminal determines a recipient group including said recipient terminals to which said information is to be sent and requests said dealer to send said first key decryptable by using said second key in said recipient terminals in said recipient group.
  - 31. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of the network system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 3.

6. A network system comprising a sender terminal for sending information over a network and recipient terminals for receiving said information over said network, wherein, said sender terminal includes:
- an encryption module for encrypting information by using a predetermined session key and encrypting said session key based on a group key produced by using public keys of a given number of recipient terminals to which said information is to be sent; and
  
  a communication module for sending said session key encrypted by said encryption module and said information encrypted by using said session key to said recipient terminals to which said information is to be sent, and each of said recipient terminals comprises;
  
  a communication module for receiving encrypted data sent from said sender terminal and sending and receiving data to and from the other recipient terminals;
  
  a key generation module for generating a secret key of that recipient terminal and a public key based on said secret key; and
  
  a decryption module for processing said encrypted session key by using said secret key to obtain partial decryption information, exchanging said partial decryption information with a plurality of said recipient terminals to obtain decryption information used for decrypting said session key, decrypting said session key by using said obtained decryption information, and decrypting said sent information by using said decrypted session key.
- View Dependent Claims (7, 8, 32)
- - 7. The network system according to claim 6, wherein said encryption module of said sender terminal constructs a polynomial passing through points having values of said public keys of said recipient terminals and uses said group key as a constant term of said polynomial.
  - 8. The network system according to claim 6, wherein said encryption module of said sender terminal encrypts said session key by using said group key and a cryptosystem in a finite field.
  - 32. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of the network system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 6.

9. A conference system comprising a subject provider terminal for providing a subject to be discussed and participant terminals for obtaining said subject provided from said subject provider over a network and making a decision about said subject, wherein;
- said subject provider terminal encrypts said subject to produce encrypted subject that can be decrypted by collaboration among a number of participant terminals in said participant terminals that is equal to a predetermined threshold, and delivers said encrypted subject to said participant terminals over said network;
  
  said participant terminals receive encrypted data sent from said subject provider terminal and exchange partial information unique to each of the participant terminals among a number of participant terminals equal to said threshold to produce decryption information required for decrypting said encrypted data.
- View Dependent Claims (33)
- - 33. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing the conferencing system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 9.

10. A metering system comprising a content user terminal for obtaining content over a network and using said content, and a metering server for monitoring obtainment of said content by said content user terminals, wherein:
- said content user terminal receives encrypted data that can be decrypted by collaborating with said metering server and exchanges partial information unique to said content user terminal and partial information unique to said metering server with said metering server to generate decryption information required for decrypting the content; and
  
  said metering server exchanges information concerning said encrypted data with said content user terminal and monitors access by said content user terminal.

11. A metering system comprising a content provider terminal for providing a content over a network and a metering server for monitoring obtainment of said content by a predetermined terminal, wherein:
- said content provider terminal encrypts said subject to produce encrypted content that can be decrypted by collaboration between said terminal to which said content is to be provided and said metering server and sends said encrypted content to said terminal; and
  
  said metering server monitors access to said metering server by said terminal aiming to decrypt said content.
- View Dependent Claims (1, 2, 30, 34)
- - 1. A network system comprising a sender terminal for sending information over a network and recipient terminals for receiving said information over said network;
    - wherein, said sender terminal encrypts the information by using a group key produced based on a set of ID information of a given number of recipient terminals and sends the information to said recipient terminals; and
      
      said recipient terminals receive encrypted data from said sender terminal, exchange among said recipient terminals partial information that is unique to each of the recipient terminals and used for decrypting said encrypted data to obtain decryption information for decrypting said encrypted data, and decrypt said sent information by using said obtained decryption information.
  - 2. The network system according to claim 1, wherein said sender terminal sets a threshold indicating the number of recipient terminals in said recipient terminals required to collaborate for decrypting said encrypted information and sends said threshold to said recipient terminals along with said encrypted information;
    - and a number of recipient terminals in said recipient terminals that is equal to said threshold exchange said partial information.
  - 30. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of the network system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 1.
  - 34. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing the metering system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 10.

12. A secret distribution system comprising a secret holder terminal for providing secret information and a plurality of secret distribution target terminals for obtaining said secret information from said secret holder terminal over a network and holding said secret information in a distributed manner, wherein:
- said secret holder terminal encrypts said secret information in a manner that said encrypted information can be decrypted by collaboration among a given number of said secret distribution target terminals and sends said encrypted secret information to said secret information distribution target terminals over said network; and
  
  said secret distribution target terminals receive and hold encrypted data sent from said secret holder terminal and, if said secret distribution target terminals want to resolve secrecy of said secret information, exchange partial information among said secret distribution target terminals to generate decryption information for decrypting said secret information, and said partial information is unique to each of said secret distribution target terminal and used for decrypting said encrypted data.
- View Dependent Claims (35)
- - 35. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing the secret distribution system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 12.

13. A terminal for delivering information over a network comprising:
- a recipient group determination module for determining a recipient group including a given number of recipient terminals to which information is to be sent and storing said recipient group in a data storage;
  
  an encryption module for reading said recipient group from said data storage, using a group key produced based on a set of the ID information of said recipient terminals in said recipient group to encrypt information to be sent in a manner that the encrypted information can be decrypted by information exchange among a predetermined number of recipient terminals in said recipient terminals in said recipient group, and storing it in the data storage; and
  
  a transmission module for reading said encrypted information from said data storage and sending it to said recipient terminal over said network.
- View Dependent Claims (14, 15, 16, 17, 36)
- - 14. The terminal according to claim 13, wherein said encryption module provides said recipient group determined by said recipient group determination module to a dealer for managing ID information of said recipient terminals and receives from said dealer a group key produced based on said ID information.
  - 15. The terminal according to claim 13, wherein said encryption module uses public keys of said recipient terminals to generate said group key and said public keys are the ID information of said recipient terminals belonging to the recipient group determined by said recipient group determination module.
  - 16. The terminal according to claim 13, wherein said encryption module encrypts said information by using a predetermined session key and encrypts said session key by using said group key.
  - 17. The terminal according to claim 16, wherein said encryption module encrypts said session key by using said group key and a cryptosystem in a finite field.
  - 36. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing the terminal, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 13.

18. A terminal for receiving information delivered over a network, comprising:
- a communication module for sending and receiving data over said network; and
  
  a decryption module for storing encrypted data received by said communication module in a data storage, obtaining from said encrypted data a threshold indicating the number of terminals required to collaborate to decrypt said encrypted data, exchanging partial information with a number of other terminals equal to said threshold through said communication module, said partial information being unique to each of the terminals and used for decrypting said encrypted data, obtaining decryption information for decrypting said encrypted data from the partial information provided from the terminals through said information exchange, and using said decryption information to decrypt said encrypted data stored in said data storage.
- View Dependent Claims (19, 20, 37)
- - 19. The terminal according to claim 18, wherein said decryption module processes said encrypted data by using a secret key of said terminal to obtain said partial information, exchanges said partial information with said other terminals, and obtains said decryption information from the partial information obtained from the terminals through the information exchange.
  - 20. The terminal according to claim 18, wherein said decryption module references a list being attached to said received encrypted data and containing terminals to which said encrypted data is to be sent, and exchanges said partial information with the terminals on said list.
  - 37. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing the terminal, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 18.

21. An encryption method comprising the steps of:
- determining a recipient group including a given number of recipients to which information is to be sent;
  
  reading ID information of said recipients in said recipient group from memory and generating a group key based on the ID information;
  
  reading the information from the memory and encrypting the information by using the generated group key in a manner that the encrypted information can be decrypted by information exchange by a predetermined number of recipients in said recipients in said recipient group.
- View Dependent Claims (22, 23, 24, 38, 39)
- - 22. The encryption method according to claim 21, wherein said step of generating said group key comprising the steps of:
    - constructing a polynomial passing through points having a value of the ID information of said recipients and using said group key as a constant term of said polynomial.
  - 23. The encryption method according to claim 22, wherein said step of generating said group key comprising the step of setting virtual points overlapping no ID information of said recipients and adding information about said virtual points to said group key.
  - 24. The encryption method according to claim 21, wherein said step of encrypting said information comprises the step of using said group key and a cryptosystem in a finite field to perform encryption.
  - 38. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing encryption, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of claim 21.
  - 39. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for encryption, said method steps comprising the steps of claim 21.

25. A decryption method comprising the steps of:
- obtaining from encrypted data received over a network a threshold indicating the number of terminals required to collaborate to decrypt encrypted information;
  
  exchanging partial information among a number of terminals interconnected over a network that is equal to said threshold, said partial information being unique to each of the terminals and being used for decrypting said encrypted data; and
  
  obtaining decryption information for decrypting said encrypted data from said partial information obtained from each of said terminals through the information exchange and decrypting said encrypted data based on said decryption information.
- View Dependent Claims (40, 41)
- - 40. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing decryption, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of claim 25.
  - 41. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for decryption, said method steps comprising the steps of claim 25.

26. A program for controlling a computer to encrypt information, said program causing said computer to perform the steps of:
- determining a recipient group including a given number of recipient terminals in terminals accessible over a network to which information is to be sent, and storing said recipient group in memory; and
  
  reading said recipient group from said memory and encrypting said information by using a group key produced based on a set of ID information of said recipient terminals in said recipient group in such a manner that the encrypted information can be decrypted by information exchange by a predetermined number of recipient terminals in said recipient terminals in said recipient group.

27. A program for controlling a computer to decrypt encrypted information, said program causing said computer to perform the steps of:
- obtaining a threshold indicating the number of terminals required to collaborate to decrypt the encrypted information from encrypted data received over a network;
  
  exchanging partial information among a number of terminals interconnected over the network that is equal to said threshold, said partial information being unique to each of the terminals and used for decrypting said encrypted data; and
  
  obtaining decryption information from the partial information obtained from each terminal through the exchange and decrypting said encrypted data based on said decryption information.

28. A recording medium on which a program for controlling a computer to encrypt information is recorded in a form readable by said computer, said program causing said computer to perform the steps of:
- determining a recipient group including a given number of recipient terminals in terminals accessible over a network to which information is to be sent and storing said recipient group in memory; and
  
  reading said recipient group from said memory and encrypting said information by using a group key produced based on a set of ID information of said recipient terminals in said recipient group in such a manner that the encrypted information can be decrypted by information exchange by a predetermined number of recipient terminals in said recipient terminals in said recipient group.

29. A recording medium on which a program for controlling a computer to decrypt encrypted information is recorded in a form readable by said computer, said program causing said computer to perform the steps of:
- obtaining a threshold indicating the number of terminals required to collaborate to decrypt the encrypted information from encrypted data received over a network;
  
  exchanging partial information among a number of terminals interconnected over the network that is equal to said threshold, said partial information being unique to each of the terminals and used for decrypting said encrypted data; and
  
  obtaining decryption information for decrypting said encrypted information from the partial information obtained from each terminal through the exchange and decrypting said encrypted data based on said decryption information.

34-1. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing the metering system, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 11.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Numao, Masayuki, Watanabe, Yuji

Granted Patent

US 7,346,171 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 9/085 Secret sharing or secret sp...

H04L 9/3013 involving the discrete loga...

Network system, terminal, and method for encryption and decryption

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Network system, terminal, and method for encryption and decryption

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links