Method and system for accelerated data encryption

US 20040034772A1
Filed: 08/15/2002
Published: 02/19/2004
Est. Priority Date: 08/15/2002
Status: Active Grant

First Claim

Patent Images

1. A method for accelerating data encryption, comprising:

exchanging between a first device and a second device via a communications network an encrypted private session key for a private-key encryption method using a public-key encryption method, wherein encryption acceleration data is computed on the first device using a public key for the public-key encryption method, wherein the encryption acceleration data and the public key are sent to and used on the second device to encrypt the private session key exchanged between the first device and second device, and wherein the encryption acceleration data reduces a number of calculations needed on the second device to encrypt the private session key;

initializing the private-key encryption method on the first device and second device using the exchanged private session key, wherein the private-key encryption method is initialized on the second device using encryption initialization data for the private-key encryption method computed on the first device using the exchanged private session key and sent to the second device, and wherein the encryption initialization data reduces a number of calculations needed on the second device to initialize the private-key encryption method; and

exchanging encrypted messages between the first device and the second device, thereby creating a cryptographically secure communications channel between the first device and the second device, wherein the encrypted messages are encrypted using the exchanged private session key and the private-key encryption method initialized with the encryption initialization data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encrypted private session key for a private-key encryption method is quickly exchanged between a first device and a second device by computing encryption acceleration data using a public key for a public-key encryption method. The encryption acceleration data and the public key are sent to and used on the second device to encrypt a private session key exchanged between the first device and second device. The private-key encryption method is quickly initialized on the second device using encryption initialization data for the private-key encryption method computed on the first device using the exchanged private session key sent to the second device. The encryption acceleration data and encryption initialization data reduce a number of calculations needed on the second device to initialize and use the private-key encryption method, thereby reducing the overall time needed to create a cryptographically secure communications channel between the first device and the second device.

Citations

31 Claims

1. A method for accelerating data encryption, comprising:
- exchanging between a first device and a second device via a communications network an encrypted private session key for a private-key encryption method using a public-key encryption method, wherein encryption acceleration data is computed on the first device using a public key for the public-key encryption method, wherein the encryption acceleration data and the public key are sent to and used on the second device to encrypt the private session key exchanged between the first device and second device, and wherein the encryption acceleration data reduces a number of calculations needed on the second device to encrypt the private session key;
  
  initializing the private-key encryption method on the first device and second device using the exchanged private session key, wherein the private-key encryption method is initialized on the second device using encryption initialization data for the private-key encryption method computed on the first device using the exchanged private session key and sent to the second device, and wherein the encryption initialization data reduces a number of calculations needed on the second device to initialize the private-key encryption method; and
  
  exchanging encrypted messages between the first device and the second device, thereby creating a cryptographically secure communications channel between the first device and the second device, wherein the encrypted messages are encrypted using the exchanged private session key and the private-key encryption method initialized with the encryption initialization data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising a computer readable medium having stored therein instructions for causing a processor to execute the steps of the method.
  - 3. The method of claim 1 wherein the first device has more device resources than the second device.
  - 4. The method of claim 1 wherein the first device is a server device and the second device is a thin-client device.
  - 5. The method of claim 4 wherein the thin-client device includes a mobile phone, personal digital assistant (PDA), two-way pager or a set-top box.
  - 6. The method of claim 1 wherein the acceleration data includes pre-computed data for a public-key encryption method used to encrypt the private session key.
  - 7. The method of claim 1 wherein the encryption acceleration data includes pre-computed variables used for modular expansion used during the public-key encryption of the private session key.
  - 8. The method of claim 1 wherein the encryption initialization data includes S-box and P-array encryption initialization data for a private-key block cipher encryption method.
  - 9. The method of claim 1 wherein the public-key encryption method includes the RSA public-key encryption method.
  - 10. The method of claim 1 wherein the private-key encryption method includes a block cipher private-key encryption method.
  - 11. The method of claim 10 wherein the private-key encryption method includes the Blowfish block cipher private-key encryption method.

12. A method for accelerating data encryption, comprising:
- computing encryption acceleration data on a first device using a public key from a public-key encryption method;
  
  sending the computed encryption acceleration data and the public encryption key in an unencrypted format from the first device to a second device via a communications network, wherein the computed encryption acceleration data reduces a number of calculations needed on the second device to encrypt a private session key used with a first private-key encryption method used to exchange encrypted messages between the first device and the second device;
  
  receiving an encrypted private session key on the first device from the second device, wherein the encrypted private session key was encrypted using the computed encryption acceleration data and the public encryption key, and wherein the private session key will be used to encrypt data for the first private-key encryption method;
  
  decrypting the encrypted private session key on the first device using a private encryption key for the public-key encryption method;
  
  computing encryption initialization data for the first private-key encryption method using the decrypted private session key;
  
  encrypting the computed encryption initialization data using a second private-key encryption method and the decrypted private session key;
  
  sending the encrypted computed encryption initialization data from the first device to the second device, wherein the computed encryption initialization data is used to initialize the first private-key encryption method on the second device, and wherein the computed encryption initialization data reduces a number of calculations needed on the second device to initialize the first private-key encryption method; and
  
  exchanging encrypted messages between the first device and the second device, thereby creating a cryptographically secure communications channel between the first device and the second device, wherein the encrypted messages are encrypted using the private session key and the first private-key encryption method.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12 further comprising a computer readable medium having stored therein instructions for causing a processor to execute the steps of the method.
  - 14. The method of claim 12 wherein the step of computing encryption acceleration data includes computing RSA encryption acceleration data.
  - 15. The method of claim 12 wherein the step of computing encryption initialization data for the first private-key encryption method includes computing encryption initialization data for a block cipher private-key encryption method.
  - 16. The method of claim 15 wherein the block cipher private-key encryption method includes the Blowfish block cipher private-key encryption method.
  - 17. The method of claim 12 wherein the first device has more device resources than the second device.
  - 18. The method of claim 12 wherein the first device is a server device and the second device is a thin-client device.
  - 19. The method of claim 18 wherein the thin-client device includes a mobile phone, personal digital assistant (PDA), a two-way pager, or a set-top box.

20. A method for accelerating data encryption, comprising:
- receiving on a second device via a communications network, encryption acceleration data and a public encryption key in an unencrypted format from a first device, wherein the encryption acceleration data was computed on the first device using the public encryption key from a public-key encryption method;
  
  selecting a private session key for the first private-key encryption method on the second device;
  
  encrypting the private session key with the public-key encryption method using the encryption acceleration data and the public encryption key received from the first device, wherein the encryption acceleration data reduces a number of calculations needed on the second device to encrypt the selected private session key for the first private-key encryption method to be used to exchange encrypted messages between the first device and the second device;
  
  sending the encrypted private session key to the first device;
  
  receiving computed encryption initialization data in an encrypted format from the first device, wherein the computed encryption initialization data is used to initialize the first private-key encryption method on the second device, and wherein the computed encryption initialization data was encrypted with a second private-key encryption method on the first device using the selected private session key;
  
  decrypting the encrypted computed encryption initialization data on the second device using the selected private session key;
  
  initializing the first private-key encryption method on the second device with the decrypted computed encryption initialization data, wherein the computed encryption initialization data reduces a number of calculations needed on the second device to initialize the first private-key encryption method;
  
  exchanging encrypted messages between the second device and the first device, thereby creating a cryptographically secure communications channel between the second device and the first device, wherein the encrypted messages are encrypted using the selected private session key and the first private-key encryption method initialized with the decrypted computed initialization data.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The method of claim 20 further comprising a computer readable medium having stored therein instructions for causing a processor to execute the steps of the method.
  - 22. The method of claim 20 wherein the step of receiving on a second device encryption acceleration data and a public encryption key includes receiving RSA encryption acceleration data and a RSA public encryption key.
  - 23. The method of claim 20 wherein the step of receiving computed encryption initialization data for the first private-key encryption method includes receiving computed encryption initialization data for a block cipher private-key encryption method.
  - 24. The method of claim 23 wherein the block cipher private-key encryption method includes the Blowfish block cipher private-key encryption method.
  - 25. The method of claim 20 wherein the second private-key encryption method is a pseudo one-time pad encryption method.
  - 26. The method of claim 20 wherein the first device has more device resources than the second device.
  - 27. The method of claim 20 wherein the first device is a server device and the second device is a thin-client device.
  - 28. The method of claim 20 wherein the thin-client device includes a mobile phone, personal digital assistant (PDA), a two-way pager, or a set-top box.

29. An encryption acceleration system, comprising in combination:
- a first device;
  
  a second device;
  
  a communications network connecting the first device and the second device;
  
  encryption acceleration data calculated on a first device using a public key for a public key encryption method, wherein the encryption acceleration data and the public key are sent to and used on the second device to encrypt a private session key for a private-key encryption method exchanged between the first device and second device, and wherein the encryption acceleration data reduces a number of calculations needed on the second device to encrypt the private session key;
  
  computed encryption initialization data, wherein the computed encryption initialization data is computed on the first device and sent from the first device to the second device, wherein the computed encryption initialization data is used to initialize the private-key encryption method on the second device, and wherein the computed encryption initialization data reduces a number of calculations needed on the second device to initialize the first private-key encryption method; and
  
  a cryptographically secure communications channel between the second device and the first device over a communications network, wherein encrypted messages sent via the cryptographically secure communications channel are encrypted using the private session key and the private-key encryption method initialized with the computed encryption initialization data.
- View Dependent Claims (30, 31)
- - 30. The system of claim 29 wherein the first device has more device resources than the second device.
  - 31. The system of claim 29 wherein the first device is a server device and the second device is a thin-client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OpenTV, Inc. (Kudelski SA)
Original Assignee
OpenTV, Inc. (Kudelski SA)
Inventors
Alao, Rachad

Granted Patent

US 7,221,757 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/0844   with user authentication or...

H04L 9/302   involving the integer facto...

Method and system for accelerated data encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for accelerated data encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links