Automatic generation of a new encryption key

US 20040109568A1
Filed: 12/05/2002
Published: 06/10/2004
Est. Priority Date: 12/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method of generating a new encryption keypair within a device that is connected to a network and which performs secure operations using an existing encryption keypair maintained within the device, comprising the steps of:

receiving a request from another device on the network to provide an encryption key of the existing encryption keypair to the another device;

in response to the request, determining whether an encryption key of the existing encryption keypair within the device is valid; and

in a case where the determining step determines that the encryption key of the existing encryption keypair is invalid, the device automatically performing the steps of;

deleting each key of the existing encryption keypair from the device;

generating a new encryption keypair within the device and storing the new encryption keypair in the device; and

providing a new encryption key corresponding to the requested encryption key of the new encryption keypair to another device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device (such as a printer or a network device that may be connected to the printer) that is connected to a network and which performs secure operations using an existing encryption keypair maintained within the device, generates a new encryption keypair within the device by receiving a request from another device on the network to provide an encryption key of the existing encryption keypair to the another device. In response to the request, the device determines whether an encryption key of the existing encryption keypair within the device is valid. In a case where it is determined that the encryption key of the existing encryption keypair is invalid, the device automatically deletes each key of the existing encryption keypair from the device, generates a new encryption keypair within the device and stores the new encryption keypair in the device. The device then provides a new encryption key corresponding to the requested encryption key of the new encryption keypair to another device.

75 Citations

View as Search Results

78 Claims

1. A method of generating a new encryption keypair within a device that is connected to a network and which performs secure operations using an existing encryption keypair maintained within the device, comprising the steps of:
- receiving a request from another device on the network to provide an encryption key of the existing encryption keypair to the another device;
  
  in response to the request, determining whether an encryption key of the existing encryption keypair within the device is valid; and
  
  in a case where the determining step determines that the encryption key of the existing encryption keypair is invalid, the device automatically performing the steps of;
  
  deleting each key of the existing encryption keypair from the device;
  
  generating a new encryption keypair within the device and storing the new encryption keypair in the device; and
  
  providing a new encryption key corresponding to the requested encryption key of the new encryption keypair to another device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 75)
- - 2. A method according to claim 1, wherein the determining step comprises determining whether each key of the existing encryption keypair is valid.
  - 3. A method according to claim 1, wherein the determining steps comprises performing an integrity check on the requested encryption key.
  - 4. A method according to claim 2, wherein the determining step comprises performing an integrity check on each key of the existing encryption keypair.
  - 5. A method according to claim 1, wherein the device is a printer, the another device is a host computer, and the request is issued by a printer driver in the host computer.
  - 6. A method according to claim 1, wherein the another device receives the new encryption key from the device, and in response thereto, performs an operation to validate the new encryption key.
  - 7. A method according to claim 1, wherein the existing encryption keypair and the new encryption keypair are a public/private keypair of the device.
  - 8. A method according to claim 1, wherein the request includes random data generated within the another device as a source of entropy for encryption key generation.
  - 9. A method according to claim 8, wherein the device generates the new encryption keypair utilizing, as sources of entropy for the new encryption keypair generation, the random data included with the request and random data generated within the device itself.
  - 10. A method according to claim 5, wherein the printer driver issues the request for the existing encryption key during installation of the printer driver in the host computer.
  - 11. A method according to claim 5, wherein the printer driver issues the request for the existing encryption key each time a user selects an option for printing a secure print job identifying the device as a destination of the secure print job.
  - 12. A method according to claim 6, wherein the validation operation comprises:
    - issuing a request for the device to print out a key validation page for the new encryption key;
      
      a user inputting into the another device a key validation code printed on the key validation page; and
      
      validating the new encryption key utilizing the input key validation code.
  - 13. A method according to claim 6, wherein the new encryption key is validated utilizing a public key infrastructure.
  - 75. A method according to claim 11, wherein the printer driver determines, based on the received encryption key, whether or not to transmit the secure print job to the device.

14. A network device connected to a network which provides encryption functionality to a printer, comprising:
- a secure storage medium storing an existing encryption keypair for the network device;
  
  a network interface for receiving and transmitting information via the network;
  
  an entropy collection and storage mechanism for collecting random data within the device that can be used as a source of entropy for encryption key generation and for storing the collected random data;
  
  an encryption key generator for generating encryption keys;
  
  a processor for executing computer-executable process steps; and
  
  a memory storing computer-executable process steps to be executed by the processor, the computer-executable process steps comprising;
  
  (a) receiving a request from another device on the network for the network device to provide the another device with an encryption key of the existing encryption keypair stored in the secure storage medium, (b) in response to the request, determining whether the requested encryption key of the existing encryption keypair stored in the secure storage medium is valid, and (c) in a case where the determining step determines that the requested encryption key of the existing encryption keypair is invalid, automatically performing the steps of;
  
  (d) deleting each key of the existing encryption keypair from the secure storage medium, (e) generating a new encryption keypair by the encryption key generator, (f) storing the new encryption keypair in the secure storage medium, and (g) providing a new encryption key corresponding to the requested encryption key of the new encryption keypair to the another device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 76)
- - 15. A network device according to claim 14, wherein the determining step comprises determining whether each key of the existing encryption keypair is valid.
  - 16. A network device according to claim 14, wherein the determining step comprises performing an integrity check on the requested encryption key.
  - 17. A network device according to claim 15, wherein the determining step comprises performing an integrity check on each key of the existing encryption keypair.
  - 18. A network device according to claim 14, the another device is a host computer, and the request is issued by a printer driver in the host computer.
  - 19. A network device according to claim 14, wherein the another device receives the new encryption key from the network device, and in response thereto, performs an operation to validate the new encryption key.
  - 20. A network device according to claim 14, wherein the existing encryption keypair and the new encryption keypair are a public/private keypair of the network device.
  - 21. A network device according to claim 14, wherein the request includes random data generated within the another device as a source of entropy for encryption key generation.
  - 22. A network device according to claim 21, wherein the encryption key generator generates the new encryption keypair utilizing, as sources of entropy for the new encryption keypair generation, the random data included with the request and the random data generated by the entropy collection and storage mechanism.
  - 23. A network device according to claim 18, wherein the printer driver issues the request for the existing encryption key during installation of the printer driver in the host computer.
  - 24. A network device according to claim 18, wherein the printer driver issues the request for the existing encryption key each time a user selects an option for printing a secure print job identifying the network device as a destination of the print job.
  - 25. A network device according to claim 19, wherein the validation operation comprises:
    - issuing a request for the network device to print out a key validation page for the new encryption key;
      
      a user inputting into the another device a key validation code printed on the key validation page; and
      
      validating the new encryption key utilizing the input key validation code.
  - 26. A network device according to claim 19, wherein the new encryption key is validated utilizing a public key infrastructure.
  - 27. A network device according to claim 14, wherein the network device is embedded within the printer.
  - 76. A network device according to claim 24, wherein the printer driver determines, based on the received encryption key, whether or not to transmit the secure print job to the network device.

28. Computer-executable process steps for generating a new encryption keypair within a device that is connected to a network and which performs secure operations using an existing encryption keypair maintained within the device, the executable process steps comprising the steps of:
- receiving a request from another device on the network to provide an encryption key of the existing encryption keypair to the another device;
  
  in response to the request, determining whether an encryption key of the existing encryption keypair within the device is valid; and
  
  in a case where the determining step determines that the encryption key of the existing encryption keypair is invalid, the device automatically performing the steps of;
  
  deleting each key of the existing encryption keypair from the device;
  
  generating a new encryption keypair within the device and storing the new encryption keypair in the device; and
  
  providing a new encryption key corresponding to the requested encryption key of the new encryption keypair to another device.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 77)
- - 29. Computer-executable process steps according to claim 28, wherein the determining step comprises determining whether each key of the existing encryption keypair is valid.
  - 30. Computer-executable process steps according to claim 28, wherein the determining step comprises performing an integrity check on the requested encryption key.
  - 31. Computer-executable process steps according to claim 29, wherein the determining step comprises performing an integrity check on each key of the existing encryption keypair.
  - 32. Computer-executable process steps according to claim 28, wherein the device is a printer, the another device is a host computer, and the request is issued by a printer driver in the host computer.
  - 33. Computer-executable process steps according to claim 28, wherein the another device receives the new encryption key from the device, and in response thereto, performs an operation to validate the new encryption key.
  - 34. Computer-executable process steps according to claim 28, wherein the existing encryption keypair and the new encryption keypair are a public/private keypair of the device.
  - 35. Computer-executable process steps according to claim 28, wherein the request includes random data generated within the another device as a source of entropy for encryption key generation.
  - 36. Computer-executable process steps according to claim 35, wherein the device generates the new encryption keypair utilizing, as sources of entropy for the new encryption keypair generation, the random data included with the request and random data generated within the device itself.
  - 37. Computer-executable process steps according to claim 32, wherein the printer driver issues the request for the existing encryption key during installation of the printer driver in the host computer.
  - 38. Computer-executable process steps according to claim 32, wherein the printer driver issues the request for the existing encryption key each time a user selects an option for printing a secure print job identifying the device as a destination of the secure print job.
  - 39. Computer-executable process steps according to claim 33, wherein the validation operation comprises:
    - issuing a request for the device to print out a key validation page for the new encryption key;
      
      a user inputting into the another device a key validation code printed on the key validation page; and
      
      validating the new encryption key utilizing the input key validation code.
  - 40. Computer-executable process steps according to claim 33, wherein the new encryption key is validated utilizing a public key infrastructure.
  - 77. Computer-executable process steps according to claim 38, wherein the printer driver determines, based on the received encryption key, whether or not to transmit the secure print job to the device.

41. A computer-readable medium which stores computer-executable process steps for generating a new encryption keypair within a device that is connected to a network and which performs secure operations using an existing encryption keypair maintained within the device, the executable process steps comprising the steps of:
- receiving a request from another device on the network to provide an encryption key of the existing encryption keypair to the another device;
  
  in response to the request, determining whether an encryption key of the existing encryption keypair within the device is valid; and
  
  in a case where the determining step determines that the encryption key of the existing encryption keypair is invalid, the device automatically performing the steps of;
  
  deleting each key of the existing encryption keypair from the device;
  
  generating a new encryption keypair within the device and storing the new encryption keypair in the device; and
  
  providing a new encryption key corresponding to the requested encryption key of the new encryption keypair to another device.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 78)
- - 42. A computer-readable medium according to claim 41, wherein the determining step comprises determining whether each key of the existing encryption keypair is valid.
  - 43. A computer-readable medium according to claim 41, wherein the determining steps comprises performing an integrity check on the requested encryption key.
  - 44. A computer-readable medium according to claim 42, wherein the determining step comprises performing an integrity check on each key of the existing encryption keypair.
  - 45. A computer-readable medium according to claim 41, wherein the device is a printer, the another device is a host computer, and the request is issued by a printer driver in the host computer.
  - 46. A computer-readable medium according to claim 41, wherein the another device receives the new encryption key from the device, and in response thereto, performs an operation to validate the new encryption key.
  - 47. A computer-readable medium according to claim 41, wherein the existing encryption keypair and the new encryption keypair are a public/private keypair of the device.
  - 48. A computer-readable medium according to claim 41, wherein the request includes random data generated within the another device as a source of entropy for encryption key generation.
  - 49. A computer-readable medium according to claim 48, wherein the device generates the new encryption keypair utilizing, as sources of entropy for the new encryption keypair generation, the random data included with the request and random data generated within the device itself.
  - 50. A computer-readable medium according to claim 45, wherein the printer driver issues the request for the existing encryption key during installation of the printer driver in the host computer.
  - 51. A computer-readable medium according to claim 45, wherein the printer driver issues the request for the existing encryption key each time a user selects an option for printing a secure print job identifying the device as a destination of the secure print job.
  - 52. A computer-readable medium according to claim 46, wherein the validation operation comprises:
    - issuing a request for the device to print out a key validation page for the new encryption key;
      
      a user inputting into the another device a key validation code printed on the key validation page; and
      
      validating the new encryption key utilizing the input key validation code.
  - 53. A computer-readable medium according to claim 46, wherein the new encryption key is validated utilizing a public key infrastructure.
  - 78. A computer-readable medium according to claim 51, wherein the printer driver determines, based on the received encryption key, whether or not to transmit the secure print job to the device.

54. A method of printing a secure print job, comprising the steps of:
- a host apparatus submitting a request to a network device for the network device to provide the host apparatus with an existing encryption key of a printer;
  
  the network device, in response to receiving the request, determining whether the requested encryption key of the existing encryption keypair of the printer is valid;
  
  in a case where the requested existing encryption key is determined to be invalid, the network device automatically performing the steps of;
  
  deleting the existing encryption keypair from the network device;
  
  generating a new encryption keypair within the network device;
  
  storing the new encryption keypair in the network device; and
  
  transmitting a new encryption key corresponding to the requested encryption key of the new encryption keypair to the host apparatus;
  
  the host apparatus receiving the new encryption key from the network device, and in response thereto, performing an operation to validate the new encryption key;
  
  the host apparatus generating an encrypted print job utilizing the new encryption key and transmitting the encrypted print job to the network device; and
  
  the network device utilizing a corresponding encryption key of the new encryption keypair to decrypt the encrypted print job, and processing the decrypted print job for printout by the printer.
- View Dependent Claims (55, 56, 57, 58, 59, 60)
- - 55. A method according to claim 54, wherein the operation to validate the new encryption key comprises the steps of:
    - the host apparatus issuing a request to the network device for print out of an encryption key validation page;
      
      the network device causing printout of the encryption key validation page;
      
      a user inputting a key validation code printed on the key validation page into the host apparatus; and
      
      the host apparatus validating the new encryption key utilizing the input key validation code.
  - 56. A method according to claim 54, wherein the request issued by the host apparatus for the network device to provide the host apparatus with an existing encryption key includes random data generated within the host apparatus as a source of entropy for encryption key generation.
  - 57. A method according to claim 56, wherein the network device generates the new encryption keypair utilizing, as sources of entropy for the keypair generation, the random data included with the request and random data generated within the network device itself.
  - 58. A method according to claim 54, wherein the request issued by the host apparatus for the existing encryption key is initiated by a user selecting a secure printing option in the host apparatus.
  - 59. A method according to claim 54, wherein the network device is connected externally to the printer.
  - 60. A method according to claim 54, wherein the network device is embedded within the printer.

61. Computer-executable process steps for printing a secure print job, comprising the steps of:
- a host apparatus submitting a request to a network device for the network device to provide the host apparatus with an existing encryption key of a printer;
  
  the network device, in response to receiving the request, determining whether the requested encryption key of the existing encryption keypair of the printer is valid;
  
  in a case where the requested existing encryption key is determined to be invalid, the network device automatically performing the steps of;
  
  deleting the existing encryption keypair from the network device;
  
  generating a new encryption keypair within the network device;
  
  storing the new encryption keypair in the network device; and
  
  transmitting a new encryption key corresponding to the requested encryption key of the new encryption keypair to the host apparatus;
  
  the host apparatus receiving the new encryption key from the network device, and in response thereto, performing an operation to validate the new encryption key;
  
  the host apparatus generating an encrypted print job utilizing the new encryption key and transmitting the encrypted print job to the network device; and
  
  the network device utilizing a corresponding encryption key of the new encryption keypair to decrypt the encrypted print job, and processing the decrypted print job for printout by the printer.
- View Dependent Claims (62, 63, 64, 65, 66, 67)
- - 62. Computer-executable process steps according to claim 61, wherein the operation to validate the new encryption key comprises the steps of:
    - the host apparatus issuing a request to the network device for print out of an encryption key validation page;
      
      the network device causing printout of the encryption key validation page;
      
      a user inputting a key validation code printed on the key validation page into the host apparatus; and
      
      the host apparatus validating the new encryption key utilizing the input key validation code.
  - 63. Computer-executable process steps according to claim 61, wherein the request issued by the host apparatus for the network device to provide the host apparatus with an existing encryption key includes random data generated within the host apparatus as a source of entropy for encryption key generation.
  - 64. Computer-executable process steps according to claim 63, wherein the network device generates the new encryption keypair utilizing, as sources of entropy for the keypair generation, the random data included with the request and random data generated within the network device itself.
  - 65. Computer-executable process steps according to claim 61, wherein the request issued by the host apparatus for the existing encryption key is initiated by a user selecting a secure printing option in the host apparatus.
  - 66. Computer-executable process steps according to claim 61, wherein the network device is connected externally to the printer.
  - 67. Computer-executable process steps according to claim 61, wherein the network device is embedded within the printer.

68. A computer-readable medium which stores computer-executable process steps for printing a secure print job, the computer-executable process steps comprising the steps of:
- a host apparatus submitting a request to a network device for the network device to provide the host apparatus with an existing encryption key of a printer;
  
  the network device, in response to receiving the request, determining whether the requested encryption key of the existing encryption keypair of the printer is valid;
  
  in a case where the requested existing encryption key is determined to be invalid, the network device automatically performing the steps of;
  
  deleting the existing encryption keypair from the network device;
  
  generating a new encryption keypair within the network device;
  
  storing the new encryption keypair in the network device; and
  
  transmitting a new encryption key corresponding to the requested encryption key of the new encryption keypair to the host apparatus;
  
  the host apparatus receiving the new encryption key from the network device, and in response thereto, performing an operation to validate the new encryption key;
  
  the host apparatus generating an encrypted print job utilizing the new encryption key and transmitting the encrypted print job to the network device; and
  
  the network device utilizing a corresponding encryption key of the new encryption keypair to decrypt the encrypted print job, and processing the decrypted print job for printout by the printer.
- View Dependent Claims (69, 70, 71, 72, 73, 74)
- - 69. A computer-readable medium according to claim 68, wherein the operation to validate the new encryption key comprises the steps of:
    - the host apparatus issuing a request to the network device for print out of an encryption key validation page;
      
      the network device causing printout of the encryption key validation page;
      
      a user inputting a key validation code printed on the key validation page into the host apparatus; and
      
      the host apparatus validating the new encryption key utilizing the input key validation code.
  - 70. A computer-readable medium according to claim 68, wherein the request issued by the host apparatus for the network device to provide the host apparatus with an existing encryption key includes random data generated within the host apparatus as a source of entropy for encryption key generation.
  - 71. A computer-readable medium according to claim 70, wherein the network device generates the new encryption keypair utilizing, as sources of entropy for the keypair generation, the random data included with the request and random data generated within the network device itself.
  - 72. A computer-readable medium according to claim 68, wherein the request issued by the host apparatus for the existing encryption key is initiated by a user selecting a secure printing option in the host apparatus.
  - 73. A computer-readable medium according to claim 68, wherein the network device is connected externally to the printer.
  - 74. A computer-readable medium according to claim 68, wherein the network device is embedded within the printer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Ayutthaya Limited (Canon Inc.)
Original Assignee
Canon Ayutthaya Limited (Canon Inc.)
Inventors
Yang, Joseph, Slick, Royce E., Zhang, William

Granted Patent

US 7,111,322 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 21/608   Secure printing

H04L 9/006   involving public key infras...

H04L 9/0891   Revocation or update of sec...

H04L 9/302   involving the integer facto...

Automatic generation of a new encryption key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

78 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic generation of a new encryption key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

78 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links