Key management system

US 20050251491A1
Filed: 07/18/2005
Published: 11/10/2005
Est. Priority Date: 08/13/1998
Status: Active Grant

First Claim

Patent Images

1. A method of managing keys used by an application on a computer system, said method comprising the steps of:

decrypting encrypted digital content data using a first decrypting key to produce content data, the encrypted content data having been produced by encrypting the content data with a first encrypting key;

re-encrypting the content data using a second encrypting key; and

encrypting a second decrypting key using a third encrypting key to produce an encrypted second decrypting key, wherein the n^thdecrypting key is used to decrypt data that has been encrypted with the n^thencrypting key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of managing keys is provided. According to one exemplary method, digital content data encrypted with a first encrypting key is decrypted using a first decrypting key, and re-encrypted using a second encrypting key. A second decrypting key is encrypted using a third encrypting key to produce an encrypted second decrypting key. In some embodiments, an encrypted first decrypting key that was encrypted using a fourth encrypting key is received, and the encrypted first decrypting key is decrypted using a fourth decrypting key to reproduce the first decrypting key. An application for use on a computer system is also provided.

Citations

20 Claims

1. A method of managing keys used by an application on a computer system, said method comprising the steps of:
- decrypting encrypted digital content data using a first decrypting key to produce content data, the encrypted content data having been produced by encrypting the content data with a first encrypting key;
  
  re-encrypting the content data using a second encrypting key; and
  
  encrypting a second decrypting key using a third encrypting key to produce an encrypted second decrypting key, wherein the n^thdecrypting key is used to decrypt data that has been encrypted with the n^thencrypting key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method as defined in claim 1, further comprising the steps of:
    - receiving an encrypted first decrypting key, the first decrypting key having been encrypted using a fourth encrypting key to produce the encrypted first decrypting key; and
      
      decrypting the encrypted first decrypting key using a fourth decrypting key to reproduce the first decrypting key.
  - 3. The method as defined in claim 2, further comprising the step of breaking a third decrypting key into multiple segments and storing each segment separately on the computer system.
  - 4. The method as defined in claim 2, further comprising the step of removing the first decrypting key and the non-encrypted second decrypting key from the computer system.
  - 5. The method as defined in claim 2, wherein the step-of re-encrypting the content data includes the sub-steps of:
    - watermarking the content data to produce watermarked content data; and
      
      re-encrypting the watermarked content data using the second encrypting key.
  - 6. The method as defined in claim 2, wherein the step of receiving an encrypted first decrypting key includes the sub-steps of:
    - transferring the first decrypting key, which has been encrypted with a fourth encrypting key, to a site that possesses a fourth decrypting key; and
      
      receiving the encrypted first decrypting key after it has been decrypted using the fifth decrypting key and then re-encrypted using the fifth encrypting key.
  - 7. The method as defined in claim 6, further comprising the steps of:
    - creating the third encrypting key and a third decrypting key;
      
      creating the fourth encrypting key and the fourth decrypting key; and
      
      receiving the first decrypting key after it has been encrypted with the fifth encrypting key.
  - 8. The method as defined in claim 6, wherein the fifth encrypting key is a public key and the fifth decrypting key is a corresponding private key.
  - 9. The method as defined in claim 2, further comprising the step of receiving the encrypted digital content data.
  - 10. The method as defined in claim 2, wherein the first encrypting key and the first decrypting key are symmetric keys.
  - 11. The method as defined in claim 10, wherein the second encrypting key and the second decrypting key are symmetric keys.
  - 12. The method as defined in claim 11, wherein the third encrypting key and a third decrypting key are symmetric keys.
  - 13. The method as defined in claim 12, wherein the fourth encrypting key is a public key and the fourth decrypting key is a corresponding private key.
  - 14. The method as defined in claim 1, further comprising the step of removing the first decrypting key and the non-encrypted second decrypting key from the computer system.
  - 15. The method as defined in claim 14, further comprising the step of breaking a third decrypting key into multiple segments and storing each segment separately on the computer system.
  - 16. The method as defined in claim 1, further comprising the step of breaking a third decrypting key into multiple segments and storing each segment separately on the computer system.
  - 17. The method as defined in claim 1, wherein the steps of decrypting, re-encrypting, and encrypting are performed in a tamper-resistant environment in order to deter unauthorized access to the first decrypting key and the non-encrypted second decrypting key.

18. A method of managing keys used by an application on a computer system, said method comprising the steps of:
- creating a first encrypting key and a first decrypting key;
  
  creating a second encrypting key and a second decrypting key;
  
  receiving an encrypted third decrypting key, a third decrypting key having been encrypted with a fourth encrypting key to produce the encrypted third decrypting key;
  
  transferring the encrypted third decrypting key to a site that possesses a fourth decrypting key;
  
  receiving a re-encrypted third decrypting key, the encrypted third decrypting key having been decrypted using the fourth decrypting key and then re-encrypted using the first encrypting key to produce the re-encrypted third decrypting key;
  
  receiving the digital content data, the digital content data having been encrypted with a third encrypting key;
  
  decrypting the re-encrypted third decrypting key using the first decrypting key to reproduce the third decrypting key;
  
  decrypting the content data using the third decrypting key to produce decrypted content data;
  
  watermarking the decrypted content data to produce watermarked content data;
  
  creating a fifth encrypting key and a fifth decrypting key;
  
  encrypting the watermarked content data using the fifth encrypting key;
  
  encrypting the fifth decrypting key using the second encrypting key to produce an encrypted fifth decrypting key;
  
  removing the third decrypting key and the non-encrypted fifth decrypting key from the computer system; and
  
  breaking the second decrypting key into multiple segments and storing each segment separately on the computer system, wherein the n^thdecrypting key is used to decrypt data that has been encrypted with the n^thencrypting key.

19. An application for use on a computer system, said application comprising:
- a decrypter that decrypts encrypted digital content data using a first decrypting key so as to produce content data, the encrypted content data having been produced by encrypting the content data with a first encrypting key; and
  
  an encrypter that re-encrypts the content data using a second encrypting key, and that encrypts a second decrypting key using a third encrypting key to produce an encrypted second decrypting key, wherein the n^thdecrypting key is used to decrypt data that has been encrypted with the n^thencrypting key.
- View Dependent Claims (20)
- - 20. The application as defined in claim 19, wherein the content data includes music data, and for each separate selection of music data, the decrypter operates to decrypt the encrypted content data, and the encrypter operates to re-encrypt the content data and encrypt the second decrypting key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation, Sandpiper CDN, LLC (Theseus LF Asset Holdings, LLC)
Original Assignee
International Business Machines Corporation
Inventors
Gong, Qing, Milsted, Kenneth Louis, Medina, Cesar

Granted Patent

US 8,180,708 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/3829   involving key management

G06T 1/0021   Image watermarking

G06T 2201/0064   for copy protection or copy...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/608   Watermarking

H04L 2463/101   applying security measures ...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/06   for supporting key manageme...

H04L 9/302   involving the integer facto...

H04L 9/3249   using RSA or related signat...

H04L 9/3263   involving certificates, e.g...

Key management system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Key management system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links