Encryption system using device authentication keys

US 20060072745A1
Filed: 10/03/2005
Published: 04/06/2006
Est. Priority Date: 10/01/2004
Status: Abandoned Application

First Claim

Patent Images

1. An encrypted data distributing method comprising:

a) providing an encryption device authentication key unique to an encryption device prepared by use of a unique identification (ID) of the encryption device;

b) providing a decryption device authentication key unique to the specific decryption device prepared by use of a unique ID of the decryption device;

c) in the encryption device, c-1) preparing an encryption key by use of the encryption device authentication key and the decryption device authentication key;

c-2) encrypting plain text data using the encryption key and sending the resultant cipher text to the decryption device together with attribute information; and

d) in the decryption device, d-1) comparing the decryption device authentication key received from the encryption device with the decryption device authentication key prepared in the decryption device; and

d-2) preparing, when the decryption device authentication keys match, a decryption key by use of the encryption device authentication key and the decryption device authentication key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encrypted data distributing method includes preparing cipher text which can be decrypted only by a specific trusted device, and performing encryption and decryption processing at a high speed. An encryption key is prepared using an encryption device authentication key unique to an encryption device and a decryption device authentication key unique to a decryption device, and cipher text is prepared by this encryption key. The authentication keys are also sent to the decryption device. In the decryption device, the decryption device authentication key received from the encryption device is compared with the decryption device authentication key prepared by the decryption device to perform decryption processing only when the authentication keys match.

60 Citations

View as Search Results

49 Claims

1. An encrypted data distributing method comprising:
- a) providing an encryption device authentication key unique to an encryption device prepared by use of a unique identification (ID) of the encryption device;
  
  b) providing a decryption device authentication key unique to the specific decryption device prepared by use of a unique ID of the decryption device;
  
  c) in the encryption device, c-1) preparing an encryption key by use of the encryption device authentication key and the decryption device authentication key;
  
  c-2) encrypting plain text data using the encryption key and sending the resultant cipher text to the decryption device together with attribute information; and
  
  d) in the decryption device, d-1) comparing the decryption device authentication key received from the encryption device with the decryption device authentication key prepared in the decryption device; and
  
  d-2) preparing, when the decryption device authentication keys match, a decryption key by use of the encryption device authentication key and the decryption device authentication key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The encrypted data distributing method according to claim 1, further comprising d-3) converting the cipher text into the plain text data by use of the decryption key.
  - 3. The encrypted data distributing method according to claim 1, wherein the attribute information includes the encryption device authentication key and the decryption device authentication key.
  - 4. The encrypted data distributing method according to claim 1, wherein the decryption device authentication key used for preparation of the decryption key is the decryption device authentication key contained in the attribute information received from the encryption device.
  - 5. The encrypted data distributing method according to claim 1, wherein the decryption device authentication key used for preparation of the decryption key is the decryption device authentication key prepared in the decryption device.
  - 6. The encrypted data distributing method according to claim 1, wherein in preparing the encryption key, the encryption device authentication key is combined with the decryption device authentication key to prepare an irreversible pseudo-random number, and the encryption key is prepared by use if the pseudo-random number;
    - wherein, in preparing the decryption key, the encryption device authentication key is combined with the decryption device authentication key to prepare an irreversible pseudo-random number, and the decryption key is prepared by use of the pseudo-random number.
  - 7. The encrypted data distributing method according to claim 1wherein, in preparing the encryption key, a password input in the encryption device is combined with the encryption device authentication key and the decryption device authentication key o prepare the encryption key;
    - and wherein, in preparing the decryption key, the password input in the decryption device is combined with the encryption device authentication key and the decryption device authentication key to prepare the decryption key.
  - 8. The encrypted data distributing method according to claim 1, wherein, in preparing the encryption key, a first password input in the encryption device is combined with the encryption device authentication key and the decryption device authentication key to prepare the encryption key, the attribute information of step c-2) includes the first password input through the encryption device;
    - wherein, in preparing the decryption key, the decryption key is prepared by use of the encryption device authentication key, the decryption device authentication key, and a second password input into the decryption device, when the second password input into the decryption device agrees with the first password in the attribute information received from the encryption device; and
      
      wherein, in preparing the decryption key, the cipher text is prevented from being decrypted into the original plain text data when the first and second passwords do not agree with each other.
  - 9. The encrypted data distributing method according to claim 1, wherein, in preparing the encryption key, a group key to specify a group to which operators of the encryption device and the decryption device belong is combined with the encryption device authentication key and-the decryption device authentication key to prepare the encryption key;
    - and wherein, in preparing the decryption key, a group key stored in the decryption device is combined with the encryption device authentication key and the decryption device authentication key to prepare the decryption key, so that the cipher text is prevented from being decrypted when the group keys do not agree with each other.
  - 10. The encrypted data distributing method according to claim 1, wherein, in preparing-the encryption key, a shared key shared between the encryption device and the encryption device and a random number is further combined with the encryption device authentication key and the decryption device authentication key to prepare the encryption key;
    - wherein, in converting the cipher text, the attribute information further includes the random number to provide the random number to the decryption device; and
      
      wherein, in preparing the decryption key, the random number received from the encryption device and the shared key owned by the decryption device is combined with the encryption device authentication key and the decryption device authentication key to prepare the decryption key.
  - 11. The encrypted data distributing method according to claim 1, wherein the encryption device and the decryption device are servers allowed to transmit/receive the data with each other via a communication network, and the cipher text and the attribute information are distributed from the encryption device to the decryption device via the communication network.

12. An encryption device comprising:
- encryption device authentication key preparing means for preparing an encryption device authentication key unique to the encryption device by use of a unique identification (ID) of the encryption device;
  
  encryption key preparing means for preparing an encryption key by use of the encryption device authentication key and a decryption device authentication key of the specific decryption device, the decryption device authentication key being unique to the decryption device and being prepared using a unique ID of the decryption device; and
  
  an encryption engine that converts plain text into cipher text by use of the encryption key,
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The encryption device according to claim 12, further comprising:
    - attribute information adding means for adding attribute information to the cipher-text, the attribute information including the encryption device authentication key and the decryption device authentication key.
  - 14. The encryption device according to claim 13, wherein the encryption device is formed as an integrated circuit (IC) and the encryption device authentication key preparing means, the encryption key preparing means, the encryption engine and the attribute information adding means are implemented as a logical circuit within the IC;
    - and wherein the unique ID of the encryption device is one of a manufacture number of the IC and identification information unique to the IC.
  - 15. The encryption device according to claim 12, wherein the encryption key preparing means comprises a pseudo-random number preparing engine which combines the encryption device authentication key with the decryption device authentication key to prepare an irreversible pseudo-random number;
    - and wherein the encryption key is prepared by use of the prepared pseudo-random number.
  - 16. The encryption device according to claim 12, wherein the encryption device is an external encryption device detachably coupled to a user terminal device.
  - 17. The encryption device according to claim 12, wherein the encryption device is formed as an integrated circuit (IC) and the encryption device authentication key preparing means, the encryption key preparing means and the encryption engine are implemented as a logical circuit within the IC;
    - and wherein the unique ID of the encryption device is one of a manufacture number of the IC and identification information unique to the IC.

18. An encryption device comprising:
- encryption device authentication key storage means for storing an encryption device authentication key unique to the encryption device, the encryption device authentication key being prepared using a unique identification (ID) of the encryption device;
  
  encryption key preparing means for preparing an encryption key by use of the encryption device authentication key and a decryption device authentication key of the specific decryption device, the decryption device authentication key being unique to the decryption device and being prepared using a unique identification (ID) of the decryption device; and
  
  an encryption engine that converts plain text into cipher text by using the encryption key.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The encryption device according to claim 18, further comprising:
    - attribute information adding means for adding attribute information to the cipher text, the attribute information including the encryption device authentication key and the decryption device authentication key.
  - 20. The encryption device according to claim 19, wherein the encryption device is formed as an integrated circuit (IC) and the encryption device authentication key storage means, the encryption key preparing means, the encryption engine and the attribute information adding means are implemented as a logical circuit within the IC;
    - and wherein the unique ID of the encryption device is one of a manufacture number of the IC and identification information unique to the IC.
  - 21. The encryption device according to claim 18, wherein the encryption device is an external encryption device detachably coupled to a user terminal device.
  - 22. The encryption device according to claim 18, wherein the encryption device is formed as an integrated circuit (IC) and the encryption device authentication key storage means, the encryption key preparing means and the encryption engine are implemented as a logical circuit within the IC;
    - and wherein the unique ID of the encryption device is one of a manufacture number of the IC and identification information unique to the IC.

23. A decryption device which receives cipher text and attribute information from a specific encryption device and decrypts the cipher text, the cipher text being prepared by an encryption key which is prepared using an encryption device authentication key unique to the specific encryption device and a decryption device authentication key unique to the decryption device, and attribute information including the encryption device authentication key and the decryption device authentication key used in preparing the encryption key by the encryption device, the decryption device comprising:
- decryption device authentication key preparing means for preparing the decryption device authentication key unique to the decryption device by use of a unique identification (ID) of the decryption device;
  
  attribute information reading means for reading, from the attribute information, the encryption device authentication key and the decryption device authentication key used in preparing the encryption key in the encryption device;
  
  authentication key comparing means for comparing the decryption device authentication key read by the attribute information reading means with the decryption device authentication key prepared by the decryption device authentication key preparing means;
  
  decryption key preparing means for preparing a decryption key by use of the encryption device authentication key and the decryption device authentication key; and
  
  a decryption engine that converts the cipher text into plain text by use of the decryption key;
  
  wherein the authentication key comparing means prohibits the decryption engine from being started when the decryption device authentication key attached to the cipher text does not match the decryption device authentication key prepared by the decryption device authentication key preparing means.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The decryption device according to claim 23, wherein the decryption device authentication key used for preparation of the decryption key is the decryption device authentication key contained in the attribute information received from the encryption device.
  - 25. The decryption device according to claim 23, wherein the decryption device authentication key used for preparation of the decryption key is the decryption device authentication key prepared by the decryption device authentication key preparing means.
  - 26. The decryption device according to claim 23, wherein the decryption key preparing means comprises a pseudo-random number preparing engine which combines the encryption device authentication key with the decryption device authentication key to prepare an irreversible pseudo-random number, and wherein the decryption key preparing means prepares the decryption key by use of the prepared pseudo-random number.
  - 27. The decryption device according to claim 23, wherein the decryption device is implemented as an external decryption device detachably coupled to a user'"'"'s terminal device.
  - 28. The decryption device according to claim 23, wherein the decryption device is formed as an integrated circuit (IC) and the decryption device authentication key preparing means, the attribute information reading means, the authentication key comparing means, the decryption key preparing means and the decryption engine are implemented as a logical circuit within the IC;
    - and wherein the unique ID of the decryption device is one of a manufacture number of the IC and identification information intrinsic in the IC.

29. A decryption device that receives cipher text and attribute information from a specific encryption device and decrypts the cipher text, the cipher text being prepared by an encryption key prepared using an encryption device authentication key unique to the encryption device and a decryption device authentication key unique to the decryption device, and attribute information including the encryption device authentication key and the decryption device authentication key used in preparing the encryption key by the encryption device, the decryption device comprising:
- decryption device authentication key storage means for storing the decryption device authentication key unique to the decryption device, the decryption device authentication key being prepared by using a unique identification (ID) of the decryption device;
  
  attribute information reading means for reading, from the attribute information, the encryption device authentication key and the decryption device authentication key used in preparing the encryption key in the encryption device;
  
  authentication key comparing means for comparing the decryption device authentication key-read by the attribute information reading means with the decryption authentication key stored in by the decryption device authentication key storage means;
  
  decryption key preparing means for preparing a decryption key by using the encryption device authentication key and the decryption device authentication key; and
  
  a decryption engine that converts the cipher text into plain text by using the decryption key, the authentication key comparing means prohibiting the decryption engine from being started when the decryption device authentication key attached to the cipher text does not match the decryption device authentication key stored in the decryption device authentication key storage means.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The decryption device according to claim 29, wherein the decryption device authentication key used for preparation of the decryption key is the decryption device authentication key contained in the attribute information received from the encryption device.
  - 31. The decryption device according to claim 29, wherein the decryption device authentication key used for preparation of the decryption key is the decryption device authentication key stored in the decryption device authentication key storage means.
  - 32. The decryption device according to claim 29, wherein the decryption key preparing means comprises a pseudo-random number preparing engine which combines the encryption device authentication key with the decryption device authentication key to prepare an irreversible pseudo-random number;
    - and wherein the decryption key preparing means prepares the decryption key by use of the prepared pseudo-random number.
  - 33. The decryption device according to claim 29, wherein the decryption device is an external decryption device detachably coupled to a user terminal device.
  - 34. The decryption device according to claim 29, wherein the decryption device is formed as an integrated circuit (IC) and the decryption device authentication key storage means, the attribute information reading means, the authentication key comparing means, the decryption key preparing means, and the decryption engine are implemented as a logical circuit within the IC, and wherein the unique ID of the decryption device is one of a manufacture number of the IC and identification information intrinsic in the IC.

35. An encryption/decryption device that prepares cipher text to be sent to a partner device for receiving and decrypting the cipher text or which decrypts cipher text prepared by and received from the partner device, the encryption/decryption device comprising:
- device authentication key preparing means for combining a unique identification (ID) of the device to prepare a first device authentication key unique to the device;
  
  encryption key preparing means for combining the first device authentication key with a second device authentication key unique to the partner device to prepare an encryption key;
  
  an encryption engine that converts plain text into the cipher text by use of the encryption key;
  
  device authentication key comparing means for comparing the second device authentication key attached to the cipher text prepared by the partner device with the first device authentication key prepared by the authentication key preparing means;
  
  decryption key preparing means for combining the second device authentication key attached to the cipher text with the first device authentication key to prepare a decryption key; and
  
  a decryption engine that converts the cipher text into the plain text by use of the decryption key.

36. An encryption program executable in an encryption device which encrypts plain text to prepare cipher text allowed to be decrypted only by a specific decryption device, the encryption program comprising:
- preparing an encryption key using an encryption device authentication key unique to the encryption device and a decryption device authentication key unique to the decryption device, the encryption device authentication key having been prepared using a unique identification (ID) of the encryption device, and the decryption device authentication key having been prepared using a unique ID of the decryption device;
  
  a converting the plain text into the cipher text by use of the encryption key, and attaching to the cipher text attribute information including the encryption device authentication key and the decryption device authentication key.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The encryption program according to claim 36, wherein the encryption key is prepared using an irreversible pseudo-random number prepared by combining the encryption device authentication key with the decryption device authentication key.
  - 38. The encryption program according to claim 37, wherein the encryption key is prepared by combining the pseudo-random number with a password input into the encryption device.
  - 39. The encryption program according to claim 37, wherein the encryption key is prepared by combining the pseudo-random number with a group key to specify a group to which operators of the encryption device and a decryption device belong.
  - 40. The encryption program according to claim 37, wherein the encryption key is prepared by combining a shared key shared between the decryption device and the encryption device, a random number and the pseudo-random number;
    - and wherein the attribute information attached to the cipher text includes the random number.
  - 41. The encryption program according to claim 36, further comprising:
    - preparing the encryption device authentication key using the unique ID of the encryption device;
      
      wherein the encryption key is prepared using the prepared encryption device authentication key and the decryption device authentication key of the partner decryption device.

42. A decryption program executable in a decryption device which receives cipher text and attribute information from a specific encryption device and decrypts the cipher text, the cipher text being prepared by an encryption key prepared using an encryption device authentication key unique to the encryption device and a decryption device authentication key unique to the decryption device, and the attribute information including the encryption device authentication key and the decryption device authentication key which are used in preparing the cipher text, the decryption program comprising:
- (a) comparing the decryption device authentication key attached to the ciphertext with a decryption device authentication key which has been prepared or stored in the decryption device using a unique identification (ID) of the decryption device;
  
  (b) preparing, when the decryption device authentication key received from the encryption device matches the decryption device authentication key prepared in the decryption device, a decryption key by use of the decryption device authentication key and the encryption device authentication key attached to the cipher text; and
  
  (c) converting the cipher text into plain text by use of the decryption key.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49)
- - 43. The decryption program according to claim 42, wherein the decryption device authentication key used for preparation of the decryption key in step (b) is the decryption authentication device key attached to the cipher text received from the specific encryption device,
  - 44. The decryption program according to claim 42, wherein the decryption device authentication key used for preparation of the decryption key in step (b) is the decryption authentication device key prepared by or stored in the decryption device.
  - 45. The decryption program according to claim 42, further comprising:
    - before comparing the decryption device authentication keys, preparing the decryption device authentication key unique to the decryption device by use of the unique ID of the decryption device.
  - 46. The decryption program according to claim 42, wherein, in step (b), the encryption device authentication key is combined with the decryption device authentication key to prepare an irreversible pseudo-random number, and the decryption key is prepared by use of the pseudo-random number, when the encryption key is prepared using the irreversible pseudo-random number prepared by combining the encryption device authentication key with the decryption device authentication key.
  - 47. The decryption program according to claim 42, wherein, when the cipher text is prepared using the encryption key prepared by combining the encryption device authentication key, the decryption device authentication key and a password input in the encryption device, and when the password is attached to the cipher text, the decryption key is prepared when the password received from the encryption device matches a password input in the decryption device.
  - 48. The decryption program according to claim 42, wherein, when the encryption key is prepared by combining the pseudo-random number with a group key to specify a group to which operators of the encryption device and the decryption device, in step (b), a group key stored in the decryption device is combined with the pseudo-random number to prepare the decryption key, and the cipher text is prevented from being decrypted when the group key stored in the decryption device does not match the group key used for preparation of the cipher text.
  - 49. The decryption program according to claim 42, wherein, when the encryption key is prepared by combining the pseudo-random number, a shared key shared between the encryption device and decryption device, and a random number, and when random number is attached as the attribute information to the cipher text, the decryption key is prepared by combining the shared key stored in the decryption device, a random number read from the attribute information, and the pseudo-random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hiromi Fukaya
Original Assignee
Hiromi Fukaya
Inventors
Fukaya, Hiromi

Application Number

US11/240,775
Publication Number

US 20060072745A1
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

G06F 21/606 by securing the transmissio...

G06F 2221/2107 File encryption

Encryption system using device authentication keys

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption system using device authentication keys

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links