Personal cryptoprotective complex
0 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to information protection and user identification. The technical result consists in functionality enhancement including: information encryption and decryption; electronic document authentication using an electronic digital signature; protection of electronic documents against copying, exchange of copy-protected electronic documents; settlements by means of electronic payment facilities; protection of software and databases against unauthorized copying. The inventive personal cryptoprotective complex comprises a code-carrying medium in the form of a cassette for protection of cryptographic data and a terminal device for communications with peripheral devices such as a personal computer, a telephone and a card reader. The cassettes for personal cryptoprotective complexes are embodied such that they have a unified architecture, common software and an identical secret mother code. A protective sheath of the cassette has light-reflective surfaces. A program for monitoring the integrity of the protective sheath destroys the mother code in case of an authorized access. A data processing program checks the inputted open information for presence of service symbols therein which are used as a most important tool for carrying out different cryptographic operations. Individual data of a user, including the electronic digital signature thereof, is recorded in a ROM. The inventive cryptoprotective complex comprises a user identification device in the form of an identification wristband that stores single-use access passwords.
60 Citations
74 Claims
-
1-55. -55. (canceled)
-
56. A method for transmission of information with protection against copying with use of a personal cryptoprotective complex, the method comprising:
-
in a ROM of each of personal cryptoprotective complexes, storing copies of a mother code being a set of random numbers (M1, M2, . . . , MN), encryption, decryption and information processing programs, wherein record is carried out in a protected way only in said personal cryptoprotective complexes, said way excluding the possibility of recording to other media and modifying said programs, as well as personal data of a user including his or her electronic signature and other attributes used for execution of cryptoprotective operations and generation of electronic documents, and setting date and time in a built-in clock;
in the input of user'"'"'s information to the personal cryptoprotective complex, inputting user'"'"'s commands to establish a mode of processing the user'"'"'s information, to generate a non-copied electronic document, and processing the inputted user'"'"'s information;
in accordance with the established mode of processing the user'"'"'s information and the earlier received information, generating service information by means of the information processing program, and combining the service information with the processed user'"'"'s information to obtain an electronic document, attributes of the electronic document in the form of service information being separated from the processed user'"'"'s information by means of service symbols, and in accordance with a user'"'"'s command to generate a non-copied electronic document, including a command in the service information, said command being intended for the personal cryptoprotective complexes and being in the form of a typical set of symbols inputted earlier to the ROM in structure of the information processing program, and storing the obtained electronic document in a section of the ROM intended for non-copied electronic documents of the personal cryptoprotective complex;
establishing a protected communication session with application of the personal cryptoprotective complexes on the basis of a single-use key of the communication session generated using random numbers, and inputting a user'"'"'s command to transmit the non-copied electronic document recorded in the PROM to other subscriber of the established communication session;
encrypting the electronic document by a dynamically transformable daughter code while reading an electronic document inability-for-copying command out of the service information, establishing the protection against modification to the encrypted information, and transmitting the encrypted information to another personal cryptoprotective complex;
upon termination of transmission of the non-copied electronic document, disabling it for a predetermined time period T1 in the PROM according to said inability-for-copying command;
receiving the electronic document and decrypting the electronic document, establishing the reliability of information by check for absence of distortions in said information, searching for and selecting service information from decrypted information by means of service symbols, using the service symbols to find the service information containing the electronic document inability-for-copying command, recording the electronic document to the section of the PROM intended for non-copied electronic documents, and disabling said document for the predetermined time period T1;
generating an electronic-document-loading-acknowledgement password in the personal cryptoprotective complex of a receiving party and transmitting the electronic-document-loading-acknowledgement password in the encrypted form to the personal cryptoprotective complex of a sending party;
in case if the sender does not receive the electronic-document-loading-acknowledgement password from the recipient during the time period T1, enabling the electronic document in the PROM of the personal cryptoprotective complex of the sender, while ignoring the subsequent reception of said password;
in case if the recipient does not send the electronic-document-loading-acknowledgement password to the sender during the time period T1, deleting the electronic document from the PROM of the personal cryptoprotective complex;
receiving the electronic-document-loading-acknowledgement password in the personal cryptoprotective complex of the sending party, generating an electronic-document-transmission-acknowledgement password, and requesting a user acknowledgement in response to the sending of the present password to the personal cryptoprotective complex of the receiving party;
in case if the user gives no acknowledge in response to the sending of the password during a predetermined time period T2, then, on the expiration of said time period, automatically enabling said electronic document in the PROM of the personal cryptoprotective complex of the sender, and automatically deleting said electronic document in the PROM of the personal cryptoprotective complex of the recipient;
in case if the user acknowledges the sending of the password during the time period T2, sending the present password in the encrypted form to the personal cryptoprotective complex of the recipient, wherein said electronic document is automatically deleted from PROM of the personal cryptoprotective complex of the sender, and said electronic document is automatically enabled in the PROM of the personal cryptoprotective complex of the recipient when he or she has received said electronic-document-transmission-acknowledgement password, followed by inputting user'"'"'s commands, establishing a mode of processing the decrypted information according to the user'"'"'s commands received from the service information and according to the earlier inputted information and the information processing program, and outputting the processed information to the user together with service symbols that authenticate attributes of the received electronic document. - View Dependent Claims (57, 58, 59, 60, 61)
-
-
62. A method for transmission of information with protection against copying with use of a personal cryptoprotective complex, the method comprising:
-
in a ROM of each of personal cryptoprotective complexes, storing copies of a mother code being a set of random numbers (M1, M2, . . . , MN), encryption, decryption and information processing programs, wherein record is carried out in a protected way only in said personal cryptoprotective complexes, said way excluding the possibility of recording to other media and modifying said programs;
storing an individual number of the personal cryptoprotective complex as well as other attributes used for execution of cryptoprotective operations in the ROM and setting date and time in a built-in clock;
generating a decryption password on the basis of a random number and recording it to a section of a PROM intended for non-copied decryption passwords and closed for users;
generating a dynamically transformable daughter code on the basis of the mother code and the decryption password;
inputting information, including a computer program, to the personal cryptoprotective complex, and making its encryption using said decryption password;
outputting the encrypted information to a user for record to a medium or for transmission to other user;
inputting a command to transmit the decryption password to other user in process of the protected communication session;
encrypting the decryption password on the basis of a single-use key generated using at least one random number, and outputting said password for transmission;
according to the fact that the decryption password has the status of a non-copied electronic document, upon termination of transmission of the present electronic document, disabling it for a predetermined time period T1 in the PROM;
receiving the electronic document and decrypting the electronic document, establishing the reliability of information by check for absence of distortions in said information, searching for and selecting service information from decrypted information by means of service symbols, using the service symbols to find the service information containing an electronic document inability-for-copying command, recording the electronic document to the section of the PROM intended for non-copied electronic documents, and disabling said document for the predetermined time period T2;
generating an electronic-document-loading-acknowledgement password in the personal cryptoprotective complex of a receiving party and transmitting the electronic-document-loading-acknowledgement password in the encrypted form to the personal cryptoprotective complex of a sending party;
in case if the sender does not receive the electronic-document-loading-acknowledgement password from the recipient during the time period T1, enabling the electronic document in the PROM of the personal cryptoprotective complex of the sender, while ignoring the subsequent reception of said password;
in case if the recipient does not send the electronic-document-loading-acknowledgement password to the sender during the time period T1, deleting the electronic document from the PROM of the personal cryptoprotective complex;
receiving the electronic-document-loading-acknowledgement password in the personal cryptoprotective complex of the sending party, generating an electronic-document-transmission-acknowledgement password, and requesting a user acknowledgement in response to the sending of the present password to the personal cryptoprotective complex of the receiving party;
in case if the user gives no acknowledge in response to the sending of the password during the predetermined time period T2, then, on the expiration of said time period, automatically enabling said electronic document in the PROM of the personal cryptoprotective complex of the sender, and automatically deleting said electronic document in the PROM of the personal cryptoprotective complex of the recipient;
in case if the user acknowledges the sending of the password during the time period T2, sending the present password in the encrypted form to the personal cryptoprotective complex of the recipient, wherein said electronic document is automatically deleted from PROM of the personal cryptoprotective complex of the sender, and said electronic document is automatically enabled in the PROM of the personal cryptoprotective complex of the recipient when he or she has received said electronic-document-transmission-acknowledgement password;
recording the decryption password to the section of the PROM intended for non-copied electronic documents and closed for users of the PROM;
inputting information, including a computer program, to the personal cryptoprotective complex and decryption said information on the basis of the dynamically transformable code generated using the decryption password read out of the PROM;
in case of decryption of a computer program, connecting the personal cryptoprotective complex to a computer, recording a decrypted fragment of the program to a RAM of the personal cryptoprotective complex, executing only a part of operations in a microprocessor of the personal cryptoprotective complex compatible to the computer, while executing another part in the microprocessor of the computer. - View Dependent Claims (63, 64, 65, 66, 67)
-
-
68. A method for simultaneously exchanging copy-protected electronic documents among users through a communication link with use of a cryptoprotective complex, comprising:
-
in a ROM of each of personal cryptoprotective complexes, storing copies of a mother code being a set of random numbers (M1, M2, . . . , MN), encryption, decryption and information processing programs, wherein record is carried out in a protected way only in said personal cryptoprotective complexes, said way excluding the possibility of recording to other media and modifying said programs;
storing an individual number I of the personal cryptoprotective complex in the ROM as well as personal data of a user including his or her electronic signature and other attributes used for execution of cryptoprotective operations and generation of electronic documents, and setting date and time in a built-in clock;
synchronously generating a single-use encryption key on the basis of random numbers produced in the personal cryptoprotective complexes of users;
synchronously generating dynamically transformable daughter codes on the basis of the mother code and the single-use encryption key in the personal cryptoprotective complexes of users;
inputting initial information to each of the personal cryptoprotective complexes of users;
in accordance with an established mode of processing user'"'"'s information and earlier received information, generating service information by means of the information processing program and combining the service information with the processed user'"'"'s information to obtain an electronic document, wherein attributes of the electronic document in the form of service information are separated from the processed user'"'"'s information by means of predetermined service symbols, and in accordance with a user'"'"'s command to generate a copy-protected electronic document, including a certain command in the service information as a part of the information processing program for the personal cryptoprotective complexes, wherein said command is in the form of a typical set of symbols earlier inputted to the ROM, and storing the obtained electronic document in a section of the PROM provided in the personal cryptoprotective complex and intended for non-copied electronic documents;
in at least one of the personal cryptoprotective complexes, inputting a command for simultaneous exchanging the electronic documents, and sending said command in the form of a signal encrypted by means of the produced single-use encryption key to other personal cryptoprotective complex;
in each of the personal cryptoprotective complexes, inputting a command to start transmission of the non-copied electronic document recorded in the PROM to other subscriber of the established communication session;
encrypting the electronic document with a dynamically transformable daughter code while reading an electronic document inability-for-copying command out of the service information;
establishing protection against modification in the decrypted information and transmitting the encrypted information to other personal cryptoprotective complex;
in accordance with the command for simultaneous exchanging the electronic documents, and upon termination of transmission of the non-copied electronic document, disabling it for a predetermined time period T1 in the PROM of the sender;
receiving the electronic document and decrypting the electronic document, establishing the reliability of information by check for absence of distortions in information;
searching for and selecting service information from the decrypted information by means of service symbols, using the service symbols to find service information containing the electronic document inability-for-copying command, recording the electronic document to the section of the PROM intended for non-copied electronic documents, disabling said electronic document for a predetermined time period T1 and outputting the obtained electronic document to the user for acquaintance;
in the personal cryptoprotective complex of the receiving party, generating an electronic-document-loading-acknowledgement password and transmitting said electronic-document-loading-acknowledgement password in the encrypted form to the personal cryptoprotective complex of the sending party;
if the sender does not receive the electronic-document-loading-acknowledgement password from the recipient during the time period T1, the electronic document is enabled in the PROM of the personal cryptoprotective complex of the sender;
if the recipient does not send the electronic-document-loading-acknowledgement password to the sender during the time period T1, deleting the electronic document from the PROM of the personal cryptoprotective complex of the recipient;
receiving the electronic-document-loading-acknowledgement in the personal cryptoprotective complex of sending party, generating an electronic-document-transmission-acknowledgement password and requesting a user acknowledgement to send the present password to the personal cryptoprotective complex of the receiving party;
in case if the user does not acknowledge the sending of the password during a predetermined time period T2, then, after the expiration of said time period, automatically enabling said electronic document in the PROM of the personal cryptoprotective complex of the sender, and automatically deleting said electronic document in the PROM of the personal cryptoprotective complex of the recipient;
in case if the user gives the acknowledgement for sending the password during the time period T2, then, sending a predetermined signal in the encrypted form containing information of said acknowledgement to other user, and receiving the similar signal from said user;
after the exchange of acknowledgement signals, making synchronization according the last signal, and from the moment of sending a last bit of said signal from one of personal cryptoprotective complexes and to the moment of according reception thereof in other personal cryptoprotective complex, starting a procedure of a simultaneous exchange of the electronic-document-transmission-acknowledgement passwords in the encrypted form, wherein the reception of a password-containing signal from the opposite party is monitored in each of the personal cryptoprotective complexes, and in case of absence or interruption of said signal, the transmission of own password is stopped;
after the sending of the transmission-acknowledgement password, automatically deleting said electronic document from the PROM of the personal cryptoprotective complex of the sender, and when the recipient has received the electronic-document-transmission-acknowledgement password, automatically enabling said electronic document in the PROM of the personal cryptoprotective complex of the recipient. - View Dependent Claims (69, 70, 71, 72)
-
-
73. A cassette for a personal cryptoprotective complex, intended for protection and storage of confidential and cryptographic information, comprising:
-
a microchip including a microprocessor capable of suppressing and masking self-microradiations and creating false microradiations, a nonvolatile memory for storing encryption, decryption and information processing programs and an individual number of a cryptoprotective device, a volatile memory being for storing a mother code and comprising a built-in accumulator, a protective sheath of the microchip, connected to the accumulator and a protective sheath integrity monitor unit providing erase of information from the volatile memory at an authorized access from the outside, said protective sheath consisting of three layers wherein the inner and outer layers of the protective sheath are formed with light-reflecting surfaces faced each other, and a third, transparent layer enclosed there between, wherein the light-emitting microdiodes and microphotocells face to the outer light-reflecting layer, said protective sheath integrity monitor unit being intended to set a periodicity and a radiation doze of the light-emitting microdiodes, to measure power absorbed by the microphotocells, to compare the measured values to reference values, and at their non-coincidence to de-energize the volatile memory for destroying the mother code stored therein. - View Dependent Claims (74)
-
Specification