KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY
First Claim
1. A computer-implemented method comprising:
- selecting a plaintext message to be authenticated and encrypted;
selecting an associated data to be authenticated and transmitted, but not encrypted;
creating and storing a data key to encrypt the plaintext message in a uniformly random or pseudorandom manner;
creating and storing a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is derived from at least the plaintext message, and the data key;
creating and storing an encrypted data key, wherein the encrypted data key is derived from at least the data key, and a key encrypting key;
generating a communication comprising at least the encrypted data key and the ciphertext message;
wherein each of the above steps is performed by one or more processors.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message.
-
Citations
30 Claims
-
1. A computer-implemented method comprising:
-
selecting a plaintext message to be authenticated and encrypted; selecting an associated data to be authenticated and transmitted, but not encrypted; creating and storing a data key to encrypt the plaintext message in a uniformly random or pseudorandom manner; creating and storing a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is derived from at least the plaintext message, and the data key; creating and storing an encrypted data key, wherein the encrypted data key is derived from at least the data key, and a key encrypting key; generating a communication comprising at least the encrypted data key and the ciphertext message; wherein each of the above steps is performed by one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus, comprising:
-
a data storage medium storing;
a key encrypting key;
a plaintext message to be authenticated, encrypted, and transmitted;
an associated data to be authenticated and transmitted, but not encrypted;logic configured to generate;
a data key in a uniformly random or pseudorandom manner;a nonce that is either unique for any particular value of the data key or zero-length;
a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is determined from at least the plaintext message, the data key, and the nonce;
an encrypted data key, wherein the encrypted data key is derived from at least the data key and the key encrypting key;logic configured to generate the communication comprising at least the encrypted data key, the ciphertext message and the associated data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause performing:
-
selecting a plaintext message to be authenticated, encrypted and transmitted; selecting an associated data to be authenticated and transmitted, but not encrypted; creating and storing a data key to encrypt the plaintext message in a uniformly random or pseudorandom manner; creating and storing a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is derived from at least the plaintext message and the data key; creating and storing an encrypted data key, wherein the encrypted data key is derived from at least the data key, and a key encrypting key; generating a communication comprising at least the encrypted data key, the ciphertext message, and the associated data; wherein each of the above steps is performed by one or more processors. - View Dependent Claims (27, 28, 29, 30)
-
Specification