METHOD FOR SECURING TRANSMISSION DATA AND SECURITY SYSTEM FOR IMPLEMENTING THE SAME

US 20110314284A1
Filed: 06/17/2011
Published: 12/22/2011
Est. Priority Date: 06/21/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for securing transmission data to be implemented by a security system that includes a first security module associated with first verification data and a second security module associated with second verification data, the first security module including a first public key and a first private key corresponding to the first public key, the second security module including a second public key and a second private key corresponding to the second public key, said method comprising the steps of:

a) configuring the first security module to provide the first public key to the second security module;

b) configuring the second security module to encrypt the second public key using the first public key, and to provide the encrypted second public key to the first security module;

c) configuring the second security module to encrypt the second verification data associated therewith using the first public key received in step a), and to provide the encrypted second verification data to the first security module;

d) configuring the first security module to decrypt the encrypted second public key received in step b) using the first private key, to thereby obtain the second public key;

e) configuring the first security module to encrypt the first verification data associated therewith using the second public key obtained in step d), and to provide the encrypted first verification data to the second security module;

f) configuring the first security module and the second security module to verify each other using the encrypted second verification data and the encrypted first verification data received in steps c) and e), respectively; and

g) configuring the security system to allow data transmission through the first security module and the second security module when verification is successfully completed in step f).

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing transmission data is to be implemented by a security system including first and second security modules. The first security module provides a first public key to the second security module. The second security module encrypts a second public key and second verification data associated therewith using the first public key, and provides the encrypted second public key and the encrypted second verification data to the first security module. The first security module decrypts the encrypted second public key using a first private key, encrypts first verification data associated therewith using the second public key, and provides the encrypted first verification data to the second security module. The first and second security modules verify each other using the encrypted second and first verification data, respectively. The security system allows data transmission through the first and second security modules when verification is successfully completed.

40 Citations

View as Search Results

18 Claims

1. A method for securing transmission data to be implemented by a security system that includes a first security module associated with first verification data and a second security module associated with second verification data, the first security module including a first public key and a first private key corresponding to the first public key, the second security module including a second public key and a second private key corresponding to the second public key, said method comprising the steps of:
- a) configuring the first security module to provide the first public key to the second security module;
  
  b) configuring the second security module to encrypt the second public key using the first public key, and to provide the encrypted second public key to the first security module;
  
  c) configuring the second security module to encrypt the second verification data associated therewith using the first public key received in step a), and to provide the encrypted second verification data to the first security module;
  
  d) configuring the first security module to decrypt the encrypted second public key received in step b) using the first private key, to thereby obtain the second public key;
  
  e) configuring the first security module to encrypt the first verification data associated therewith using the second public key obtained in step d), and to provide the encrypted first verification data to the second security module;
  
  f) configuring the first security module and the second security module to verify each other using the encrypted second verification data and the encrypted first verification data received in steps c) and e), respectively; and
  
  g) configuring the security system to allow data transmission through the first security module and the second security module when verification is successfully completed in step f).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as claimed in claim 1, further comprising, prior to step a), the steps of:
    - configuring the first security module to generate an identification code corresponding to the second security module, and to provide the identification code to the second security module; and
      
      configuring the security system to implement steps a) to g) after the second security module successfully completes a login procedure for gaining access to the security system using the identification code.
  - 3. The method as claimed in claim 1, wherein step f) includes the following sub-steps of:
    - f1) configuring the first security module to decrypt the encrypted second verification data received in step c) using the first private key to thereby obtain the second verification data, and to verify the second security module using the second verification data thus obtained; and
      
      f2) configuring the second security module to decrypt the encrypted first verification data received in step e) using the second private key to thereby obtain the first verification data, and to verify the first security module using the first verification data thus obtained.
  - 4. The method as claimed in claim 1, further comprising, prior to step g), the following steps of:
    - i) configuring the first security module to generate a first key and a second key each of which is used for encrypting data and for decrypting encrypted data that is encrypted using the other one of the first and second keys; and
      
      ii) configuring the first security module to encrypt the first key using the second public key obtained in step d), and to provide the encrypted first key to the second security module.
  - 5. The method as claimed in claim 4, wherein step g) includes the following sub-steps of:
    - g1) configuring the first security module to encrypt data that is to be transmitted using the second key, and to transmit the encrypted data to the second security module; and
      
      g2) configuring the second security module to decrypt the encrypted first key received in step ii) using the second private key to thereby obtain the first key, and to decrypt the encrypted data received in sub-step g1) using the first key thus obtained.
  - 6. The method as claimed in claim 4, wherein step g) includes the following sub-steps of:
    - g3) configuring the second security module to decrypt the encrypted first key received in step ii) using the second private key to thereby obtain the first key;
      
      g4) configuring the second security module to encrypt data that is to be transmitted using the first key thus obtained, and to transmit the encrypted data to the first security module; and
      
      g5) configuring the first security module to decrypt the encrypted data received in sub-step g4) using the second key.
  - 7. The method as claimed in claim 4, the security system further including a third security module that is associated with third verification data and that includes a third public key and a third private key corresponding to the third public key,said method further comprising the step of configuring the security system to implement steps a) to g) with the third security module, the third verification data, the third public key and the third private key instead of the second security module, the second verification data, the second public key and the second private key, respectively, such that data transmission through the second security module and the third security module is allowed in step g) when the first and second security modules have successfully verified each other and when the first and third security modules have successfully verified each other.
  - 8. The method as claimed in claim 7, wherein, in step ii), the first security module is further configured to encrypt the second key using the third public key obtained in step d), and to provide the encrypted second key to the third security module.
  - 9. The method as claimed in claim 8, wherein step g) includes the following sub-steps of:
    - g6) configuring the second security module to decrypt the encrypted first key received in step ii) using the second private key to thereby obtain the first key;
      
      g7) configuring the second security module to encrypt data that is to be transmitted using the first key thus obtained, and to transmit the encrypted data to the third security module; and
      
      g8) configuring the third security module to decrypt the encrypted second key received in step ii) using the third private key to thereby obtain the second key, and to decrypt the encrypted data received in sub-step g7) using the second key thus obtained.
  - 10. The method as claimed in claim 8, wherein step g) includes the following sub-steps of:
    - g9) configuring the third security module to decrypt the encrypted second key received in step ii) using the third private key to thereby obtain the second key;
      
      g10) configuring the third security module to encrypt data that is to be transmitted using the second key thus obtained, and to transmit the encrypted data to the second security module; and
      
      g11) configuring the second security module to decrypt the encrypted first key received in step ii) using the second private key to thereby obtain the first key, and to decrypt the encrypted data received in sub-step g10) using the first key thus obtained.

11. A security system for securing transmission data, said security system comprising:
- a first security module that is associated with first verification data, and that includes a first encryption/decryption unit, a first verification unit, and a first key-generating unit for generating an accessible first public key and a first private key corresponding to the first public key; and
  
  a second security module that is associated with second verification data, that is configured to obtain the first public key from said first security module, and that includes a second encryption/decryption unit, a second verification unit, and a second key-generating unit for generating a second public key and a second private key corresponding to the second public key;
  
  said second encryption/decryption unit being operable to encrypt the second public key and the second verification data using the first public key, and to provide the encrypted second public key and the encrypted second verification data to said first security module;
  
  said first encryption/decryption unit being operable to decrypt the encrypted second public key and the encrypted second verification data using the first private key to thereby obtain the second public key and the second verification data, to encrypt the first verification data using the second public key thus obtained, and to provide the encrypted first verification data to said second security module;
  
  said first verification unit being operable to verify said second security module based upon the second verification data decrypted and obtained by said first encryption/decryption unit;
  
  said second encryption/decryption unit being further operable to decrypt the encrypted first verification data using the second private key to obtain the first verification data;
  
  said second verification unit being operable to verify said first security module based upon the first verification data decrypted and obtained by said second encryption/decryption unit;
  
  said security system being operable to allow data transmission through said first security module and said second security module when verification between said first security module and said second security module is successfully completed.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The security system as claimed in claim 11, wherein:
    - said first security module is operable to generate an identification code corresponding to said second security module, and to provide the identification code to said second security module; and
      
      said second security module is operable only after a login procedure for gaining access to said security system using the identification code received from said first security module is successfully completed by said second security module.
  - 13. The security system as claimed in claim 11, wherein, after said first and second security modules have successfully verified each other,said first key-generating unit of said first security module is operable to further generate a first key and a second key each of which is used for encrypting data and for decrypting encrypted data that is encrypted using the other one of the first and second keys;
    - andsaid first encryption/decryption unit of said first security module is further operable to encrypt the first key using the second public key, and to provide the encrypted first key to said second security module.
  - 14. The security system as claimed in claim 13, wherein said first encryption/decryption unit is further operable to encrypt data that is to be transmitted using the second key and to transmit the encrypted data to said second security module, and said second encryption/decryption unit of said second security module is further operable to decrypt the encrypted first key using the second private key to thereby obtain the first key and to decrypt the encrypted data using the first key thus obtained.
  - 15. The security system as claimed in claim 13, wherein:
    - said second encryption/decryption unit of said second security module is further operable to decrypt the encrypted first key using the second private key to thereby obtain the first key, to encrypt data that is to be transmitted using the first key thus obtained, and to transmit the encrypted data to said first security module; and
      
      said first encryption/decryption unit of said first security module is further operable to decrypt the encrypted data using the second key.
  - 16. The security system as claimed in claim 11, wherein said first security module is configured for hardware integration within a computer having an operating system and an application program, and the first private key generated by said first key-generating unit is inaccessible to the operating system and the application program of the computer.
  - 17. The security system as claimed in claim 16, wherein said first verification unit of said first security module is further operable to dynamically generate the first verification data, and the first verification data thus generated is inaccessible to the operating system and the application program of the computer.
  - 18. The security system as claimed in claim 16, wherein:
    - said second security module is an application program stored in a memory device of the computer electrically connected to said first security module, and is configured for implementation by a processor of the computer; and
      
      said second verification unit of said second security module is further operable to generate the second verification data according to a verification rule dynamically generated by said first verification unit of said first security module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Che-Yang Chou
Original Assignee
Che-Yang Chou
Inventors
Chou, Che-Yang

Application Number

US13/162,893
Publication Number

US 20110314284A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3273   for mutual authentication n...

METHOD FOR SECURING TRANSMISSION DATA AND SECURITY SYSTEM FOR IMPLEMENTING THE SAME

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR SECURING TRANSMISSION DATA AND SECURITY SYSTEM FOR IMPLEMENTING THE SAME

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links