METHOD FOR THE SECURED RECORDING OF DATA, CORRESPONDING DEVICE AND PROGRAM

US 20170132435A1
Filed: 11/04/2016
Published: 05/11/2017
Est. Priority Date: 11/06/2015
Status: Active Grant

First Claim

Patent Images

1. Method for the secured recording of data, implemented in a data-recording device comprising a first non-secured memory and a second secured memory, the method comprising the following steps:

obtaining a derived key corresponding to the data recorded in the second memory from a root key recorded in the second memory;

encrypting data using the derived key, delivering encrypted data;

recording the encrypted data in the first memory;

determining a hash imprint of said data;

recording said hash imprint in association with the data in a hash file recorded in the first memory;

recording a general hash imprint, representing the content of the hash file comprising said hash imprint, in the second memory; and

eliminating the data in the second memory subsequently to said recording of encrypted data in the first memory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for the secured recording of data, implemented in a data-recording device having a first non-secured memory and a second secured memory, is disclosed. The method has the steps of: obtaining a derived key corresponding to the data in the second memory from a root key recorded in the second memory; encrypting data using the derived key, delivering encrypted data; recording the encrypted data in the first memory; determining a hash imprint of said data; recording said hash imprint in a hash file recorded in the first memory; recording a general hash imprint, representing the content of the hash file comprising said hash imprint, in the second memory; and eliminating the data in the second memory.

8 Citations

View as Search Results

14 Claims

1. Method for the secured recording of data, implemented in a data-recording device comprising a first non-secured memory and a second secured memory, the method comprising the following steps:
- obtaining a derived key corresponding to the data recorded in the second memory from a root key recorded in the second memory;
  
  encrypting data using the derived key, delivering encrypted data;
  
  recording the encrypted data in the first memory;
  
  determining a hash imprint of said data;
  
  recording said hash imprint in association with the data in a hash file recorded in the first memory;
  
  recording a general hash imprint, representing the content of the hash file comprising said hash imprint, in the second memory; and
  
  eliminating the data in the second memory subsequently to said recording of encrypted data in the first memory.
- View Dependent Claims (2, 3, 4, 5, 6, 11)
- - 2. Method according to claim 1 wherein, after it is obtained, the derived key is recorded in the second memory, the method furthermore comprises a step for eliminating the derived key from the second memory after the encryption of said data.
  - 3. Method according of claim 1, wherein the root key is generated randomly in the data-recording device.
  - 4. Method according to claim 1 wherein, during the step for obtaining, the derived key is obtained from:
    - a user identifier representing a user of the data-recording device; and
      
      a data identifier.
  - 5. Method according to claim 4, wherein, during said recording of the encrypted data, said encrypted data are recorded in the first memory in the form of an encrypted file to which a file name is assigned comprising the user identifier and the data identifier.
  - 6. Method according to claim 1 comprising, after said recording of the hash imprint in the hash file, a recording of a copy of the hash file in a secured back-up memory of the data-recording device.
  - 11. Computer program comprising instructions for the execution of the steps of a method for the secured recording of data according to claim 1, when said program is executed by a computer.

7. Method for the secured retrieval of data, implemented in a data-recording device comprising a first non-secured memory and a second secured memory, the method comprising:
- a verification of the integrity of a hash file recorded in the first memory from a general hash imprint recorded in the second memory; and
  
  when the hash file is detected as having integrity, the method furthermore comprises, upon reception of a request for access to data, the following steps;
  
  obtaining a derived key corresponding to encrypted data recorded in the first memory, from a root key recorded in the second memory;
  
  decrypting encrypted data using the obtained derived key so as to retrieve said data;
  
  recording said data in the second memory;
  
  determining the hash imprint of said data;
  
  verifying the integrity of the data recorded in the second memory by comparing the hash imprint determined for the data with a hash imprint recorded in the hash file in association with said data; and
  
  authorization of access to the data in the second memory in response to said access request, only if the data has been determined as having integrity.
- View Dependent Claims (8, 9, 10, 12)
- - 8. Method according to claim 7, comprising a step for obtaining a user identifier representing a user of the data-recording device and a data identifier, in which the derived key is obtained from the root key by using the user identifier and the data identifier.
  - 9. Method according to claim 7 comprising, subsequently to an access to the data:
    - encrypting data using the derived key, delivering encrypted data;
      
      recording the encrypted data in the first memory;
      
      determining the hash imprint of said data;
      
      recording said hash imprint in association with the data in the hash file recorded in the first memory;
      
      recording the general hash imprint, representing the content of the hash file comprising said hash imprint, in the second memory; and
      
      eliminating the data in the second memory subsequently to said recording of encrypted data in the first memory.
  - 10. Method according to claim 7, further comprising the following steps after an access by the user to the data in the second memory:
    - determining a second hash imprint of said data following said access; and
      
      comparing said second hash imprint with the hash imprint recorded in the hash file in association with the data, in order to detect whether the data have been modified during said access;
      
      wherein, only if it has been detected that the data have been modified during said access, the method further comprising;
      
      encrypting data using the derived key, delivering encrypted data;
      
      recording the encrypted data in the first memory;
      
      determining the hash imprint of said data;
      
      recording said hash imprint in association with the data in the hash file recorded in the first memory;
      
      recording the general hash imprint, representing the content of the hash file comprising said hash imprint, in the second memory; and
      
      eliminating the data in the second memory subsequently to said recording of encrypted data in the first memory.
  - 12. Computer program comprising instructions for the execution of the steps of a method for the secured retrieval of data according to claim 7, when said program is executed by a computer.

13. Data-recording device comprising:
- a first non-secured memory;
  
  a second secured memory;
  
  an obtaining module configured to obtain a derived key corresponding to data recorded in the second memory from a root key recorded in the second memory;
  
  an encryption module configured for the encryption, using the derived key, of said data so as to deliver encrypted data;
  
  a first recording module configured for the recording of the encrypted data in the first memory;
  
  a determining module configured to determine a hash imprint of said data;
  
  a second recording module configured for the recording of said hash imprint, in association with the data, in a hash file recorded in the first memory;
  
  a third recording module configured for the recording, in the second memory, of a general hash imprint representing the content of the hash file comprising said hash imprint; and
  
  an elimination module configured to eliminate the data in the second memory after said recording of the encrypted data in the first memory.
- View Dependent Claims (14)
- - 14. Device according to claim 13, wherein:
    - the obtaining module is configured for the recording, in the second memory, of said derived key obtained from the root key; and
      
      the elimination module is configured to eliminate the derived key recorded in the second memory after the encryption of said data by the encryption module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Banks And Acquirers International Holding
Original Assignee
Ingenico Group
Inventors
ROLIN, Christian, MULLER, Laurent, BELLAHCENE, Mohammed, ROYER, Jessica, POMMARET, Jean-Christophe

Granted Patent

US 10,318,766 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/62   Protecting access to data v...

G06F 21/64   Protecting data integrity, ...

G06F 21/78   to assure secure storage of...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3236   using cryptographic hash fu...

METHOD FOR THE SECURED RECORDING OF DATA, CORRESPONDING DEVICE AND PROGRAM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR THE SECURED RECORDING OF DATA, CORRESPONDING DEVICE AND PROGRAM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others