Encryption method and system for portable data

US 5,623,546 A
Filed: 06/23/1995
Issued: 04/22/1997
Est. Priority Date: 06/23/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing access through a new host to encrypted data using an encryption key, wherein a first split of a password-modified key is stored in a portable encryption device, and a second split of said password-modified key is stored elsewhere, said method comprising the steps of:

a) connecting said portable encryption device to said new host;

b) providing a password;

c) obtaining said second split of said password-modified key; and

d) recreating said encryption key with said password to produce a recreated encryption key, first split of said password-modified key, and said second split of said password-modified key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method allows portable, encrypted data to be accessible through multiple hosts, including new hosts (14), without requiring a secure link to the new hosts. A split key encryption system encrypts (52) data and stores the encrypted data on a portable device (10). A split of the encryption key is stored (54) in the portable device (10), and another split of the key is stored (54) in a home host (12) . A password-modified key is then made (58) by combining a password with the encryption key. This password-modified key is then reduced (58), with one split being stored on the host (12) and another split stored on the portable device (10) . Data can be accessed with a new host (14) by transferring (78) the host password-modified split to the new host (14) and entering (80) the password into the portable device (10).

Citations

18 Claims

1. A method for providing access through a new host to encrypted data using an encryption key, wherein a first split of a password-modified key is stored in a portable encryption device, and a second split of said password-modified key is stored elsewhere, said method comprising the steps of:
- a) connecting said portable encryption device to said new host;
  
  b) providing a password;
  
  c) obtaining said second split of said password-modified key; and
  
  d) recreating said encryption key with said password to produce a recreated encryption key, first split of said password-modified key, and said second split of said password-modified key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as claimed in claim 1 further comprising the step decrypting said encrypted data using said recreated encryption key.
  - 3. A method as claimed in claim 1 further comprising the steps of:
    - determining whether said new host has been previously initialized; and
      
      performing said step c) if said new host has not been previously initialized.
  - 4. A method as claimed in claim 1 wherein said encryption key has been reduced into a portable split which is stored in said portable encryption device and a home host split which is stored in a home host, and said method further comprising the steps of:
    - e) recreating said home host split of said encryption key for a previously initialized host to produce a recreated home host split;
      
      f) selecting a new encryption key;
      
      g) re-encrypting said encrypted data using said new encryption key; and
      
      h) creating a new portable split of said new encryption key, said new portable split being configured as a function of said new encryption key and said recreated home host split of said encryption key for said previously initialized host.
  - 5. A method as claimed in claim 1 further comprising the steps of:
    - e) changing said first split of said password-modified key into an updated first split; and
      
      f) storing said updated first split in said portable encryption device.
  - 6. A method as claimed in claim 5 wherein said step e) comprises the steps of:
    - changing said second split of said password-modified key to an updated second split of said password-modified key;
      
      selecting a random binary number; and
      
      exclusive ORing said random binary number with said encryption key and with said password.
  - 7. A method as claimed in claim 5 wherein said step e) comprises the steps of:
    - changing said password to produce a changed password; and
      
      exclusive ORing said changed password with said second split of said password-modified key and with said encryption key.

8. A method for providing portable encrypted data which are accessible by multiple hosts without requiring a secure communication link between an existing host and a new host, said method comprising the steps of:
- a) encrypting data using an encryption key;
  
  b) storing said portable encrypted data in a portable device;
  
  c) obtaining a user password;
  
  d) reducing said user password and said encryption key into a portable password-modified split and a home host password-modified split; and
  
  e) storing said home host password-modified split in a home host.
- View Dependent Claims (9, 10, 11)
- - 9. A method as claimed in claim 8 additionally comprising the steps of:
    - f) separating said portable device from said home host; and
      
      g) refraining from storing said home host password-modified split in said portable device after the step of separating.
  - 10. A method as claimed in claim 8 wherein the step of encrypting further comprises the steps of:
    - reducing said encryption key into a portable split and a home host split;
      
      storing said portable split in said portable device; and
      
      storing said home host split in said home host.
  - 11. A method as claimed in claim 8 wherein said step d) comprises the steps of:
    - selecting a random binary number; and
      
      exclusive ORing said random binary number with said encryption key and said user password.

12. A portable data encryption device comprising:
- a) first data storage area;
  
  b) an encryption device configured to perform encryption and decryption in response to an encryption key, to encrypt data for storage in said first data storage area, and to decrypt data stored in said first data storage area;
  
  c) a logical device in data communication with said encryption device, said logical device being configured to combine a password with said encryption key to form a password-modified encryption key; and
  
  d) a second data storage area in data communication with said logical device, said second data storage area being configured to store a first split of said password-modified encryption key.
- View Dependent Claims (13, 14)
- - 13. An encryption device as claimed in claim 12 wherein:
    - said encryption device additionally comprises a third data storage area in data communication with said encryption device, said third data storage area being configured as volatile memory;
      
      said first data storage area is configured as non-volatile memory; and
      
      said encryption device is configured to place decrypted data in said third data storage area.
  - 14. An encryption device as claimed in claim 12 wherein said logical device is further configured to reduce said password-modified encryption key into said first split of said password-modified encryption key and a second split of said password-modified encryption key.

15. A system for providing portable encrypted data which are accessible by multiple hosts, wherein said system configures new hosts without requiring a secure link between hosts and said system comprises:
- a) a portable encryption device configured to encrypt, store, and decrypt data, wherein said data are encrypted and decrypted in response to an encryption key, and said portable encryption device is further configured to store a first split of a password-modified key; and
  
  b) a home host configured to engage in data communication with said portable encryption device, and to store a second split of said password-modified key.
- View Dependent Claims (16, 17, 18)
- - 16. A system as claimed in claim 15 wherein:
    - said portable data encryption device is further configured to additionally store a first split of said encryption key; and
      
      said home host is further configured to additionally store a second split of said encryption key.
  - 17. A system as claimed in claim 15 wherein said home host is configured as a telecommunications device.
  - 18. A system as claimed in claim 15 wherein said portable encryption device is further configured to reduce said password-modified key into said first split of said password-modified key and a second split of said password-modified key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Tugenberg, Steven R., Balogh, Craig R., Fossey, Craig R., Hardy, Douglas A.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/494,129
Time in Patent Office

669 Days
Field of Search

380/4, 380/21, 380/25
US Class Current

713/193
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 9/0827   involving distinctive inter...

H04L 9/0891   Revocation or update of sec...

Encryption method and system for portable data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption method and system for portable data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links