Method and system for digital information protection

US 5,701,343 A
Filed: 11/29/1995
Issued: 12/23/1997
Est. Priority Date: 12/01/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A method for digital information protection in a system in which a user makes an access to a digital information provided by an information center, by connecting a computer card owned by the user to an information terminal device connected with the information center, the method comprising the steps of:

(a) carrying out a mutual authentication between the computer card and the information terminal device;

(b) carrying out a user authentication by the computer card through the information terminal device;

(c) sending an information request specifying the desired digital information of the user from the information terminal device to the information center by signing and encrypting an information identifier for identifying the desired digital information;

(d) sending the work key for encrypting the desired digital information from the information center to the computer card by a cipher communication using a public key cryptosystem;

(e) obtaining and registering the work key sent from the information center at the computer card, and sending a work key receipt signature from the computer card to the information center;

(f) receiving a work key request message containing a random number from the information terminal device at the computer card, encrypting the work key according to the random number, and sending an encrypted work key from the computer card to the information terminal device;

(g) encrypting the desired digital information specified by the information request by using the work key at the information center, and sending the encrypted digital information from the information center to the information terminal device;

(h) receiving and decrypting the encrypted work key sent from the computer card so as to obtain the work key at the information terminal device, receiving and decrypting the encrypted digital information sent from the information center by using the work key, and providing the decrypted digital information to the user at the information terminal device; and

(i) sending an encrypted information receipt signature from the information terminal device to the information center, and recording the information request, the work key receipt signature, and the encrypted information receipt signature as a ground for charging at the information center.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital information protection scheme using an improved security protocol. In a system in which a user makes an access to a digital information provided by an information center by connecting a computer card owned by the user to an information terminal device connected with the information center, a work key for encrypting a desired digital information is delivered from the information center to the computer card through the information terminal device, and the work key is registered in the computer card; the desired digital information encrypted by the work key is delivered from the information center to the information terminal device; and an encrypted digital information delivered from the information center is decrypted at the information terminal device by using the work key registered in the computer card, and a decrypted digital information is provided to the user at the information terminal device.

143 Citations

35 Claims

1. A method for digital information protection in a system in which a user makes an access to a digital information provided by an information center, by connecting a computer card owned by the user to an information terminal device connected with the information center, the method comprising the steps of:
- (a) carrying out a mutual authentication between the computer card and the information terminal device;
  
  (b) carrying out a user authentication by the computer card through the information terminal device;
  
  (c) sending an information request specifying the desired digital information of the user from the information terminal device to the information center by signing and encrypting an information identifier for identifying the desired digital information;
  
  (d) sending the work key for encrypting the desired digital information from the information center to the computer card by a cipher communication using a public key cryptosystem;
  
  (e) obtaining and registering the work key sent from the information center at the computer card, and sending a work key receipt signature from the computer card to the information center;
  
  (f) receiving a work key request message containing a random number from the information terminal device at the computer card, encrypting the work key according to the random number, and sending an encrypted work key from the computer card to the information terminal device;
  
  (g) encrypting the desired digital information specified by the information request by using the work key at the information center, and sending the encrypted digital information from the information center to the information terminal device;
  
  (h) receiving and decrypting the encrypted work key sent from the computer card so as to obtain the work key at the information terminal device, receiving and decrypting the encrypted digital information sent from the information center by using the work key, and providing the decrypted digital information to the user at the information terminal device; and
  
  (i) sending an encrypted information receipt signature from the information terminal device to the information center, and recording the information request, the work key receipt signature, and the encrypted information receipt signature as a ground for charging at the information center.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein at the step (a), the mutual authentication between the computer card and the information terminal device is realized by sending a random number generated by the information terminal device to the computer card, signing and encrypting the random number at the computer card and returning a signed and encrypted random number to the information terminal device, and checking whether the signed and encrypted random number is consistent with the random number at the information terminal device.
  - 3. The method of claim 1, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in the computer card, checking whether a user input entered at the information terminal device coincides with the prescribed password at the computer card, executing an error processing when an erroneous user input is repeated for a prescribed number of times, and invalidating the computer card when the error processing is repeated for a predetermined number of times.
  - 4. The method of claim 1, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in an encrypted state in the computer card, and checking whether a user input entered at the information terminal device coincides with the prescribed password in a decrypted state at the computer card, or checking whether a user input entered and encrypted at the information terminal device coincides with the prescribed password in the encrypted state at the computer card.
  - 5. The method of claim 1, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in the computer card, sending a user input entered at the information terminal device to the computer card by a cipher communication, checking whether the user input coincides with the prescribed password at the computer card, adjusting a parity of a random number generated according to whether the user input coincides with the prescribed password at the computer card, and sending the random number to the information terminal device by a cipher communication.
  - 6. The method of claim 1, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in the computer card, sending a first value indicating a sum or an exclusive OR of a user input entered at the information terminal device and a random number generated at the information terminal device to the computer card by a cipher communication, sending a second value indicating a difference or an exclusive OR of of the first value and the prescribed password at the computer card to the information terminal device, and checking whether the second value coincides with the random number at the information terminal device.
  - 7. The method of claim 1, wherein at the step (c), the information terminal device sends the information identifier, a public key of the information center, and a certificate for the public key of the information center to the computer card, the computer card signs and encrypts the information identifier by using a secret key of the computer card and the public key of the information center and returns a signed and encrypted information identifier to the information terminal device, and the information terminal device sends the signed and encrypted information identifier along with a public key of the computer card and a certificate for the public key of the computer card to the information center, so as to prevent an improper access to the information center.
  - 8. The method of claim 1, wherein at the steps (d) and (e), the information center generates the work key, encrypts the work key by a public key of the computer card, and sends a generated and encrypted work key along with a signature of the information center to the computer card via the information terminal device, and the computer card verifies whether the signature of the information center is correct or not, obtains the work key from the generated and encrypted work key, sends the work key receipt signature to the information center via the information terminal device, and registers the work key along with the information identifier.
  - 9. The method of claim 1, wherein at the step (f), the information terminal device sends the work key request message containing the random number to the computer card, after the work key receipt signature is sent from the computer card to the information center via the information terminal device.
  - 10. The method of claim 1, wherein at the step (f), the computer card concatenates and encrypts the work key and the random number by using a public key of the information terminal device, and sends concatenated and encrypted work key and random number to the information terminal device, and at the step (h), the information terminal device decrypts the concatenated and encrypted work key and random number, checks whether a decrypted random number coincides with the random number contained in the work key request message, and decrypts the encrypted digital information sent from the information center by using a decrypted work key.

11. A method for digital information protection in a system in which a user makes an access to a digital information provided by an information center, by connecting a computer card owned by the user to an information terminal device connected with the information center, the method comprising the steps of:
- (a) carrying out a mutual authentication between the computer card and the information terminal device;
  
  (b) carrying out a user authentication by the computer card through the information terminal device;
  
  (c) sending an information request specifying the desired digital information of the user from the information terminal device to the information center by signing and encrypting an information identifier for identifying the desired digital information;
  
  (d) encrypting the desired digital information specified by the information request by using the work key at the information center, and sending the encrypted digital information from the information center to the information terminal device and the computer card;
  
  (e) receiving and storing the encrypted digital information sent from the information center at the information terminal device, and sending an information receipt signature from the computer card to the information center via the information terminal device;
  
  (f) delivering the work key for encrypting the desired digital information from the information center to the computer card, and obtaining and registering the work key sent from the information center at the computer card, while returning a delivery certificate from the computer card to the information center;
  
  (g) receiving a work key request message containing a random number from the information terminal device at the computer card, encrypting the work key according to the random number, and sending an encrypted work key from the computer card to the information terminal device;
  
  (h) receiving and decrypting the encrypted work key sent from the computer card so as to obtain the work key at the information terminal device, decrypting the encrypted digital information stored in the information terminal device by using the work key, and providing the decrypted digital information to the user at the information terminal device; and
  
  (i) sending an encrypted information receipt signature from the information terminal device to the information center, and recording the information request, the encrypted information receipt signature, and the delivery certificate as a ground for charging at the information center.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 12. The method of claim 11, wherein at the step (a), the mutual authentication between the computer card and the information terminal device is realized by sending a random number generated by the information terminal device to the computer card, signing and encrypting the random number at the computer card and returning a signed and encrypted random number to the information terminal device, and checking whether the signed and encrypted random number is consistent with the random number at the information terminal device.
  - 13. The method of claim 11, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in the computer card, checking whether a user input entered at the information terminal device coincides with the prescribed password at the computer card, executing an error processing when an erroneous user input is repeated for a prescribed number of times, and invalidating the computer card when the error processing is repeated for a predetermined number of times.
  - 14. The method of claim 11, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in an encrypted state in the computer card, and checking whether a user input entered at the information terminal device coincides with the prescribed password in a decrypted state at the computer card, or checking whether a user input entered and encrypted at the information terminal device coincides with the prescribed password in the encrypted state at the computer card.
  - 15. The method of claim 11, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in the computer card, sending a user input entered at the information terminal device to the computer card by a cipher communication, checking whether the user input coincides with the prescribed password at the computer card, adjusting a parity of a random number generated according to whether the user input coincides with the prescribed password at the computer card, and sending the random number to the information terminal device by a cipher communication.
  - 16. The method of claim 11, wherein at the step (b), the user authentication by the computer card is realized by storing a prescribed password in the computer card, sending a first value indicating a sum or an exclusive OR of a user input entered at the information terminal device and a random number generated at the information terminal device to the computer card by a cipher communication, sending a second value indicating a difference or an exclusive OR of of the first value and the prescribed password at the computer card to the information terminal device, and checking whether the second value coincides with the random number at the information terminal device.
  - 17. The method of claim 11, wherein at the step (c), the information terminal device sends the information identifier, a public key of the information center, and a certificate for the public key of the information center to the computer card, the computer card signs and encrypts the information identifier by using a secret key of the computer card and the public key of the information center and returns a signed and encrypted information identifier to the information terminal device, and the information terminal device sends the signed and encrypted information identifier alone with a public key of the computer card and a certificate for the public key of the computer card to the information center, so as to prevent an improper access to the information center.
  - 18. The method of claim 11, wherein at the step (c), the information terminal device sends the information identifier, a public key of the information center, and a certificate for the public key of the information center to the computer card, the computer card signs the information identifier and encrypts a signed information identifier by using a secret key of the computer card and the public key of the information center and returns a signed and encrypted information identifier to the information terminal device, the information terminal device sends the signed and encrypted information identifier along with a public key of the computer card and a certificate for the public key of the computer card to the information center, and the information center decrypts the signed and encrypted information identifier to obtain the signed information identifier and utilizes the signed information identifier in delivering the work key and obtaining the delivery certificate at the step (f).
  - 19. The method of claim 11, wherein at the steps (d) and (e), the information center generates the work key, encrypts the desired digital information by the work key, and sends the encrypted digital information along with a signature in which the encrypted digital information is compressed and signed to the information terminal device, the information terminal device stores the encrypted digital information while the computer card verifies whether the signature is correct or not, and registers the information identifier along with an identifier for the information terminal device.
  - 20. The method of claim 11, wherein at the step (e), the computer card signs a compressed and encrypted digital information to obtain the encrypted information receipt signature, and sends the encrypted information receipt signature to the information center, and the information center verifies the encrypted information receipt signature to confirm that the encrypted digital information has been correctly stored in the information terminal device and the information identifier for the encrypted digital information has been registered in the computer card.
  - 21. The method of claim 11, wherein at the step (f), the delivery certificate certifies that the work key has been correctly delivered from the information center to the computer card.
  - 22. The method of claim 11, wherein at the step (g), the computer card concatenates and encrypts the work key and the random number by using a public key of the information terminal device, and sends concatenated and encrypted work key and random number to the information terminal device, and at the step (h), the information terminal device decrypts the concatenated and encrypted work key and random number, checks whether a decrypted random number coincides with the random number contained in the work key request message, and decrypts the encrypted digital information stored in the information terminal device by using a decrypted work key.
  - 23. The method of claim 11, further comprising the step of:
    - transferring another encrypted digital information stored in another information terminal device to the information terminal device; and
      
      storing said another encrypted digital information transferred at the transferring step in the information terminal device such that said another encrypted digital information can be utilized at the information terminal device by carrying out the steps (f) to (i) with respect to said another encrypted digital information.
  - 24. The method of claim 11, further comprising the step of:
    - transferring another encrypted digital information stored in another information terminal device to the information terminal device; and
      
      carrying out the steps (f) to (i) with respect to said another encrypted digital information transferred at the transferring step.

25. A method for digital information protection in a system in which a user makes an access to a digital information provided by an information center, by connecting a computer card owned by the user to an information terminal device connected with the information center, the method comprising the steps of:
- delivering a work key for encrypting a desired digital information from the information center to the computer card through the information terminal device, and registering the work key in the computer card;
  
  delivering the desired digital information encrypted by the work key from the information center to the information terminal device; and
  
  decrypting an encrypted digital information delivered from the information center at the information terminal device by using the work key registered in the computer card, and providing a decrypted digital information to the user at the information terminal device.
- View Dependent Claims (26, 27)
- - 26. The method of claim 25, further comprising the steps of:
    - sending an information request specifying the desired digital information of the user from the information terminal device to the information center;
      
      sending a work key receipt signature from the computer card to the information center in response to a delivery of the work key;
      
      sending an encrypted information receipt signature from the information terminal device to the information center in response to a delivery of the encrypted digital information; and
      
      recording the information request, the work key receipt signature, and the encrypted information receipt signature as a ground for charging at the information center.
  - 27. The method of claim 25, further comprising the steps of:
    - sending an information request specifying the desired digital information of the user from the information terminal device to the information center;
      
      sending an encrypted information receipt signature from the information terminal device to the information center in response to a delivery of the encrypted digital information;
      
      returning a delivery certificate from the computer card to the information center in a course of a delivery of the work key; and
      
      recording the information request, the encrypted information receipt signature, and the delivery certificate as a ground for charging at the information center.

28. A digital information protection system, comprising:
- an information center for providing a digital information;
  
  an information terminal device connected with the information center; and
  
  a computer card owned by a user, such that the user makes an access to the digital information provided by the information center by connecting the computer card to the information terminal device;
  
  wherein the information center, the information terminal device, and the computer card are adapted to;
  
  deliver a work key for encrypting a desired digital information from the information center to the computer card through the information terminal device, and register the work key in the computer card;
  
  deliver the desired digital information encrypted by the work key from the information center to the information terminal device; and
  
  decrypt an encrypted digital information delivered from the information center at the information terminal device by using the work key registered in the computer card, and provide a decrypted digital information to the user at the information terminal device.
- View Dependent Claims (29, 30)
- - 29. The system of claim 28, wherein the information center, the information terminal device, and the computer card are further adapted to:
    - send an information request specifying the desired digital information of the user from the information terminal device to the information center;
      
      send a work key receipt signature from the computer card to the information center in response to a delivery of the work key;
      
      send an encrypted information receipt signature from the information terminal device to the information center in response to a delivery of the encrypted digital information; and
      
      record the information request, the work key receipt signature, and the encrypted information receipt signature as a ground for charging at the information center.
  - 30. The system of claim 28, wherein the information center, the information terminal device, and the computer card are further adapted to:
    - send an information request specifying the desired digital information of the user from the information terminal device to the information center;
      
      send an encrypted information receipt signature from the information terminal device to the information center in response to a delivery of the encrypted digital information;
      
      return a delivery certificate from the computer card to the information center in a course of a delivery of the work key; and
      
      record the information request, the encrypted information receipt signature, and the delivery certificate as a ground for charging at the information center.

31. An information center for a digital information protection system in which a user makes an access to a digital information provided by the information center by connecting a computer card owned by the user to an information terminal device connected with the information center, wherein the information center, the information terminal device, and the computer card are adapted to:
- deliver a work key for encrypting a desired digital information from the information center to the computer card through the information terminal device, and register the work key in the computer card;
  
  deliver the desired digital information encrypted by the work key from the information center to the information terminal device; and
  
  decrypt an encrypted digital information delivered from the information center at the information terminal device by using the work key registered in the computer card, and provide a decrypted digital information to the user at the information terminal device;
  
  the information center comprising;
  
  information storage means for storing the digital information;
  
  communication control means for making a communication with the information terminal device;
  
  key generation means for generating the work key;
  
  encryption means for encrypting the digital information by using the work key;
  
  public key cryptosystem means for encrypting the work key in order to make a cipher communication of the work key; and
  
  signature conversion means for providing a signature of the information center.
- View Dependent Claims (32)
- - 32. The information center of claim 31, further comprisinginformation conversion means for delivering the work key to the computer card while receiving a delivery certificate from the computer card.

33. An information terminal device for a digital information protection system in which a user makes an access to a digital information provided by an information center by connecting a computer card owned by the user to the information terminal device connected with the information center, wherein the information center, the information terminal device, and the computer card are adapted to:
- deliver a work key for encrypting a desired digital information from the information center to the computer card through the information terminal device, and register the work key in the computer card;
  
  deliver the desired digital information encrypted by the work key from the information center to the information terminal device; and
  
  decrypt an encrypted digital information delivered from the information center at the information terminal device by using the work key registered in the computer card, and provide a decrypted digital information to the user at the information terminal device;
  
  the information terminal device comprising;
  
  first communication control means for making a communication with the information center;
  
  second communication control means for making a communication with the computer card;
  
  information storage means for storing the digital information;
  
  public cryptosystem means for encrypting the work key in order to make a cipher communication of the work key;
  
  signature conversion means for providing a signature of the information terminal device;
  
  random number generation means for generating a random number;
  
  matching means for matching the random number generated by the random number generation means with a random number received from the computer card;
  
  secret key storage means for storing a secret key of the information terminal device;
  
  decryption means for decrypting an encrypted work key and an encrypted digital information; and
  
  secrecy protection means for physically protecting a secrecy of the random number generation means, the matching means, the secret key storage means, and the decryption means.

34. A computer card for a digital information protection system in which a user makes an access to a digital information provided by an information center by connecting the computer card owned by the user to an information terminal device connected with the information center, wherein the information center, the information terminal device, and the computer card are adapted to:
- deliver a work key for encrypting a desired digital information from the information center to the computer card through the information terminal device, and register the work key in the computer card;
  
  deliver the desired digital information encrypted by the work key from the information center to the information terminal device; and
  
  decrypt an encrypted digital information delivered from the information center at the information terminal device by using the work key registered in the computer card, and provide a decrypted digital information to the user at the information terminal device;
  
  the computer card comprising;
  
  communication control means for making a communication with the information terminal device;
  
  public cryptosystem means for encrypting the work key in order to make a cipher communication of the work key;
  
  signature conversion means for providing a signature of the computer card; and
  
  work key storage means for storing the work key.
- View Dependent Claims (35)
- - 35. The computer card of claim 34, further comprisinginformation conversion means for receiving a delivery of the work key from the information center while returning a delivery certificate to the information center.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Telegraph and Telephone Corporation
Original Assignee
Nippon Telegraph and Telephone Corporation
Inventors
Ishii, Shinji, Takashima, Youichi, Yamanaka, Kiyoshi
Primary Examiner(s)
Cain, David C.

Application Number

US08/564,925
Time in Patent Office

755 Days
Field of Search

380/4, 380/21, 380/23, 380/24, 380/25
US Class Current

705/51
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

Method and system for digital information protection

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for digital information protection

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links