Method and apparatus for crytographically protecting data

US 5,835,595 A
Filed: 09/04/1996
Issued: 11/10/1998
Est. Priority Date: 09/04/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for transferring selected information T to a database, the method comprising the steps of:

storing a first certification information PrA(PuL) in a first database. the first certification information including a first public key PuL encrypted using a first private key PrA;

storing a character string X in the first database;

storing a second certification information in a second database, the second certification information including the character string X encrypted using a first secret key ρ

, and the encrypted character string ρ

(X) encrypted using the first private key PrA;

transferring the first certification information PrA(PuL) from the first database to a second database;

transferring the second certification information PrA(ρ

(X)) from the second database to the first database;

verifying at the first database that the character string X stored in the first database equals the character string X contained in the second certification information; and

enabling the transfer of the selected information T to the second database when the character string X stored in the first database equals the character string X contained in the second certification information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for transferring encrypted information to a database. First certification information is transferred from a first database to a second database. Second certification information is then transferred from the second database to the first database, where both the first certification information and the second certification information is authenticated. If both certifications are authenticated, the transfer of the encrypted information to the second database is enabled.

89 Citations

View as Search Results

53 Claims

1. A method for transferring selected information T to a database, the method comprising the steps of:
- storing a first certification information PrA(PuL) in a first database. the first certification information including a first public key PuL encrypted using a first private key PrA;
  
  storing a character string X in the first database;
  
  storing a second certification information in a second database, the second certification information including the character string X encrypted using a first secret key ρ
  
  , and the encrypted character string ρ
  
  (X) encrypted using the first private key PrA;
  
  transferring the first certification information PrA(PuL) from the first database to a second database;
  
  transferring the second certification information PrA(ρ
  
  (X)) from the second database to the first database;
  
  verifying at the first database that the character string X stored in the first database equals the character string X contained in the second certification information; and
  
  enabling the transfer of the selected information T to the second database when the character string X stored in the first database equals the character string X contained in the second certification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, further comprising the steps of:
    - encrypting a second secret key λ
      
      _T using a third secret key λ
      
      ;
      
      storing a second public key PuA, the encrypted second secret key λ
      
      (λ
      
      _T), the second secret key λ and
      
      a second private key PrL in the first database; and
      
      storing the first secret key ρ and
      
      the second public key PuA in the second database.
  - 3. The method according to claim 2, wherein the step of transferring the second certification information PrA(ρ
    - (X)) from the second database to the first database includes the steps of;
      
      decrypting the first certification information PrA(PuL) at the second database using the second public key PuA stored in the second database;
      
      encrypting the first secret key ρ
      
      at the second database using the first public key PuL decrypted at the second database;
      
      encrypting the second certification information PrA(ρ
      
      (X)) at the second database using the first public key PuL decrypted at the second database; and
      
      transferring the encrypted first secret key PuL(ρ
      
      ) and the encrypted second certification information PuL(PrA(ρ
      
      (X)) from the second database to the first database.
  - 4. The method according to claim 3, wherein the step of verifying at the first database that the character string X stored in the first database equals the character string X contained in the second certification information includes the steps of:
    - decrypting the encrypted first secret key PuL(ρ
      
      ) at the first database using the second private key PrL stored in the first database;
      
      decrypting the encrypted second certification information at the first database using the second private key PrL stored in the first database and the first secret key p decrypted at the first database; and
      
      verifying that the character string X stored in the first database equals the character string X contained in the second certification information decrypted at the first database.
  - 5. The method according to claim 4, wherein the step of enabling the transfer of the selected information T to the second database includes the steps of:
    - encrypting the second secret key λ
      
      _T using the first secret key ρ
      
      decrypted at the first database when the character string X stored in the first data base equals the character string X contained in the second certification information;
      
      transferring the encrypted second secret key ρ
      
      (λ
      
      _T) to the first database;
      
      enabling the transfer of the selected information T to the second database when the character string X stored in the first database equals the character string X contained in the second certification information, the transferred selected information T being encrypted using the second secret key λ
      
      _T ; and
      
      receiving the encrypted selected information λ
      
      _T (T) at the second database.
  - 6. The method according to claim 5, further comprising the steps of:
    - storing the encrypted second secret key ρ
      
      (λ
      
      _T) encrypted at the first database in the second database;
      
      storing the encrypted selected information T in the second database;
      
      decrypting the second secret key λ
      
      _T at the second database using the first secret key ρ
      
      ; and
      
      decrypting the encrypted selected information λ
      
      _T (T) at the second database using the second secret key λ
      
      _T decrypted at the second database.
  - 7. The method according to claim 6, further comprising the step of encrypting the selected information T using the second secret key λ
    - _T.
  - 8. The method according to claim 7, wherein the encrypted selected information T is stored in a third database.
  - 9. The method according to claim 8, wherein the first and third databases are the same.
  - 10. The method according to claim 7, wherein the first database is associated with a certification module, and the second database is associated with a personality module.
  - 11. The method according to claim 10, wherein the transferred selected information T is one of audio digital data, video digital data and textual digital data.
  - 12. The method according to claim 6, wherein the second database further includes an identification information ID, andwherein the step of decrypting the encrypted information λ
    - _T (T) includes the step of inserting the identification information ID into the decrypted information.
  - 13. The method according to claim 5, further comprising the step of recording each occurrence of transferring from the first database to the second database the second secret key ρ
    - (λ
      
      _T) encrypted at the first database.
  - 14. The method according to claim 13, further comprising the step of comparing a number of recorded occurrences to a predetermined number.

15. A system comprising:
- a certification module having an associated first database storing a first certification information PrA(PuL), a first public key PuA, an encrypted first secret key λ
  
  (λ
  
  _T), a second secret key λ
  
  , a first private key PrL and a character string X, the first certification information being formed by encrypting a second public key PuL using a second private key PrA, and the encrypted first secret key λ
  
  _T being encrypted using the second secret key λ
  
  ; and
  
  a personality module having an associated second database storing a third secret key ρ
  
  , the first public key PuA and second certification information PrA(ρ
  
  X), the second certification information PrA(ρ
  
  (X)) being formed from the character string X being encrypted by the third secret key ρ and
  
  the encrypted character string ρ
  
  (X) being further encrypted by the second private key PrA,the personality module receiving the first certification information from the certification module, decrypting the first certification information using the first public key PuA stored in the personality module to obtain the second public key PuL, encrypting the third secret key ρ
  
  using the decrypted second public key PuL, encrypting the second certification information PrA(ρ
  
  (X)) using the decrypted second public key PuL and transferring the encrypted third secret key PuL(ρ
  
  ) and the encrypted second certification information PuL(PrA(ρ
  
  (X))) to the certification module, andthe certification module decrypting the encrypted third secret key PuL(ρ
  
  ) using the first private key PrL, decrypting the encrypted second certification information PuL(PrA(ρ
  
  (X))) using the first private key PrL, further decrypting the second certification information using the first public key PuA to obtain the character string X contained in the second certification information, and enabling transmission of selected information T to the personality module when the character string X stored in the first database equals the character string X contained in the second certification information.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The system according to claim 15, wherein the selected information T is one of audio, visual and textual information.
  - 17. The system according to claim 16, wherein the selected information T is digital information.
  - 18. The system according to claim 17, wherein the selected information T is encrypted using the first secret key λ
    - _T, andwherein, when the character string X contained in the second certification information equals the character string X stored in the first database, the certification module encrypts the first secret key λ
      
      _T using the third secret key ρ
      
      decrypted by the certification module, and transfers the encrypted first secret key ρ
      
      (λ
      
      _T) and the encrypted selected information λ
      
      _T (T) to the personality module.
  - 19. The system according to claim 18, wherein the personality module receives the encrypted first secret key ρ
    - (λ
      
      _T) and the encrypted selected information λ
      
      _T (T), decrypts the first secret key λ
      
      _T using the third secret key ρ
      
      stored in the second database; and
      
      decrypts the encrypted selected information λ
      
      _T (T) using the first secret key λ
      
      _T decrypted by the personality module.
  - 20. The system according to claim 19, wherein the selected information T is stored in a third database.
  - 21. The system according to claim 20, wherein the first and third databases are the same.
  - 22. The system according to claim 20, wherein the second database further stores identification information ID, andwherein the personality module inserts the identification information ID into the decrypted selected information T.
  - 23. The system according to claim 22, wherein the certification module further includes a memory recording each occurrence of enabling the selected information T to be transferred to the personality module.

24. A personality module comprising:
- a database storing a first secret key ρ
  
  , a first public key PuA and first certification information PrA(ρ
  
  (X)), the first certification information PrA(ρ
  
  (X)) being formed by encrypting a character string X using the first secret key ρ
  
  , and by encrypting the encrypted character string ρ
  
  (X) using a first private key PrA; and
  
  a transceiver receiving a second public key PuL encrypted using the first private key PrA.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The personality module according to claim 24, wherein the personality module decrypts the encrypted second public key PrA(PuL) using the first public key PuA stored in the database, encrypts the first secret key ρ
    - using the second public key PuL decrypted by the personality module, and encrypts the first certification information PrA(ρ
      
      (X) using the second public key PuL decrypted by the personality module; and
      
      wherein the transceiver transmits the encrypted first secret key PuL(ρ
      
      ) and the encrypted first certification information PuL(PrA(ρ
      
      (X))) for verification.
  - 26. The personality module according to claim 25, wherein the transceiver receives selected information T when the transmitted encrypted first certification information is verified.
  - 27. The personality module according to claim 26, wherein the selected information T is one of audio, visual and textual information.
  - 28. The personality module according to claim 27, wherein the selected information T is digital information.
  - 29. The personality module according to claim 27, wherein the selected information T is encrypted with a second secret key λ
    - _T, andwherein, when the first certification information is verified, the transceiver receives the second secret key λ
      
      _T encrypted using the first secret key ρ
      
      .
  - 30. The personality module according to claim 29, wherein the transceiver receives the encrypted selected information λ
    - _T (T), andwherein the database decrypts the second secret key λ
      
      _T using the first secret key ρ
      
      stored in the database, and decrypts the encrypted selected information λ
      
      _T (T) using the second secret key λ
      
      _T decrypted by the personality module.
  - 31. The personality module according to claim 30, wherein the database further stores identification information ID, andwherein the personality module inserts the identification information ID into the decrypted selected information T.

32. A certification module comprising:
- a database storing an encrypted first public key PrA(PuL), a second public key PuA, an encrypted first secret key λ
  
  (λ
  
  _T), a second secret key λ
  
  , a first private key PrL and a character string X, the first public key PuL being encrypted using a second private key PrA, and the first secret key λ
  
  _T being encrypted using the second secret key λ
  
  ; and
  
  a transceiver transmitting the encrypted first public key PrA(PuL) and receiving encrypted certification information PuL(PrA(ρ
  
  (X))) encrypted using the first public key PuL and a third secret key ρ
  
  encrypted by the first public key PuL, the encrypted certification information including the character string X,the certification module decrypting the encrypted certification information PuL(PrA(ρ
  
  (X))) using the first private key PrL, decrypting the encrypted third secret key PuL(ρ
  
  ) to obtain the third secret key ρ
  
  , decrypting the encrypted certification information using the second public key PuA, decrypting the character string X contained in the encrypted certification information using the third secret key ρ and
  
  enabling transmission of selected information T when the character string X contained in the encrypted certification information equals the character string X stored in the database.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The certification module according to claim 32, wherein the selected information T is one of audio, visual and textual information.
  - 34. The certification module according to claim 33, wherein the selected information T is digital information.
  - 35. The certification module according to claim 34, whereinwhen the character string X contained in the encrypted certification information equals the character string X stored in the database, the certification module encrypts the first secret key λ
    - _T using the third secret key ρ
      
      decrypted by the certification module, and the encrypted first secret key ρ
      
      (λ
      
      _T) is transmitted by the transceiver.
  - 36. The certification module according to claim 35, wherein the selected information T is stored in another database, the another database being different from the database of the certification module.
  - 37. The certification module according to claim 35, wherein the selected information T is stored in the database.
  - 38. The certification module according to claim 35, further comprising a memory recording each occurrence of enabling the selected information T to be transferred.

39. A method for transferring selected information T to a database, the method comprising the steps of:
- storing the first secret key ρ
  
  , a first public key PuA and the first certification information PrA(ρ
  
  (X)) in a first database, the certification information including a character string X encrypted using a first secret key ρ and
  
  further encrypted using a first private key PrA; and
  
  receiving from a second database a second public key PuL encrypted using the first private key PrA.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
- - 40. The method according to claim 39, further comprising the steps of:
    - decrypting the encrypted second public key PrA(PuL) at the first database using the first public key PuA stored in the first database;
      
      encrypting the first secret key ρ
      
      at the first database using the second public key PuL decrypted at the first database;
      
      encrypting the certification information PrA(ρ
      
      (X)) at the first database using the second public key PuL decrypted at the first database; and
      
      transmitting the encrypted first secret key PuL(ρ
      
      ) and the encrypted certification information PuL(PrA(ρ
      
      (X))) to the second database for verification.
  - 41. The method according to claim 40, further comprising the step of receiving selected information T at the first database when the transmitted encrypted certification information is verified.
  - 42. The method according to claim 41, wherein the selected information T is one of audio, visual and textual information.
  - 43. The method according to claim 40, wherein the selected information T is digital information.
  - 44. The method according to claim 40, the method further comprising the step of receiving the second secret key λ
    - _T encrypted using the first secret key ρ
      
      when the first certification information is verified.
  - 45. The method according to claim 44, wherein the selected information T is encrypted with a second secret key λ
    - _T,the method further comprising the steps of;
      
      receiving the encrypted selected information λ
      
      _T (T) at the first database;
      
      decrypting the second secret key λ
      
      _T at the first database using the first secret key ρ
      
      stored in the first database; and
      
      decrypting the encrypted selected information λ
      
      _T (T) at the first database using the second secret key λ
      
      _T decrypted at the first database.
  - 46. The method according to claim 45, further comprising the steps of:
    - storing identification information ID at the first database; and
      
      inserting the identification information ID into the decrypted selected information T at the first database.

47. A method for transferring selected information T to a database, the method comprising the steps of:
- storing an encrypted first public key PrA(PuL), a second public key PuA, an encrypted first secret key λ
  
  (λ
  
  _T), a second secret key λ
  
  , a first private key PrL and a character string X at a first database, the first public key PuL being encrypted by a second private key PrA, and the first secret key λ
  
  _T being encrypted using the second secret key λ
  
  ;
  
  transmitting the encrypted first public key PrA(PuL) to a second database;
  
  receiving an encrypted certification information PuL(PrA(ρ
  
  (X))) and a third secret key ρ
  
  encrypted by the first public key PuL from the second database at the first database, the encrypted certification information including the character string X encrypted using the third secret key ρ
  
  , the encrypted character string ρ
  
  (X) being encrypted using the first public key PuL and the encrypted character string PuL(ρ
  
  (X)) being encrypted by the first public key PuL;
  
  decrypting the encrypted third secret key PuL(ρ
  
  ) at the first database using the first private key PrL to obtain the third secret key ρ
  
  ;
  
  decrypting the encrypted certification information PuL(PrA(ρ
  
  (X))) at the first database using the first private key PrL;
  
  decrypting the encrypted certification information using the second public key PuA;
  
  decrypting the character string X contained in the encrypted certification information using the third secret key ρ
  
  ; and
  
  enabling transmission of selected information T when the character string X contained in the encrypted certification information equals the character string X stored in the first database.
- View Dependent Claims (48, 49, 50, 51, 52, 53)
- - 48. The method according to claim 47, wherein the selected information T is one of audio, visual and textual information.
  - 49. The method according to claim 48, wherein the selected information T is digital information.
  - 50. The method according to claim 48, the method further comprising the steps of:
    - encrypting the first secret key λ
      
      _T using the third secret key ρ
      
      decrypted at the first database when the character string X contained in the encrypted certification information equals the character string X stored in the first database; and
      
      transmitting the encrypted first secret key ρ
      
      (λ
      
      _T) to the second database.
  - 51. The method according to claim 50, wherein the selected information T is stored in a third database, the third database being different from the first database.
  - 52. The method according to claim 50, wherein the selected information T is stored in the first database.
  - 53. The method according to claim 50, further comprising step of recording each occurrence of enabling the selected information T to be transferred.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fraser Research Incorporated
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Odlyzko, A. M., Keshav, Srinivasan, Fraser, Alexander Gibson
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/707,691
Time in Patent Office

797 Days
Field of Search

380/21, 380/23, 380/25, 380/29, 380/30
US Class Current

713/169
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/445   by mutual authentication, e...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2107   File encryption

G11B 20/00086   Circuits for prevention of ...

Method and apparatus for crytographically protecting data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

53 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for crytographically protecting data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

53 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others