Electronic cryptographic packing
First Claim
1. A method of providing wrapped digital data that is unusable while wrapped, the method comprising:
- providing first digital data to be wrapped;
providing second digital data comprising data representing conditions of use of the first digital data;
determining an acceptance phrase to indicate acceptance of the conditions;
deriving a wrapping key from at least digital data representing the acceptance phrase and from the second digital data; and
wrapping the first digital data using the wrapping key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of unwrapping wrapped digital data that is unusable while wrapped, includes obtaining an acceptance phrase from a user; deriving a cryptographic key from the acceptance phrase; and unwrapping the package of digital data using the derived cryptographic key. The acceptance phrase is a phrase entered by a user in response to information provided to the user. The information and the acceptance phrase can be in any appropriate language. The digital data includes, alone or in combination, any of: software, a cryptographic key, an identifying certificate, an authorizing certificate, a data element or field of an identifying or authorizing certificate, a data file representing an images, data representing text, numbers, audio, and video.
292 Citations
42 Claims
-
1. A method of providing wrapped digital data that is unusable while wrapped, the method comprising:
-
providing first digital data to be wrapped; providing second digital data comprising data representing conditions of use of the first digital data; determining an acceptance phrase to indicate acceptance of the conditions; deriving a wrapping key from at least digital data representing the acceptance phrase and from the second digital data; and wrapping the first digital data using the wrapping key. - View Dependent Claims (2, 3, 4, 5, 11, 14, 32, 33, 34, 36, 37)
-
-
6. A method of unwrapping wrapped digital data such that the wrapped data is unusable while wrapped and such that the wrapped data must be unwrapped by a key formed from a particular acceptance phrase, the method comprising:
-
obtaining second digital data comprising conditions of use of the wrapped digital data; obtaining the particular acceptance phrase, the phrase indicating acceptance of the conditions; generating a key from at least the digital data representing the acceptance phrase and the second digital data; and unwrapping the wrapped digital data using the key. - View Dependent Claims (7, 8, 9, 10, 12, 13, 15, 35, 38, 39, 40)
-
-
16. A method of providing digital data representing a digital identification certificate in a public key infrastructure wherein a certification authority issues identification certificates to subscribers, the method comprising:
-
providing first digital data representing a subscriber public cryptographic key for a subscriber; providing second digital data comprising conditions of use of the subscriber public cryptographic key; determining an acceptance phrase to indicate acceptance of the conditions; determining a wrapping key value based on at least the digital data representing the particular acceptance phrase and on the second digital data; encrypting the digital data representing the subscriber public key using the wrapping key; and providing the digital data representing the encrypted subscriber public key in the certificate. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method of verifying a digital signature in a public key infrastructure wherein a certification authority (CA) issues an identification certificate to a subscriber, the certificate including a version of the subscriber'"'"'s public key encrypted with a wrap key formed using at least digital data representing conditions of the CA and digital data representing a particular assent phrase, the method of a relying party comprising:
-
verifying the CA'"'"'s digital signature on the certificate; obtaining digital data representing the conditions of the CA; inputting an acceptance phrase indicating acceptance of the conditions; determining an unwrap cryptographic key from a first function of the digital data representing the conditions and from a second function of digital data representing the acceptance phrase; decrypting the encrypted subscriber'"'"'s public key using the unwrap cryptographic key; and verifying the digital signature using the subscriber'"'"'s public key. - View Dependent Claims (23, 24, 25)
-
-
26. A method of providing a digital identification certificate in a public key infrastructure wherein a certification authority (CA) issues the identification certificate to a subscriber, the method comprising:
-
determining a wrapping key value based on at least digital data representing a particular acceptance phrase and digital data representing conditions of the CA; hashing the content of the certificate; encrypting the hashed content of the certificate using the wrapping key value to form a wrapped hashed content value; digitally signing the wrapped hashed content value using a private key of the CA to form a signature; and appending the signature to the certificate.
-
-
27. A method of verifying a digital signature in a public key infrastructure wherein a certification authority (CA) issues an identification certificate to a subscriber, an encrypted hash of the certificate being digitally signed by the CA, the hash being encrypted with a wrap key formed from conditions of the CA and digital data representing a particular assent phrase, the method by a relying party comprising:
-
obtaining digital data representing the conditions of the CA; inputting an acceptance phrase in response to said obtaining; determining an wrapping cryptographic key value from at least a hash of digital data representing the digital data representing the conditions and a hash of the digital data representing the acceptance phrase; wrapping a hash of the content of the certificate using the wrapping key value to form a wrapped hashed content value; verifying the CA'"'"'s digital signature using the wrapped hashed content and a public key of the CA.
-
-
28. A method of forming a digital signature on a digital message in a public key infrastructure wherein a certification authority (CA) issues a certificate to a subscriber, the method comprising:
-
obtaining digital data representing conditions to be accepted by a relying party; determining an acceptance phrase; hashing the digital message; encrypting the hashed digital message using a cryptographic key value formed from at least a hash of the digital data representing the conditions to be accepted and a hash of the digital data representing the acceptance phrase; forming a subscriber signature for the message by digitally signing the encrypted hashed digital message using a private cryptographic key of the subscriber; and appending the subscriber signature to the message. - View Dependent Claims (29)
-
-
30. A method of verifying a digital signature on a digital message in a public key infrastructure wherein a certification authority (CA) issues a certificate to a subscriber, the method by a relying party comprising:
-
obtaining digital data representing the identity certificate issued to the subscriber by the CA, the certificate including digital data representing the subscriber'"'"'s public key; obtaining digital data representing conditions of the issuing CA; inputting an acceptance phrase; hashing the digital message; encrypting the hashed digital message using a cryptographic key value formed from at least a hash of the digital data representing the conditions and a hash of digital data representing the acceptance phrase; and verifying the subscriber'"'"'s signature using the encrypted hash of the digital message.
-
-
31. A method of verifying a digital signature on a digital message in a public key infrastructure wherein a certification authority (CA) issues a certificate to a subscriber, said digital signature having been created using a reversible digital signature algorithm, the method by a relying party comprising:
-
obtaining digital data representing the identity certificate issued to the subscriber by the CA, the certificate including digital data representing the subscriber'"'"'s public key; obtaining digital data representing conditions of the issuing CA; inputting an acceptance phrase; hashing the digital message; verifying the subscriber'"'"'s signature by using the subscriber'"'"'s public key to reverse the signing process and recover encrypted hash of the digital message; decrypting the encrypted hash of the digital message recovered from the subscriber'"'"'s signature using a cryptographic key value formed from at least a hash of the digital data representing the conditions and a hash of digital data representing the acceptance phrase; comparing the decrypted hash of the digital message with the hash of the digital message; and accepting the digital message as valid only if the two hash values are identical.
-
-
41. A method of providing digital data representing a digital identification certificate in a public key infrastructure wherein a certification authority (CA) issues identification certificates to subscribers, the method comprising:
-
providing first digital data representing a subscriber public cryptographic key for a subscriber; providing second digital data comprising conditions of use of the subscriber public cryptographic key; determining an acceptance phrase to indicate acceptance of the conditions; determining a wrapping key value based on at least the digital data representing the particular acceptance phrase and on the second digital data; encrypting the digital data representing the subscriber public key using the wrapping key; inserting the digital data representing the encrypted subscriber public key into a first certificate; forming a digital signature using the first certificate and a private key of the CA; inserting the digital data representing the subscriber public key into a second certificate; and appending the digital signature to the second certificate and providing the second certificate as a digital identification certificate.
-
-
42. A method of verifying a digital signature in a public key infrastructure wherein a certification authority (CA) issues an identification certificate to a subscriber, the certificate including the subscriber'"'"'s public key and having a digital signature formed from a different version of the identification certificate, the different version including an encrypted version of the subscriber'"'"'s public key, the method of a relying party comprising:
-
forming the different version of the certificate; and verifying the CA'"'"'s digital signature on the different version of the certificate, wherein the forming the different version comprises; obtaining digital data representing the conditions of the CA; inputting an acceptance phrase indicating acceptance of the conditions; determining a cryptographic key from a first function of the digital data representing the conditions and from a second function of digital data representing the acceptance phrase; encrypting the encrypted subscriber'"'"'s public key using the wrap cryptographic key; and replacing the subscriber'"'"'s public key in the certificate with the encrypted subscriber'"'"'s public key.
-
Specification