Method and system for the secure transmission and storage of protectable information

US 6,031,910 A
Filed: 07/10/1997
Issued: 02/29/2000
Est. Priority Date: 07/24/1996
Status: Expired due to Term

First Claim

Patent Images

1. A storage and information transmission system comprising:

a chip card to which an owner can be assigned;

a computer;

an authorizing terminal connected with said computer by means of which an authorization of an user can be effected;

a read/write device coupled to the computer and the chip card, wherein data is exchanged between the computer and the chip card; and

at least one storage medium coupled to said computer such that data can be exchanged between the computer and the storage medium,wherein said chip card includes a generator with which a new cryptographic key can be produced whenever the computer requires said new cryptographic key and the data in said at least one storage medium comprises encrypted data and an encryption of its cryptographic key generated by the chip card, the chip card generating and storing a second cryptographic key for encrypting the encrypted cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for the secure transmission and storage of protectable information, such as patient information, by means of a patient card. The data stored on the patient card are protected by cryptographic methods. The data is decrypted only with the same patient card if a doctor is authorized and the patient has given his agreement. All information which the patient card needs in order to decide whether the doctor is authorized, and the key for protecting the control data and the random key are held on the chip. The patient data can be freely transmitted to any storage medium. The chip controls both the access to the data and the encryption and decryption functions. Random keys, which are themselves stored encrypted together with the data, ensure that every data record remains separate from every other data record, and that only authorized persons can access it. Every patient card has its own record key. The system and method in accordance with the invention is not directed exclusively to patient data but can be applied to any protectable data to which right of access is to be restricted.

Citations

20 Claims

1. A storage and information transmission system comprising:
- a chip card to which an owner can be assigned;
  
  a computer;
  
  an authorizing terminal connected with said computer by means of which an authorization of an user can be effected;
  
  a read/write device coupled to the computer and the chip card, wherein data is exchanged between the computer and the chip card; and
  
  at least one storage medium coupled to said computer such that data can be exchanged between the computer and the storage medium,wherein said chip card includes a generator with which a new cryptographic key can be produced whenever the computer requires said new cryptographic key and the data in said at least one storage medium comprises encrypted data and an encryption of its cryptographic key generated by the chip card, the chip card generating and storing a second cryptographic key for encrypting the encrypted cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A storage and information transmission system in accordance with claim 1, further comprising:
    - an identification terminal connected to the computer, said identification terminal allows a confirmation of the owner of the chip card to be entered.
  - 3. A storage and information transmission system as in claim 2, wherein said confirmation is a personal identification number.
  - 4. A storage and information transmission system in accordance with claim 1, further comprising an authorization card with which said authorization is carried out.
  - 5. A storage and information transmission system in accordance with claim 1, wherein the storage medium is arranged on the chip card.
  - 6. A storage and information transmission system in accordance with claim 1, wherein the storage medium is designed as a fixed disk memory.
  - 7. A storage and information transmission system in accordance with claim 1, wherein the storage medium is optical memory.
  - 8. A storage and information transmission system in accordance with claim 1, wherein the computer is arranged in a computer network of a plurality of computers, and the storage medium is arranged in any of said computers in the network.

9. A method for storing information on at least one storage medium with the aid of a chip card, comprising the steps of:
- authorizing a user by means of an identification feature assigned to a user group;
  
  generating for a computer one or more cryptographic keys in the chip card;
  
  transmitting at least one of the cryptographic keys from the chip card to the computer;
  
  encrypting at least one set of data by means of the cryptographic key in the computer;
  
  encrypting at least one of the cryptographic keys in the chip card with a second cryptographic key which is not provided to the computer to form an encrypted key; and
  
  storing the set of encrypted data with the encrypted key on the storage medium.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. A method as in claim 9, wherein said step of authorizing is effected by means of an authorization terminal which is connected to the computer and an authorization card which is inserted into the authorization terminal.
  - 11. A method as in claim 9, further comprising the step of entering a surety.
  - 12. A method as in claim 11, wherein said surety is a biometric identification method.
  - 13. A method as in claim 12, wherein the surety is entered before the chip card carries out an encryption.
  - 14. A method as in claim 9, wherein said step of encrypting at least one of the cryptographic keys is performed with the aid of a card key, wherein the card key is disposed on the chip card.
  - 15. A method as in claim 9, further comprising the step of producing a data header in the computer for each of a plurality of data records, where the data header indicates to which of a plurality of user groups a particular user that is writing, belongs to.
  - 16. A method as in claim 15 wherein said data header includes a requirements list that must be fulfilled for reading the data record.
  - 17. Method as in claim 15, wherein the cryptographic key encrypted by means of the card key is disposed in the data header.
  - 18. A method as in claim 17, wherein the encrypted data header and the encrypted data record are assembled to a file stored on the storage medium.
  - 19. A method as in claim 9, wherein the computer is disposed in a computer network of a plurality of computers, and the storage medium is disposed in a desired computer on the network.

20. A method for reading information from a storage medium with the aid of a chip card comprising the following steps:
- authorizing a user by means of an identification feature which is assigned to a user group;
  
  transmitting a file from the storage medium to a computer, said file comprising an encrypted data header and an encrypted data record;
  
  transferring the encrypted data header from the computer to the chip card;
  
  decrypting the encrypted data header into a decrypted data header by means of a card key on the chip card, the decrypted header having a cryptographic key;
  
  transmitting the decrypted data header from the chip card to the computer;
  
  determining a target user group from the decrypted data header; and
  
  decrypting the encrypted data record by means of the cryptographic key when the user group of the user and the target user group of the data header are verified, limiting access to the data record otherwise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Witzel, Martin, Deindl, Michael
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/890,010
Time in Patent Office

964 Days
Field of Search

380/25, 235/382, 709/229, 713/201
US Class Current

380/255
CPC Class Codes

G06Q 20/229   Hierarchy of users of accounts

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/357   Cards having a plurality of...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Method and system for the secure transmission and storage of protectable information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for the secure transmission and storage of protectable information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links