Method and device for the protected storage of data from message traffic
First Claim
1. Method for protected storage of data from message traffic taking place between at least two communication appliances (1, 2, 3, 7, 8, 9), comprising the following steps:
- a. setting-up of a telecommunication link to dispatch said data between at least a first communication appliance (1, 2, 3) and a second communication appliance (7, 8, 9);
b. setting-up of a monitoring link (13) between the telecommunication link and telecommunication means (10) of a third party;
c. storage of a first identity of either a first user of the first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of the second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9) by the telecommunication means (10) of the third party;
d. encipherment of the data using a symmetrical conversation key to render enciphered data;
e. storage of the enciphered data by the telecommunication means (10) of the third party, f. storage of the symmetrical conversation key enciphered using public keys of the first and second users by the telecommunication means (10) of the third party;
g. signing of said enciphered data and also of the stored first and second identities by the telecommunication means (10) of the third party.
2 Assignments
0 Petitions
Accused Products
Abstract
Method and processor (12) for:
a. setting up a telecommunication link between various communication appliances (1, 2, 3, 7, 8, 9);
b. setting up a monitoring link (13) between the telecommunication link and the processor (12);
c. the storage in enciphered form of a first identity of either a first user of a first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of a second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9);
d. the storage of the data despatched via the telecommunication link, which data have been enciphered prior to the storage using a symmetrical conversation key;
e. the storage of the conversation key enciphered using public keys of the users;
f. the signing of the data stored using the symmetrical conversation key and also of the first and second identities stored in enciphered form.
-
Citations
22 Claims
-
1. Method for protected storage of data from message traffic taking place between at least two communication appliances (1, 2, 3, 7, 8, 9), comprising the following steps:
-
a. setting-up of a telecommunication link to dispatch said data between at least a first communication appliance (1, 2, 3) and a second communication appliance (7, 8, 9);
b. setting-up of a monitoring link (13) between the telecommunication link and telecommunication means (10) of a third party;
c. storage of a first identity of either a first user of the first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of the second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9) by the telecommunication means (10) of the third party;
d. encipherment of the data using a symmetrical conversation key to render enciphered data;
e. storage of the enciphered data by the telecommunication means (10) of the third party, f. storage of the symmetrical conversation key enciphered using public keys of the first and second users by the telecommunication means (10) of the third party;
g. signing of said enciphered data and also of the stored first and second identities by the telecommunication means (10) of the third party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
c′
. in step c., date and time of the message traffic are in addition stored in enciphered form;
g′
. in step g., the enciphered stored date and time are in addition signed by the telecommunication means.
-
-
4. Method according to claim 3, including the following step:
g″
. in step g., a hash is generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form after which the hash is signed by the telecommunication means (10).
-
5. Method according to claim 3, including the following further step:
h. signing of the enciphered data by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) and also of the first and second identities stored in enciphered form and the date and time of the message traffic stored in enciphered form, after which the telecommunication means (10) of the third party stores all of the data thus signed.
-
6. Method according to claim 5, including the following step:
h′
. in step h., a hash is first of all generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form, after which the hash is signed by the at least first (1, 2, 3) and second (7, 8, 9) communication appliances using their own private keys.
-
7. Method according to claim 1, including the following step:
g′
. in step g., a hash is generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form, after which the hash is signed by the telecommunication means (10).
-
8. Method according to claim 1, including the following further step:
h. signing by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) with private keys of the enciphered data and also of the first and second identities stored in enciphered form, after which the telecommunication means (10) of the third party stores all the data thus signed.
-
9. Method according to claim 8, including the following step:
h′
. in step h, a hash is first of all generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form, after which the hash is signed by the at least first (1, 2, 3) and second (7, 8, 9) communication appliances using their own private keys.
-
10. Method according to claim 1, wherein the data from the message traffic are already enciphered by the at least first and second communication appliances (1, 2, 3, 7, 8, 9) using the symmetrical conversation key and, after encipherment using the public keys of the users, the symmetrical conversation key is sent, prior to step f., from the first (1, 2, 3) and the second (7, 8, 9) communication appliances to the telecommunication means (10) of the third party.
-
11. Method according to claim 1, wherein the telecommunication means (10) provide access to any of the stored data for any user who identifies himself in the correct way.
-
12. Processor means (12) which are equipped to:
-
a. set up a telecommunication link to allow dispatch of data between at least a first communication appliance (1, 2, 3) and a second communication appliance (7, 8, 9);
b. set up a monitoring link (13) between the telecommunication link and the processor means (12);
c. store a first identity of either a first user of the first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of the second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9);
d. encipher the data using a symmetrical conversation key to render enciphered data;
e. store the enciphered data, f. store the symmetrical conversation key enciphered using public keys of the first and second users;
g. sign the enciphered data as well as the stored first and second identities. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
h. send the enciphered data and also the first and second identities stored in enciphered form to the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) and then to receive said data back again after they have been signed by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) using private keys.
-
-
15. Processor means according to claim 14, wherein they are also equipped to:
h′
. first of all generate in step h. a hash over the enciphered data and also the first and second identities stored in enciphered form, and to send the hash to the at least first (1, 2, 3) and second (7, 8, 9) communication appliances in order to allow signing of the hash using the private keys.
-
16. Processor means according to claim 12, wherein they are also equipped to:
-
c′
. store in enciphered form in addition date and time of the message traffic in step c. using a second key, which second key may be identical to the symmetrical conversation key (S);
g′
. sign in addition the date and time stored in enciphered form in step g.
-
-
17. Processor means according to claim 16, wherein they are also equipped to:
g″
. generate a hash in step g. over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form, and then to sign the hash.
-
18. Processor means according to claim 16, wherein they are also equipped to:
h. send the enciphered data and also the first and second identities stored in enciphered form and the date and time of the message traffic stored in enciphered form to the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9), and then to receive back again and store said data after they have been signed by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) using private keys.
-
19. Processor means according to claim 18, wherein they are also equipped to:
h′
. first of all generate a hash in step h. over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form, and to send the hash to the at least first (1, 2, 3) and second (7, 8, 9) communication appliance to allow the hash to be signed using their own private keys.
-
20. Processor means according to claim 12, wherein they are also equipped to:
g′
. generate a hash in step g over the enciphered data and also the first and second identities stored in enciphered form, and then to sign the hash.
-
21. Processor means according to claim 12, wherein the processor means are equipped to receive the data after they have already been enciphered by the at least first and second communication appliances (1, 2, 3, 7, 8, 9) using the symmetrical conversation key and for receiving the symmetrical conversation key of the first (1, 2, 3) and the second (7, 8, 9) communication appliances in a form enciphered using public keys of the users prior to step f.
-
22. Processor means according to claim 12, wherein the processor means are equipped to give access to any of the stored data to any user who identifies himself in the correct way.
Specification