Method and device for the protected storage of data from message traffic

US 6,347,373 B1
Filed: 11/06/1998
Issued: 02/12/2002
Est. Priority Date: 11/06/1997
Status: Expired due to Fees

First Claim

Patent Images

1. Method for protected storage of data from message traffic taking place between at least two communication appliances (1, 2, 3, 7, 8, 9), comprising the following steps:

a. setting-up of a telecommunication link to dispatch said data between at least a first communication appliance (1, 2, 3) and a second communication appliance (7, 8, 9);

b. setting-up of a monitoring link (13) between the telecommunication link and telecommunication means (10) of a third party;

c. storage of a first identity of either a first user of the first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of the second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9) by the telecommunication means (10) of the third party;

d. encipherment of the data using a symmetrical conversation key to render enciphered data;

e. storage of the enciphered data by the telecommunication means (10) of the third party, f. storage of the symmetrical conversation key enciphered using public keys of the first and second users by the telecommunication means (10) of the third party;

g. signing of said enciphered data and also of the stored first and second identities by the telecommunication means (10) of the third party.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and processor (12) for:

a. setting up a telecommunication link between various communication appliances (1, 2, 3, 7, 8, 9);

b. setting up a monitoring link (13) between the telecommunication link and the processor (12);

c. the storage in enciphered form of a first identity of either a first user of a first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of a second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9);

d. the storage of the data despatched via the telecommunication link, which data have been enciphered prior to the storage using a symmetrical conversation key;

e. the storage of the conversation key enciphered using public keys of the users;

f. the signing of the data stored using the symmetrical conversation key and also of the first and second identities stored in enciphered form.

Citations

22 Claims

1. Method for protected storage of data from message traffic taking place between at least two communication appliances (1, 2, 3, 7, 8, 9), comprising the following steps:
- a. setting-up of a telecommunication link to dispatch said data between at least a first communication appliance (1, 2, 3) and a second communication appliance (7, 8, 9);
  
  b. setting-up of a monitoring link (13) between the telecommunication link and telecommunication means (10) of a third party;
  
  c. storage of a first identity of either a first user of the first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of the second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9) by the telecommunication means (10) of the third party;
  
  d. encipherment of the data using a symmetrical conversation key to render enciphered data;
  
  e. storage of the enciphered data by the telecommunication means (10) of the third party, f. storage of the symmetrical conversation key enciphered using public keys of the first and second users by the telecommunication means (10) of the third party;
  
  g. signing of said enciphered data and also of the stored first and second identities by the telecommunication means (10) of the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. Method according to claim 1, wherein, in step c., the storage takes place using a first key which may be identical to the symmetrical conversation key (S).
  - 3. Method according to claim 1, including the following steps:
4. Method according to claim 3, including the following step:
- g″
  
  . in step g., a hash is generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form after which the hash is signed by the telecommunication means (10).
5. Method according to claim 3, including the following further step:
- h. signing of the enciphered data by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) and also of the first and second identities stored in enciphered form and the date and time of the message traffic stored in enciphered form, after which the telecommunication means (10) of the third party stores all of the data thus signed.
6. Method according to claim 5, including the following step:
- h′
  
  . in step h., a hash is first of all generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form, after which the hash is signed by the at least first (1, 2, 3) and second (7, 8, 9) communication appliances using their own private keys.
7. Method according to claim 1, including the following step:
- g′
  
  . in step g., a hash is generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form, after which the hash is signed by the telecommunication means (10).
8. Method according to claim 1, including the following further step:
- h. signing by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) with private keys of the enciphered data and also of the first and second identities stored in enciphered form, after which the telecommunication means (10) of the third party stores all the data thus signed.
9. Method according to claim 8, including the following step:
- h′
  
  . in step h, a hash is first of all generated by the telecommunication means (10) over the enciphered data and also the first and second identities stored in enciphered form, after which the hash is signed by the at least first (1, 2, 3) and second (7, 8, 9) communication appliances using their own private keys.
10. Method according to claim 1, wherein the data from the message traffic are already enciphered by the at least first and second communication appliances (1, 2, 3, 7, 8, 9) using the symmetrical conversation key and, after encipherment using the public keys of the users, the symmetrical conversation key is sent, prior to step f., from the first (1, 2, 3) and the second (7, 8, 9) communication appliances to the telecommunication means (10) of the third party.
11. Method according to claim 1, wherein the telecommunication means (10) provide access to any of the stored data for any user who identifies himself in the correct way.

12. Processor means (12) which are equipped to:
- a. set up a telecommunication link to allow dispatch of data between at least a first communication appliance (1, 2, 3) and a second communication appliance (7, 8, 9);
  
  b. set up a monitoring link (13) between the telecommunication link and the processor means (12);
  
  c. store a first identity of either a first user of the first communication appliance (1, 2, 3) or of the first communication appliance (1, 2, 3) and a second identity of either a second user of the second communication appliance (7, 8, 9) or of the second communication appliance (7, 8, 9);
  
  d. encipher the data using a symmetrical conversation key to render enciphered data;
  
  e. store the enciphered data, f. store the symmetrical conversation key enciphered using public keys of the first and second users;
  
  g. sign the enciphered data as well as the stored first and second identities.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. Processor means according to claim 12, wherein they are also designed to perform said storage in step c. using a first key which may be identical to the symmetrical conversation key (S).
  - 14. Processor means according to claim 13, wherein they are also equipped to:
15. Processor means according to claim 14, wherein they are also equipped to:
- h′
  
  . first of all generate in step h. a hash over the enciphered data and also the first and second identities stored in enciphered form, and to send the hash to the at least first (1, 2, 3) and second (7, 8, 9) communication appliances in order to allow signing of the hash using the private keys.
16. Processor means according to claim 12, wherein they are also equipped to:
- c′
  
  . store in enciphered form in addition date and time of the message traffic in step c. using a second key, which second key may be identical to the symmetrical conversation key (S);
  
  g′
  
  . sign in addition the date and time stored in enciphered form in step g.
17. Processor means according to claim 16, wherein they are also equipped to:
- g″
  
  . generate a hash in step g. over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form, and then to sign the hash.
18. Processor means according to claim 16, wherein they are also equipped to:
- h. send the enciphered data and also the first and second identities stored in enciphered form and the date and time of the message traffic stored in enciphered form to the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9), and then to receive back again and store said data after they have been signed by the at least first communication appliance (1, 2, 3) and second communication appliance (7, 8, 9) using private keys.
19. Processor means according to claim 18, wherein they are also equipped to:
- h′
  
  . first of all generate a hash in step h. over the enciphered data and also the first and second identities stored in enciphered form and the date and time stored in enciphered form, and to send the hash to the at least first (1, 2, 3) and second (7, 8, 9) communication appliance to allow the hash to be signed using their own private keys.
20. Processor means according to claim 12, wherein they are also equipped to:
- g′
  
  . generate a hash in step g over the enciphered data and also the first and second identities stored in enciphered form, and then to sign the hash.
21. Processor means according to claim 12, wherein the processor means are equipped to receive the data after they have already been enciphered by the at least first and second communication appliances (1, 2, 3, 7, 8, 9) using the symmetrical conversation key and for receiving the symmetrical conversation key of the first (1, 2, 3) and the second (7, 8, 9) communication appliances in a form enciphered using public keys of the users prior to step f.
22. Processor means according to claim 12, wherein the processor means are equipped to give access to any of the stored data to any user who identifies himself in the correct way.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke KPN NV
Original Assignee
Koninklijke KPN NV
Inventors
Aldenhuijsen, Christianus Wilhelmus Henricus Maria, Theunissen, Jean Andreas Petronius, Hoepman, Jaap Henk, Van Pol, Johannes Hubertus Gerardus, Neuijen, Saskia Maria Josefina Gerarda, Camps, Johannes Marinus Antonius, Landsmeer, Paul
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/186,695
Time in Patent Office

1,194 Days
Field of Search

380/277, 380/282, 380/30, 713/168, 713/169, 713/176, 713/178, 713/182, 713/200, 713/201
US Class Current

713/168
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Method and device for the protected storage of data from message traffic

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for the protected storage of data from message traffic

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links