System and method for protecting data files by periodically refreshing a decryption key

US 6,937,726 B1
Filed: 12/21/1999
Issued: 08/30/2005
Est. Priority Date: 04/06/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for protecting a data file on a computer system, comprising the steps of:

providing a grantee'"'"'s encryption key, a grantee'"'"'s decryption key, a grantor'"'"'s encryption key, and a grantor'"'"'s decryption key;

using asymmetric encryption, encrypting the data file using the grantor'"'"'s encryption key to create an encrypted data file;

generating a transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key and other data which is data file independent;

transforming the encrypted data file with the transformation of the encrypted data file does not reveal the data file during the process of transforming;

providing the transformed encrypted data file to the grantee; and

decrypting the transformed encrypted file by the grantee with the grantee'"'"'s decryption key;

wherein the transformation key does not allow the grantee to determine the grantor'"'"'s decryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for transferring among key holders in encoding and cryptographic systems the right to decode and decrypt messages in a way that does not explicitly reveal decoding and decrypting keys used and the original messages. Such methods are more secure and more efficient than typical re-encoding and re-encryption schemes, and are useful in developing such applications as document distribution and long-term file protection.

Citations

12 Claims

1. A method for protecting a data file on a computer system, comprising the steps of:
- providing a grantee'"'"'s encryption key, a grantee'"'"'s decryption key, a grantor'"'"'s encryption key, and a grantor'"'"'s decryption key;
  
  using asymmetric encryption, encrypting the data file using the grantor'"'"'s encryption key to create an encrypted data file;
  
  generating a transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key and other data which is data file independent;
  
  transforming the encrypted data file with the transformation of the encrypted data file does not reveal the data file during the process of transforming;
  
  providing the transformed encrypted data file to the grantee; and
  
  decrypting the transformed encrypted file by the grantee with the grantee'"'"'s decryption key;
  
  wherein the transformation key does not allow the grantee to determine the grantor'"'"'s decryption key.
- View Dependent Claims (2, 7, 8, 9)
- - 2. The method of claim 1, further comprising the step of repeating the generating step, and transforming step and the providing step on a periodic basis.
  - 7. The method of claim 1, wherein said generating step comprises generating the transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key, and the ciphertext of the encrypted data file.
  - 8. The method of claim 1 wherein said generating step comprises generating the transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key, and a random variable.
  - 9. The method of claim 1 wherein said generating step comprises generating the transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key, the ciphertext of the encrypted data file, and a random variable.

3. A processor-driven system adapted to protect a data file, the system comprising:
- a processor; and
  
  a memory coupled to the processor for storing the data file;
  
  wherein the processor is programmed to perform the steps of;
  
  providing a grantee'"'"'s encryption key, a grantee'"'"'s decryption key, a grantor'"'"'s encryption key, and a grantor'"'"'s decryption key;
  
  using asymmetric encryption, encrypting the data file using the grantor'"'"'s encryption key to create an encrypted data file;
  
  generating a transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key and other data which is data file independent;
  
  transforming the encrypted data file with the transformation key to generate a transformed encrypted data file wherein the transforming does not reveal the data file during the process of transforming;
  
  providing the transformed encrypted data file to the grantee; and
  
  decrypting the transformed encrypted file by the grantee with the grantee'"'"'s decryption key;
  
  wherein the transformation key does not allow the grantee to determine the grantor'"'"'s decryption key.
- View Dependent Claims (4, 5, 6, 10, 11, 12)
- - 4. The processor-driven system of claim 3, further comprising a communication interface.
  - 5. The processor-driven system of claim 3, wherein the processor and the memory are included within a portable device.
  - 6. The processor-driven system of claim 3, wherein the processor and the memory are included within a smart card.
  - 10. The processor driven system of claim 3, wherein said generating step comprises generating the transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key, and the ciphertext of the encrypted data file.
  - 11. The processor driven system of claim 3, wherein said generating step comprises generating the transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key, and a random variable.
  - 12. The processor driven system of claim 3, wherein said generating step comprises generating the transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key, the ciphertext of the encrypted data file, and a random variable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Original Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Inventors
Wang, Xin
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
KIM, JUNG W

Application Number

US09/468,747
Time in Patent Office

2,079 Days
Field of Search

380/44, 380/277, 380/28, 380/30
US Class Current

380/30
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/0891   Revocation or update of sec...

H04L 9/0897   involving additional device...

H04L 9/3013   involving the discrete loga...

System and method for protecting data files by periodically refreshing a decryption key

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting data files by periodically refreshing a decryption key

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links