System and method for document distribution
First Claim
Patent Images
1. A method for encrypting an original document for distribution to a selected recipient chosen from a plurality of possible recipients, comprising the steps of:
- generating a session key based on a random number privately maintained only by the owner, including an encryptor, of the original document;
encrypting the original document with the session key to create an encrypted document;
generating a proxy key based on a public key corresponding to the selected recipient, wherein the proxy key may be published without compromising its security, and wherein the proxy key, when applied to a document encrypted for a recipient, is used to transform the document into a document encrypted for another recipient without decrypting the message in the process; and
applying the proxy key to the encrypted document to transform the encrypted document into a transformed document, wherein the transformation may occur in a trusted environment without compromising its security, wherein the transformation may occur in an untrusted environment without compromising its security, and wherein the encrypted document remains in an encrypted state while being transformed into the transformed document and is not decrypted to the original document and re-encrypted at any point during the transformation.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods for transferring among key holders in encoding and cryptographic systems the right to decode and decrypt messages in a way that does not explicitly reveal decoding and decrypting keys used and the original messages. Such methods are more secure and more efficient than typical re-encoding and re-encryption schemes, and are useful in developing such applications as document distribution and long-term file protection.
-
Citations
22 Claims
-
1. A method for encrypting an original document for distribution to a selected recipient chosen from a plurality of possible recipients, comprising the steps of:
-
generating a session key based on a random number privately maintained only by the owner, including an encryptor, of the original document; encrypting the original document with the session key to create an encrypted document; generating a proxy key based on a public key corresponding to the selected recipient, wherein the proxy key may be published without compromising its security, and wherein the proxy key, when applied to a document encrypted for a recipient, is used to transform the document into a document encrypted for another recipient without decrypting the message in the process; and applying the proxy key to the encrypted document to transform the encrypted document into a transformed document, wherein the transformation may occur in a trusted environment without compromising its security, wherein the transformation may occur in an untrusted environment without compromising its security, and wherein the encrypted document remains in an encrypted state while being transformed into the transformed document and is not decrypted to the original document and re-encrypted at any point during the transformation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system operable to encrypt an original document for distribution to a selected recipient chosen from a plurality of possible recipients, comprising:
-
a session key generation system that generates a session key based on a random number privately maintained only by the owner, including an encryptor, of the original document; an encryption system that encrypts the original document with the session key to create an encrypted document; a proxy key generation system that generates a proxy key based on a public key corresponding to the selected recipient, wherein the proxy key may be published without compromising its security, and wherein the proxy key, when applied to a document encrypted for a recipient, is used to transform the document into a document encrypted for another recipient without decrypting the message in the process; and a transformation system that applies the proxy key to the encrypted document to transform the encrypted document into a transformed document, wherein the transformation may occur in a trusted environment without compromising its security, wherein the transformation may occur in an untrusted environment without compromising its security, and wherein the encrypted document remains in an encrypted state while being transformed into the transformed document and is not decrypted to the original document and re-encrypted at any point during the transformation. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification