System and method for protected data transfer

US 7,596,812 B2
Filed: 06/14/2005
Issued: 09/29/2009
Est. Priority Date: 06/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for transferring protected data having an authorizing entity'"'"'s outer encryption layer and having a user-fixed inner encryption layer from a first electronic device having a first unique, unalterable identifier to a second electronic device having a second unique, unalterable identifier, the method comprising:

receiving protected data having a first unique, unalterable identifier of the first electronic device, a first outer encryption layer, and the user-fixed inner encryption layer from the first electronic device, wherein data having the user-fixed inner encryption layer is generated by encrypting data using a first user-fixed encryption key, the first user-fixed encryption key being generated from a first user input received at the first electronic device, wherein the first outer encryption layer is generated by encrypting the data having the user-fixed encryption layer using a first authorizing entity-shared encryption key corresponding to the first unique, unalterable identifier of the first electronic device;

verifying the first unique, unalterable identifier of the first electronic device;

generating, in response to the verification, the data having the user-fixed inner encryption layer by decrypting the first outer encryption layer using a first authorizing entity-shared encryption key corresponding to the first unique, unalterable identifier of the first electronic device;

encrypting the data having the user-fixed inner encryption layer with a second outer encryption layer using a second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier of the second electronic device;

appending, in response to the encryption, a second unique, unalterable identifier of the second electronic device; and

transmitting the protected data having the second unique, unalterable identifier of the second electronic device, the second outer encryption layer, and the user-fixed inner encryption layer to the second electronic device, wherein the second electronic device decrypts the protected data using the second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier to form the data having the user-fixed inner encryption layer, and decrypts the data having the user-fixed inner encryption layer using the first user-fixed encryption key generated from a second user input received at the second electronic device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method, system and apparatus for transferring protected data having an authorizing entity'"'"'s outer encryption layer and having a user-fixed inner encryption layer from a first electronic device having a first unique, unalterable identifier to a second electronic device having a second unique, unalterable identifier. A central unit includes a receiver configured to receive from the first electronic device protected data having an authorizing entity'"'"'s first outer encryption layer corresponding to the first unique, unalterable identifier and having a user-fixed inner encryption layer; a processor configured to decrypt the authorizing entity'"'"'s first outer encryption layer of the protected data; a processor configured to encrypt an authorizing entity'"'"'s second outer encryption layer of the protected data corresponding to the second unique, unalterable identifier; and a transmitter configured to transmit protected data to the second electronic device.

Citations

24 Claims

1. A method for transferring protected data having an authorizing entity'"'"'s outer encryption layer and having a user-fixed inner encryption layer from a first electronic device having a first unique, unalterable identifier to a second electronic device having a second unique, unalterable identifier, the method comprising:
- receiving protected data having a first unique, unalterable identifier of the first electronic device, a first outer encryption layer, and the user-fixed inner encryption layer from the first electronic device, wherein data having the user-fixed inner encryption layer is generated by encrypting data using a first user-fixed encryption key, the first user-fixed encryption key being generated from a first user input received at the first electronic device, wherein the first outer encryption layer is generated by encrypting the data having the user-fixed encryption layer using a first authorizing entity-shared encryption key corresponding to the first unique, unalterable identifier of the first electronic device;
  
  verifying the first unique, unalterable identifier of the first electronic device;
  
  generating, in response to the verification, the data having the user-fixed inner encryption layer by decrypting the first outer encryption layer using a first authorizing entity-shared encryption key corresponding to the first unique, unalterable identifier of the first electronic device;
  
  encrypting the data having the user-fixed inner encryption layer with a second outer encryption layer using a second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier of the second electronic device;
  
  appending, in response to the encryption, a second unique, unalterable identifier of the second electronic device; and
  
  transmitting the protected data having the second unique, unalterable identifier of the second electronic device, the second outer encryption layer, and the user-fixed inner encryption layer to the second electronic device, wherein the second electronic device decrypts the protected data using the second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier to form the data having the user-fixed inner encryption layer, and decrypts the data having the user-fixed inner encryption layer using the first user-fixed encryption key generated from a second user input received at the second electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - encrypting the user-fixed inner encryption layer with a user-fixed encryption key; and
      
      decrypting the user-fixed inner encryption layer with the user-fixed encryption key.
  - 3. A method as recited in claim 1 wherein the first electronic device and the second electronic device are one and the same.
  - 4. A method as recited in claim 1 wherein the first authorizing entity-shared encryption key corresponding to the first unique, unalterable identifier of the first electronic device is generated, the method further comprising:
    - inputting the first unique, unalterable identifier of the first electronic device and a first secret encryption key of the authorizing entity; and
      
      outputting the first authorizing entity-shared encryption key.
  - 5. A method as recited in claim 1 wherein the second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier of the second electronic device is generated, the method further comprising:
    - inputting the second unique, unalterable identifier of the second electronic device and a second secret encryption key of the authorizing entity; and
      
      outputting the second authorizing entity-shared encryption key.
  - 6. A method as recited in claim 1 wherein generating the protected data comprises:
    - encrypting data using a data encryption key wherein the data encryption key is encrypted with the authorizing entity'"'"'s outer encryption layer and a user-fixed inner encryption layer.
  - 7. A method as recited in claim 1 wherein an authorizing entity-shared encryption key is a symmetric key.
  - 8. A method as recited in claim 1 wherein an authorizing entity-shared encryption key is an asymmetric key having a public component and a private component.
  - 9. A method as recited in claim 1 wherein the protected data having an authorizing entity'"'"'s outer encryption layer and having a user-fixed inner encryption layer is generated from backup data.

10. A central unit configured to be in communication with a first electronic device having a first unique, unalterable identifier and a second electronic device having a second unique, unalterable identifier, the central unit comprising:
- a receiver configured to receive from the first electronic device, protected data having a first unique, unalterable identifier of the first electronic device, an authorizing entity'"'"'s first outer encryption layer corresponding to the first unique, unalterable identifier, and a user-fixed inner encryption layer formed from a first user-fixed encryption key generated from a first user input at the first electronic device;
  
  a processor configured to verify the first unique, unalterable identifier of the first electronic device and to decrypt the authorizing entity'"'"'s first outer encryption layer of the protected data in response to the verification;
  
  a processor configured to encrypt an authorizing entity'"'"'s second outer encryption layer of the protected data corresponding to the second unique, unalterable identifier and to append, in response to the encryption, a second unique, unalterable identifier of the second electronic device; and
  
  a transmitter configured to transmit to the second electronic device, the protected data having the second unique, unalterable identifier of the second device, authorizing entity'"'"'s second outer encryption layer, and the user-fixed inner encryption layer for decryption at the second electronic device using the first user-fixed encryption key formed from a second user input received at the second electronic device and the second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The central unit as recited in claim 10, further comprising:
    - a database configured to store a first authorizing entity-shared encryption key for decrypting the authorizing entity'"'"'s first outer encryption layer of the protected data encrypted by the first electronic device.
  - 12. The central unit as recited in claim 10, further comprising:
    - a database configured to store a second authorizing entity-shared encryption key for encrypting the second outer encryption layer of the protected data to be decrypted by the second electronic device.
  - 13. The central unit as recited in claim 10, further comprising:
    - a key generation module configured to generate the first authorizing entity-shared encryption key corresponding to the first unique, unalterable identifier of the first electronic device.
  - 14. The central unit as recited in claim 10, further comprising:
    - a key generation module configured to generate the second authorizing entity-shared encryption key corresponding to the second unique, unalterable identifier of the second electronic device.
  - 15. The central unit as recited in claim 10 wherein the protected data having an authorizing entity'"'"'s outer encryption layer and having a user-fixed inner encryption layer is generated from backup data.
  - 16. The central unit as recited in claim 10 wherein the protected data comprises data encrypted using a data encryption key and the data encryption key encrypted with an authorizing entity'"'"'s outer encryption layer and a user-fixed inner encryption layer.
  - 17. The central unit as recited in claim 10 wherein the central unit is a remote server.

18. A system comprising:
- a first electronic device having a first unique, unalterable identifier and a first corresponding encryption key for encrypting a first outer encryption layer of protected data, the first electronic device comprising;
  
  an input device for receiving user input to generate a user-fixed encryption key to encrypt a user-fixed inner encryption layer of data;
  
  a processor for encrypting the user-fixed inner encryption layer of data, encrypting the first outer encryption layer of the encrypted user-fixed inner encryption layer of data, and appending the first unique, unalterable identifier of the first electronics device to the encrypted first outer encryption layer; and
  
  a transmitter for transmitting the protected data having the first unique, unalterable identifier of the first electronic device, the first outer encryption layer, and the user-fixed inner encryption layer;
  
  a central unit comprising;
  
  a storage unit for storing the first corresponding encryption key and a second corresponding encryption key;
  
  a receiver for receiving the protected data having first unique, unalterable identifier of the first electronics device, the first outer encryption layer, and the user-fixed inner encryption layer;
  
  a processor for verifying the first unique, unalterable identifier of the first electronic device, decrypting in response to the verification the first outer encryption layer of the protected data with the first corresponding encryption key, for encrypting a second outer encryption layer of the protected data with the second corresponding encryption key, and appending the second unique, unalterable identifier of the second electronic device to the encrypted second outer encryption layer of the protected data; and
  
  a transmitter for transmitting the protected data having the second unique, unalterable identifier of the second electronic device, the second outer encryption layer, and the user-fixed inner encryption layer; and
  
  a second electronic device having a second unique, unalterable identifier and the second corresponding encryption key for decrypting the second outer encryption layer of the protected data, comprising;
  
  an input device for receiving user input to generate the user-fixed encryption key to decrypt the user-fixed inner encryption layer of the protected data;
  
  a receiver for receiving the protected data having the second unique, unalterable identifier of the second electronic device, the second outer encryption layer, and the user-fixed inner encryption layer; and
  
  a processor for verifying the second unique, unalterable identifier of the second electronic device, decrypting in response to the comparison the second outer encryption layer, and decrypting the user-fixed inner encryption layer of the protected data.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. A system as recited in claim 18 wherein the first electronic device further comprises:
    - a storage device for storing data to be protected, the first corresponding encryption key and the user-fixed encryption key.
  - 20. A system as recited in claim 18 wherein the second electronic device further comprises:
    - a storage device for storing the protected data, the second corresponding encryption key and the user-fixed encryption key.
  - 21. The system as recited in claim 18 wherein the first corresponding encryption key, the user-fixed encryption key and the second corresponding encryption key are symmetric keys.
  - 22. The system as recited in claim 18 wherein the user-fixed encryption key is a symmetric key, and the first corresponding encryption key and the second corresponding encryption key are asymmetric keys comprising a public component and a private component.
  - 23. The system as recited in claim 18 wherein the protected data comprises data encrypted using a data encryption key and the data encryption key encrypted with an outer encryption layer and a user-fixed inner encryption layer.
  - 24. The system as recited in claim 18, further comprising:
    - a first key generation module configured to generate the first corresponding encryption key corresponding to the first unique, unalterable identifier; and
      
      a second key generation module configured to generate the second corresponding encryption key corresponding to the second unique, unalterable identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Dabbish, Ezzat A., Moore, Morris A., Li, Yi Q.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US11/152,216
Publication Number

US 20060282901A1
Time in Patent Office

1,568 Days
Field of Search

726/26, 713/165, 713/168
US Class Current

726/26
CPC Class Codes

G06F 11/1456   Hardware arrangements for b...

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 63/08   for authentication of entit...

System and method for protected data transfer

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protected data transfer

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links