Method for the encryption and decryption of data by various users

US 7,689,829 B2
Filed: 02/25/2004
Issued: 03/30/2010
Est. Priority Date: 02/25/2003
Status: Active Grant

First Claim

Patent Images

1. An electronic data processing method comprising:

performing, by a security check device, a security check to ascertain a user identity by comparing entered identity information with stored user identity data;

associating the user identity with a user identifier stored in a first data store;

associating the user identifier with at least one user group identifier stored in a second data store;

selecting a user group identifier and acquiring at least one data key associated therewith from a centralized third data store including all available keys, wherein the at least one user group identifier and the at least one data key are associated with one another; and

performing, by at least one processor, at least one of encrypting and decrypting data using the acquired at least one data key and inhibiting user recognition of the acquired at least one data key;

whereinthe data are medically relevant,users include personnel within a medical facility, andcommon user group identifiers are assigned the same data key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is for the encryption and decryption of data by various users, in which a user is assigned a data key for encrypting and decrypting data. A data processing facility is designed to carry out the method and a storage medium is designed to store information for carrying out the method on a data processing facility. A first step involves the performance of a security check in order to ascertain the identity of the user. A second step involves a data key which cannot be viewed by the user, being assigned on the basis of the result of the security check. In this case, various users who, by way of example, can be associated with a common user group, can be assigned the same data key.

24 Citations

View as Search Results

27 Claims

1. An electronic data processing method comprising:
- performing, by a security check device, a security check to ascertain a user identity by comparing entered identity information with stored user identity data;
  
  associating the user identity with a user identifier stored in a first data store;
  
  associating the user identifier with at least one user group identifier stored in a second data store;
  
  selecting a user group identifier and acquiring at least one data key associated therewith from a centralized third data store including all available keys, wherein the at least one user group identifier and the at least one data key are associated with one another; and
  
  performing, by at least one processor, at least one of encrypting and decrypting data using the acquired at least one data key and inhibiting user recognition of the acquired at least one data key;
  
  whereinthe data are medically relevant,users include personnel within a medical facility, andcommon user group identifiers are assigned the same data key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as claimed in claim 1, wherein the security check involves at least one of checking a user-specific biometric data, an electronic key and a mechanical key.
  - 3. The method as claimed in claim 1, wherein a plurality of data keys are simultaneously assignable to one user identifier.
  - 4. The method of claim 1, wherein a user identifier associated with a common user group identifier is assigned the same data key.
  - 5. A computer-readable storage medium including computer executable instructions that, when executed, cause a computer to carry out the method as claimed in claim 1.

6. A method for at least one of encryption and decryption of data, comprising:
- performing by a security check device, a security check to ascertain user identity by comparing entered identity information with stored user identity data;
  
  associating the user identity with a user identifier stored in a first data store;
  
  associating the user identifier with a user group including a plurality of users such that a data key for at least one of encrypting and decrypting the data is assigned to a user based on the group with which the user identifier is associated, the same data key being assignable to the plurality of users; and
  
  at least one of encrypting or decrypting the data, by at least one processor, using the assigned data key, whereinthe data are medically relevant,the plurality of users include personnel within a medical facility, andcommon user group identifiers are assigned the same data key.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method as claimed in claim 6, wherein the security check involves checking biometric data of the user.
  - 8. The method as claimed in claim 6, wherein the security check involves checking at least one of an electronic and mechanical key, which are user-specific.
  - 9. The method as claimed in claim 6, wherein the data key is ascertained by comparing the user identity data obtained in the security check with content of a data key memory.
  - 10. The method as claimed in claim 9, wherein the data obtained in the security check are compared with the content of the data key memory using a data telecommunication device.
  - 11. The method as claimed in claim 6, wherein a plurality of data keys are simultaneously assignable to one user.
  - 12. The method of claim 6, wherein users associated with a common user group are assigned the same data key.
  - 13. A computer-readable storage medium including computer executable instructions that, when executed, cause a computer to, carry out the method as claimed in claim 6.

14. An electronic data processing system comprising:
- a security check device to ascertain user identity stored at a first data store and to retrieve at least one user identifier and associated user identity data;
  
  a second data store for storage and retrieval of the at least one user identifier and associated at least one user group identifier;
  
  a centralized third data store for storage and retrieval of all available data keys, the centralized third data store including at least one associated user group identifier matched with at least one associated data key; and
  
  at least one processor to ascertain a user identifier by comparing data of the security check device and the first data store, to ascertain at least one user group from the second data store, to ascertain at least one data key for at least one user group from the third data store, and for performing at least one of encrypting and decrypting data using the at least one data key;
  
  whereinthe data are medically relevant,users include personnel within a medical facility, andcommon user group identifiers are assigned the same data key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 15. The system as claimed in claim 14, wherein the at least one data key is accessible using a data telecommunication device.
  - 16. The electronic data processing system as claimed in claim 14, wherein the security check device reads biometric data from a user.
  - 17. The electronic data processing system as claimed in claim 14, wherein the security check device uses at least one of an electronic and mechanical key, which are user specific.
  - 18. The electronic data processing system as claimed in claim 14, wherein the system uses a data telecommunication device to access the third data store.
  - 19. The electronic data processing system as claimed in claim 14, wherein the system is a medical workstation for handling medically relevant data.
  - 20. The system of claim 14, further comprising:
    - a fourth data store for storage and retrieval of encrypted data.
  - 21. The system of claim 14, wherein at least one of the first data store, the second data store and the fourth data store are combined.
  - 22. The system of claim 14, wherein data entry and retrieval is at least one of manual and automated.
  - 23. The system of claim 18, wherein the data telecommunications device is removably and operatively associated with a computer network for transfer of data.
  - 24. The system of claim 14, wherein the at least one processor accesses the centralized third data store through a channel via one of an access and restriction process.
  - 25. The system of claim 24, wherein the channel access and restriction process functions operatively with the security check device.
  - 26. The system of claim 14, wherein the first data store comprises:
    - mechanical memory, electronic memory, and magnetic and optical media data storage.
  - 27. The system of claim 14, wherein the third data store is isolated from the first, second and fourth data stores.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens Healthcare GMBH (Siemens AG)
Original Assignee
Siemens AG
Inventors
Krickhahn, Frank, Vaupel, Juergen, Birkhoelzer, Thomas
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US10/785,180
Publication Number

US 20040221164A1
Time in Patent Office

2,225 Days
Field of Search

713182-186, 713/171, 380/278
US Class Current

713/182
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/88   Medical equipments

H04L 9/0833   involving conference or gro...

H04L 9/3231   Biological data, e.g. finge...

Method for the encryption and decryption of data by various users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method for the encryption and decryption of data by various users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links