Method and system for protecting data, related communication network and computer program product

US 7,844,834 B2
Filed: 12/30/2003
Issued: 11/30/2010
Est. Priority Date: 12/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for securely storing at least one user'"'"'s private information item, the method comprising the steps of:

allotting to said user a respective subscriber identity module, said subscriber identity module storing at least one security algorithm;

producing at least one cipher key via said at least one security algorithm by;

generating one or more random values,receiving from the subscriber identity module one or more session keys determined based on at least the one or more generated random values, andproducing the at least one cipher key based on at least the one or more session keys;

storing the user'"'"'s private information item in a file encrypted via said at least one cipher key;

inserting into the file a cryptographic header comprising the one or more random values and a cryptographic control checksum for detecting unauthorized modifications to the file;

storing the encrypted file at a remote storing location accessible by the user via a communication network;

receiving a user'"'"'s request for said user'"'"'s private information item via said communication network;

authenticating said requesting user with said remote storing location by at least one interworking function comprising;

interfacing said subscriber identity module with said interworking function,checking if said subscriber identity module is included in a list of subscriber identity modules enabled within the framework of said communication network, andif said subscriber identity module is enabled, causing said interworking function to generate at least one access key, said at least one access key being used to access said at least one private item stored as an encrypted file in said remote storing location;

sending via said communication network said requested user'"'"'s private information item to said requesting user as said encrypted file; and

enabling decryption of said encrypted file at said requesting user by means of said at least one cipher key to retrieve said requested user'"'"'s private information item.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securely storing at least one user'"'"'s private information item, such as a private key for cipher processing, includes the steps of providing a communication network wherein the user is allotted a respective subscriber identity module and the subscriber identity module stores at least one security algorithm; producing a cipher key via the at least one security algorithm; and providing a remote storing location accessible by the user via the communication network wherein the user'"'"'s private information items are stored as files encrypted via the cipher key.

Citations

14 Claims

1. A method for securely storing at least one user'"'"'s private information item, the method comprising the steps of:
- allotting to said user a respective subscriber identity module, said subscriber identity module storing at least one security algorithm;
  
  producing at least one cipher key via said at least one security algorithm by;
  
  generating one or more random values,receiving from the subscriber identity module one or more session keys determined based on at least the one or more generated random values, andproducing the at least one cipher key based on at least the one or more session keys;
  
  storing the user'"'"'s private information item in a file encrypted via said at least one cipher key;
  
  inserting into the file a cryptographic header comprising the one or more random values and a cryptographic control checksum for detecting unauthorized modifications to the file;
  
  storing the encrypted file at a remote storing location accessible by the user via a communication network;
  
  receiving a user'"'"'s request for said user'"'"'s private information item via said communication network;
  
  authenticating said requesting user with said remote storing location by at least one interworking function comprising;
  
  interfacing said subscriber identity module with said interworking function,checking if said subscriber identity module is included in a list of subscriber identity modules enabled within the framework of said communication network, andif said subscriber identity module is enabled, causing said interworking function to generate at least one access key, said at least one access key being used to access said at least one private item stored as an encrypted file in said remote storing location;
  
  sending via said communication network said requested user'"'"'s private information item to said requesting user as said encrypted file; and
  
  enabling decryption of said encrypted file at said requesting user by means of said at least one cipher key to retrieve said requested user'"'"'s private information item.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the at least one security algorithm further performs steps of:
    - subjecting the one or more random values to said at least one security algorithm to generate at least two session keys; and
      
      mixing said at least two session keys via a mixer function to produce said at least one cipher key.
  - 3. The method according to claim 2, wherein said mixer function is a hash function.
  - 4. The method according to claim 3, comprising the step of including in said mixer function a user specific secret, whereby said at least one cipher key is unpredictable even on the basis of knowledge of any keys stored in said subscriber identity module.
  - 5. The method according to claim 1, wherein the cryptographic header further comprises at least one of a random vector and a version string associated with the at least one security algorithm.
  - 6. The method according to claim 1, comprising the step of accepting said user'"'"'s request subservient to said requesting user'"'"'s authentication with said remote storing location.
  - 7. The method according to claim 6, wherein the step of accepting said user'"'"'s request subservient to said requesting user'"'"'s authentication with said remote storing location comprises the step of authenticating said requesting user with said remote storing location by at least one of the following identity items:
    - user name, password, one-time password, biometric systems, or SIM-based authentication.
  - 8. The method according to claim 1, wherein said step of causing said interworking function to generate at least one access key comprises the steps of:
    - generating at least one random number;
      
      sending said at least one random number in the form of an authentication challenge;
      
      monitoring at least one response to said authentication challenge;
      
      determining successful authentication of said user based on said at least one response; and
      
      generating at least said access key based on at least one entity selected from a group consisting of said at least one random number and said at least one response.

9. A system for securely storing at least one user'"'"'s private information item, the system comprising:
- a subscriber identity module, said subscriber identity module storing at least one security algorithm;
  
  a user terminal comprising a processing module, said processing module being able to be connected with said subscriber identity module for producing a cipher key via said at least one security algorithm by;
  
  generating one or more random values,receiving from the subscriber identity module one or more session keys determined based on at least the one or more generated random values, andproducing the cipher key based on at least the one or more session keys;
  
  encrypting a file via the cipher key, wherein the file stores the user'"'"'s private information item; and
  
  inserting into the file a cryptographic header comprising the one or more random values and a cryptographic control checksum for detecting unauthorized modifications to the encrypted file;
  
  a remote storing location accessible by said user via a communication network, said remote storing location configured for storing the file; and
  
  an interworkinq server for authenticating said user with said remote storing location when said user requests said file by;
  
  interfacing said subscriber identity module with said interworking server,checking if said subscriber identity module is included in a list of subscriber identity modules enabled within the framework of said communication network, andif said subscriber identity module is enabled, causing said interworking server to generate at least one access key, said at least one access key being used to access said private information item stored as an encrypted file in said remote storing location.
- View Dependent Claims (10, 11)
- - 10. The system according to claim 9, wherein said user terminal comprises a personal computer or a notebook or a laptop or a PDA, or a smart phone.
  - 11. The system according to claim 9, wherein said user terminal is connected to said subscriber identity module via at least one of a smart card reader, a Bluetooth mobile terminal, an IrDA mobile terminal, and a mobile terminal connected to a cable.

12. A communication network comprising a system for securely storing at least one user'"'"'s private information item, the system comprising:
- a subscriber identity module, said subscriber identity module storing at least one security algorithm;
  
  a user terminal comprising a processing module, said processing module being able to be connected with said subscriber identity module for producing a cipher key via said at least one security algorithm by;
  
  generating one or more random values,receiving from the subscriber identity module one or more session keys determined based on at least the one or more generated random values, andproducing the cipher key based on at least the one or more session keys;
  
  encrypting a file via the cipher key, wherein the file stores the user'"'"'s private information item; and
  
  inserting into the file a cryptographic header comprising the one or more random values and a cryptographic control checksum for detecting unauthorized modifications to the encrypted file;
  
  a remote storing location accessible by said user via the communication network, said remote storing location configured for storing the file; and
  
  an interworking server for authenticating said user with said remote storing location when said user requests said file by;
  
  interfacing said subscriber identity module with said interworking server,checking if said subscriber identity module is included in a list of subscriber identity modules enabled within the framework of said communication network, andif said subscriber identity module is enabled, causing said interworking server to generate at least one access key, said at least one access key being used to access said user'"'"'s private information item stored as an encrypted file in said remote storing location.

13. A non-transitory computer readable medium storing instructions for execution on at least one computer, the instructions including software code portions capable of performing a method for securely storing at least one user'"'"'s private information item, the method comprising:
- producing at least one cipher key via at least one security algorithm by;
  
  generating one or more random values,receiving one or more session keys determined based on at least the one or more generated random values, andproducing the at least one cipher key based on at least the one or more session keys;
  
  inserting into the file a cryptographic header comprising the one or more random values and a cryptographic control checksum for detecting unauthorized modifications to the file;
  
  storing the user'"'"'s private information item in a file encrypted using the at least one cipher key;
  
  receiving a user'"'"'s request for said user'"'"'s private information item via said communication network;
  
  authenticating said requesting user with said remote storing location by at least one interworking function comprising;
  
  interfacing said subscriber identity module with said interworkinq function,checking if said subscriber identity module is included in a list of subscriber identity modules enabled within the framework of said communication network, andif said subscriber identity module is enabled, causing said interworking function to generate at least one access key, said at least one access key being used to access said at least one private item stored as an encrypted file in said remote storing location;
  
  sending via said communication network said requested user'"'"'s private information item to said requesting user as said encrypted file; and
  
  enabling decryption of said encrypted file at said requesting user by means of said at least one cipher key to retrieve said requested user'"'"'s private information item.

14. A method for securely storing at least one user'"'"'s private information item, the method comprising:
- producing at least one cipher key via at least one security algorithm;
  
  generating one or more random values,receiving from the subscriber identity module one or more session keys determined based on at least the one or more generated random values, andproducing the at least one cipher key based on at least the one or more session keys; and
  
  storing the user'"'"'s private information item in a file encrypted using the at least one cipher key;
  
  inserting into the file a cryptographic header comprising the one or more random values and a cryptographic control checksum for detecting unauthorized modifications to the file;
  
  receiving a user'"'"'s request for said user'"'"'s private information item via said communication network;
  
  authenticating said requesting user with said remote storing location by at least one interworking function comprising;
  
  interfacing said subscriber identity module with said interworking function,checking if said subscriber identity module is included in a list of subscriber identity modules enabled within the framework of said communication network, andif said subscriber identity module is enabled, causing said interworking function to generate at least one access key, said at least one access key being used to access said at least one private item stored as an encrypted file in said remote storing location;
  
  sending via said communication network said requested user'"'"'s private information item to said requesting user as said encrypted file; and
  
  enabling decryption of said encrypted file at said requesting user by means of said at least one cipher key to retrieve said requested user'"'"'s private information item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
Caprella, Ettore Elio, Leone, Manuel
Primary Examiner(s)
Chen; Shin-Hon

Application Number

US10/584,912
Publication Number

US 20070055873A1
Time in Patent Office

2,527 Days
Field of Search

713/193, 713/155, 380/44, 380/273
US Class Current

713/193
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

Method and system for protecting data, related communication network and computer program product

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting data, related communication network and computer program product

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links