Method and system for the cipher key controlled exploitation of data resources, related network and computer program products

US 7,913,096 B2
Filed: 12/30/2003
Issued: 03/22/2011
Est. Priority Date: 12/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for cipher controlled exploitation of data resources stored in a remote database associated with a computer system, the method comprising the steps of:

providing a subscriber identity module carrying at least one security algorithm, said subscriber identity module not used, either directly or indirectly, by said computer system for communication with a network;

producing a cipher key via said at least one security algorithm;

using said cipher key for protecting said data resources; and

storing said protected data resources in said remote database in an encrypted format,wherein producing the cipher key comprises generating at least two random values, subjecting said at least two random values to said at least one security algorithm to generate at least two session keys, and combining said at least two session keys via a mixer function to produce a cipher key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An arrangement for the cipher controlled exploitation of data resources (e.g., securely storing and retrieving sensitive data or securely registering and logging on a computer system) includes the steps of providing a subscriber identity module carrying a security algorithm; generating at least one, e.g., two, random values; subjecting the random value to the at least one security algorithm to generate at least one, e.g., two, session keys; processing the session keys via a mixer function such as a hash function to produce a cipher key; and using the cipher key thus produced for exploiting the data resources.

21 Citations

View as Search Results

21 Claims

1. A method for cipher controlled exploitation of data resources stored in a remote database associated with a computer system, the method comprising the steps of:
- providing a subscriber identity module carrying at least one security algorithm, said subscriber identity module not used, either directly or indirectly, by said computer system for communication with a network;
  
  producing a cipher key via said at least one security algorithm;
  
  using said cipher key for protecting said data resources; and
  
  storing said protected data resources in said remote database in an encrypted format,wherein producing the cipher key comprises generating at least two random values, subjecting said at least two random values to said at least one security algorithm to generate at least two session keys, and combining said at least two session keys via a mixer function to produce a cipher key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, wherein said step of using said cipher key for protecting said data resources comprises the steps of:
    - encrypting said data resources by means of said cipher key;
      
      storing said encrypted data resources in said remote database associated with said computer system;
      
      retrieving said encrypted data resources from said remote database; and
      
      decrypting said encrypted data resources by means of said cipher key.
  - 3. The method according to claim 1, wherein said mixer function comprises a hash function.
  - 4. The method according to claim 1, comprising the step of selecting said data resources from user sensitive data or user credentials.
  - 5. The method according to claim 4, wherein said step of using said cipher key for protecting said data resources comprises the step of encrypting by means of said cipher key, said user sensitive data or said user credentials from plain text into an encrypted format.
  - 6. The method according to claim 5, wherein said step of using said cipher key for protecting said data resources comprises the step of decrypting by means of said cipher key said user sensitive data or said user credentials from an encrypted format into plain text.
  - 7. The method according to claim 5, wherein said user sensitive data or said user credentials in encrypted format have a cryptographic header associated therewith.
  - 8. The method according to claim 7, wherein said cryptographic header comprises an identifier of said subscriber identity module and a cryptographic checksum based on said cipher key, said cryptographic checksum being used for detecting any unauthorized modifications of said encrypted format.
  - 9. The method according to claim 4, wherein said data resources are user credentials and said data resources based on said user credentials are stored in said remote database in an encrypted format.
  - 10. The method according to claim 9, comprising the step of establishing a relationship between said user credentials stored in said encrypted format in said remote database and a corresponding user subscriber identity module.
  - 11. The method according to claim 10, wherein said relationship is established by means of an identifier of said subscriber identity module.
  - 12. The method according to claim 11, comprising the step of using said identifier for searching within said remote database to permit user exploitation of said user credentials.
  - 13. A non-transitory computer readable medium encoded with a computer program product loadable into a memory of at least one computer, the computer program product comprising software code portions for performing the method of claim 1.

14. A method for cipher controlled exploitation of data resources stored in a remote database associated with a computer system, the method comprising the steps of:
- providing a subscriber identity module carrying at least one security algorithm;
  
  producing a cipher key via said at least one security algorithm, wherein producing the cipher key comprises;
  
  generating at least two random values, subjecting said at least two random values to said at least one security algorithm to generate at least two session keys, and combining said at least two session keys via a mixer function to produce the cipher key;
  
  using said cipher key for protecting said data resources; and
  
  storing said protected data resources in said remote database in an encrypted format.

15. A method for cipher controlled exploitation of data resources stored in a remote database associated with a computer system, the method comprising the steps of:
- providing a subscriber identity module carrying at least one security algorithm;
  
  generating at least one random value;
  
  subjecting the at least one random value to the at least one security algorithm to generate at least one session key;
  
  providing a mixer function;
  
  inserting in the mixer function a user specific secret unrelated to said subscriber identity module security algorithm;
  
  processing the at least one session key via the mixer function to produce a cipher key,wherein the cipher key is a function of both the user specific secret and the at least one session key;
  
  using said cipher key for protecting said data resources; and
  
  storing said protected data resources in said remote database in an encrypted format.

16. A system for cipher-controlled exploitation of data resources, comprising:
- at least one subscriber identity module carrying at least one security algorithm;
  
  at least one computer system comprising at least one processing module, said subscriber identity module not used, either directly or indirectly, by said at least one computer system for communication with a network and said at least one processing module being interfaced with said at least one subscriber identity module to generate a cipher key via said at least one security algorithm and being configured to protect via said cipher key said data resources; and
  
  a remote database associated with said at least one computer system for storing said protected data resources by said cipher key in an encrypted format, wherein generating the cipher key comprises generating at least two random values, subjecting said at least two random values to said at least one security algorithm to generate at least two session keys, and combining said at least two session keys via a mixer function to produce a cipher key.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The system according to claim 16, wherein said at least one processing module is configured for:
    - encrypting said data resources by means of said cipher key;
      
      storing said encrypted data resources in said remote database associated with said at least one computer system;
      
      retrieving said encrypted data resources from said remote database; and
      
      decrypting said encrypted data resources by means of said cipher key.
  - 18. The system according to claim 16, wherein said remote database is included in said at least one computer system.
  - 19. The system according to claim 16, wherein said at least one processing module is interfaced with said at least one subscriber identity module via a smart card reader or a Bluetooth mobile terminal or an IrDA mobile terminal or a mobile terminal through a cable.
  - 20. The system according to claim 16, wherein said at least one computer system comprises a personal computer or a notebook or a laptop or a PDA, or a smart phone.
  - 21. A communication network comprising a system according to claim 16.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
Caprella, Ettore Elio, Leone, Manuel
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US10/584,864
Publication Number

US 20070079142A1
Time in Patent Office

2,639 Days
Field of Search

713/193, 713/155, 380/44, 380/273
US Class Current

713/193
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

G06F 2221/2153 Using hardware token as a s...

Method and system for the cipher key controlled exploitation of data resources, related network and computer program products

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Method and system for the cipher key controlled exploitation of data resources, related network and computer program products

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others