Secure sharing of item level data in the cloud

US 8,811,620 B2
Filed: 02/14/2011
Issued: 08/19/2014
Est. Priority Date: 02/14/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, the method comprising:

determining, by one or more processors, a random number from the tag, the random number being unique to the item;

selecting, by the one or more processors, a first integer and a second integer from a multiplicative group of prime integers;

generating, by the one or more processors, a first public key based on the first integer and a first key based on the second integer;

generating, by the one or more processors, an identifier based on the first public key and the random number, the identifier being used to locate and identify encrypted data associated with the tag within a central repository of the supply chain;

generating, by the one or more processors, a second key based on the first key and the random number;

encrypting, by the one or more processors, the data using the second key to provide the encrypted data;

transmitting, by the one or more processors, a tuple over a network; and

storing the transmitted tuple in the central repository, the central repository comprising a persistent storage device, and the tuple comprising the identifier and the encrypted data and being absent from the tag.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations of the present disclosure are directed to sharing data in a supply chain, the data corresponding to an item having a tag associated therewith. Methods include determining a random number from the tag, the random number being unique to the item, selecting a first integer and a second integer, generating a first public key based on the first integer and a semi-public key based on the second integer, generating an identifier based on the first public key and the random number, generating a key based on the semi-public key and the random number, encrypting the data using the key to provide encrypted data, defining a tuple comprising the identifier and the encrypted data, and transmitting the tuple over a network for storage in a persistent storage device.

50 Citations

View as Search Results

17 Claims

1. A computer-implemented method of sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, the method comprising:
- determining, by one or more processors, a random number from the tag, the random number being unique to the item;
  
  selecting, by the one or more processors, a first integer and a second integer from a multiplicative group of prime integers;
  
  generating, by the one or more processors, a first public key based on the first integer and a first key based on the second integer;
  
  generating, by the one or more processors, an identifier based on the first public key and the random number, the identifier being used to locate and identify encrypted data associated with the tag within a central repository of the supply chain;
  
  generating, by the one or more processors, a second key based on the first key and the random number;
  
  encrypting, by the one or more processors, the data using the second key to provide the encrypted data;
  
  transmitting, by the one or more processors, a tuple over a network; and
  
  storing the transmitted tuple in the central repository, the central repository comprising a persistent storage device, and the tuple comprising the identifier and the encrypted data and being absent from the tag.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising generating a value based on the first key and the random number, wherein generating an encryption key is based on a pseudo-random function that maps the value to the second key.
  - 3. The method of claim 1, further comprising providing the first public key to a second party, the second party seeking access to the encrypted data.
  - 4. The method of claim 3, further comprising transmitting the first key to a second party, the second party seeking access to the encrypted data.
  - 5. The method of claim 4, further comprising transmitting the random number to the second party.
  - 6. The method of claim 1, further comprising:
    - selecting from a multiplicative group of prime integers, a third integer;
      
      generating a second public key based on the first integer, the third integer, and the random number; and
      
      transmitting the second public key over the network for storing the second public key in the persistent storage device, the second public key used by the persistent storage device to determine the storing of the tuple.
  - 7. The method of claim 1, wherein a first party generates the second key and transmits the second key to a second party to enable the second party to access to the tuple for the item.
  - 8. The method of claim 1, wherein a first party generates the second key and the identifier and transmits the second key and the identifier to a second party to enable the second party to access to data corresponding to items that the second party possessed.
  - 9. The method of claim 1, wherein a first party generates the second key and the identifier and transmits the second key and the identifier to a second party to enable the second party to access data corresponding to items that the first party possessed.

10. A computer-implemented method of sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, the method comprising:
- receiving, by one or more processors, at least one of a first key and a second key from a second party;
  
  identifying, by the one or more processors, a public key associated with the second party based on the first key and the second key;
  
  generating, by the one or more processors, a query based on a random number, the random number being unique to the item;
  
  transmitting, by the one or more processors, the query over a network to a third party;
  
  receiving, by the one or more processors, from the third party, one or more tuples identified by the third party based on the query, each tuple of the one or more tuples being absent from the tag and comprising respective encrypted data; and
  
  decrypting, by the one or more processors, the encrypted data based on at least one of the first key and the second key.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprising determining an identifier based on the public key and a random number, the random number being unique to the item, the query comprising the identifier.
  - 12. The method of claim 10, further comprising generating a value based on the random number, the query comprising the value.
  - 13. The method of claim 10, wherein a first party generates the second key and transmits the second key to a second party to enable the second party to access to the tuple for the item.
  - 14. The method of claim 10, wherein a first party generates the second key and the identifier and transmits the second key and the identifier to a second party to enable the second party to access to data corresponding to items that the second party possessed.
  - 15. The method of claim 10, wherein a first party generates the second key and the identifier and transmits the second key and the identifier to a second party to enable the second party to access data corresponding to items that the first party possessed.

16. A non-transitory computer-readable storage medium coupled to one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, the operations comprising:
- determining a random number from the tag, the random number being unique to the item;
  
  selecting a first integer and a second integer from a multiplicative group of prime integers;
  
  generating a first public key based on the first integer and a first key based on the second integer;
  
  generating an identifier based on the first public key and the random number, the identifier being used to locate and identify encrypted data associated with the tag within a central repository of the supply chain;
  
  generating a second key based on the first key and the random number;
  
  encrypting the data using the second key to provide the encrypted data;
  
  transmitting a tuple over a network; and
  
  storing the transmitted tuple in the central repository, the central repository comprising a persistent storage device, and the tuple comprising the identifier and the encrypted data and being absent from the tag.

17. A system for sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, the system comprising:
- one or more computers; and
  
  a non-transitory computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising;
  
  determining a random number from the tag, the random number being unique to the item;
  
  selecting from a multiplicative group of prime integers, a first integer and a second integer;
  
  generating a first public key based on the first integer and a first key based on the second integer;
  
  generating an identifier based on the first public key and the random number, the identifier being used to locate and identify encrypted data associated to the tag within a central repository of the supply chain;
  
  generating a second key based on the first key and the random number;
  
  encrypting the data using the second key to provide the encrypted data;
  
  andtransmitting a tuple over a network;
  
  storing the transmitted tuple in the central repository, the central repository comprising a persistent storage device, and the tuple comprising the identifier and the encrypted data and being absent from the tag.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP AG (SAP SE)
Original Assignee
SAP AG (SAP SE)
Inventors
Chaves, Leonardo Weiss F., Kerschbaum, Florian
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Baum, Ronald

Application Number

US13/026,625
Publication Number

US 20120210118A1
Time in Patent Office

1,282 Days
Field of Search

380/282
US Class Current

380/282
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0866   involving user or device id...

Secure sharing of item level data in the cloud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure sharing of item level data in the cloud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links