Method and apparatus for encrypting/decrypting data

US 9,276,739 B2
Filed: 06/29/2007
Issued: 03/01/2016
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting data comprising:

communicating, by at least one processor, with a biometric device configured to collect a noisy source of data;

obtaining, by the at least one processor, a noisy source of key information based at least partially on the noisy source of data;

generating, by the at least one processor, a first key based at least partially on the noisy source of key information;

distributing, by the at least one processor, unique segments of the noisy source of key information across multiple encryption keys such that at least one of the multiple encryption keys include a segment that is not present in other encryption keys of the multiple encryption keys;

encoding, by the at least one processor, the data by distributing the data redundantly among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys; and

encrypting, by the at least one processor, each group by the respective associated encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of encrypting data using a first key and multiple encryption keys at least in part based on the first key. The method includes encoding the data into a redundant representation by distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys, each encryption key being associated with at least one group, the redundant representation allowing recovery of the data in the absence of the groups associated with the at least one of the multiple encryption keys, and encrypting each group by the respective associated encryption key.

29 Citations

View as Search Results

26 Claims

1. A method of encrypting data comprising:
- communicating, by at least one processor, with a biometric device configured to collect a noisy source of data;
  
  obtaining, by the at least one processor, a noisy source of key information based at least partially on the noisy source of data;
  
  generating, by the at least one processor, a first key based at least partially on the noisy source of key information;
  
  distributing, by the at least one processor, unique segments of the noisy source of key information across multiple encryption keys such that at least one of the multiple encryption keys include a segment that is not present in other encryption keys of the multiple encryption keys;
  
  encoding, by the at least one processor, the data by distributing the data redundantly among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys; and
  
  encrypting, by the at least one processor, each group by the respective associated encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the groups are configured to allow recovery of the data when an encryption key and decryption key pair do not correspond.
  - 3. The method of claim 1, wherein the multiple encryption keys comprise at least three encryption keys and the data is distributed across three groups.
  - 4. The method of claim 1, wherein key information used to form the respective encryption keys is disjunctive.
  - 5. The method of claim 1, wherein the noisy source of data comprises biometric information.
  - 6. The method of claim 1, wherein key information used to form a respective one of the multiple encryption keys comprises:
    - noisy identity information, andnoise-free identity information.
  - 7. The method of claim 1, wherein key information used to form each respective encryption key comprises:
    - noisy information, anda descriptor identifying a relationship of the noisy information with one or more sources of key information.
  - 8. The method of claim 1, wherein the encoding further comprises at least one of:
    - applying, by the at least one processor, a secret sharing scheme wherein the shares are distributed among groups, andincorporating, by the at least one processor, an error-detecting code in a respective group, the error-detecting code covering at least the data comprised in the group.
  - 9. The method of claim 1, wherein the encoding further comprises incorporating, by the at least one processor, an error-correcting code in the groups.
  - 10. The method of claim 9, wherein each group comprises multiple symbols, each multiple symbol of each group being part of a codeword of the error-correcting code, and every codeword comprising at most one symbol of the respective group.

11. A method of decrypting encrypted data comprising:
- communicating, by at least one processor, with a biometric device configured to collect a noisy source of data;
  
  obtaining, by the at least one processor, a noisy source of key information based at least partially on the noisy source of data;
  
  generating, by the at least one processor, a first key and a second key for forming an estimate of an encryption/decryption key pair, wherein the second key comprises data from the noisy source of key information;
  
  decrypting, by the at least one processor, the encrypted data using multiple decryption keys in which each of the multiple decryption keys contain a unique segment of the noisy source of key information such that at least one of the multiple decryption keys includes a segment of the noisy source of key information that is not present in other decryption keys of the multiple decryption keys;
  
  decrypting, by the at least one processor, at least one or more encrypted groups using a respective decryption key of the multiple decryption keys that is associated with the encryption key used to encrypt the group; and
  
  decoding, by the at least one processor, the data from the at least one or more decrypted groups by extracting content related to the data from at least one or more decrypted groups.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein decoding the data comprises at least one of:
    - using, by the at least one processor, a secret sharing scheme on shares comprised in multiple decrypted groups, andvalidating, by the at least one processor, a respective group by verifying an error-detecting code incorporated in the decrypted group.
  - 13. The method of claim 11, wherein decoding the data comprises:
    - error-correcting, by the at least one processor, at least one or more decrypted groups using an error-correcting code, andextracting, by the at least one processor, content related to the data in the at least one or more decrypted groups.

14. An apparatus for encrypting data comprising:
- a biometric device configured to collect a noisy source of data;
  
  a memory;
  
  at least one processor coupled to the memory and the biometric device, the at least one processor being configured to;
  
  communicate with the biometric device;
  
  obtain a noisy source of key information based at least partially on the noisy source of data;
  
  generate a first key based at least partially on the noisy source of key information;
  
  distribute unique segments of the noisy source of key information across multiple encryption keys such that at least one of the multiple encryption keys include a segment that is not present in other encryption keys of the multiple encryption keys;
  
  distribute data redundantly among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys; and
  
  encrypt each group using the respective associated encryption key.

15. An apparatus for decrypting encrypted data comprising:
- a biometric device configured to collect a noisy source of data;
  
  a memory;
  
  at least one processor coupled to the memory and the biometric device, the at least one processor configured to;
  
  communicate with the biometric device;
  
  obtain a noisy source of key information based at least partially on the noisy source of data;
  
  generate a first key and a second key forming an estimate of an encryption/decryption key pair, wherein the second key comprises data from the noisy source of key information;
  
  decrypt the encrypted data using multiple decryption keys in which each of the multiple decryption keys contain a unique segment of the noisy source of key information such that at least one of the multiple decryption keys includes a segment of the noisy source of key information that is not present in other decryption keys of the multiple decryption keys;
  
  decrypt at least one or more encrypted groups with the respective decryption key associated with the encryption key used to encrypt the group; and
  
  decode original data from the at least one or more decrypted groups by extracting content related to the original data from at least one or more decrypted groups.

16. A non-transitory computer-readable medium storing a computer program, the computer program comprising instructions which, when executed, cause at least one processor to:
- communicate with a biometric device configured to collect a noisy source of data;
  
  obtain a noisy source of key information based at least partially on the noisy source of data;
  
  generate a first key based at least partially on the noisy source of key information;
  
  distribute unique segments of the noisy source of key information across multiple encryption keys such that at least one of the multiple encryption keys include a segment that is not present in other encryption keys of the multiple encryption keys;
  
  encode the data by distributing the data redundantly among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys; and
  
  encrypt each group by the respective associated encryption key.

17. An apparatus for encrypting data comprising:
- a biometric device configured to collect a noisy source of data;
  
  a memory;
  
  at least one processor coupled to the memory and the biometric device, the at least one processor being configured to;
  
  communicate with the biometric device to generate a noisy feature vector based on the noisy source of data, the noisy feature vector representing an estimate of at least one physical feature of a user;
  
  generate multiple encryption keys such that each encryption key is based at least partially on a unique segment of the noisy feature vector;
  
  distribute data among a number of groups such that each group comprises at least a partially redundant representation of the data, the groups allowing recovery of the data, if decryption of some of the groups is unsuccessful, each group being associated with an encryption key of the multiple encryption keys; and
  
  encrypt each group using an associated encryption key of the multiple encryption keys.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The apparatus for encrypting data of claim 17, wherein each encryption key is further based on a unique segment of noise free identity information.
  - 19. The apparatus for encrypting data of claim 17, wherein decryption of a given group is unsuccessful when there is a difference between the noisy feature vector used to generate the encryption key for encrypting the given group and the noisy feature vector used to generate a decryption key for decrypting the given group.
  - 20. The apparatus for encrypting data of claim 17, wherein recovery of the data is allowed when decryption of at most three groups is unsuccessful.
  - 21. The apparatus for encrypting data of claim 17, wherein each group of data further comprises an error detecting code.

22. An apparatus for decrypting data comprising:
- a biometric device to collect a noisy source of data;
  
  a memory;
  
  at least one processor coupled to the memory and the biometric device, the at least one processor being configured to;
  
  communicate with the biometric device to generate a noisy feature vector based on the noisy source of data, the noisy feature vector representing an estimate of at least one physical feature of a user;
  
  generate multiple decryption keys such that each decryption key is based at least partially on a unique segment of the noisy feature vector;
  
  decrypt a number of groups of data using at least one of the multiple decryption keys, each group of data comprising at least a partially redundant portion of original data such that recovery of the original data is possible, if decryption of some of the groups is unsuccessful; and
  
  recover the original data by extracting information from at least one encrypted group of data that is successfully decrypted with at least one of the multiple decryption keys.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The apparatus for decrypting data of claim 22, wherein each decryption key is further based on a unique segment of noise free identity information.
  - 24. The apparatus for decrypting data of claim 22, wherein decryption of a given group is unsuccessful when there is a difference between the noisy feature vector used to generate an encryption key for encrypting the given group and the noisy feature vector used to generate the decryption key for decrypting the given group.
  - 25. The apparatus for decrypting data of claim 22, wherein recovery of the data is allowed when decryption of at most three groups is unsuccessful.
  - 26. The apparatus for decrypting data of claim 22, wherein each group of data further comprises an error detecting code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips N.V.
Original Assignee
Koninklijke Philips N.V.
Inventors
Celik, Mehmet Utku, Skoric, Boris, Tuyls, Pim Theo
Primary Examiner(s)
Schwartz, Darren B

Application Number

US12/305,063
Publication Number

US 20090208019A1
Time in Patent Office

3,168 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0478   applying multiple layers of...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

Method and apparatus for encrypting/decrypting data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for encrypting/decrypting data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links