Method and system for the accelerated decryption of cryptographically protected user data units

US 9,571,273 B2
Filed: 10/12/2010
Issued: 02/14/2017
Est. Priority Date: 11/09/2009
Status: Active Grant

First Claim

Patent Images

1. A method for accelerated decryption of cryptographically protected user data units, comprising:

(a) generating a cryptographic key and providing the generated cryptographic key with a related key identification which is distinct and separate from the cryptographic key;

(b) asymmetrically encrypting the cryptographic key by a transmitter using a public key;

(c) encrypting at least one data unit using the generated cryptographic key;

(d) transporting the encrypted at least one data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key from the transmitter to a receiver via a transportation means;

(e) verifying, via a microprocessor, a testing unit and memory of the receiver, whether a received related key identification of a cryptographic key which is distinct and separate from the cryptographic key indicates the cryptographic key is present in a decrypted state in the receiver,wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;

(f) switching a multiplexer between selectable inputs as a function of a control signal that originates from the testing unit,wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates a first decryption unit, which is distinct and separate from a second decryption unit, for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key,wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver, andwherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and

(g) decrypting the received cryptographically encrypted at least one user data unit using the multiplexer output cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for accelerated decryption of a cryptographically protected user data unit, wherein a transmitter initially generates a cryptographic key that is provided with a related key identification. The transmitter then performs asymmetrical encryption of the generated cryptographic key using a public cryptographic key and encryption of at least one user data unit using the generated cryptographic key. The encrypted user data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key are transported to a receiver that decrypts the received asymmetrically encrypted key using a private key, if verification of the received related key identification of the cryptographic key indicates the cryptographic key is not present in a decrypted state in the receiver. The receiver then decrypts the received cryptographically encrypted user data unit using the cryptographic key in the receiver or with the cryptographic key decrypted using the private key.

Citations

16 Claims

1. A method for accelerated decryption of cryptographically protected user data units, comprising:
- (a) generating a cryptographic key and providing the generated cryptographic key with a related key identification which is distinct and separate from the cryptographic key;
  
  (b) asymmetrically encrypting the cryptographic key by a transmitter using a public key;
  
  (c) encrypting at least one data unit using the generated cryptographic key;
  
  (d) transporting the encrypted at least one data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key from the transmitter to a receiver via a transportation means;
  
  (e) verifying, via a microprocessor, a testing unit and memory of the receiver, whether a received related key identification of a cryptographic key which is distinct and separate from the cryptographic key indicates the cryptographic key is present in a decrypted state in the receiver,wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;
  
  (f) switching a multiplexer between selectable inputs as a function of a control signal that originates from the testing unit,wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates a first decryption unit, which is distinct and separate from a second decryption unit, for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key,wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver, andwherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and
  
  (g) decrypting the received cryptographically encrypted at least one user data unit using the multiplexer output cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method as claimed in claim 1, wherein if the verification of the received related key identification which is distinct and separate from the cryptographic key shows that the related cryptographic key is not yet present in the directory of the receiver, the received asymmetrically encrypted cryptographic key decrypted using the private key is stored in the directory of the receiver together with its related key identification which is distinct and separate from the cryptographic key.
  - 3. The method as claimed in claim 2, wherein the user data unit comprises a software component belonging to a software component manufacturer.
  - 4. The method as claimed in claim 1, wherein the user data unit comprises a software component belonging to a software component manufacturer.
  - 5. The method as claimed in claim 4, wherein the cryptographic key comprises a session key belonging to the software component manufacturer.
  - 6. The method as claimed in claim 1, wherein the related key identification which is distinct and separate from the cryptographic key comprises a hash value or test value of the respective cryptographic key.
  - 7. The method as claimed in claim 1, wherein the related key identification which is distinct and separate from the cryptographic key comprises a generated random number of a random number generator of a transmitter.
  - 8. The method as claimed in claim 7, wherein the encrypted user data unit, the related asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key are one of transported from the transmitter to the receiver over a network and stored on a data carrier.
  - 9. The method as claimed in claim 7, wherein the transmitter comprises a development system belonging to a software component manufacturer for the development of software components.
  - 10. The method claimed in claim 1, wherein the related key identification which is distinct and separate from the cryptographic key comprises a generated count value of a counter of the transmitter.
  - 11. The method as claimed in claim 10 wherein the encrypted user data unit, the related asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key are one of transported from the transmitter to the receiver over a network and stored on a data carrier.
  - 12. The method as claimed in claim 10, wherein the transmitter comprises a development system belonging to a software component manufacturer for the development of software components.
  - 13. The method as claimed in claim 1, wherein the receiver comprises a target system device belonging to a user for execution of software components.
  - 14. The method as claimed in claim 13, wherein the receiver comprises a memory-programmable controller.

15. A system for accelerated decryption of cryptographically protected user data units, comprising:
- (a) a transmitter including;
  
  a microprocessor;
  
  memory;
  
  a first encryption unit which asymmetrically encrypts a cryptographic key using a public key;
  
  a second encryption unit which encrypts at least one user data unit using the cryptographic key; and
  
  an interface for making available at least one encrypted user data unit, an asymmetrically encrypted cryptographic key and a related key identification of the cryptographic key which is distinct and separate from the cryptographic key;
  
  (b) a transportation device which transports the encrypted user data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key; and
  
  (c) a receiver comprising;
  
  a microprocessor;
  
  a first decryption unit;
  
  a second decryption unit, wherein the first decryption unit is distinct and separate from a second decryption unit;
  
  memory storing a plurality of key identifications and related cryptographic keys, wherein the key identifications are distinct and separate from the cryptographic keys;
  
  a testing unit which verifies, using a received related key identification of the cryptographic key which is distinct and separate from the cryptographic key, whether a received asymmetrically encrypted cryptographic key is already present in an encrypted form in the directory of the receiver, the testing unit accessing the memory to perform a verification,wherein the verification comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;
  
  wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;
  
  a multiplexer that switches between selectable inputs as a function of a control signal that originates from the testing unit,wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates the first decryption unit for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key,wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver,wherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and
  
  wherein decrypting the received cryptographically encrypted at least one user data unit using multiplexer output cryptographic key.

16. A receiver for a system for accelerated decryption of cryptographically protected user data units, comprising:
- a microprocessor;
  
  a first decryption unit;
  
  a second decryption unit, wherein the first decryption unit is distinct and separate from a second decryption unit;
  
  memory storing a plurality of key identifications and related cryptographic keys, wherein the key identifications are distinct and separate from the cryptographic keys;
  
  a testing unit which verifies, using a received related key identification of the cryptographic key which is distinct and separate from the cryptographic key, whether a received asymmetrically encrypted cryptographic key is already present in an encrypted form in the directory of the receiver, the testing unit accessing the memory to perform a verification,wherein the verification comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;
  
  wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;
  
  a multiplexer that switches between selectable inputs as a function of a control signal that originates from the testing unit,wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates the first decryption unit for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key,wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver,wherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and
  
  wherein decrypting the received cryptographically encrypted at least one user data unit in an accelerated manner using multiplexer output cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Braun, Michael, Dichtl, Markus, Meyer, Bernd
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Baum, Ronald

Application Number

US13/508,707
Publication Number

US 20120321088A1
Time in Patent Office

2,317 Days
Field of Search

380/282
US Class Current

1/1
CPC Class Codes

H04L 9/0825 using asymmetric-key encryp...

Method and system for the accelerated decryption of cryptographically protected user data units

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for the accelerated decryption of cryptographically protected user data units

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links