Method and system for the accelerated decryption of cryptographically protected user data units
First Claim
1. A method for accelerated decryption of cryptographically protected user data units, comprising:
- (a) generating a cryptographic key and providing the generated cryptographic key with a related key identification which is distinct and separate from the cryptographic key;
(b) asymmetrically encrypting the cryptographic key by a transmitter using a public key;
(c) encrypting at least one data unit using the generated cryptographic key;
(d) transporting the encrypted at least one data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key from the transmitter to a receiver via a transportation means;
(e) verifying, via a microprocessor, a testing unit and memory of the receiver, whether a received related key identification of a cryptographic key which is distinct and separate from the cryptographic key indicates the cryptographic key is present in a decrypted state in the receiver,wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory;
(f) switching a multiplexer between selectable inputs as a function of a control signal that originates from the testing unit,wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates a first decryption unit, which is distinct and separate from a second decryption unit, for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key,wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver, andwherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and
(g) decrypting the received cryptographically encrypted at least one user data unit using the multiplexer output cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for accelerated decryption of a cryptographically protected user data unit, wherein a transmitter initially generates a cryptographic key that is provided with a related key identification. The transmitter then performs asymmetrical encryption of the generated cryptographic key using a public cryptographic key and encryption of at least one user data unit using the generated cryptographic key. The encrypted user data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key are transported to a receiver that decrypts the received asymmetrically encrypted key using a private key, if verification of the received related key identification of the cryptographic key indicates the cryptographic key is not present in a decrypted state in the receiver. The receiver then decrypts the received cryptographically encrypted user data unit using the cryptographic key in the receiver or with the cryptographic key decrypted using the private key.
-
Citations
16 Claims
-
1. A method for accelerated decryption of cryptographically protected user data units, comprising:
-
(a) generating a cryptographic key and providing the generated cryptographic key with a related key identification which is distinct and separate from the cryptographic key; (b) asymmetrically encrypting the cryptographic key by a transmitter using a public key; (c) encrypting at least one data unit using the generated cryptographic key; (d) transporting the encrypted at least one data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key from the transmitter to a receiver via a transportation means; (e) verifying, via a microprocessor, a testing unit and memory of the receiver, whether a received related key identification of a cryptographic key which is distinct and separate from the cryptographic key indicates the cryptographic key is present in a decrypted state in the receiver, wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory; (f) switching a multiplexer between selectable inputs as a function of a control signal that originates from the testing unit, wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates a first decryption unit, which is distinct and separate from a second decryption unit, for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key, wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver, and wherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and (g) decrypting the received cryptographically encrypted at least one user data unit using the multiplexer output cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for accelerated decryption of cryptographically protected user data units, comprising:
-
(a) a transmitter including; a microprocessor; memory; a first encryption unit which asymmetrically encrypts a cryptographic key using a public key; a second encryption unit which encrypts at least one user data unit using the cryptographic key; and an interface for making available at least one encrypted user data unit, an asymmetrically encrypted cryptographic key and a related key identification of the cryptographic key which is distinct and separate from the cryptographic key; (b) a transportation device which transports the encrypted user data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key which is distinct and separate from the cryptographic key; and (c) a receiver comprising; a microprocessor; a first decryption unit; a second decryption unit, wherein the first decryption unit is distinct and separate from a second decryption unit; memory storing a plurality of key identifications and related cryptographic keys, wherein the key identifications are distinct and separate from the cryptographic keys; a testing unit which verifies, using a received related key identification of the cryptographic key which is distinct and separate from the cryptographic key, whether a received asymmetrically encrypted cryptographic key is already present in an encrypted form in the directory of the receiver, the testing unit accessing the memory to perform a verification, wherein the verification comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory; wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory; a multiplexer that switches between selectable inputs as a function of a control signal that originates from the testing unit, wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates the first decryption unit for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key, wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver, wherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and wherein decrypting the received cryptographically encrypted at least one user data unit using multiplexer output cryptographic key.
-
-
16. A receiver for a system for accelerated decryption of cryptographically protected user data units, comprising:
-
a microprocessor; a first decryption unit; a second decryption unit, wherein the first decryption unit is distinct and separate from a second decryption unit; memory storing a plurality of key identifications and related cryptographic keys, wherein the key identifications are distinct and separate from the cryptographic keys; a testing unit which verifies, using a received related key identification of the cryptographic key which is distinct and separate from the cryptographic key, whether a received asymmetrically encrypted cryptographic key is already present in an encrypted form in the directory of the receiver, the testing unit accessing the memory to perform a verification, wherein the verification comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory; wherein the verifying comprises reading out of a directory, located in the memory of the receiver, to determine whether the directory contains at least one previously decrypted session key with associated key identification of the respective session key, the respective session key previously decrypted via a public key method as set up or updated for storage in the directory; a multiplexer that switches between selectable inputs as a function of a control signal that originates from the testing unit, wherein upon the testing unit finding the cryptographic key not already present in stored form in the directory of the receiver, the control signal activates the first decryption unit for decryption of the received asymmetrical encrypted key using the private key resulting in selecting for the multiplexer output the first decryption unit decrypted received asymmetrical encrypted key, wherein upon the testing unit finding the cryptographic key already present in stored form in the directory of the receiver, no resulting activation of the first decryption unit for decryption of the received asymmetrical encrypted key using the private key occurs, resulting in selecting for the multiplexer output the cryptographic key already present in stored form in the directory of the receiver, wherein the multiplexer output of the cryptographic key is passed to the second decryption unit; and wherein decrypting the received cryptographically encrypted at least one user data unit in an accelerated manner using multiplexer output cryptographic key.
-
Specification