Secure printing with authenticated printer key

US 20030105963A1
Filed: 12/05/2001
Published: 06/05/2003
Est. Priority Date: 12/05/2001
Status: Active Grant

First Claim

Patent Images

1. A method for securely storing a public key for encryption of data in a computing device, the method using a user-specific key pair which is securely stored in the computing device, the method comprising:

a receiving step of receiving a target public key corresponding to a target device;

an obtaining step of obtaining a user-specific key pair from a secure registry;

a key encrypting step of using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key;

a storing step of storing the target key verifier and the target public key in a storage area;

a retrieving step of retrieving the target key verifier and the target public key from the storage area;

a verification step of applying a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key; and

a data encrypting step of encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Securely storing a public key for encryption of data in a computing device by using a user-specific key pair which is securely stored in the computing device, including receiving a target public key corresponding to a target device, obtaining a user-specific key pair from a secure registry, using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key, storing the target key verifier and the target public key in a storage area, retrieving the target key verifier and the target public key from the storage area, applying a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key, and encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.

176 Citations

26 Claims

1. A method for securely storing a public key for encryption of data in a computing device, the method using a user-specific key pair which is securely stored in the computing device, the method comprising:
- a receiving step of receiving a target public key corresponding to a target device;
  
  an obtaining step of obtaining a user-specific key pair from a secure registry;
  
  a key encrypting step of using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key;
  
  a storing step of storing the target key verifier and the target public key in a storage area;
  
  a retrieving step of retrieving the target key verifier and the target public key from the storage area;
  
  a verification step of applying a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key; and
  
  a data encrypting step of encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 24, 25, 26)
- - 2. A method according to claim 1, wherein the user-specific key pair is obtained from a key function call which is supported by an operating system executing in the computing device.
  - 3. A method according to claim 2, wherein the operating system securely maintains a user-specific key pair for each of a plurality of users of the computing device.
  - 4. A method according to claim 3, wherein each user-specific key pair can only be accessed by providing the operating system with user identification data corresponding to the user-specific key pair.
  - 5. A method according to claim 1, wherein the target key verifier created in the key encrypting step is an encrypted version of the target public key.
  - 6. A method according to claim 5, wherein the target key verifier is created by encrypting the target public key with the user-specific private key using an encryption algorithm.
  - 7. A method according to claim 5, wherein the verification step includes decrypting the target key verifier with the user-specific public key using a decryption algorithm.
  - 8. A method according to claim 7, wherein the verification step further includes using a key verification algorithm to compare the decrypted target key verifier to the target public key for verifying the authenticity of the target public key.
  - 9. A method according to claim 8, wherein the verification step is performed by a verification function call which is supported by an operating system executing in the computing device.
  - 10. A method according to claim 1, wherein the target key verifier created in the key encrypting step is a digital signature of the target public key.
  - 11. A method according to claim 10, wherein the digital signature of the target public key is created by applying a hashing algorithm to the target public key to obtain a target key hash, and then encrypting the target key hash with the user-specific private key using an encryption algorithm.
  - 12. A method according to claim 10, wherein the digital signature of the target public key is created by applying a hashing algorithm to the target public key to obtain a target key hash, and then subjecting the target key hash to a security algorithm.
  - 13. A method according to claim 12, wherein the verification step includes decrypting the target key verifier with the user-specific public key using a decryption algorithm to obtain a decrypted target key hash.
  - 14. A method according to claim 13, wherein the verification step further includes reapplying a hashing algorithm to the target public key to obtain a new target key hash and using a hash verification algorithm to compare the decrypted target key hash to the new target key hash for verifying the authenticity of the target public key.
  - 15. A method according to claim 14, wherein the verification step is performed by a verification function call which is supported by an operating system executing in the computing device.
  - 16. A method according to claim 1, wherein the receiving step includes applying a hashing algorithm to the received target public key to obtain a received target key hash and using a hash verification algorithm to compare the received target key hash to a test target key hash for verifying the authenticity of the received target public key.
  - 17. A method according to claim 16, wherein the test target key hash is input by a user.
  - 18. A method according to claim 17, wherein the target device is a printer and wherein the test target key hash is obtained from a test page printed by the printer.
  - 19. A method according to claim 1, wherein the target device is a printer and the target public key is a printer public key.
  - 20. A method according to claim 19, wherein, in the receiving step, the printer public key is received in response to a key request sent to the printer.
  - 21. A method according to claim 19, wherein the method is performed in a printer driver executing on the computing device.
  - 24. A computing device for authenticating a public key for encryption of data, said computing device comprising:
    - a program memory for storing process steps executable to perform a method according to any of claims 1 to 23; and
      
      a processor for executing the process steps stored in said program memory.
  - 25. Computer-executable process steps stored on a computer readable medium, said computer-executable process steps for authenticating a public key for encryption of data, said computer-executable process steps comprising process steps executable to perform a method according to any of claims 1 to 23.
  - 26. A computer-readable medium which stores computer-executable process steps, the computer-executable process steps to authenticate a public key for encryption of data, said computer-executable process steps comprising process steps executable to perform a method according to any of claims 1 to 23.

22. A method for securely storing a printer public key for encryption of print data in a computing device, the method using a user-specific key pair which is securely stored in the computing device, the method comprising:
- a receiving step of receiving a printer public key corresponding to a printer;
  
  an obtaining step of obtaining a user-specific key pair from a secure registry upon receipt of a corresponding user identification;
  
  a first hashing step of applying a hashing algorithm to the printer public key to create a first printer key hash;
  
  an encryption step of applying an encryption algorithm to encrypt the first printer key hash with a user-specific private key from the user-specific key pair, thereby creating a printer key signature;
  
  a storing step of storing the printer key signature and the printer public key in a storage area;
  
  a retrieving step of retrieving the printer key signature and the printer public key from the storage area;
  
  a second hashing step of applying the hashing algorithm to the retrieved printer public key to create a second printer key hash;
  
  a decrypting step of applying a decryption algorithm to decrypt the printer key signature with a user-specific public key from the user-specific key pair, thereby retrieving the first printer key hash;
  
  a verification step of applying a verification algorithm to compare the first printer key hash with the second printer key hash, for verifying the authenticity of the retrieved printer public key; and
  
  a print data encrypting step of applying an encryption algorithm to print data using the retrieved printer public key, in the case that the authenticity of the retrieved printer public key is verified, to create encrypted print data for transmission to the printer.

23. A method for authentication of a printer public key received by a computing device, the method comprising:
- a first receiving step of receiving in the computing device a printer public key corresponding to a printer;
  
  a hashing step of applying a hashing algorithm to the printer public key to create a first printer key hash;
  
  a second receiving step of receiving in the computing device a predetermined second printer key hash obtained from a test page printed by the printer, wherein the second printer key hash is input into the computing device by a user-input means connected to the computing device;
  
  a verification step of applying a verification algorithm to compare the first printer key hash with the second printer key hash, for verifying the authenticity of the received printer public key; and
  
  a storing step of storing, in the case that the authenticity of the received printer public key is verified in the verification step, the received printer public key in a memory area of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Mazzagatte, Craig, Iwamoto, Neil Y., Slick, Royce E., Zhang, William, Purpura, Don Francis

Granted Patent

US 7,305,556 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/608   Secure printing

G09C 5/00   Ciphering apparatus or meth...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

Secure printing with authenticated printer key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

176 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Secure printing with authenticated printer key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others