Hidden data backup and retrieval for a secure device

US 20040187012A1
Filed: 03/21/2003
Published: 09/23/2004
Est. Priority Date: 03/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method of securely storing information, performed by a computer and storage system, said method comprising the steps of:

receiving a request for storage from a user along with an irreversibly encrypted authentication code that is unique to a user identity;

receiving a reversibly encrypted information that has an encryption key different from the irreversibly encrypted authentication code; and

in response to the request, storing the reversibly encrypted information indexed to the irreversibly encrypted authentication code without any further identification of the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication vicarious execution is rendered more secure in the handling of a user'"'"'s personal information. In such a system, an agent computer system, acting on behalf of the user, provides the personal information to various wide area network sites for conducting online transactions. A user of the system has a secure device with a built-in unique device identifier. A personal information backup center has a computer system to be coupled to the secure device during backup of the personal information separate from the agent. The personal information is encrypted with a unique user ID as a key. The user ID is entered by the user and is, for example, a user PIN. The user ID, e.g. PIN, is irreversibly encrypted to generate a unique irreversibly encrypted user identifier. The secure device includes a computer readable storage medium having computer readable data executable to control establishing a new account for the user, renewing an old account of the user with a new secure device and former device nullification, and transmitting of the encrypted information along with the unique device identifier and the unique irreversibly encrypted user identifier to the backup center. The unique device identifier and the unique irreversibly encrypted user identifier are used for indexing the storage of the encrypted information.

114 Citations

View as Search Results

22 Claims

1. A method of securely storing information, performed by a computer and storage system, said method comprising the steps of:
- receiving a request for storage from a user along with an irreversibly encrypted authentication code that is unique to a user identity;
  
  receiving a reversibly encrypted information that has an encryption key different from the irreversibly encrypted authentication code; and
  
  in response to the request, storing the reversibly encrypted information indexed to the irreversibly encrypted authentication code without any further identification of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further including the step of receiving a unique device ID that uniquely identifies a secure device that at least partially controlled irreversible encryption of the irreversibly encrypted authentication code;
    - and wherein said step of storing further indexes the reversibly encrypted information with the unique device ID.
  - 3. The method of claim 2, further comprising:
    - thereafter, receiving an irreversibly encrypted authentication code, a device ID and a request for stored information corresponding to both the received irreversibly encrypted authentication code and device ID;
      
      retrieving only reversibly encrypted information that is indexed to both the irreversibly encrypted authentication code and the device ID; and
      
      transmitting the reversibly encrypted information to the source of the request.
  - 4. The method of claim 1, further comprising:
    - thereafter, receiving an irreversibly encrypted authentication code and a request for stored information corresponding to the received irreversibly encrypted authentication code;
      
      retrieving the reversibly encrypted information that is indexed to the irreversibly encrypted authentication code; and
      
      transmitting the encrypted information to the source of the request.
  - 5. The method of claim 1, further comprising:
    - receiving a request for establishment of a new account for the user together with an irreversibly encrypted authentication code;
      
      in response to the request for establishment of a new storage account, determining whether the irreversibly encrypted authentication code already exists as at least part of an index;
      
      when the irreversibly encrypted authentication code already exists as at least part of an index, notifying the source of the request for establishment of a new storage account that the irreversibly encrypted authentication code does already exist as an index; and
      
      when the irreversibly encrypted authentication code does not already exist as at least part of an index, registering a new storage account for the storage of information with an index including at least the irreversibly encrypted authentication code.
  - 6. The method of claim 3, further comprising:
    - receiving an irreversibly encrypted authentication code and a request for establishment of a new storage account;
      
      in response to the request for establishment of a new storage account, determining whether the irreversibly encrypted authentication code already exists as at least part of an index;
      
      when the irreversibly encrypted authentication code already exists as at least part of an index, notifying the source of the request for establishment of a new storage account that the irreversibly encrypted authentication code does already exist as an index;
      
      receiving a request for establishment of a new storage account along with a unique device ID;
      
      thereafter, when the irreversibly encrypted authentication code does not already exist as at least part of an index and in response to the request for establishment of a new storage account, indexing the new account with both the received device ID and the received irreversibly encrypted authentication code to thereby establishing the new storage account; and
      
      wherein said step of storing is only performed with indexing to both the unique device ID and the irreversibly encrypted authentication code.
  - 7. The method of claim 6, further comprising:
    - thereafter, receiving an irreversibly encrypted authentication code, a unique device ID and a request for stored information;
      
      retrieving only reversibly encrypted information that is indexed to both the irreversibly encrypted authentication code and the unique device ID; and
      
      transmitting the retrieved reversibly encrypted information to the source of the request for stored information.
  - 8. The method of claim 2, further comprising:
    - receiving an irreversibly encrypted authentication code and a request for renewal of a storage account;
      
      receiving a new unique device ID from the source of the request for renewal of a storage account;
      
      determining whether the irreversibly encrypted authentication code already exists as an index to an old storage account;
      
      when the irreversibly encrypted authentication code already exists as an index to an old storage account, indexing the old storage account with the irreversibly encrypted authentication code and the new unique device ID, and deactivating the unique device ID of the old account to thereby renew the storage account; and
      
      notifying the source of the request for renewal of a storage account that the renewal has been completed.
  - 9. The method of claim 8, further comprising:
    - thereafter, receiving an irreversibly encrypted authentication code, a device ID and a request for stored information;
      
      retrieving only reversibly encrypted information that is indexed to both the irreversibly encrypted authentication code and the unique device ID; and
      
      transmitting the reversibly encrypted information to the source of the request for stored information.
  - 10. The method of claim 1, further comprising:
    - thereafter, receiving an irreversibly encrypted authentication code and a request for stored information corresponding to the received irreversibly encrypted authentication code, without receiving a secure device ID that is indexed with the irreversibly encrypted authentication code;
      
      retrieving the reversibly encrypted information that is indexed to the irreversibly encrypted authentication code;
      
      de-encrypting the encrypted information, extracting a destination other than the source of the request for stored information from the de-encrypted information, and sending a confirmation request to the destination, thus blocking providing the encrypted information to the user through the secure device without confirmation in view of the absence of the secure device ID; and
      
      upon receiving confirmation, transmitting the encrypted information to the source of the request for stored information.

11. A portable secure device, comprising:
- a data transmission coupling;
  
  a computer readable storage medium having thereon computer readable data executable to control sending and obtaining data through said coupling to and from a separate data storage;
  
  said medium having thereon computer readable data representing a unique portable secure device ID;
  
  said medium having thereon computer readable data executable to at least partially control irreversibly encrypting a unique user PIN to obtain a unique irreversibly encrypted user ID;
  
  said medium having thereon computer readable data executable to at least partially control sending the unique portable secure device ID and the unique irreversibly encrypted user ID to the separate data storage to establish a record indexed on a combination of the unique portable secure device ID and the unique irreversibly encrypted user ID;
  
  said medium having thereon computer readable data executable to at least partially control reversibly encrypting user information to obtain reversibly encrypted user information; and
  
  said medium having thereon computer readable data executable to at least partially control sending the reversibly encrypted user information, the unique portable secure device ID, the unique irreversibly encrypted user ID and a request for storage to the separate data storage to become part of the record indexed on the combination of the unique portable secure device ID and the unique irreversibly encrypted user ID.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The portable secure device of claim 11, further comprising:
    - said medium having thereon computer readable data executable to at least partially control the reversibly encrypting of the information with an encryption key that is different from the irreversibly encrypted user ID.
  - 13. The portable secure device of claim 11, further comprising:
    - said medium having thereon computer readable data executable to at least partially control the reversible encrypting of the information with an encryption key that is the unique user PIN or a derivative thereof.
  - 14. The portable secure device of claim 11, further comprising:
    - said medium having thereon computer readable data executable to at least partially control sending, to the separate data storage, the unique irreversibly encrypted user ID together with a request for establishment of a new storage account for the user; and
      
      said medium having thereon computer readable data executable, in response to receiving a notification that the irreversibly encrypted authentication code already exists at the separate data storage, to prompt the user for entry of a different unique user PIN.
  - 15. The portable secure device of claim 11, further comprising:
    - said medium having thereon computer readable data executable to at least partially control sending, to the separate data storage, the unique irreversibly encrypted user ID, a hew unique device ID and a request for renewal of a storage account with the new unique device ID and deactivation of the previous unique device ID.
  - 16. The portable secure device of claim 11, further comprising:
    - said medium having thereon computer readable data executable to at least partially control sending, to the separate data storage, the unique irreversibly encrypted user ID, the unique secure device ID and a request for stored information corresponding only to both the irreversibly encrypted user ID, the unique secure device ID.
  - 17. A method for authentication vicarious execution, performed by the portable secure device of claim 11, comprising the steps of:
    - receiving input of a user PIN;
      
      irreversibly encrypting the user PIN to obtain the irreversibly encrypted user ID;
      
      receiving personal information from the user;
      
      encrypting the personal information with the user PIN as an encryption key to obtain the reversibly encrypted information;
      
      sending the unique irreversibly encrypted user ID, the reversibly encrypted information, and the unique device ID along with a request for storage of the encrypted information to the separate data storage for backup of the encrypted information without disclosing the user'"'"'s identity and the user PIN to the BUC; and
      
      automatically providing personal information with WAN sites visited by the user as needed or requested by the sites to function as the user'"'"'s agent without using the separate data storage.
  - 18. The method of claim 17, wherein said sending includes sending a destination for the request that is a WAN site remote from the portable secure device.

19. A data storage method performed by a portable secure device having a unique secure device ID, comprising the steps of:
- irreversibly encrypting a unique user PIN to obtain a unique irreversibly encrypted user ID;
  
  reversibly encrypting user information to obtain reversibly encrypted user information with an encryption key different from the encrypted user ID; and
  
  sending, to a separate data storage through a data transmission coupling, the reversibly encrypted user information, the unique irreversibly encrypted user ID as the sole user identification and a request for storage.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, further including:
    - said sending including the unique secure device ID and a WAN address of the separate data storage; and
      
      thereafter sending a request for only stored information corresponding to both the irreversibly encrypted user ID and the unique secure device ID.
  - 21. The method of claim 20, further comprising:
    - sending, to the separate data storage, the unique irreversibly encrypted user ID together with a request for establishment of a new storage account for the user; and
      
      in response to receiving a notification that the irreversibly encrypted authentication code already exists at the separate data storage, prompting the user for entry of a different unique user PIN.
  - 22. The method of claim 21, further comprising:
    - sending, to the separate data storage, the unique irreversibly encrypted user ID, a new unique device ID and a request for renewal of a storage account with the new unique device ID and deactivation of the previous unique device ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Kohiyama, Tomohisa, Tsunoda, Motoyasu

Granted Patent

US 7,596,703 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

G06F 21/34   involving the use of extern...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

G06F 2221/2129   Authenticate client device ...

G16H 10/60   for patient-specific data, ...

G16H 10/65   stored on portable record c...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/3226   using a predetermined code,...

Y10S 707/99939   Privileged access

Hidden data backup and retrieval for a secure device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Hidden data backup and retrieval for a secure device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links