Secure printing with authenticated printer key

US 7,305,556 B2
Filed: 12/05/2001
Issued: 12/04/2007
Est. Priority Date: 12/05/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securely storing a public key for encryption of data in a computing device, the method using a user-specific key pair which is securely stored in the computing device, the method comprising:

a user authenticating step of authenticating a user who logs into the computing device;

a registering step of registering the user-specific key pair of the user authenticated by said authenticating step, wherein the user-specific key pair is registered in a secure registry;

a receiving step of receiving a target public key corresponding to a target device;

an obtaining step of obtaining the user-specific key pair from the secure registry, wherein the user-specific key pair is obtained from a key function call which is supported by an operating system executing in the computing device and wherein the key function call is provided with user login information for verification of the user'"'"'s authorization to use the computing device;

a key encrypting step of using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key;

a storing step of storing the target key verifier and the target public key in a storage area;

a retrieving step of retrieving the target key verifier and the target public key from the storage area;

a recognizing step of recognizing a printing instruction;

a verification step of applying, in response to recognizing the printing instruction, a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key, wherein said verification step verifies whether the public key in the storage area and the public key in the secure registry correspond to each other; and

a data encrypting step of encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Securely storing a public key for encryption of data in a computing device by using a user-specific key pair which is securely stored in the computing device, including receiving a target public key corresponding to a target device, obtaining a user-specific key pair from a secure registry, using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key, storing the target key verifier and the target public key in a storage area, retrieving the target key verifier and the target public key from the storage area, applying a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key, and encrypting data with the target public key, if authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.

143 Citations

View as Search Results

25 Claims

1. A method for securely storing a public key for encryption of data in a computing device, the method using a user-specific key pair which is securely stored in the computing device, the method comprising:
- a user authenticating step of authenticating a user who logs into the computing device;
  
  a registering step of registering the user-specific key pair of the user authenticated by said authenticating step, wherein the user-specific key pair is registered in a secure registry;
  
  a receiving step of receiving a target public key corresponding to a target device;
  
  an obtaining step of obtaining the user-specific key pair from the secure registry, wherein the user-specific key pair is obtained from a key function call which is supported by an operating system executing in the computing device and wherein the key function call is provided with user login information for verification of the user'"'"'s authorization to use the computing device;
  
  a key encrypting step of using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key;
  
  a storing step of storing the target key verifier and the target public key in a storage area;
  
  a retrieving step of retrieving the target key verifier and the target public key from the storage area;
  
  a recognizing step of recognizing a printing instruction;
  
  a verification step of applying, in response to recognizing the printing instruction, a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key, wherein said verification step verifies whether the public key in the storage area and the public key in the secure registry correspond to each other; and
  
  a data encrypting step of encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 22, 23, 24)
- - 2. A method according to claim 1, wherein the operating system securely maintains a user-specific key pair for each of a plurality of users of the computing device.
  - 3. A method according to claim 2, wherein each user-specific key pair can only be accessed by providing the operating system with user identification data corresponding to the user-specific key pair.
  - 4. A method according to claim 1, wherein the target key verifier created in the key encrypting step is an encrypted version of the target public key.
  - 5. A method according to claim 4, wherein the verification step includes decrypting the target key verifier with the user-specific public key using a decryption algorithm.
  - 6. A method according to claim 5, wherein the verification step further includes using a key verification algorithm to compare the decrypted target key verifier to the target public key for verifying the authenticity of the target public key.
  - 7. A method according to claim 6, wherein the verification step is performed by a verification function call which is supported by an operating system executing in the computing device.
  - 8. A method according to claim 1, wherein the target key verifier created in the key encrypting step is a digital signature of the target public key.
  - 9. A method according to claim 8, wherein the digital signature of the target public key is created by applying a hashing algorithm to the target public key to obtain a target key hash, and then encrypting the target key hash with the user-specific private key using an encryption algorithm.
  - 10. A method according to claim 8, wherein the digital signature of the target public key is created by applying a hashing algorithm to the target public key to obtain a target key hash, and then subjecting the target key hash to an encryption algorithm.
  - 11. A method according to claim 10, wherein the verification step includes decrypting the target key verifier with the user-specific public key using a decryption algorithm to obtain a decrypted target key hash.
  - 12. A method according to claim 11, wherein the verification step further includes reapplying a hashing algorithm to the target public key to obtain a new target key hash and using a hash verification algorithm to compare the decrypted target key hash to the new target key hash for verifying the authenticity of the target public key.
  - 13. A method according to claim 12, wherein the verification step is performed by a verification function call which is supported by an operating system executing in the computing device.
  - 14. A method according to claim 1, wherein the receiving step includes applying a hashing algorithm to the received target public key to obtain a received target key hash and using a hash verification algorithm to compare the received target key hash to a test target key hash for verifying the authenticity of the received target public key.
  - 15. A method according to claim 14, wherein the test target key hash is input by a user.
  - 16. A method according to claim 15, wherein the target device is a printer and wherein the test target key hash is obtained from a test page printed by the printer.
  - 17. A method according to claim 1, wherein the target device is a printer and the target public key is a printer public key.
  - 18. A method according to claim 17, wherein, in the receiving step, the printer public key is received in response to a key request sent to the printer.
  - 19. A method according to claim 17, wherein the method is performed in a printer driver executing on the computing device.
  - 22. A computing device for authenticating a public key for encryption of data, said computing device comprising:
    - a program memory for storing process steps executable to perform a method according to any of claims 1, 2 to 4 or 5 to 21; and
      
      a processor for executing the process steps stored in said program memory.
  - 23. Computer-executable process steps stored on a computer readable medium, said computer-executable process steps for authenticating a public key for encryption of data, said computer-executable process steps comprising process steps executable to perform a method according to any of claims 1, 2 to 4 or 5 to 21.
  - 24. A computer-readable medium which stores computer-executable process steps, the computer-executable process steps to authenticate a public key for encryption of data, said computer-executable process steps comprising process steps executable to perform a method according to any of claims 1, 3 to 4 or 5 to 21.

20. A method for securely storing a printer public key for encryption of print data in a computing device, the method using a user-specific key pair which is securely stored in the computing device, the method comprising:
- a user authenticating step of authenticating a user who logs into the computing device;
  
  a registering step of registering the user-specific key pair of the user authenticated by said authenticating step, wherein the user-specific key pair is registered in a secure registry;
  
  a receiving step of receiving a printer public key corresponding to a printer;
  
  an obtaining step of obtaining a user-specific key pair from a secure registry upon receipt of a corresponding user identification, wherein the user-specific key pair is obtained from a key function call which is supported by an operating system executing in the computing device and wherein the key function call is provided with user login information for verification of the user'"'"'s authorization to use the computing device;
  
  a first hashing step of applying a hashing algorithm to the printer public key to create a first printer key hash;
  
  an encryption step of applying an encryption algorithm to encrypt the first printer key hash with a user-specific private key from the user-specific key pair, thereby creating a printer key signature;
  
  a storing step of storing the printer key signature and the printer public key in a storage area;
  
  a retrieving step of retrieving the printer key signature and the printer public key from the storage area;
  
  a second hashing step of applying the hashing algorithm to the retrieved printer public key to create a second printer key hash;
  
  a decrypting step of applying a decryption algorithm to decrypt the printer key signature with a user-specific public key from the user-specific key pair, thereby retrieving the first printer key hash;
  
  a recognizing step of recognizing a printing instruction;
  
  a verification step of applying, in response to recognizing the printing instruction, a verification algorithm to compare the first printer key hash with the second printer key hash, for verifying the authenticity of the retrieved printer public key, wherein said verification step verifies whether the public key in the storage area and the public key in the secure registry correspond to each other; and
  
  a print data encrypting step of applying an encryption algorithm to print data using the retrieved printer public key, in the case that the authenticity of the retrieved printer public key is verified, to create encrypted print data for transmission to the printer.

21. A method for authentication of a printer public key received by a computing device, the method comprising:
- a user authenticating step of authenticating a user who logs into the computing device;
  
  a registering step of registering the user-specific key pair of the user authenticated by said authenticating step, wherein the user-specific key pair is registered in a secure registry;
  
  a first receiving step of receiving in the computing device a printer public key corresponding to a printer;
  
  a hashing step of applying a hashing algorithm to the printer public key to create a first printer key hash;
  
  a second receiving step of receiving in the computing device a predetermined second printer key hash obtained from a test page printed by the printer, wherein the second printer key hash is input into the computing device by a user-input means connected to the computing device;
  
  a recognizing step of recognizing a printing instruction;
  
  a verification step of applying, in response to recognizing the printing instruction, a verification algorithm to compare the first printer key hash with the second printer key hash, for verifying the authenticity of the received printer public key, wherein said verification step verifies whether the public key in the storage area and the public key in the secure registry correspond to each other; and
  
  a storing step of storing, in the case that the authenticity of the received printer public key is verified in the verification step, the received printer public key in a memory area of the computing device.

25. An information apparatus which transmits encrypted data to a target device, the information apparatus securely storing a public key for encryption of the data and utilizing a user-specific key pair which is securely stored in the apparatus, comprising:
- authenticating means for authenticating a user who logs into the computing device;
  
  registering means for registering the user-specific key pair of the user authenticated by said authenticating means, wherein the user-specific key pair is registered in a secure registry;
  
  receiving means for receiving a target public key corresponding to a target device;
  
  obtaining means for obtaining a user-specific key pair from a secure registry, wherein the user-specific key pair is obtained from a key function call which is supported by an operating system executing in the computing device and wherein the key function call is provided with user login information for verification of the user'"'"'s authorization to use the computing device;
  
  key encrypting means for using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key;
  
  storing means for storing the target key verifier and the target public key;
  
  retrieving means for retrieving the target key verifier and the target public key from the storing means;
  
  recognizing means for recognizing a printing instruction;
  
  verification means for applying, in response to recognizing the printing instruction, a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key, wherein said verification means verifies whether the public key in the storage area and the public key in the secure registry correspond to each other; and
  
  data encrypting means for encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Mazzagatte, Craig, Iwamoto, Neil Y., Slick, Royce E., Zhang, William, Purpura, Don Francis
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US10/010,974
Publication Number

US 20030105963A1
Time in Patent Office

2,190 Days
Field of Search

713/168, 713/171, 713/169
US Class Current

713/169
CPC Class Codes

G06F 21/608   Secure printing

G09C 5/00   Ciphering apparatus or meth...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

Secure printing with authenticated printer key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

143 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure printing with authenticated printer key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links