System and method for electronic certification and authentication of data

US 8,799,675 B2
Filed: 01/05/2012
Issued: 08/05/2014
Est. Priority Date: 01/05/2012
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating data, the method comprising:

receiving data individually encrypted in a first encryption layer by each of a plurality of users each user using a different user-specific private key, the data comprising a hash code for each user, each hash code generated based on at least the same document;

encrypting the received individually encrypted data together in a second encryption layer to create multi-layered encrypted data wherein the second encryption layer is encrypted using an organization-specific private key uniquely assigned to an organization; and

transferring the multi-layered encrypted data to a device that has an organization-specific public key for decrypting the second encryption layer and public keys that only decrypt data encrypted by private keys assigned to a plurality of pre-designated authorizers to determine if the users are the pre-designated authorizers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating data. Data may be received that is individually encrypted in a first encryption layer by each of a plurality of users using user-specific private keys. The received data may be encrypted together in a second encryption layer to create multi-layered encrypted data. The multi-layered encrypted data may be transferred to a beneficiary device to determine if the encrypted data is authentic. At the beneficiary device, the second encryption layer may be decrypted to expose the first encryption layer. Then, the first encryption layer may be decrypted using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data. If the first encryption layer is properly decrypted using the authorizers'"'"' decryption keys, it may be determined that the users are the pre-designated authorizers.

113 Citations

20 Claims

1. A method for authenticating data, the method comprising:
- receiving data individually encrypted in a first encryption layer by each of a plurality of users each user using a different user-specific private key, the data comprising a hash code for each user, each hash code generated based on at least the same document;
  
  encrypting the received individually encrypted data together in a second encryption layer to create multi-layered encrypted data wherein the second encryption layer is encrypted using an organization-specific private key uniquely assigned to an organization; and
  
  transferring the multi-layered encrypted data to a device that has an organization-specific public key for decrypting the second encryption layer and public keys that only decrypt data encrypted by private keys assigned to a plurality of pre-designated authorizers to determine if the users are the pre-designated authorizers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18)
- - 2. The method of claim 1, wherein the plurality of authorizers are pre-designated by a data manager.
  - 3. The method of claim 2, wherein changes to the pre-designated authorizers are able to be received from the data manager at any time prior to encrypting the second encryption layer.
  - 4. The method of claim 3 comprising, if the data manager attempts to change the pre-designated authorizers after the request to authenticate the data is received, sending the data manager a message indicating a lock out from editing the pre-designated authorizers.
  - 5. The method of claim 1, wherein each hash code is generated based at least on information associated with an associated user.
  - 6. The method of claim 1, wherein the authorizers define individuals, groups, ranks, security levels, departments, or types of authorizers.
  - 7. The method of claim 1, wherein the encryption keys are asymmetric encryption keys.
  - 8. The method of claim 1 comprising storing the multi-layered encrypted data at a secure server.
  - 18. The method of claim 1 wherein the second layer comprises information associated with an entity designated to encrypt the second layer.

9. A method for authenticating original data, the method comprising:
- receiving multi-layered encrypted data comprising a hash code for each of a plurality of users, each hash code generated based on at least the same document, wherein a first encryption layer is individually encrypted by a plurality of users each using a different user-specific private key, which is in turn combined and encrypted in a second encryption layer using an organization-specific private key uniquely assigned to an organization;
  
  decrypting the second encryption layer to expose the first encryption layer using an organization-specific public key corresponding to the organization-specific private key;
  
  attempting to decrypt the first encryption layer using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data; and
  
  determining that the users are the pre-designated authorizers only if the first encryption layer is properly decrypted using the authorizers'"'"' decryption keys.
- View Dependent Claims (10, 11, 12, 19)
- - 10. The method of claim 9, wherein the plurality of authorizers are pre-designated by a data manager.
  - 11. The method of claim 10, wherein changes to the pre-designated authorizers are able to be received from the data manager at any time prior to encrypting the second encryption layer.
  - 12. The method of claim 9, comprising determining that the original data is not corrupted if decrypting the first encryption layer generates hash codes having substantially no errors.
  - 19. The method of claim 9, wherein each hash code is generated based at least on information associated with an associated user.

13. A system for authenticating data, the system comprising:
- a memory to store multi-layered encrypted data comprising a hash code for each of a plurality of users, each hash code generated based on at least the same document, wherein a first encryption layer is individually encrypted by a plurality of users each using a different user-specific private key, which in turn is combined and encrypted in an encryption layer using an organization-specific private key uniquely assigned to an organization; and
  
  a processor to transfer the multi-layered encrypted data to a beneficiary device, wherein the beneficiary device is adapted to;
  
  decrypt the second encryption layer to expose the first encryption layer using an organization-specific public key corresponding to the organization-specific private key, attempt to decrypt the first encryption layer using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data, and determine that the users are the pre-designated authorizers only if the first encryption layer is properly decrypted using the authorizers'"'"' decryption keys.
- View Dependent Claims (14, 15, 16, 17, 20)
- - 14. The system of claim 13 comprising a certificate authority to issue each user their user-specific private keys and to issue the corresponding public keys for use by the beneficiary device.
  - 15. The system of claim 13 comprising a device operated by a data manager to pre-designate the plurality of authorizers.
  - 16. The system of claim 15, wherein the device operated by a data manager is able to change the pre-designated authorizers at any time prior to the encryption of the encryption layer.
  - 17. The system of claim 13, wherein the beneficiary device determines that the original data is not corrupted if decrypting the first encryption layer generates hash codes having substantially no errors.
  - 20. The system of claim 13, wherein each hash code is generated based at least on information associated with an associated user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Indorse Services Co.
Original Assignee
House of Development LLC
Inventors
Geoffrey, Mohammed Alawi
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tran, Tongoc

Application Number

US13/344,345
Publication Number

US 20130179694A1
Time in Patent Office

943 Days
Field of Search

713/176, 713/189, 713155-156, 380/45, 380/285
US Class Current

713/189
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/6209 to a single file or object,...

System and method for electronic certification and authentication of data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for electronic certification and authentication of data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links