US20070180267A1 - Method and apparatus for encrypting data - Google Patents
Method and apparatus for encrypting data Download PDFInfo
- Publication number
- US20070180267A1 US20070180267A1 US11/644,862 US64486206A US2007180267A1 US 20070180267 A1 US20070180267 A1 US 20070180267A1 US 64486206 A US64486206 A US 64486206A US 2007180267 A1 US2007180267 A1 US 2007180267A1
- Authority
- US
- United States
- Prior art keywords
- data
- public key
- condition
- recipient
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
Definitions
- the present invention relates to a method and system for encrypting data.
- Escrow and PKI encryption are two techniques that have been utilised to allow information to be removed from the control of the information owner while still preventing other parties having access to the information until a predetermined condition has been met.
- Seal bids require that all bids are submitted by a specified date where the originator of the bid needs to be satisfied that their bid is not disclosed before the specified date.
- Music distributors may wish to publish their music on a public database, where the music distributors needs to be satisfied that the intended user of the music can not listen to the music until they have paid for the use of the music.
- the setting up and use of escrow and PKI encryption can be complex.
- a method for encrypting data comprising deriving a public key using a first data set that defines an instruction and a second data set associated with the third party; encrypting a third data set with the public key; providing the encrypted third data set to a recipient; providing the public key to the third party such that on satisfaction of the instruction the third party provides an associated private key to the recipient to allow decryption of the encrypted third data set.
- a method for encrypting data comprising deriving a public key using a first data set that defines a term of an agreement and a second data set associated with a third party; encrypting a third data set with the public key; providing the encrypted third data set to a recipient; providing the public key to the third party such that on satisfaction of the term of the agreement the third party provides an associated private key to the recipient to allow decryption of the encrypted third data set.
- a term of the agreement that needs to be satisfied is that the private key should not be released to the recipient until a specified date.
- a term of the agreement that needs to be satisfied to allow release of the private key to the recipient is the making of a payment.
- the encrypted third data set includes a nonce.
- a computer system for encrypting data comprising a first computer entity for deriving a public key using a first data set that defines a term of an agreement and a second data set associated with a third party and encrypting a third data set with the public key; communication means for providing the encrypted data to a second computer entity and the public key to a third computer entity; wherein the third computer entity is arranged, on satisfaction of the term of the agreement, to provide an associated private key to the second computer entity to allow decryption of the encrypted third data set.
- a computer system for encrypting data comprising a first computer node for deriving a public key using a first data set that defines an instruction and a second data set associated with the third party and encrypting a third data set with the public key; communication means for providing the encrypted data to a second computer node and the public key to a third computer node; wherein the third computer node is arranged, on satisfaction of the instruction to the third party, to provide an associated private key to the second computer node to allow decryption of the encrypted third data set.
- a computer apparatus for encrypting data comprising a processor for deriving a public key using a first data set that defines a term of an agreement and encrypting a second data set with the public key.
- a computer apparatus for encrypting data comprising a processor for deriving a public key using a first data set that defines an instruction and encrypting a second data set with the public key.
- FIG. 1 illustrates a computer system according to an embodiment of the present invention
- FIG. 2 illustrates a computer system arranged to support a sealed bid according to an embodiment of the present invention
- FIG. 3 illustrates a computer system arranged to support a music distribution system according to an embodiment of the present invention.
- the present invention addresses the issue of controlling access to data, where the owner/originator of the relevant data wishes to place conditions on the access to the data. This is achieved by using a public key to encrypt the data where the public key itself stipulates the conditions under which access should be granted.
- FIG. 1 illustrates a computer system 10 according to an embodiment of the present invention.
- Computer system 10 includes a first computer entity 11 , a second computer entity 12 and a third computer entity 13 .
- the three computer entities would be configured on separate computer platforms, however the computer entities 11 , 12 , 13 could be configured on a single computer platform.
- the three computer entities 11 , 12 , 13 are coupled via the internet 14 .
- a user 14 having data 15 , for example a document, that they wish to make available, under certain conditions, to a third party.
- the intended recipient 16 of the data i.e. the third party.
- a trust authority 17 i.e. an authority that can be trusted by the user for determining whether the conditions required for access to the data 15 and stipulated by the user 14 have been met. Additionally, the trust authority 17 makes publicly available the trust authorities public data 18 , as described below. As would be appreciated by a person skilled in the art the trust authorities public data 18 can be made available in a variety of ways, for example via a web site.
- the user obtains the trust authorities public data 18 ; typically the user will have a selection of trust authorities from which to choose the one most appropriate.
- the user 14 defines the terms and conditions for allowing access to the data.
- This string i.e. the public encryption key
- This string is then used to encrypt the user's data 15 (i.e. the data the user 14 wishes to control access too), as described below.
- ‘dataAfter’ is used to instruct the trust authority not to release the associated private key to the recipient until after the ‘Jan. 01, 2002’. Additionally, the terms and conditions require that an amount ‘12.52UKP’ be paid by the recipient 16 before the trust authority releases the associated private key to the recipient 16 .
- the trust authorities public data 18 includes a hash function # and a value N that is a product of two random prime numbers p and q, where the values of p and q are only known to the trust authority 17 .
- p and q should ideally be in the range of 2 511 and 2 512 and should both satisfy the equation: p,q ⁇ 3mod4. However, p and q must not have the same value.
- t + ( t + +#(publickeystring)/ t + )mod N. for each bit M where s + corresponds to the encrypted bit of M.
- the encrypted data, together with the identity of the trust authority 17 and the public key, are made available to intended recipient 16 by any suitable means, for example via e-mail or by being placed in a electronic public area.
- the trust authority 17 determines the associated private key B by solving the equation: B 2 ⁇ #(publickeystring)mod N
- N is a product of two prime numbers p
- q it would be extremely difficult for any one to calculate the private key B with only knowledge of the public key string and N.
- the trust authority 17 has knowledge of p and q (i.e. two prime numbers) it is relatively straightforward for the trust authority 17 to calculate B.
- the trust authority 17 On receipt of the public key, the trust authority 17 checks whether the relevant terms and conditions have been met. When the trust authority 17 is satisfied that the terms and conditions have been met they supply the recipient 16 with the private key together with some indication of whether the public key is positive or negative.
- the recipient 16 then uses the appropriate equation above, in conjunction with the private key, to decrypt the message.
- the recipient 16 may choose to cache the private key to decrypt the message 15 at a later date.
- a nonce i.e. a random number, can be incorporated into the terms and conditions. This ensures that the public key is unique thereby ensuring that the corresponding private key will also be unique.
- FIG. 2 illustrates the use of the present invention for the purposes of a seal bid arrangement, where bidder 21 provides authorization for the tender manager 22 to read the contents of the bidders seal bid 24 after a given data, for example once all bids have been received.
- the bidder defines a set of terms and conditions using a suitable language, for example XML.
- This string would be used as the public key to encrypt the document, in conjunction with the appropriate trust authorities 23 public details 25 .
- the public key and the encrypted document would then be made available to the, tender manager 22 by any suitable means.
- the tender manager 22 In order for the tender manager 22 to obtain the respective private key the tender manager 22 sends the public key to the appropriate trust authority 23 .
- the trust authority 23 would check that the requester is the named tender manager and that the current date is after 09:00 Nov. 05, 2001. Only when these conditions have been satisfied would the trust authority 23 release the private key, derived in accordance with the principles describe above. The nonce is included to ensure that the trust manager 23 will not have seen a public key identical to this in the past—and hence is not able to reuse an existing private key.
- This embodiment only refers to a single trust authority, however, each bidder might choose a trust authority of their own choosing. The tender manager would then have to go to the appropriate trust authority to obtain the private key.
- FIG. 3 illustrates the use of the present invention for the purposes of enabling electronic distribution of music, where a music provider 31 provides authorization for a recipient 32 to listen to the music after a specified payment has been made.
- the prospective recipient 32 would retrieve the encrypted music, together with the public key used to encrypt the music 35 and the name of the appropriate trust authority 33 .
- the encrypted music could be access, for example, via a public electronic database (not shown).
- the private key should only be release after the recipient 32 has paid a specified sum of money into a specified bank account 34 .
Abstract
A method for encrypting data comprising deriving a public key using a first data set that defines an instruction; encrypting a second data set with the public key; providing the encrypted third data set to a recipient; providing the public key to a third party such that on satisfaction of the instruction the third party provides an associated private key to the recipient to allow decryption of the encrypted second data set.
Description
- The present invention relates to a method and system for encrypting data.
- Escrow and PKI encryption are two techniques that have been utilised to allow information to be removed from the control of the information owner while still preventing other parties having access to the information until a predetermined condition has been met.
- Two common examples where these techniques have been used are in sealed bids and music distribution. Seal bids require that all bids are submitted by a specified date where the originator of the bid needs to be satisfied that their bid is not disclosed before the specified date. Music distributors may wish to publish their music on a public database, where the music distributors needs to be satisfied that the intended user of the music can not listen to the music until they have paid for the use of the music. However, the setting up and use of escrow and PKI encryption can be complex.
- It is desirable to improve this situation.
- In accordance with a first aspect of the present invention there is provided a method for encrypting data comprising deriving a public key using a first data set that defines an instruction and a second data set associated with the third party; encrypting a third data set with the public key; providing the encrypted third data set to a recipient; providing the public key to the third party such that on satisfaction of the instruction the third party provides an associated private key to the recipient to allow decryption of the encrypted third data set.
- In accordance with a second aspect of the present invention there is provided a method for encrypting data comprising deriving a public key using a first data set that defines a term of an agreement and a second data set associated with a third party; encrypting a third data set with the public key; providing the encrypted third data set to a recipient; providing the public key to the third party such that on satisfaction of the term of the agreement the third party provides an associated private key to the recipient to allow decryption of the encrypted third data set.
- Preferably a term of the agreement that needs to be satisfied is that the private key should not be released to the recipient until a specified date.
- Preferably a term of the agreement that needs to be satisfied to allow release of the private key to the recipient is the making of a payment.
- Most preferably the encrypted third data set includes a nonce.
- In accordance with a third aspect of the present invention there is provided a computer system for encrypting data comprising a first computer entity for deriving a public key using a first data set that defines a term of an agreement and a second data set associated with a third party and encrypting a third data set with the public key; communication means for providing the encrypted data to a second computer entity and the public key to a third computer entity; wherein the third computer entity is arranged, on satisfaction of the term of the agreement, to provide an associated private key to the second computer entity to allow decryption of the encrypted third data set.
- In accordance with a forth aspect of the present invention there is provided a computer system for encrypting data comprising a first computer node for deriving a public key using a first data set that defines an instruction and a second data set associated with the third party and encrypting a third data set with the public key; communication means for providing the encrypted data to a second computer node and the public key to a third computer node; wherein the third computer node is arranged, on satisfaction of the instruction to the third party, to provide an associated private key to the second computer node to allow decryption of the encrypted third data set.
- In accordance with a fifth aspect of the present invention there is provided a computer apparatus for encrypting data comprising a processor for deriving a public key using a first data set that defines a term of an agreement and encrypting a second data set with the public key.
- In accordance with a sixth aspect of the present invention there is provided a computer apparatus for encrypting data comprising a processor for deriving a public key using a first data set that defines an instruction and encrypting a second data set with the public key.
- For a better understanding of the present invention and to understand how the same may be brought into effect reference will now be made, by way of example only, to the accompanying drawings, in which:
-
FIG. 1 illustrates a computer system according to an embodiment of the present invention; -
FIG. 2 illustrates a computer system arranged to support a sealed bid according to an embodiment of the present invention; -
FIG. 3 illustrates a computer system arranged to support a music distribution system according to an embodiment of the present invention. - The present invention addresses the issue of controlling access to data, where the owner/originator of the relevant data wishes to place conditions on the access to the data. This is achieved by using a public key to encrypt the data where the public key itself stipulates the conditions under which access should be granted.
-
FIG. 1 illustrates acomputer system 10 according to an embodiment of the present invention.Computer system 10 includes afirst computer entity 11, asecond computer entity 12 and athird computer entity 13. Typically the three computer entities would be configured on separate computer platforms, however thecomputer entities computer entities internet 14. - Associated with the
first computer entity 11 is auser 14 having data 15, for example a document, that they wish to make available, under certain conditions, to a third party. Associated with thesecond computer entity 12 is the intendedrecipient 16 of the data (i.e. the third party). Associated with thethird computer entity 13 is a trust authority 17 (i.e. an authority that can be trusted by the user) for determining whether the conditions required for access to the data 15 and stipulated by theuser 14 have been met. Additionally, thetrust authority 17 makes publicly available the trust authoritiespublic data 18, as described below. As would be appreciated by a person skilled in the art the trust authoritiespublic data 18 can be made available in a variety of ways, for example via a web site. - Having selected the
trust authority 17 as the appropriate trust authority for the intended purpose the user obtains the trust authoritiespublic data 18; typically the user will have a selection of trust authorities from which to choose the one most appropriate. - The
user 14 defines the terms and conditions for allowing access to the data. This string (i.e. the public encryption key), or typically a digital representation of this string, is then used to encrypt the user's data 15 (i.e. the data theuser 14 wishes to control access too), as described below. - The user's terms and conditions can be expressed in any suitable language, for example XML where the following example illustrates the use of XML to encapsulate possible terms and conditions:
<termsAndConditions nonce=”12345”> <or> <dateAfter value=“01/01/02”> <and> <amount value=”12.52UKP” account=”xyz”/> <or> <RequiredName name=”NAME”/> <RequiredRole name=”Manager”/> </or> </and> </or> </termsAndConditions> - The use of ‘dataAfter’ is used to instruct the trust authority not to release the associated private key to the recipient until after the ‘Jan. 01, 2002’. Additionally, the terms and conditions require that an amount ‘12.52UKP’ be paid by the
recipient 16 before the trust authority releases the associated private key to therecipient 16. - The trust authorities
public data 18 includes a hash function # and a value N that is a product of two random prime numbers p and q, where the values of p and q are only known to thetrust authority 17. - The hash function # has the function of taking a string and returning a value in the range 0 to N−1. Additionally, the hash function # should have the jacobi characteristics: jacobi (#, N)=1. That is to say, where x2≡#modN the jacobi (#, N)=−1 if x does not exist, and=1 if x does exist.
- The values of p and q should ideally be in the range of 2511 and 2512 and should both satisfy the equation: p,q≡3mod4. However, p and q must not have the same value.
- To encrypt each bit M of the user's data 15 the
user 14 generates random numbers t+ (where t+ is an integer in the range [0, 2N)) until theuser 14 finds a value of t+ that satisfies the equation jacobi(t+,N)=M, where M represents the individual binary digits 0, 1 of the user's data 15 as −1, 1 respectively. Theuser 14 then computes the value:
s +=(t ++#(publickeystring)/t +)mod N.
for each bit M where s+ corresponds to the encrypted bit of M. - In case #(publickeystring) is non-square the
user 14 additionally generates additional random numbers t_(integers in the range [0, 2N)) until theuser 14 finds one that satisfies the equation jacobi(t_,N)=m. Theuser 14 then computes the value:
s_≡(t_−#(publickeystring)/t_)mod N
for each value of bit M. - The encrypted data, together with the identity of the
trust authority 17 and the public key, are made available to intendedrecipient 16 by any suitable means, for example via e-mail or by being placed in a electronic public area. - The public key, together with the identity of the intended
recipient 16, is also made available to thetrust authority 17 by any suitable means. Consequently, thetrust authority 17 is able to determine the terms and conditions that need to be satisfied to allow thetrust authority 17 to issue the intendedrecipient 16 with the associated private key. - The
trust authority 17 determines the associated private key B by solving the equation:
B 2≡#(publickeystring)mod N - If a value of B does not exist, then there is a value of B that is satisfied by the equation:
B 2≡−#(publickeystring)mod N - As N is a product of two prime numbers p, q it would be extremely difficult for any one to calculate the private key B with only knowledge of the public key string and N. However, as the
trust authority 17 has knowledge of p and q (i.e. two prime numbers) it is relatively straightforward for thetrust authority 17 to calculate B. - Any change to the public key will result in a private key that will not decrypt the document 15 correctly. Therefore, the intended
recipient 16 cannot alter the public key before being supplied to thetrust authority 17 and therefore cannot alter the relevant terms and conditions that apply to the release of the private key. - On receipt of the public key, the
trust authority 17 checks whether the relevant terms and conditions have been met. When thetrust authority 17 is satisfied that the terms and conditions have been met they supply therecipient 16 with the private key together with some indication of whether the public key is positive or negative. - If the square root of the encryption key returns a positive value, the users data M can be recovered using:
M=jacobi(s ++2B,N). - If the square root of the encryption key returns a negative value, the users data M can be recovered using:
M=jacobi(s —+2B,N). - The
recipient 16 then uses the appropriate equation above, in conjunction with the private key, to decrypt the message. - The
recipient 16 may choose to cache the private key to decrypt the message 15 at a later date. - To prevent the reuse of the private key a nonce, i.e. a random number, can be incorporated into the terms and conditions. This ensures that the public key is unique thereby ensuring that the corresponding private key will also be unique.
-
FIG. 2 illustrates the use of the present invention for the purposes of a seal bid arrangement, wherebidder 21 provides authorization for thetender manager 22 to read the contents of the bidders seal bid 24 after a given data, for example once all bids have been received. - The bidder defines a set of terms and conditions using a suitable language, for example XML. The terms and conditions would include a date after which the bid details could be decrypted. For example:
<termsAndConditions nonce=”1234”> <and> <AccessorName name=”NAME”/> <OpenAfter date=”09:00 11/05/01”/> </and> </termsAndConditions> - This string would be used as the public key to encrypt the document, in conjunction with the
appropriate trust authorities 23public details 25. The public key and the encrypted document would then be made available to the,tender manager 22 by any suitable means. - In order for the
tender manager 22 to obtain the respective private key thetender manager 22 sends the public key to theappropriate trust authority 23. Thetrust authority 23 would check that the requester is the named tender manager and that the current date is after 09:00 Nov. 05, 2001. Only when these conditions have been satisfied would thetrust authority 23 release the private key, derived in accordance with the principles describe above. The nonce is included to ensure that thetrust manager 23 will not have seen a public key identical to this in the past—and hence is not able to reuse an existing private key. - This embodiment only refers to a single trust authority, however, each bidder might choose a trust authority of their own choosing. The tender manager would then have to go to the appropriate trust authority to obtain the private key.
- The language used to define the terms and conditions would be selected to allow expression of a variety of terms and conditions.
-
FIG. 3 illustrates the use of the present invention for the purposes of enabling electronic distribution of music, where amusic provider 31 provides authorization for arecipient 32 to listen to the music after a specified payment has been made. - The
prospective recipient 32 would retrieve the encrypted music, together with the public key used to encrypt themusic 35 and the name of theappropriate trust authority 33. The encrypted music could be access, for example, via a public electronic database (not shown). - The public key might have the format:
<termsAndConditions nonce=”1245”> <Amount value=”12.45UKP” account=”xyz”/> </termsAndConditions> - That is to say, the private key should only be release after the
recipient 32 has paid a specified sum of money into a specifiedbank account 34. - In order for the music to be played it must be decrypted, which requires providing the public key to the
appropriate trust authority 33, who can then determine what conditions have to be satisfied to allow release of the appropriate private key. - Any attempt on the part of the recipient to modify the terms and conditions would result in a public key that does not decrypt the music.
Claims (7)
1-9. (canceled)
10. A cryptographic method comprising:
encrypting second data using encryption parameters comprising public data of a third party and a public key comprising first data that defines at least one condition to be fulfilled by an intended recipient, other than personal identity;
providing the encrypted second data to said recipient;
providing the public key to the third party; and
the third party checking for satisfaction of the said at least one condition by said recipient and only if said at least one condition is satisfied by the recipient, providing a private key to the recipient to allow decryption of the encrypted second data, the third party generating the private key based on the public key and on private data related to said public data.
11. A method according to claim 10 , wherein said at least one condition comprises a financial condition.
12. A method according to claim 11 , wherein said financial condition is that the recipient makes a payment of a specified amount.
13. A method according to claim. 10, wherein said at least one condition is specified as at least one attribute—value pair.
14. A method according to claim. 10, wherein said at least one condition is specified in XML.
15. Computer, apparatus comprising:
an input arrangement for receiving a public key comprising a non-identity condition to be determined as fulfilled;
a checking arrangement for checking fulfillment of said non-identity condition by a party;
a key generator means for generating a private key based on a private data and on the public key; and
an output arrangement for outputting the private key to said party only if the checking arrangement has determined that said non-identity condition has been fulfilled by said party, the private key being operative to decrypt a message encrypted using the public key and public data related to the private data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/644,862 US20070180267A1 (en) | 2001-10-15 | 2006-12-21 | Method and apparatus for encrypting data |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0124681.8 | 2001-10-15 | ||
GBGB0124681.8A GB0124681D0 (en) | 2001-10-15 | 2001-10-15 | Method and apparatus for encrypting data |
US10/270,039 US7219226B2 (en) | 2001-10-15 | 2002-10-11 | Method and apparatus for encrypting data |
US11/644,862 US20070180267A1 (en) | 2001-10-15 | 2006-12-21 | Method and apparatus for encrypting data |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/270,039 Continuation US7219226B2 (en) | 2001-10-15 | 2002-10-11 | Method and apparatus for encrypting data |
Publications (1)
Publication Number | Publication Date |
---|---|
US20070180267A1 true US20070180267A1 (en) | 2007-08-02 |
Family
ID=9923831
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/270,039 Active 2024-10-23 US7219226B2 (en) | 2001-10-15 | 2002-10-11 | Method and apparatus for encrypting data |
US11/644,862 Abandoned US20070180267A1 (en) | 2001-10-15 | 2006-12-21 | Method and apparatus for encrypting data |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/270,039 Active 2024-10-23 US7219226B2 (en) | 2001-10-15 | 2002-10-11 | Method and apparatus for encrypting data |
Country Status (3)
Country | Link |
---|---|
US (2) | US7219226B2 (en) |
DE (1) | DE10248006B8 (en) |
GB (2) | GB0124681D0 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0215911D0 (en) | 2002-07-10 | 2002-08-21 | Hewlett Packard Co | Method and apparatus for encrypting data |
GB0313666D0 (en) | 2003-06-13 | 2003-07-16 | Hewlett Packard Development Co | RSA cryptographic method and system |
US7930412B2 (en) * | 2003-09-30 | 2011-04-19 | Bce Inc. | System and method for secure access |
US20050177510A1 (en) * | 2004-02-09 | 2005-08-11 | Visa International Service Association, A Delaware Corporation | Buyer initiated payment |
US7030041B2 (en) * | 2004-03-15 | 2006-04-18 | Applied Materials Inc. | Adhesion improvement for low k dielectrics |
GB2415112B (en) * | 2004-06-11 | 2007-04-25 | Hewlett Packard Development Co | Cryptographic method and apparatus |
CA2571814C (en) * | 2004-12-30 | 2012-06-19 | Bce Inc. | System and method for secure access |
US20090164804A1 (en) * | 2007-12-25 | 2009-06-25 | Sandisk Il Ltd. | Secured storage device |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5199070A (en) * | 1990-12-18 | 1993-03-30 | Matsushita Electric Industrial Co., Ltd. | Method for generating a public key |
US5855008A (en) * | 1995-12-11 | 1998-12-29 | Cybergold, Inc. | Attention brokerage |
US20020010772A1 (en) * | 2000-07-19 | 2002-01-24 | Nec Corporation | System and method for communication based on priority class selection |
US20020032312A1 (en) * | 1995-06-07 | 2002-03-14 | Medarex, Inc. | Therapeutic compounds comprised of anti-fc receptor antibodies |
US6389534B1 (en) * | 1997-06-30 | 2002-05-14 | Taher Elgamal | Cryptographic policy filters and policy control method and apparatus |
US20020172367A1 (en) * | 2001-05-16 | 2002-11-21 | Kasten Chase Applied Research Limited | System for secure electronic information transmission |
US20030051129A1 (en) * | 2001-09-10 | 2003-03-13 | Ravi Razdan | Protecting confidential digital information at application service providers |
US6583988B1 (en) * | 2002-02-05 | 2003-06-24 | Whelen Engineering Company, Inc. | Encapsulated power supply |
US20040030652A1 (en) * | 2000-09-06 | 2004-02-12 | Stefan Grunzig | Method for securing digital goods on sale thereof over a computer network |
US6895507B1 (en) * | 1999-07-02 | 2005-05-17 | Time Certain, Llc | Method and system for determining and maintaining trust in digital data files with certifiable time |
US7096204B1 (en) * | 1999-10-08 | 2006-08-22 | Hewlett-Packard Development Company, L.P. | Electronic commerce system |
US7113594B2 (en) * | 2001-08-13 | 2006-09-26 | The Board Of Trustees Of The Leland Stanford University | Systems and methods for identity-based encryption and related cryptographic techniques |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0354774B1 (en) * | 1988-08-11 | 1996-04-10 | International Business Machines Corporation | Data cryptography using control vectors |
JPH10511471A (en) | 1994-08-12 | 1998-11-04 | リートン,フランク、タムスン | Fail-safe key marking system |
US5740246A (en) * | 1994-12-13 | 1998-04-14 | Mitsubishi Corporation | Crypt key system |
US5625692A (en) | 1995-01-23 | 1997-04-29 | International Business Machines Corporation | Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing |
JPH10198272A (en) | 1996-12-27 | 1998-07-31 | Canon Inc | Key managing method, ciphering system, and decentralized digital signature system with hierarchy |
JP3542895B2 (en) * | 1997-08-22 | 2004-07-14 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Time-constrained cryptosystem |
JP2000090039A (en) * | 1998-09-14 | 2000-03-31 | Sony Corp | Music distributing method, transmitting device and method and reproducing device and method |
US6901145B1 (en) | 1999-04-08 | 2005-05-31 | Lucent Technologies Inc. | Generation of repeatable cryptographic key based on varying parameters |
CA2277633C (en) | 1999-07-19 | 2009-10-20 | Certicom Corp. | Split-key key-agreement protocol |
WO2001011527A2 (en) * | 1999-08-10 | 2001-02-15 | Yeda Research And Development Co. Ltd. | Honesty preserving negotiation and computation |
US6853988B1 (en) | 1999-09-20 | 2005-02-08 | Security First Corporation | Cryptographic server with provisions for interoperability between cryptographic systems |
AU7350100A (en) * | 1999-09-27 | 2001-04-30 | Gte Internetworking Incorporated | Secure play of performance data |
JP2001244924A (en) * | 2000-03-01 | 2001-09-07 | Mizuno Junya | Information enciphering system |
GB2368755A (en) * | 2000-11-01 | 2002-05-08 | Content Technologies Ltd | Distributing public keys using 2D barcodes |
US6937731B2 (en) * | 2001-03-13 | 2005-08-30 | Mitake Information Corporation | End to end real-time encrypting process of a mobile commerce WAP data transmission section and the module of the same |
-
2001
- 2001-10-15 GB GBGB0124681.8A patent/GB0124681D0/en not_active Ceased
-
2002
- 2002-10-04 GB GB0222978A patent/GB2381173B/en not_active Expired - Lifetime
- 2002-10-11 US US10/270,039 patent/US7219226B2/en active Active
- 2002-10-15 DE DE10248006A patent/DE10248006B8/en not_active Expired - Lifetime
-
2006
- 2006-12-21 US US11/644,862 patent/US20070180267A1/en not_active Abandoned
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5199070A (en) * | 1990-12-18 | 1993-03-30 | Matsushita Electric Industrial Co., Ltd. | Method for generating a public key |
US20020032312A1 (en) * | 1995-06-07 | 2002-03-14 | Medarex, Inc. | Therapeutic compounds comprised of anti-fc receptor antibodies |
US5855008A (en) * | 1995-12-11 | 1998-12-29 | Cybergold, Inc. | Attention brokerage |
US6389534B1 (en) * | 1997-06-30 | 2002-05-14 | Taher Elgamal | Cryptographic policy filters and policy control method and apparatus |
US6895507B1 (en) * | 1999-07-02 | 2005-05-17 | Time Certain, Llc | Method and system for determining and maintaining trust in digital data files with certifiable time |
US7096204B1 (en) * | 1999-10-08 | 2006-08-22 | Hewlett-Packard Development Company, L.P. | Electronic commerce system |
US20020010772A1 (en) * | 2000-07-19 | 2002-01-24 | Nec Corporation | System and method for communication based on priority class selection |
US20040030652A1 (en) * | 2000-09-06 | 2004-02-12 | Stefan Grunzig | Method for securing digital goods on sale thereof over a computer network |
US20020172367A1 (en) * | 2001-05-16 | 2002-11-21 | Kasten Chase Applied Research Limited | System for secure electronic information transmission |
US7113594B2 (en) * | 2001-08-13 | 2006-09-26 | The Board Of Trustees Of The Leland Stanford University | Systems and methods for identity-based encryption and related cryptographic techniques |
US20030051129A1 (en) * | 2001-09-10 | 2003-03-13 | Ravi Razdan | Protecting confidential digital information at application service providers |
US6583988B1 (en) * | 2002-02-05 | 2003-06-24 | Whelen Engineering Company, Inc. | Encapsulated power supply |
Also Published As
Publication number | Publication date |
---|---|
DE10248006B8 (en) | 2008-05-15 |
US20030095661A1 (en) | 2003-05-22 |
US7219226B2 (en) | 2007-05-15 |
DE10248006A1 (en) | 2003-04-30 |
GB2381173B (en) | 2004-06-30 |
GB0124681D0 (en) | 2001-12-05 |
GB0222978D0 (en) | 2002-11-13 |
GB2381173A (en) | 2003-04-23 |
DE10248006B4 (en) | 2008-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10673632B2 (en) | Method for managing a trusted identity | |
US7860243B2 (en) | Public key encryption for groups | |
US6483920B2 (en) | Key recovery process used for strong encryption of messages | |
US6237096B1 (en) | System and method for electronic transmission storage and retrieval of authenticated documents | |
EP1573958B1 (en) | Methods, apparatus and computer programs for generating and/or using conditional electronic signatures for reporting status changes | |
US20070180267A1 (en) | Method and apparatus for encrypting data | |
US6868160B1 (en) | System and method for providing secure sharing of electronic data | |
US8799981B2 (en) | Privacy protection system | |
US20040165728A1 (en) | Limiting service provision to group members | |
US20020010861A1 (en) | Access control system, access control method, device, access control server, access-control-server registration server, data processing apparatus, and program storage medium | |
PT739560E (en) | CRYPTOGRAPHIC SYSTEM AND PROCESS WITH KEY WARRANTY CHARACTERISTICS | |
JP2004023796A (en) | Selectively disclosable digital certificate | |
JP2001518269A (en) | Electronic encryption packing | |
CN111815322A (en) | Distributed payment method with selectable privacy service based on Ether house | |
GB2359156A (en) | A system for verifying the content of an online news article | |
US8644509B2 (en) | Data providing process based on an IBPE scheme | |
US6898579B1 (en) | System, method and article of manufacture for contract term certification utilizing a network | |
US20030023862A1 (en) | Content distribution system | |
WO2022024182A1 (en) | Knowledge proof method, knowledge proof program, and information processing apparatus | |
US7330969B2 (en) | Method and apparatus for data validation | |
JP2001147899A (en) | System for distributing contents | |
Trivedi et al. | Digitally signed document chain (DSDC) blockchain | |
US20020073010A1 (en) | Secure electronic stocks and other titles and instruments | |
Sejwani et al. | Implementation of X. 509 certificate for online applications | |
CN116975815A (en) | Express mail information protection system based on block chain network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P., TEXAS Free format text: ASSIGNMENT BY OPERATION OF LAW;ASSIGNORS:HEWLETT-PACKARD LIMITED;HARRISON, KEITH ALEXANDER;REEL/FRAME:018742/0686 Effective date: 20021119 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |