Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1998-10-15
2001-08-14
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S161000, C713S168000
Reexamination Certificate
active
06275936
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to encryption and decryption of digital data and authentication of access rights to digital data or services, which applies the encryption and decryption of the digital data.
2. Discussion of the Related Art
To protect the data security by encryption and decryption, there are the following two types of relationships between a user of encrypted data and an owner of a decryption key that is necessary to decrypt the data.
1) The user of the data and the owner of the decryption key are the same person.
2) The user of the data and the owner of the decryption key are not the same person.
As an example of 1), personal confidential communication is a typical case. In this case, the recipient holds a decryption key for the data in secret. The sender encrypts the data with an encryption key corresponding to the decryption key of the recipient. The recipient's leakage of the decryption key to the third party leads to an intrusion into the recipient's privacy, which is a great disadvantage to the recipient. Therefore, if the recipient obtains the decryption key, no problem is expected.
As an example of 2), a simultaneous multi-address transmission of the digital data is mentioned. The charged digital data simultaneously transmitted to multi-addresses is encrypted and cannot be used without being decrypted. Although the decryption key is known to a third party, it will not be any disadvantage to a recipient of the data. Therefore, if the recipient obtains the decryption key for decrypting the encrypted digital data, there occurs a possibility that the recipient leaks the decryption key to the third party to get good value for it. In other words, the user of the data has a positive reason to leak the decryption key. Accordingly, it is necessary to separate the user of the data from the owner of the decryption key.
The satellite broadcast now solves the problem by storing the decryption key in an area in a hardware that is inaccessible from the outside and assigning the decryption of the data to the hardware (referred to as delegated decryption). The user of the digital data cannot obtain the decryption key, and therefore the problem that the decryption key is leaked by the user of the digital data does not arise.
Not only in the satellite broadcast, the same method is also used in the case where the decryption is performed on the data transmitted simultaneously to many and unspecified addresses, such as the simultaneous multi-address transmission through the World Wide Web (WWW) of the Internet or the cable television broadcast (CATV). There are many kinds of assignee, for example, a built-in decryption device of a satellite broadcast tuner, an IC card with a decryption function, a computer connected to a network and so forth. Any of them performs the delegated decryption.
If the delegated decryption is performed in an easy manner that the encrypted data is directly transmitted to the decryption device and the decryption result is received from the decryption device, the following problems arise.
(1) The decryption device can learn what is decrypted and what is a result of the decryption.
The decryption device can be created so that a history of the delegated decryption is generated. If such decryption device has been created, there occurs a possibility that a privacy of a recipient of data as to what kind of data he/she would like to decrypt is recorded by the decryption device and later used illegitimately. Such decryption device is also a disadvantage to a sender of the data because the sender cannot delegate the decryption of the data undesirable to be known to the decryption device. In the example of the satellite broadcast, if data of a movie is encrypted and sent, the decryption device stores the decrypted plain data of the movie. The data of the movie may be illegitimately used by the creator of the decryption device.
(2) If there is an intruder intercepting a communication with the decryption device, the intruder can learn what is decrypted and what is a result of decryption.
The seriousness of the problem can be understood by considering the example in which the recipient of delegation of the decryption is a computer connected to a network. Without any countermeasure, a third party intercepting the network can easily learn what is decrypted and what is a result of the delegated decryption.
A blind decryption is a technique of delegated decryption that clears up the above two problems. A blind decryption method based on the RSA (Rivest-Shamir-Adleman) is disclosed by “Fair Public Key Cryptosystem”, Proc. Crypto 92, pp. 113-138 (1993). The outline is described as follows.
It is assumed that a person delegating the decryption is “Alice” and a decryption device that performs decryption on delegation is “Bob”. It is further assumed that a decryption key held by Bob is D, an RSA modulus is n and an encryption key is E. Since this is the RSA cryptosystem, the following expression is established:
ED≡1 mod &phgr;(n)
wherein &phgr;(n) is an Euler number of n.
It is then assumed that the result of encryption of a plain text M with n and E is expressed as C=M
E
mod n.
1) Alice generates a random number r and calculates the expression C′=r
E
C mod n, and transmits C′ to Bob.
2) Bob calculates the expression R=C′
D
mod n and transmits R to Alice.
3) Alice obtains r
−1
which satisfies the expression r
−1
r≡1 mod n, and calculates the expression M′=r
−1
R mod n.
With the following expression, it is possible to confirm that Alice can obtain a correct decryption result according to the above procedures:
M′≡r
−1
R≡r
−1
C′
D
≡r
−1
(r
E
C)
D
≡r
−1
(r
E
M
E
)
D
≡r
−1
rM≡M mod n (1)
In this method, Bob and a third party intercepting the communication between Bob and Alice can only know C′=r
E
C mod n and R=C′
−D
≡rM mod n. The encrypted text C that Alice wanted to decrypt and its decryption result M cannot be known to Bob and the intruder intercepting the communication. This method thus resolves the above two problems of the assigned decryption.
Japanese Patent Application Laid-Open No. 10-247905 suggests a device for controlling the access to the digital data, which employs the blind decryption.
The device for access controlling disclosed by the above application consists of a proving device for proving an ownership of the access right to the data and a verification device for verifying the proof by the proving device. The verification device stores encrypted digital data and another piece of data generated by encrypting a key for decrypting the digital data with an RSA public key (the another piece of data is referred to as an encrypted key). The proving device is an RSA decryption device. The verification device delegates the decryption of the encrypted key by using the blind decryption to the proving device and then decrypts the digital data with a result of the delegated decryption. If the digital data is correctly decrypted, it is considered that the proving device succeeded in proving the ownership of the access right.
Owing to the use of the blind decryption, the content of the delegated encrypted key and the decryption key of the digital data cannot be known to the proving device or an intruder intercepting the communication between the verification device and the proving device.
The technique of the Japanese Patent Application Laid Open No. 10-247905 is particularly characterized by the configuration of the proving device which is of the RSA type. The Japanese Patent Application Laid Open No. 10-247905 suggests embedding of the RSA decryption key in changeable data called an access ticket for enabling the decryption of multiple RSA public keys with a single proving device. To prevent stealing the RSA decryption key from the access ticket, the access ticket is created by masking the RSA decryp
Kakehi Rumiko
Kyojima Masaki
Takeda Koji
Terao Taro
Fuji 'Xerox Co., Ltd.
Oliff & Berridg,e PLC
Peeso Thomas R.
LandOfFree
Decryption method and device, and access right... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Decryption method and device, and access right..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Decryption method and device, and access right... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2498459