| Ground | References | Title | Term Nuances | Challenged Claims | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | |||||
| 1 | US5495533A (Mark H. Linehan, 1996) | Personal key archive | ▪ computer system ≈ distributed computer system ▪ random number, key management ≈ random number, user access ▪ user information ≈ said database | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 2 | US5689566A (Minhtam C. Nguyen, 1997) | Network with secure communications sessions | ▪ key management, key management system ≈ session information, random number | X | X | X | X | X | X | X | X | X | X | X | X | X | X | |||||||||||||||||||||||
| 3 | US5315658A (Silvio Micali, 1994) | Fair cryptosystems and methods of use | ▪ key arbitration, key arbitration center ≈ exchange messages ▪ key backup system ≈ secret value ▪ key management, key management system ≈ public keys | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||||
| 4 | US4888800A (Alan D. Marshall, 1989) | Secure messaging systems | ▪ key management, key distribution center ≈ key distribution center ▪ key management system ≈ when i | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||||||||
| 5 | US5276737A (Silvio Micali, 1994) | Fair cryptosystems and methods of use | ▪ key distribution ≈ secret sharing ▪ key management, key management system ≈ public keys | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||||
| 6 | US6118874A (Eiji Okamoto, 2000) | Encrypted data recovery method using split storage key and system thereof | ▪ key backup system ≈ said instructions ▪ securing electronic information comprises restricting access ≈ includes means ▪ random number, key management ≈ random number | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 7 | US4386233A (Miles E. Smid, 1983) | Crytographic key notarization methods and apparatus | ▪ key backup, key escrow ≈ cryptographic keys ▪ key management center ≈ d log | X | X | X | X | |||||||||||||||||||||||||||||||||
| 8 | US5933503A (Roger R. Schell, 1999) | Controlled modular cryptography apparatus and method | ▪ key management, key backup ≈ more cryptographic keys, key management ▪ key escrow, key escrow agent ≈ key escrow ▪ second functionality ≈ force load | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 9 | US5901227A (Radia J. Perlman, 1999) | Method and apparatus for implementing partial and complete optional key escrow | ▪ key management, key backup ≈ encryption keys ▪ key escrow, key escrow agent ≈ key escrow ▪ on module ≈ on module | X | X | X | X | |||||||||||||||||||||||||||||||||
| 10 | US6185546B1 (Derek L. Davis, 2001) | Apparatus and method for providing secured communications | ▪ key backup ≈ cryptographic operations ▪ random number generator ≈ random number generator ▪ key certification, securing electronic information ≈ third party | X | X | X | X | |||||||||||||||||||||||||||||||||
| 11 | US5862330A (Vinod Anupam, 1999) | Technique for obtaining and exchanging information on wolrd wide web | ▪ securing electronic information comprises restricting access ≈ includes means ▪ electronic information, securing electronic information comprises transferring electronic information ≈ one source | X | X | X | ||||||||||||||||||||||||||||||||||
| 12 | US5841865A (Frank Wells Sudia, 1998) | Enhanced cryptographic system and method with key escrow feature | ▪ key backup, key escrow ≈ cryptographic keys, key escrow ▪ securing electronic information comprises transferring electronic information ≈ second user | X | X | X | X | |||||||||||||||||||||||||||||||||
| 13 | US5799086A (Frank Wells Sudia, 1998) | Enhanced cryptographic system and method with key escrow feature | ▪ key management, key management system ≈ public keys ▪ key certification, securing electronic information ≈ third party | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||
| 14 | US5764772A (Charles W. Kaufman, 1998) | Differential work factor cryptography method and system | ▪ second functionality, computer system ≈ computer system ▪ key management, key backup ≈ encryption keys | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 15 | US5604801A (George M. Dolan, 1997) | Public key data communications system under control of a portable security device | ▪ random number, key management ≈ random number ▪ key distribution ≈ secure manner | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 16 | US5301247A (Harry R. Rasmussen, 1994) | Method for ensuring secure communications | ▪ key management, key backup ≈ encryption keys ▪ first functionality ≈ one second | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 17 | US5268962A (Martin Abadi, 1993) | Computer network with modified host-to-host encryption keys | ▪ second functionality, computer system ≈ computer system ▪ securing electronic information comprises restricting access, securing electronic information comprises transferring electronic information ≈ includes means, checking step ▪ key management center ≈ d log | X | ||||||||||||||||||||||||||||||||||||
| 18 | US5200999A (Stephen M. Matyas, 1993) | Public key cryptosystem key management based on control vectors | ▪ second functionality, computer system ≈ computer system ▪ key certification authority ≈ private keys ▪ key management, key management system ≈ public keys | X | X | X | X | X | X | X | X | X | X | |||||||||||||||||||||||||||
| 19 | US5164988A (Stephen M. Matyas, 1992) | Method to establish and enforce a network cryptographic security policy in a public key cryptosystem | ▪ random number, key management ≈ random number | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 20 | US5150411A (Ueli Maurer, 1992) | Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction | ▪ random number, key management ≈ random number ▪ electronic information ≈ own base | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||
| 21 | US5142578A (Stephen M. Matyas, 1992) | Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors | ▪ electronic information, electronic information securement system ≈ storing control information ▪ key certification authority ≈ cryptographic communication ▪ securing electronic information ≈ comparison means ▪ key management ≈ symmetric keys | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||
| 22 | US4944007A (Jeffrey R. Austin, 1990) | Public key diversification method | ▪ key management, key backup ≈ public key value | X | X | X | X | |||||||||||||||||||||||||||||||||
| 23 | US4941176A (Stephen M. Matyas, 1990) | Secure management of keys using control vectors | ▪ key backup, key escrow ≈ cryptographic keys, encryption keys | X | X | X | X | |||||||||||||||||||||||||||||||||
| 24 | US4918728A (Stephen M. Matyas, 1990) | Data cryptography operations using control vectors | ▪ key backup, key escrow ≈ cryptographic keys ▪ key management ≈ key management ▪ directory service ≈ remote data ▪ key arbitration ≈ input data | X | X | X | X | |||||||||||||||||||||||||||||||||
| 25 | US4850017A (Stephen M. Matyas, 1989) | Controlled use of cryptographic keys via generating station established control values | ▪ electronic information ≈ temporarily store ▪ random number, key management ≈ random number | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||
| 26 | US6230197B1 (Christopher Clemmentt Macleod Beck, 2001) | Method and apparatus for rules-based storage and retrieval of multimedia interactions within a communication center | ▪ electronic information, electronic information securement system ≈ receiving notification | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||
| 27 | US6185681B1 (Stephen Zizzi, 2001) | Method of transparent encryption and decryption for an electronic document management system | ▪ second functionality, computer system ≈ computer system ▪ key management, key certification ≈ access module | X | X | X | X | X | ||||||||||||||||||||||||||||||||
| 28 | US6088747A (Lauren Ann Cotugno, 2000) | System for reformatting and burning of data files having a first format onto a compact disk to be utilized in a network using different format | ▪ key management, key management system ≈ computer platform ▪ providing acknowledgment ≈ said client | X | X | X | X | X | X | X | X | X | X | |||||||||||||||||||||||||||
| 29 | US6088802A (William P. Bialick, 2000) | Peripheral device with integrated security functionality | ▪ securing electronic information ≈ wireless communication means ▪ key escrow, key certification ≈ security operation ▪ directory service ≈ remote device ▪ key management center ≈ wireless LAN | X | X | X | X | |||||||||||||||||||||||||||||||||
| 30 | US6076099A (Thomas C. H. Chen, 2000) | Method for configurable intelligent-agent-based wireless communication system | ▪ key arbitration ≈ communication controller ▪ directory service ≈ wireless controller ▪ securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information ≈ plain text ▪ first functionality ≈ said sub | X | ||||||||||||||||||||||||||||||||||||
| 31 | US6073234A (Kenichiro Kigo, 2000) | Device for authenticating user's access rights to resources and method | ▪ directory service ≈ data verification ▪ user information ≈ user information ▪ key distribution, key arbitration ≈ function value | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | |||||||||
| 32 | US6023506A (Ichiro Ote, 2000) | Data encryption control apparatus and method | ▪ key management, key certification ≈ encryption system, user access ▪ key backup ≈ original location ▪ key distribution ≈ key generation ▪ random number generator ≈ represents a | X | X | X | X | |||||||||||||||||||||||||||||||||
| 33 | US6014134A (Brigham R. Bell, 2000) | Network-based intelligent tutoring system | ▪ first functionality ≈ graphical user interfaces, said sub ▪ key management system, directory service ≈ performance information ▪ providing acknowledgment ≈ transformation step, said client ▪ key certification, key arbitration ≈ generation module | X | ||||||||||||||||||||||||||||||||||||
| 34 | US5991796A (Vinod Anupam, 1999) | Technique for obtaining and exchanging information on world wide web | ▪ electronic information, securing electronic information comprises transferring electronic information ≈ one source | X | ||||||||||||||||||||||||||||||||||||
| 35 | US5987140A (Kevin Thomas Bartholomew Rowney, 1999) | System, method and article of manufacture for secure network electronic payment and credit collection | ▪ key certification, securing electronic information ≈ third party ▪ providing acknowledgment ≈ said client | X | X | X | X | |||||||||||||||||||||||||||||||||
| 36 | US5982857A (Patrick K. Brady, 1999) | Voice recording method and system providing context specific storage and retrieval | ▪ key certification, key arbitration ≈ data distribution system | X | X | X | X | |||||||||||||||||||||||||||||||||
| 37 | US5978475A (Bruce Schneier, 1999) | Event auditing system | ▪ key backup, key escrow ≈ cryptographic operations, cryptographic keys ▪ first functionality ≈ said sub | X | X | X | X | |||||||||||||||||||||||||||||||||
| 38 | EP0807911A2 (Burton S. Kaliski, 1997) | Client/server protocol for proving authenticity | ▪ random number generator ≈ random number generator ▪ key distribution, key arbitration ≈ function value, public keys | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||||||||||||||||
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5495533A Filed: 1994-04-29 Issued: 1996-02-27 Personal key archive (Original Assignee) International Business Machines Corp (Current Assignee) Google LLC Mark H. Linehan, Nicholas J. Simicich, Gene Y. Tsudik |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number, user access) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5495533A CLAIM 1. A computing system for automatically managing keys to encrypt and decrypt stored data; comprising: an authentication server; a key client; a key generator; a key server; a key database; an encrypted data memory; said authentication server authenticates said user and provides said user with a ticket identifying said user; said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory; said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data. US5495533A CLAIM 4. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) . |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number, user access) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5495533A CLAIM 1. A computing system for automatically managing keys to encrypt and decrypt stored data; comprising: an authentication server; a key client; a key generator; a key server; a key database; an encrypted data memory; said authentication server authenticates said user and provides said user with a ticket identifying said user; said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory; said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data. US5495533A CLAIM 4. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) . |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number, user access) system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5495533A CLAIM 1. A computing system for automatically managing keys to encrypt and decrypt stored data; comprising: an authentication server; a key client; a key generator; a key server; a key database; an encrypted data memory; said authentication server authenticates said user and provides said user with a ticket identifying said user; said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory; said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data. US5495533A CLAIM 4. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) . |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number, user access) system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5495533A CLAIM 1. A computing system for automatically managing keys to encrypt and decrypt stored data; comprising: an authentication server; a key client; a key generator; a key server; a key database; an encrypted data memory; said authentication server authenticates said user and provides said user with a ticket identifying said user; said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory; said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data. US5495533A CLAIM 4. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) . |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number, user access) system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5495533A CLAIM 1. A computing system for automatically managing keys to encrypt and decrypt stored data; comprising: an authentication server; a key client; a key generator; a key server; a key database; an encrypted data memory; said authentication server authenticates said user and provides said user with a ticket identifying said user; said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory; said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data. US5495533A CLAIM 4. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) . |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5689566A Filed: 1995-10-24 Issued: 1997-11-18 Network with secure communications sessions (Original Assignee) Nguyen; Minhtam C. Minhtam C. Nguyen |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (session information, random number, d log) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (session information, random number, d log) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (session information, random number, d log) system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (session information, random number, d log) system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (session information, random number, d log) system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (session information, random number, d log) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (session information, random number, d log) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (session information, random number, d log) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (session information, random number, d log) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (session information, random number, d log) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5689566A CLAIM 1. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising: server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. US5689566A CLAIM 3. A security system, as in claim 2, wherein: the client has a userid; the client has a password; the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R; a CRC signature C1 is generated from the value R and the userid; the value R is used as a DES key to encrypt the userid; the server name is used to generate a key K to encrypt the value R; the key Ka is generated by a one way hash function from the userid and password; and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5315658A Filed: 1993-04-19 Issued: 1994-05-24 Fair cryptosystems and methods of use (Original Assignee) Silvio Micali (Current Assignee) Certco Inc Silvio Micali |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. US5315658A CLAIM 12. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user; and having the user send encrypted messages using the secure chip; and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. US5315658A CLAIM 12. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user; and having the user send encrypted messages using the secure chip; and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. US5315658A CLAIM 12. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user; and having the user send encrypted messages using the secure chip; and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. US5315658A CLAIM 12. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user; and having the user send encrypted messages using the secure chip; and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5315658A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key; and monitoring communications to the suspect user during a time period specified in the predetermined request. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US4888800A Filed: 1988-03-01 Issued: 1989-12-19 Secure messaging systems (Original Assignee) HP Inc (Current Assignee) HP Inc Alan D. Marshall, Christopher J. Mitchell, Graeme J. Proudler |
|---|---|
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (key distribution center) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (key distribution center) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (key distribution center) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (key distribution center) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (key distribution center) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (key distribution center) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (key distribution center) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (key distribution center) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (key distribution center) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US4888800A CLAIM 1. A secure messaging system comprising: at least three terminals; a key distribution center (key management, key distribution center) ; communication means for carrying messages amongst the terminals and between the terminals and the center; and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal. US4888800A CLAIM 4. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key; means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal; and means for causing the changed key to be sent to the other terminal. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5276737A Filed: 1992-04-20 Issued: 1994-01-04 Fair cryptosystems and methods of use (Original Assignee) Silvio Micali Silvio Micali |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. US5276737A CLAIM 11. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user' s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. US5276737A CLAIM 11. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user' s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. US5276737A CLAIM 11. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user' s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. US5276737A CLAIM 11. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user' s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5276737A CLAIM 1. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user' s secret key into shares; providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6118874A Filed: 1998-03-30 Issued: 2000-09-12 Encrypted data recovery method using split storage key and system thereof (Original Assignee) Fujitsu Ltd; Hitachi Ltd (Current Assignee) Fujitsu Ltd ; Hitachi Ltd ; Mambo Masahiro Eiji Okamoto, Masahiro Mambo, Seiichi Domyo, Hiroyoshi Tsuchiya, Tooru Kawai, Kazuo Takaragi, Naoya Torii, Takeshi Tanida |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US6118874A CLAIM 5. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6118874A CLAIM 5. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6118874A CLAIM 5. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6118874A CLAIM 5. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6118874A CLAIM 5. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US4386233A Filed: 1980-09-29 Issued: 1983-05-31 Crytographic key notarization methods and apparatus (Original Assignee) COMMERCE United States, Secretary of (Current Assignee) COMMERCE United States, Secretary of Miles E. Smid, Dennis K. Branstad |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4386233A CLAIM 1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4386233A CLAIM 1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4386233A CLAIM 1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4386233A CLAIM 1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5933503A Filed: 1996-03-15 Issued: 1999-08-03 Controlled modular cryptography apparatus and method (Original Assignee) Micro Focus Software Inc (Current Assignee) EMC Corp Roger R. Schell, Kevin W. Kingdon, Thomas A. Berson |
|---|---|
| US8929552 CLAIM 1. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (more cryptographic keys, key management) system; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (force load) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information. |
US5933503A CLAIM 21. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy. US5933503A CLAIM 29. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow and storage of encrypted backup copies of cryptographic keys. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (more cryptographic keys, key management) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5933503A CLAIM 21. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy. US5933503A CLAIM 29. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (more cryptographic keys, key management) system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5933503A CLAIM 21. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy. US5933503A CLAIM 29. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (more cryptographic keys, key management) system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5933503A CLAIM 21. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy. US5933503A CLAIM 29. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (more cryptographic keys, key management) system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5933503A CLAIM 21. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy. US5933503A CLAIM 29. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5901227A Filed: 1996-06-20 Issued: 1999-05-04 Method and apparatus for implementing partial and complete optional key escrow (Original Assignee) Micro Focus Software Inc (Current Assignee) EMC Corp Radia J. Perlman |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5901227A CLAIM 8. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5901227A CLAIM 8. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5901227A CLAIM 8. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5901227A CLAIM 8. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6185546B1 Filed: 1998-06-12 Issued: 2001-02-06 Apparatus and method for providing secured communications (Original Assignee) Intel Corp (Current Assignee) Intel Corp Derek L. Davis |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185546B1 CLAIM 4. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available. US6185546B1 CLAIM 22. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit. |
| US8929552 CLAIM 11. A method of securing electronic information (third party) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185546B1 CLAIM 4. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available. US6185546B1 CLAIM 22. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit. |
| US8929552 CLAIM 12. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185546B1 CLAIM 4. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available. US6185546B1 CLAIM 22. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit. |
| US8929552 CLAIM 14. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185546B1 CLAIM 4. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available. US6185546B1 CLAIM 22. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5862330A Filed: 1996-07-16 Issued: 1999-01-19 Technique for obtaining and exchanging information on wolrd wide web (Original Assignee) Nokia of America Corp (Current Assignee) SOUND VIEW INNOVATIONS LLC ; Alcatel Lucent SAS Vinod Anupam, Narain H. Gehani, Kenneth R. Rodemann |
|---|---|
| US8929552 CLAIM 4. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information, wherein said step of securing electronic information (one source) comprises restricting access (includes means) to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US5862330A CLAIM 1. A server system for communicating with at least one device comprising a browser for receiving information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , other than said server system, on a communications network, comprising: an interface for receiving from said device a request for admission thereof to a session in which said browser receives said information; a processor responsive to said request for providing program code to said device to create a surrogate therein, said surrogate acquiring data from said browser; and at least one controller for receiving said data from said surrogate. US5862330A CLAIM 11. The system of claim 10 wherein said controller includes means (securing electronic information comprises restricting access) for selecting said selected surrogate in accordance with a predetermined priority scheme. |
| US8929552 CLAIM 14. A method of securing electronic information (one source) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5862330A CLAIM 1. A server system for communicating with at least one device comprising a browser for receiving information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , other than said server system, on a communications network, comprising: an interface for receiving from said device a request for admission thereof to a session in which said browser receives said information; a processor responsive to said request for providing program code to said device to create a surrogate therein, said surrogate acquiring data from said browser; and at least one controller for receiving said data from said surrogate. |
| US8929552 CLAIM 15. A method of securing electronic information (one source) as described in claims 1 , 2 or 3 , wherein said step of securing electronic information comprises restricting access (includes means) to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US5862330A CLAIM 1. A server system for communicating with at least one device comprising a browser for receiving information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , other than said server system, on a communications network, comprising: an interface for receiving from said device a request for admission thereof to a session in which said browser receives said information; a processor responsive to said request for providing program code to said device to create a surrogate therein, said surrogate acquiring data from said browser; and at least one controller for receiving said data from said surrogate. US5862330A CLAIM 11. The system of claim 10 wherein said controller includes means (securing electronic information comprises restricting access) for selecting said selected surrogate in accordance with a predetermined priority scheme. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5841865A Filed: 1997-04-11 Issued: 1998-11-24 Enhanced cryptographic system and method with key escrow feature (Original Assignee) Certco LLC (Current Assignee) CERTCO Inc A Corp OF DELAWARE Frank Wells Sudia |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5841865A CLAIM 1. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification. US5841865A CLAIM 15. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users; verifying the keys at the escrow center; certifying each of the keys upon verification; initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user. US5841865A CLAIM 18. A method as in claim 15 further including steps of: recovering an escrowed key; confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device; and accessing a communication using the key contained in the trusted device. US5841865A CLAIM 33. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center. |
| US8929552 CLAIM 11. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5841865A CLAIM 1. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification. US5841865A CLAIM 15. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users; verifying the keys at the escrow center; certifying each of the keys upon verification; initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user. US5841865A CLAIM 18. A method as in claim 15 further including steps of: recovering an escrowed key; confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device; and accessing a communication using the key contained in the trusted device. US5841865A CLAIM 33. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center. |
| US8929552 CLAIM 12. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5841865A CLAIM 1. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification. US5841865A CLAIM 15. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users; verifying the keys at the escrow center; certifying each of the keys upon verification; initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user. US5841865A CLAIM 18. A method as in claim 15 further including steps of: recovering an escrowed key; confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device; and accessing a communication using the key contained in the trusted device. US5841865A CLAIM 33. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center. |
| US8929552 CLAIM 14. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5841865A CLAIM 1. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification. US5841865A CLAIM 15. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users; verifying the keys at the escrow center; certifying each of the keys upon verification; initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user. US5841865A CLAIM 18. A method as in claim 15 further including steps of: recovering an escrowed key; confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device; and accessing a communication using the key contained in the trusted device. US5841865A CLAIM 33. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5799086A Filed: 1997-02-19 Issued: 1998-08-25 Enhanced cryptographic system and method with key escrow feature (Original Assignee) Certco LLC (Current Assignee) CERTCO Inc A Corp OF DELAWARE Frank Wells Sudia |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5799086A CLAIM 1. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device; determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules; electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization; electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules; electronically transmitting transaction data from said trusted device to said second party in accordance with said rules. US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 8. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5799086A CLAIM 1. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device; determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules; electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization; electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules; electronically transmitting transaction data from said trusted device to said second party in accordance with said rules. US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 9. A method of securing electronic information (third party) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system. |
US5799086A CLAIM 1. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device; determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules; electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization; electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules; electronically transmitting transaction data from said trusted device to said second party in accordance with said rules. US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 11. A method of securing electronic information (third party) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5799086A CLAIM 1. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device; determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules; electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization; electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules; electronically transmitting transaction data from said trusted device to said second party in accordance with said rules. US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 12. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5799086A CLAIM 1. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device; determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules; electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization; electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules; electronically transmitting transaction data from said trusted device to said second party in accordance with said rules. US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 14. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5799086A CLAIM 1. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device; determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules; electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization; electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules; electronically transmitting transaction data from said trusted device to said second party in accordance with said rules. US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5799086A CLAIM 11. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5764772A Filed: 1995-12-15 Issued: 1998-06-09 Differential work factor cryptography method and system (Original Assignee) Lotus Development Corp (Current Assignee) International Business Machines Corp Charles W. Kaufman, Stephen M. Matyas, Jr. |
|---|---|
| US8929552 CLAIM 1. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information. |
US5764772A CLAIM 7. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority. US5764772A CLAIM 11. A data structure for an encrypted message transmitted from one computer system (second functionality, computer system) to another, the data structure providing a reduced work factor for an authorized entity to break the encrypted message, the data structure comprising: a first encrypted data entity comprising the message encrypted with a secret encryption key; and a second encrypted data entity attached to the first encrypted data entity, the second encrypted data entity comprising, in combination, a partial key of the secret encryption key, a hash of at least part of the secret encryption key and a salt, and all or part of the salt, encrypted using a public key of the authorized entity thereby enabling the authorized entity to decrypt the encrypted partial key and to use the partial key to break the encrypted message. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5764772A CLAIM 7. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5764772A CLAIM 7. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5764772A CLAIM 7. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5764772A CLAIM 7. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5604801A Filed: 1995-02-03 Issued: 1997-02-18 Public key data communications system under control of a portable security device (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp George M. Dolan, Christopher J. Holloway, Stephen M. Matyas, Jr. |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5604801A CLAIM 7. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5604801A CLAIM 1. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key; the server (130) being adapted for data communication with the portable security device (120); characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user. US5604801A CLAIM 7. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5604801A CLAIM 1. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key; the server (130) being adapted for data communication with the portable security device (120); characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user. US5604801A CLAIM 7. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5604801A CLAIM 1. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key; the server (130) being adapted for data communication with the portable security device (120); characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user. US5604801A CLAIM 7. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5604801A CLAIM 1. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key; the server (130) being adapted for data communication with the portable security device (120); characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user. US5604801A CLAIM 7. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5301247A Filed: 1992-07-23 Issued: 1994-04-05 Method for ensuring secure communications (Original Assignee) Crest Industries Inc (Current Assignee) Crest Industries Inc Harry R. Rasmussen, Jack D. LaBounty, Michael J. Rosenow |
|---|---|
| US8929552 CLAIM 1. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality (one second) and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information. |
US5301247A CLAIM 1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station; (b) encrypting the first part encryption key at said one station; (c) transmitting the encrypted first part encryption key to the other station; (d) decrypting the first part encryption key at said other station; (e) encrypting the second part encryption key at said other station; (f) transmitting the encrypted second part encryption key to said one station; (g) decrypting the second part encryption key at said one station; and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5301247A CLAIM 1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station; (b) encrypting the first part encryption key at said one station; (c) transmitting the encrypted first part encryption key to the other station; (d) decrypting the first part encryption key at said other station; (e) encrypting the second part encryption key at said other station; (f) transmitting the encrypted second part encryption key to said one station; (g) decrypting the second part encryption key at said one station; and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5301247A CLAIM 1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station; (b) encrypting the first part encryption key at said one station; (c) transmitting the encrypted first part encryption key to the other station; (d) decrypting the first part encryption key at said other station; (e) encrypting the second part encryption key at said other station; (f) transmitting the encrypted second part encryption key to said one station; (g) decrypting the second part encryption key at said one station; and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5301247A CLAIM 1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station; (b) encrypting the first part encryption key at said one station; (c) transmitting the encrypted first part encryption key to the other station; (d) decrypting the first part encryption key at said other station; (e) encrypting the second part encryption key at said other station; (f) transmitting the encrypted second part encryption key to said one station; (g) decrypting the second part encryption key at said one station; and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5301247A CLAIM 1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station; (b) encrypting the first part encryption key at said one station; (c) transmitting the encrypted first part encryption key to the other station; (d) decrypting the first part encryption key at said other station; (e) encrypting the second part encryption key at said other station; (f) transmitting the encrypted second part encryption key to said one station; (g) decrypting the second part encryption key at said one station; and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5268962A Filed: 1992-07-21 Issued: 1993-12-07 Computer network with modified host-to-host encryption keys (Original Assignee) Digital Equipment Corp (Current Assignee) Google LLC Martin Abadi, Michael Burrows, Butler Lampson |
|---|---|
| US8929552 CLAIM 4. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information, wherein said step of securing electronic information comprises restricting access (includes means, checking step) to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US5268962A CLAIM 3. The network packet receiver of claim 1, each received data packet incorporating an embedded error checking value to enable error checking thereof; said packet processing means including pipelined decryption means and error checking means that, respectively, decrypt the encrypted portion of said each received data packet and error check said each received data packet as said each received data packet is delivered to said first host computer; wherein said packet processing means includes means (securing electronic information comprises restricting access, securing electronic information comprises transferring electronic information) for delivering portions of said each received data packet to said first host computer before said error checking means error checks other portions of said each received packet. US5268962A CLAIM 12. The computer system (second functionality, computer system) of claim 11, each said transmitted data packet incorporating an embedded error checking value to enable error checking thereof; each said packet receiving means including means for error checking said each received data packet as it is delivered to said network controller' s host computer. US5268962A CLAIM 16. The method of claim 15, said each received data packet incorporating an embedded error checking value to enable error checking thereof; said method further including: error checking said each received data packet as it is delivered to said first host computer; and delivering portions of said each received data packet to said first host computer before said error checking step (securing electronic information comprises restricting access, securing electronic information comprises transferring electronic information) error checks other portions of said each received packet. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5200999A Filed: 1991-09-27 Issued: 1993-04-06 Public key cryptosystem key management based on control vectors (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, William C. Martin, William S. Rohland, John D. Wilkins |
|---|---|
| US8929552 CLAIM 1. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. US5200999A CLAIM 29. The computer system (second functionality, computer system) of claim 28, which when executed on said data processing system, performs the further steps, comprising: forming a second public key authentication record in said data processing system, by computing a hash value using a hashing function on said public key record; said public key token including said second public key authentication record. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5200999A CLAIM 6. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ; forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector; forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system; receiving a second key use request in said data processing system, regulating said second public key algorithm; accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request; decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record; selecting said second public key algorithm in said data processing system for said second key use request; selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5164988A Filed: 1991-10-31 Issued: 1992-11-17 Method to establish and enforce a network cryptographic security policy in a public key cryptosystem (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, William C. Martin, William S. Rohland, John D. Wilkins |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5164988A CLAIM 6. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key; and transmitting said nonce with said audit record from said second data processor to said first data processor. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5164988A CLAIM 6. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key; and transmitting said nonce with said audit record from said second data processor to said first data processor. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5164988A CLAIM 6. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key; and transmitting said nonce with said audit record from said second data processor to said first data processor. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5164988A CLAIM 6. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key; and transmitting said nonce with said audit record from said second data processor to said first data processor. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5164988A CLAIM 6. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key; and transmitting said nonce with said audit record from said second data processor to said first data processor. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5150411A Filed: 1991-01-16 Issued: 1992-09-22 Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction (Original Assignee) Omnisec (Current Assignee) Omnisec Ueli Maurer |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 8. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 9. A method of securing electronic information (own base) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (random number) system. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 11. A method of securing electronic information (own base) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 12. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 14. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 16. An electronic information (own base) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 17. An electronic information (own base) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 18. An electronic information (own base) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 19. An electronic information (own base) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (random number) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 20. An electronic information (own base) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 21. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 24. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (random number) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 25. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 CLAIM 26. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5150411A CLAIM 32. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of " 0" or " 1" from user R, and a third means for sending back to the user R the random number r if variable b equals " 0" , or sending the number r plus secret key s T if variable b equals " 1" , thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T' s identity. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5142578A Filed: 1991-08-22 Issued: 1992-08-25 Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, John D. Wilkins, William C. Martin, William S. Rohland |
|---|---|
| US8929552 CLAIM 2. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information, wherein said step of securing electronic information (storing control information) comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 4. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information, wherein said step of securing electronic information (storing control information) comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 5. A method of securing electronic information (storing control information) as described in claims 1 , 2 , or 4 , further comprising the steps of: generating said at least one cryptographic key; and confirming generation of said at least one cryptographic key. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 6. A method of securing electronic information (storing control information) as described in claim 5 , wherein said step of confirming generation comprises confirming generation of at least one valid key and further comprising the step of providing said at least one cryptographic key in a read-only format, wherein said step of confirming generation of at least one valid key comprises confirming generation of said cryptographic key in a read-only format. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 7. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (symmetric keys) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 8. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (symmetric keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 9. A method of securing electronic information (storing control information) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (symmetric keys) system. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 10. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , wherein said step of associating at least one cryptographic key with electronic information comprises associating at least one cryptographic key with at least one system identification selected from the group consisting of: a ticket, a pointer, a certificate, an add-on module, user information, and a random number. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 11. A method of securing electronic information (storing control information) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (symmetric keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 12. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (symmetric keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 13. A method of securing electronic information (storing control information) as described in claim 3 , wherein said step of securing electronic information comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 14. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (symmetric keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 15. A method of securing electronic information (storing control information) as described in claims 1 , 2 or 3 , wherein said step of securing electronic information comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 16. An electronic information (storing control information) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (symmetric keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 17. An electronic information (storing control information) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (symmetric keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 18. An electronic information (storing control information) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (symmetric keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 19. An electronic information (storing control information) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (symmetric keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 20. An electronic information (storing control information) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 21. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 22. An electronic information (storing control information) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 23. An electronic information (storing control information) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 24. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (symmetric keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 25. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 26. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. US5142578A CLAIM 4. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) . |
| US8929552 CLAIM 27. An electronic information (storing control information) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by a client. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 28. An electronic information (storing control information) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 29. An electronic information (storing control information) securement system as described in claim 16 , 17 or 18 , wherein access to secured electronic information is restricted to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to said secure electronic information under conditions of enhanced security. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 30. An electronic information (storing control information) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 31. An electronic information (storing control information) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 32. An electronic information (storing control information) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 33. An electronic information (storing control information) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 34. An electronic information (storing control information) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by a client. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 35. An electronic information (storing control information) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by a client. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 36. An electronic information (storing control information) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 CLAIM 37. An electronic information (storing control information) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US5142578A CLAIM 3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node; storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable; storing a first key expression at said transmitting node; concatenating said crypto variable with said control information, forming a key block, at said transmitting node; encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node; transmitting said encrypted key block to said receiving node; transmitting a second copy of said control information to said receiving node; storing a second key expression corresponding to said first key expression, at said receiving node; decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node; extracting said control information and said crypto variable from said recovered key block, at said receiving node; comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied; controlling said crypto variable with said control information when said enabling signal has been generated. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US4944007A Filed: 1989-06-12 Issued: 1990-07-24 Public key diversification method (Original Assignee) NCR Corp (Current Assignee) NCR Corp Jeffrey R. Austin |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public key value) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4944007A CLAIM 1. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S; transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler' s totient function; selecting, at said requesting entity, fifth and sixth prime numbers, T,U; and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e; wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1); and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m . |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public key value) system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4944007A CLAIM 1. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S; transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler' s totient function; selecting, at said requesting entity, fifth and sixth prime numbers, T,U; and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e; wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1); and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m . |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public key value) system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4944007A CLAIM 1. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S; transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler' s totient function; selecting, at said requesting entity, fifth and sixth prime numbers, T,U; and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e; wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1); and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m . |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public key value) system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4944007A CLAIM 1. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S; transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler' s totient function; selecting, at said requesting entity, fifth and sixth prime numbers, T,U; and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e; wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1); and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m . |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US4941176A Filed: 1988-08-11 Issued: 1990-07-10 Secure management of keys using control vectors (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Stephen M. Matyas, Dennis G. Abraham, Donald B. Johnson, Ramesh K. Karne, An V. Le, Rostislaw Prymak, Julian Thomas, John D. Wilkins, Phil C. Yeh |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (cryptographic keys, encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4941176A CLAIM 1. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key. US4941176A CLAIM 22. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (cryptographic keys, encryption keys) system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4941176A CLAIM 1. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key. US4941176A CLAIM 22. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (cryptographic keys, encryption keys) system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4941176A CLAIM 1. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key. US4941176A CLAIM 22. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (cryptographic keys, encryption keys) system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4941176A CLAIM 1. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key. US4941176A CLAIM 22. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US4918728A Filed: 1989-08-30 Issued: 1990-04-17 Data cryptography operations using control vectors (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Stephen M. Matyas, Dennis G. Abraham, Donald B. Johnson, Ramesh K. Karne, An V. Le, Rostislaw Prymak, Julian Thomas, John D. Wilkins, Phil C. Yeh |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (key management) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4918728A CLAIM 1. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key. US4918728A CLAIM 5. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated. US4918728A CLAIM 21. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (key management) system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4918728A CLAIM 1. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key. US4918728A CLAIM 5. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated. US4918728A CLAIM 21. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (key management) system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4918728A CLAIM 1. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key. US4918728A CLAIM 5. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated. US4918728A CLAIM 21. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (key management) system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4918728A CLAIM 1. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests; said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key; said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request; said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key. US4918728A CLAIM 5. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated. US4918728A CLAIM 21. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US4850017A Filed: 1987-05-29 Issued: 1989-07-18 Controlled use of cryptographic keys via generating station established control values (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Stephen M. Matyas, Jr., Carl H. W. Meyer, Bruno O. Brachtl |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 8. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 9. A method of securing electronic information (temporarily store) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (random number) system. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 11. A method of securing electronic information (temporarily store) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 12. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 14. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 16. An electronic information (temporarily store) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 17. An electronic information (temporarily store) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 18. An electronic information (temporarily store) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 19. An electronic information (temporarily store) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (random number) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 20. An electronic information (temporarily store) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 21. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 24. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (random number) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 25. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 CLAIM 26. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US4850017A CLAIM 4. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value; if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation; otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station. US4850017A CLAIM 8. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6230197B1 Filed: 1998-09-11 Issued: 2001-05-08 Method and apparatus for rules-based storage and retrieval of multimedia interactions within a communication center (Original Assignee) Genesys Telecommunications Laboratories Inc (Current Assignee) Genesys Telecommunications Laboratories Inc Christopher Clemmentt Macleod Beck, Jonathan Michael Berke, Joel A Johnstone, Robin Marie Mitchell, James Karl Powers, Mark Franklin Sidell, Charles Dazler Knuff |
|---|---|
| US8929552 CLAIM 2. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information, wherein said step of securing electronic information (receiving notification) comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 4. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information, wherein said step of securing electronic information (receiving notification) comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 5. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , or 4 , further comprising the steps of: generating said at least one cryptographic key; and confirming generation of said at least one cryptographic key. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 6. A method of securing electronic information (receiving notification) as described in claim 5 , wherein said step of confirming generation comprises confirming generation of at least one valid key and further comprising the step of providing said at least one cryptographic key in a read-only format, wherein said step of confirming generation of at least one valid key comprises confirming generation of said cryptographic key in a read-only format. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 7. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 8. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 9. A method of securing electronic information (receiving notification) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management system. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 10. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , wherein said step of associating at least one cryptographic key with electronic information comprises associating at least one cryptographic key with at least one system identification selected from the group consisting of: a ticket, a pointer, a certificate, an add-on module, user information, and a random number. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 11. A method of securing electronic information (receiving notification) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 12. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 13. A method of securing electronic information (receiving notification) as described in claim 3 , wherein said step of securing electronic information comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 14. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 15. A method of securing electronic information (receiving notification) as described in claims 1 , 2 or 3 , wherein said step of securing electronic information comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 16. An electronic information (receiving notification) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 17. An electronic information (receiving notification) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 18. An electronic information (receiving notification) securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 19. An electronic information (receiving notification) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 20. An electronic information (receiving notification) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 21. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 22. An electronic information (receiving notification) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 23. An electronic information (receiving notification) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 24. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 25. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 26. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 27. An electronic information (receiving notification) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by a client. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 28. An electronic information (receiving notification) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 29. An electronic information (receiving notification) securement system as described in claim 16 , 17 or 18 , wherein access to secured electronic information is restricted to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to said secure electronic information under conditions of enhanced security. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 30. An electronic information (receiving notification) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 31. An electronic information (receiving notification) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 32. An electronic information (receiving notification) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 33. An electronic information (receiving notification) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 34. An electronic information (receiving notification) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by a client. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 35. An electronic information (receiving notification) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by a client. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 36. An electronic information (receiving notification) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 CLAIM 37. An electronic information (receiving notification) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US6230197B1 CLAIM 9. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of; (a) storing both text-based and non-text-based events involving the call center in a data repository; (b) preparing a text version of non-text communication events; (c) storing the text versions in the data repository related to the non-text versions; (d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event; (e) relating the stored files in one or more serial strings according to relational criteria; and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6185681B1 Filed: 1998-05-07 Issued: 2001-02-06 Method of transparent encryption and decryption for an electronic document management system (Original Assignee) MAZ TECHNOLOGIES Inc; MAZ TECHNOLOGIES Inc A CALIFORNIA Corp (Current Assignee) RPX Corp Stephen Zizzi |
|---|---|
| US8929552 CLAIM 1. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information; securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (access module) system; separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key; enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished; and securing electronic information. |
US6185681B1 CLAIM 4. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication; if the access module does not authenticate the user, then always skipping steps (d) and (e); else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user. US6185681B1 CLAIM 29. A program product for use in a general purpose computer that executes program steps recorded in a computer-readable media to perform a method of encrypting an electronic document which is open in an application program running in a general purpose computer, the general purpose computer including a display, a user input device and a processor, the program product comprising: a recordable media; and a program of computer-readable instructions executable by the computer system (second functionality, computer system) to perform method steps comprising: (a) in response to a user issuing one of a “close,” “save” or “save as” command for the document using the user input device from within the application program and the command being translated into an event, automatically trapping the event; (b) automatically obtaining an encryption key value; (c) automatically encrypting the document using the encryption key value; (d) automatically passing control to an electronic document management system; whereby the electronic document management system can then execute the issued “close,” “save” or “save as” command and the electronic document is automatically encrypted. |
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (access module) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185681B1 CLAIM 4. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication; if the access module does not authenticate the user, then always skipping steps (d) and (e); else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (access module) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185681B1 CLAIM 4. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication; if the access module does not authenticate the user, then always skipping steps (d) and (e); else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (access module) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185681B1 CLAIM 4. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication; if the access module does not authenticate the user, then always skipping steps (d) and (e); else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (access module) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6185681B1 CLAIM 4. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication; if the access module does not authenticate the user, then always skipping steps (d) and (e); else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6088747A Filed: 1998-02-20 Issued: 2000-07-11 System for reformatting and burning of data files having a first format onto a compact disk to be utilized in a network using different format (Original Assignee) Unisys Corp (Current Assignee) Unisys Corp Lauren Ann Cotugno, Edward Henry Frankel |
|---|---|
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment (said client) to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (computer platform) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). US6088747A CLAIM 5. A network by which a client user of a first computer platform having an original native specialized format for multiple data files and a directory of said files, is enabled to re-format said files into a Container of standard byte-stream format suitable for use by a second computer platform or for transfer over the Internet, said network comprising: (a) a first computer platform having main memory, a CPU, a Master Control Program operating system, a Work Flow Language computer and a first storage medium (Disk A) for holding said original native specialized format files, said first platform including: (a1) a first program (MCP -- FILEWRAPPER) to verify the name of each data file, to create a directory of said data files in said directory and to open a new file to send to a second storage medium after calling a second program (NCP -- WRAPPER), said first program for placing a directory of files onto said second storage medium as MY/CONTAINER/FILE; (a2) said second program (MCP -- WRAPPER) for converting said original native specialized format files into a standard byte stream format text data file Container (MY/CONTAINER/FILE) and placed onto a second storage media which is shared by a said second computer platform; (b) said second computer platform having main memory, a CPU, a different operating system from said first platform and a third storage medium and including: (b1) a special program, initiated by said client (providing acknowledgment) user, for transferring said Container (MY/CONTAINER/FILE) on said second storage medium to said third storage medium as a resultant standard text data file Container (C:\MY\CONTAINER\FILE); (b2) a CD Writer means connected to said third storage medium for accessing said Container (C:\MY\CONTAINER\FILE); (c) client user terminal means for initiating said CD Writer means to burn said Container onto a Compact Disk; (d) said Compact Disk for receiving said resultant Container in said standard byte stream text format utilizable by different computer platforms. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (computer platform) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (computer platform) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (computer platform) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (computer platform) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (computer platform) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (computer platform) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (computer platform) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (computer platform) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (computer platform) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US6088747A CLAIM 3. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium; (c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk). |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6088802A Filed: 1997-06-04 Issued: 2000-07-11 Peripheral device with integrated security functionality (Original Assignee) Spyrus Inc (Current Assignee) SPEX TECHNOLOGIES Inc William P. Bialick, Mark J. Sutherland, Janet L. Dolphin-Peterson, Thomas K. Rowland, Kirk W. Skeba, Russell D. Housley |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information (wireless communication means) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6088802A CLAIM 1. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data; target means for enabling a defined interaction with a host computing device; means for enabling communication between the security means and the target means; means for enabling communication with a host computing device; means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device; and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means. US6088802A CLAIM 16. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) . |
| US8929552 CLAIM 11. A method of securing electronic information (wireless communication means) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6088802A CLAIM 1. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data; target means for enabling a defined interaction with a host computing device; means for enabling communication between the security means and the target means; means for enabling communication with a host computing device; means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device; and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means. US6088802A CLAIM 16. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) . |
| US8929552 CLAIM 12. A method of securing electronic information (wireless communication means) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6088802A CLAIM 1. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data; target means for enabling a defined interaction with a host computing device; means for enabling communication between the security means and the target means; means for enabling communication with a host computing device; means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device; and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means. US6088802A CLAIM 16. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) . |
| US8929552 CLAIM 14. A method of securing electronic information (wireless communication means) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6088802A CLAIM 1. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data; target means for enabling a defined interaction with a host computing device; means for enabling communication between the security means and the target means; means for enabling communication with a host computing device; means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device; and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means. US6088802A CLAIM 16. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) . |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6076099A Filed: 1997-09-09 Issued: 2000-06-13 Method for configurable intelligent-agent-based wireless communication system (Original Assignee) Chen; Thomas C. H.; Chen; Conway T. Thomas C. H. Chen, Conway T. Chen |
|---|---|
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information (plain text) to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (communication controller) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6076099A CLAIM 9. The method as recited in claim 8, wherein said data form of step (l-13) is selectively to use a plain text (securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) format. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6073234A Filed: 1998-04-27 Issued: 2000-06-06 Device for authenticating user's access rights to resources and method (Original Assignee) Fuji Xerox Co Ltd (Current Assignee) Fuji Xerox Co Ltd Kenichiro Kigo, Masaki Kyojima, Shunichi Kojima, Kil-Ho Shin |
|---|---|
| US8929552 CLAIM 7. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (data C, user access) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 8. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (data C, user access) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 17. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u' ) X modp) of u' under the modulus p from said t, said e and said authentication data u' written in said first memory means. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 9. A method of securing electronic information (IC cards, plain text) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (data C, user access) system. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 11. A method of securing electronic information (IC cards, plain text) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (data C, user access) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 17. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u' ) X modp) of u' under the modulus p from said t, said e and said authentication data u' written in said first memory means. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 12. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (data C, user access) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 17. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u' ) X modp) of u' under the modulus p from said t, said e and said authentication data u' written in said first memory means. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 14. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information (IC cards, plain text) to at least one electronic information storage system selected from the group consisting of: a key management (data C, user access) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 17. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u' ) X modp) of u' under the modulus p from said t, said e and said authentication data u' written in said first memory means. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 16. An electronic information (IC cards, plain text) securement system, comprising: an electronic information securement system (IC cards, plain text) having a securement functionality; at least one cryptographic key management (data C, user access) system (data C, user access) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 17. An electronic information (IC cards, plain text) securement system, comprising: an electronic information securement system (IC cards, plain text) having a securement functionality; at least one cryptographic key management (data C, user access) system (data C, user access) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 18. An electronic information (IC cards, plain text) securement system, comprising: an electronic information securement system (IC cards, plain text) having a securement functionality; at least one cryptographic key management (data C, user access) system (data C, user access) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 19. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (data C, user access) system (data C, user access) is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 20. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 21. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 22. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 23. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 24. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (data C, user access) system (data C, user access) is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 25. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 26. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
US6073234A CLAIM 7. A device for authenticating user' s access rights to resources by verifying legitimacy of proof data generated in order to prove said user' s right, said device for authenticating user' s access rights to resources comprising: first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer. US6073234A CLAIM 65. In a device for authenticating user' s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user' s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means. US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 27. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 24 , wherein access to secured electronic information is restricted to physical access by a client. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 28. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 24 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 29. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 16 , 17 or 18 , wherein access to secured electronic information is restricted to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to said secure electronic information under conditions of enhanced security. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 30. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 31. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by a client. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 32. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 33. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by an administrator. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 34. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 25 , wherein access to secured electronic information is restricted to physical access by a client. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 35. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 26 , wherein access to secured electronic information is restricted to physical access by a client. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 36. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 25 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 CLAIM 37. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 26 , wherein access to secured electronic information is restricted to physical access by an administrator. |
US6073234A CLAIM 67. The device for authenticating user' s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) . US6073234A CLAIM 70. The device for authenticating user' s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6023506A Filed: 1996-10-28 Issued: 2000-02-08 Data encryption control apparatus and method (Original Assignee) Hitachi Ltd (Current Assignee) Hitachi Ltd Ichiro Ote, Kazunori Iwabuchi, Hiroaki Washimi, Hiroshi Furukawa, Masahito Sumitomo, Yuuichi Kobayashi |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption system, user access) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6023506A CLAIM 1. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files; password registration means for registering an authentication password required for a user to access said storage area means; and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means. US6023506A CLAIM 3. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password; and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means. US6023506A CLAIM 8. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device. US6023506A CLAIM 19. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files; receiving from a user a password associated with the encryption folder; authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder; storing the password in the encryption folder; receiving a user selection of an unencrypted data file to be encrypted; retrieving the password stored in the encryption folder; automatically generating an encryption key associated with the encryption folder based on the retrieved password; and encrypting the selected data file using the encryption key. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption system, user access) system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6023506A CLAIM 1. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files; password registration means for registering an authentication password required for a user to access said storage area means; and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means. US6023506A CLAIM 3. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password; and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means. US6023506A CLAIM 8. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device. US6023506A CLAIM 19. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files; receiving from a user a password associated with the encryption folder; authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder; storing the password in the encryption folder; receiving a user selection of an unencrypted data file to be encrypted; retrieving the password stored in the encryption folder; automatically generating an encryption key associated with the encryption folder based on the retrieved password; and encrypting the selected data file using the encryption key. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption system, user access) system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6023506A CLAIM 1. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files; password registration means for registering an authentication password required for a user to access said storage area means; and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means. US6023506A CLAIM 3. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password; and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means. US6023506A CLAIM 8. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device. US6023506A CLAIM 19. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files; receiving from a user a password associated with the encryption folder; authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder; storing the password in the encryption folder; receiving a user selection of an unencrypted data file to be encrypted; retrieving the password stored in the encryption folder; automatically generating an encryption key associated with the encryption folder based on the retrieved password; and encrypting the selected data file using the encryption key. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information (plain text) to at least one electronic information storage system selected from the group consisting of: a key management (encryption system, user access) system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6023506A CLAIM 1. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files; password registration means for registering an authentication password required for a user to access said storage area means; and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means. US6023506A CLAIM 3. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password; and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means. US6023506A CLAIM 8. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device. US6023506A CLAIM 12. A method for encrypting and decrypting information on a computer, using an apparatus, said method comprising the steps of: providing a storage area defined as a storage folder, formed by specifying an encrypted file area for storing encrypted files obtained by encrypting plain text (securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) files as said information, an encrypted data area for storing plain text file names in association with encrypted file names, and a password storage area for storing a password obtained by encrypting, by means of a system key, a password inputted by a user; in encryption, generating an encrypted password by using a system key from a password inputted by an encryption user and storing said encrypted password in said password storage area; decrypting said encrypted password by using the system key and generating an encryption key; encrypting a specified plain text file by using said encryption key and said encrypted plain text file in said encrypted file area; and registering a table representing the relation of plain text file names with encrypted file names in said encrypted data area; in decryption displaying said registered association table of the encrypted data area on the basis of a password inputted by an decryption user; making the decryption user specify a file name to be decrypted by referring to said displayed table; generating said encryption key on the basis of said inputted password; and decrypting an encrypted file having said specified file name by using said generated encryption key. US6023506A CLAIM 19. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files; receiving from a user a password associated with the encryption folder; authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder; storing the password in the encryption folder; receiving a user selection of an unencrypted data file to be encrypted; retrieving the password stored in the encryption folder; automatically generating an encryption key associated with the encryption folder based on the retrieved password; and encrypting the selected data file using the encryption key. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US6014134A Filed: 1996-08-23 Issued: 2000-01-11 Network-based intelligent tutoring system (Original Assignee) US West Inc; MediaOne Group Inc (Current Assignee) Qwest Communications International Inc Brigham R. Bell, William D. Hurley, Srdjan N. Kovacevic, Michelle Neves, Alan S. Wolff, Charles P. Bloom |
|---|---|
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment (transformation step, said client) to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (generation module) authority, a key distribution center, a key management center, a key arbitration (generation module) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US6014134A CLAIM 21. An apparatus as claimed in claim 14, further including an HTML Internet browser for receiving said collection at said client (providing acknowledgment) node. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5991796A Filed: 1998-08-13 Issued: 1999-11-23 Technique for obtaining and exchanging information on world wide web (Original Assignee) Nokia of America Corp (Current Assignee) SOUND VIEW INNOVATIONS LLC ; Alcatel Lucent SAS Vinod Anupam, Narain H. Gehani, Kenneth R. Rodemann |
|---|---|
| US8929552 CLAIM 14. A method of securing electronic information (one source) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5991796A CLAIM 20. A server system for admitting at least a first device and a second device into a session in which the first device is allowed to communicate with the second device, the first device including a browser for obtaining information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , the system comprising: a processor for providing programming code to the first device to generate a surrogate therein after the first device is admitted to the session, the surrogate obtaining first data from the browser; and a controller connected to the first device and the second device, the controller receiving the first data from the surrogate and, after the second device is admitted to the session, transmitting to the second device second data based on the first data. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5987140A Filed: 1996-04-26 Issued: 1999-11-16 System, method and article of manufacture for secure network electronic payment and credit collection (Original Assignee) VeriFone Inc (Current Assignee) Hewlett Packard Enterprise Development LP Kevin Thomas Bartholomew Rowney, Deepak S. Nadig |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5987140A CLAIM 1. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network; (b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer; (c) transmitting an encrypted payment transaction from said customer computer to said merchant computer; (d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm; and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing. |
| US8929552 CLAIM 11. A method of securing electronic information (third party) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5987140A CLAIM 1. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network; (b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer; (c) transmitting an encrypted payment transaction from said customer computer to said merchant computer; (d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm; and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing. |
| US8929552 CLAIM 12. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment (said client) to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5987140A CLAIM 1. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network; (b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer; (c) transmitting an encrypted payment transaction from said customer computer to said merchant computer; (d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm; and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing. US5987140A CLAIM 5. A method for initiating secure communication between a first and a second computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) obtaining client information for use in said secure communication between said first and said second computer; (b) establishing a communication between said first and said second computer via said network; and (c) reformatting said client (providing acknowledgment) information into said payment transaction which substantially complies with a third party secure protocol for further payment processing. |
| US8929552 CLAIM 14. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5987140A CLAIM 1. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network; (b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer; (c) transmitting an encrypted payment transaction from said customer computer to said merchant computer; (d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm; and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5982857A Filed: 1995-10-23 Issued: 1999-11-09 Voice recording method and system providing context specific storage and retrieval (Original Assignee) Apropros Technology (Current Assignee) Apropros Technology ; Apropos Technology inc Patrick K. Brady |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5982857A CLAIM 1. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data; a computer coupled to said telephony data distribution system; a storage device coupled to said computer; a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data; an automatic recording process for automatically retrievably recording said telephony data; and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5982857A CLAIM 1. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data; a computer coupled to said telephony data distribution system; a storage device coupled to said computer; a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data; an automatic recording process for automatically retrievably recording said telephony data; and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5982857A CLAIM 1. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data; a computer coupled to said telephony data distribution system; a storage device coupled to said computer; a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data; an automatic recording process for automatically retrievably recording said telephony data; and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5982857A CLAIM 1. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data; a computer coupled to said telephony data distribution system; a storage device coupled to said computer; a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data; an automatic recording process for automatically retrievably recording said telephony data; and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data. |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | US5978475A Filed: 1997-07-18 Issued: 1999-11-02 Event auditing system (Original Assignee) Counterpane Internet Security Inc (Current Assignee) BT Americas Inc Bruce Schneier, John M. Kelsey |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5978475A CLAIM 16. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines. US5978475A CLAIM 42. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . US5978475A CLAIM 45. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5978475A CLAIM 16. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines. US5978475A CLAIM 42. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . US5978475A CLAIM 45. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5978475A CLAIM 16. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines. US5978475A CLAIM 42. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . US5978475A CLAIM 45. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
US5978475A CLAIM 16. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines. US5978475A CLAIM 42. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . US5978475A CLAIM 45. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) . |
| US8929552 Filed: 2001-06-01 Issued: 2015-01-06 Electronic information and cryptographic key management system (Original Assignee) No Magic Inc (Current Assignee) Saveitsafe LLC Paul T. Duncanson, Jr. | EP0807911A2 Filed: 1997-05-12 Issued: 1997-11-19 Client/server protocol for proving authenticity (Original Assignee) RSA Data Security Inc (Current Assignee) RSA Security LLC Burton S. Kaliski, Jr. |
|---|---|
| US8929552 CLAIM 8. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (function value, public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 11. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (function value, public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 12. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (function value, public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 14. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (function value, public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 16. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (function value, public keys) system (function value, public keys) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 17. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (function value, public keys) system (function value, public keys) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information; and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 18. An electronic information securement system, comprising: an electronic information securement system having a securement functionality; at least one cryptographic key management (function value, public keys) system (function value, public keys) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security; wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 19. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (function value, public keys) system (function value, public keys) is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 20. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 21. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 24. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (function value, public keys) system (function value, public keys) is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 25. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |
| US8929552 CLAIM 26. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access. |
EP0807911A2 CLAIM 29 A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers' public key is produced. EP0807911A2 CLAIM 78 A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential. |