IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0469726
(1999-12-21)
|
등록번호 |
US-7356688
(2008-04-08)
|
발명자
/ 주소 |
|
출원인 / 주소 |
- ContentGuard Holdings, Inc.
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
32 인용 특허 :
143 |
초록
▼
Methods for transferring among key holders in encoding and cryptographic systems the right to decode and decrypt messages in a way that does not explicitly reveal decoding and decrypting keys used and the original messages. Such methods are more secure and more efficient than typical re-encoding and
Methods for transferring among key holders in encoding and cryptographic systems the right to decode and decrypt messages in a way that does not explicitly reveal decoding and decrypting keys used and the original messages. Such methods are more secure and more efficient than typical re-encoding and re-encryption schemes, and are useful in developing such applications as document distribution and long-term file protection.
대표청구항
▼
What is claimed is: 1. A method for encrypting an original document for distribution to a selected recipient chosen from a plurality of possible recipients, comprising the steps of: generating a session key based on a random number privately maintained only by the owner, including an encryptor, of
What is claimed is: 1. A method for encrypting an original document for distribution to a selected recipient chosen from a plurality of possible recipients, comprising the steps of: generating a session key based on a random number privately maintained only by the owner, including an encryptor, of the original document; encrypting the original document with the session key to create an encrypted document; generating a proxy key based on a public key corresponding to the selected recipient, wherein the proxy key may be published without compromising its security, and wherein the proxy key, when applied to a document encrypted for a recipient, is used to transform the document into a document encrypted for another recipient without decrypting the message in the process; and applying the proxy key to the encrypted document to transform the encrypted document into a transformed document, wherein the transformation may occur in a trusted environment without compromising its security, wherein the transformation may occur in an untrusted environment without compromising its security, and wherein the encrypted document remains in an encrypted state while being transformed into the transformed document and is not decrypted to the original document and re-encrypted at any point during the transformation. 2. The method of claim 1, further comprising the step of transmitting the transformed document to the selected recipient. 3. The method of claim 1, further comprising the steps of: recovering the session key from the transformed document; and decrypting the transformed document with the session key to recover the original document. 4. The method of claim 3, wherein the recovering step is performed by applying a private key corresponding to the selected recipient. 5. The method of claim 1, wherein the encrypting step is performed with a combination of a symmetric private-key encryption scheme and an asymmetric public-key encryption scheme. 6. The method of claim 5, wherein the asymmetric public-key encryption scheme is based on the ElGamal cryptosystem. 7. The method of claim 5, wherein the encrypted document comprises a first portion representative of the original document encrypted via the symmetric private-key encryption scheme using the session key, and a second portion representative of the session key encrypted using an owner's private key according to the asymmetric public-key encryption scheme. 8. The method of claim 1, wherein the original document is distributed to the selected recipient through at least one additional intermediate grantor by repeating the following steps for each additional intermediate grantor: generating a new proxy key based on the intermediate grantor's public key; and transforming the encrypted document with the new proxy key to create a transformed document customized for the intermediate grantor. 9. The method of claim 1, wherein the encrypted document has been encrypted with a Cramer-Shoup encryption scheme. 10. The method of claim 5, wherein the encrypted document comprises a first portion representative of the original document encrypted via the symmetric private-key encryption scheme using the session key, and a second portion representative of the session key encrypted using an owner's private key according to the asymmetric public-key encryption scheme. 11. The method of claim 1, wherein the encrypted document has been encrypted with a modified ElGamal encryption scheme. 12. The method of claim 1, wherein the steps of generating a session key, encrypting the original document, generating a proxy key, and transforming the encrypted document are performed by the grantor. 13. A system operable to encrypt an original document for distribution to a selected recipient chosen from a plurality of possible recipients, comprising: a session key generation system that generates a session key based on a random number privately maintained only by the owner, including an encryptor, of the original document; an encryption system that encrypts the original document with the session key to create an encrypted document; a proxy key generation system that generates a proxy key based on a public key corresponding to the selected recipient, wherein the proxy key may be published without compromising its security, and wherein the proxy key, when applied to a document encrypted for a recipient, is used to transform the document into a document encrypted for another recipient without decrypting the message in the process; and a transformation system that applies the proxy key to the encrypted document to transform the encrypted document into a transformed document, wherein the transformation may occur in a trusted environment without compromising its security, wherein the transformation may occur in an untrusted environment without compromising its security, and wherein the encrypted document remains in an encrypted state while being transformed into the transformed document and is not decrypted to the original document and re-encrypted at any point during the transformation. 14. The system of claim 13, further comprising a transmitting system that transmits the transformed document to the selected recipient. 15. The system of claim 13, further comprising: a recovering system that recovers the session key from the transformed document; and a decrypting system that decrypts the transformed document with the session key to recover the original document. 16. The system of claim 13, wherein the recovery of the session key is performed by applying a private key corresponding to the selected recipient. 17. The system of claim 13, wherein the encryption is performed with a combination of a symmetric private-key encryption scheme and an asymmetric public-key encryption scheme. 18. The system of claim 17, wherein the asymmetric public-key encryption scheme is based on the ElGamal cryptosystem. 19. The system of claim 17, wherein the encrypted document comprises a first portion representative of the original document encrypted via the symmetric private-key encryption scheme using the session key, and a second portion representative of the session key encrypted using an owner's private key according to the asymmetric public-key encryption scheme. 20. The system of claim 13, wherein the original document is distributed to the selected recipient through at least one additional intermediate grantor by using the proxy key generation system to generate a new proxy key based on the intermediate grantor's public key, and using the transformation system to transform the encrypted document with the new proxy key to create a transformed document customized for the intermediate grantor. 21. The system of claim 13, wherein the encrypted document has been encrypted with a Cramer-Shoup encryption scheme. 22. The system of claim 13, wherein the encrypted document has been encrypted with a modified ElGamal encryption scheme.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.