IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0665386
(2003-09-18)
|
등록번호 |
US-7409545
(2008-08-05)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
12 인용 특허 :
19 |
초록
▼
A method and system is disclosed for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted. To preclude access by the ephemeral encryption agent,
A method and system is disclosed for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted. To preclude access by the ephemeral encryption agent, a blinding function is applied to the information prior to forwarding such information to the encryption agent for encryption. To preclude access to the information by the ephemeral decryption agent, a blinding function is applied to the encrypted information prior to forwarding the encrypted information to the decryption agent for decryption. Once the information has been returned, the information is unblinded, leaving an encrypted or decrypted message respectively.
대표청구항
▼
What is claimed is: 1. A method for performing blinded ephemeral decryption of a message, the method comprising the steps of: receiving from a first node at an ephemerizer an ephemeral key ID and a message blinded and encrypted with an ephemeral encryption key of an ephemeral key pair to form a bli
What is claimed is: 1. A method for performing blinded ephemeral decryption of a message, the method comprising the steps of: receiving from a first node at an ephemerizer an ephemeral key ID and a message blinded and encrypted with an ephemeral encryption key of an ephemeral key pair to form a blinded and encrypted message, said ephemeral key pair associated with said ephemeral key ID, wherein said blinded and encrypted message was blinded by a blinding function z, wherein z is a number R having an inverse R.sup.-1 that satisfies R*R.sup.-1=1 mod n; decrypting said blinded and encrypted message using an ephemeral decryption key of said ephemeral key pair to form a blinded message, wherein said ephemeral key pair is an ephemeral public key pair including ephemeral public and private keys, and wherein said ephemeral public and private keys comprise an ephemeral RSA public/private key pair of the form (e,n) and (d,n) respectively; communicating said blinded message to said first node; and irretrievably deleting said ephemeral decryption key in response to a specified event; wherein the blinded and encrypted message is formed as the product (R.sup.e*M.sup.e mod n) where (M.sup.e mod n) is said message M encrypted using said ephemeral public encryption key. 2. The method of claim 1 wherein said ephemeral key ID is associated with an ephemeral RSA public and private key pair corresponding to said ephemeral encryption key and said ephemeral decryption key, respectively. 3. The method of claim 1 wherein said ephemeral key ID is associated with an ephemeral Diffie-Hellman key pair having a public key and a private key corresponding to said ephemeral encryption key and said ephemeral decryption key, respectively. 4. The method of claim 1 wherein said ephemeral key ID is associated with a secret ephemeral encryption key and a secret ephemeral decryption key and wherein said secret ephemeral encryption key and said secret ephemeral decryption key are symmetric keys. 5. The method of claim 1 further including prior to the receiving step, the step of generating said ephemeral key ID and said ephemeral encryption and decryption keys of said ephemeral key pair. 6. The method of claim 5 further including the steps of: receiving a request for an ephemeral encryption key from said first node; and providing said ephemeral key ID and said ephemeral encryption key of said ephemeral key pair to said first node. 7. The method of claim 6 further including the steps of: encrypting a message by said first node using said ephemeral encryption key to form an encrypted message; securely transmitting said encrypted message to a second node. 8. The method of claim 6 further including the steps of: encrypting said message by said first node using said ephemeral encryption key to form an encrypted message; and securely storing said encrypted message by a second node. 9. The method of claim 8 further including the step of: retrieving said securely stored encrypted message by said second node. 10. The method of claim 8 wherein the second node and the first node are the same node. 11. The method of claim 5 wherein said ephemeral encryption key and said ephemeral decryption key of said ephemeral key pair are an ephemeral RSA public key and corresponding private key, respectively. 12. The method of claim 5 wherein the ephemeral encryption key and said ephemeral decryption key of said ephemeral key pair are Diffie-Hellman public and private keys, respectively. 13. The method of claim 5 wherein said ephemeral encryption key and said ephemeral decryption key of said ephemeral key pair are secret symmetric encryption and decryption keys. 14. The method of claim 5 further including the step of storing said generated ephemeral decryption key on a smart card. 15. The method of claim 14 further including the step of irretrievably deleting said ephemeral key stored on said smart card in response to a specified event. 16. The method of claim 15 further including the step of physically destroying said smart card in response to a specified event. 17. The method of claim 1 wherein said specified event is the recognition of a predetermined date and time. 18. The method of claim 1 wherein said specified event is in response to a request by a user to delete said ephemeral decryption key. 19. A method for performing blind ephemeral decryption of a message M that has been encrypted to form an encrypted message, comprising the steps of: in a first blinding step, blinding said encrypted message at a first node with a blinding function z to form a first blinded and encrypted message, wherein z has an inverse z.sup.-1, and wherein z is a number R having an inverse R.sup.-1 that satisfies R*R.sup.-1=1 mod n; in a first communicating step, communicating said first blinded and encrypted message from said first node to a decryption agent; decrypting said first blinded and encrypted message by said decryption agent using an ephemeral decryption function to form a first blinded message, wherein said ephemeral decryption function is the inverse of said ephemeral encryption function, and wherein said ephemeral encryption and decryption functions are respectively, ephemeral public and private keys of an ephemeral public key pair, and wherein said ephemeral public and private keys comprise an ephemeral RSA public/private key pair of the form (e,n) and (d,n) respectively; in a second communicating step, communicating said first blinded message from said decryption agent to said first node; and in a first unblinding step, unblinding said first blinded message using z.sup.-1, to obtain said message M; and irretrievably deleting said ephemeral decryption key in response to a specified event; wherein said first blinding step includes the step of forming the first blinded and encrypted message as the product (R.sup.e*M.sup.e mod n) where (M.sup.e mod n) is said message M encrypted using said ephemeral public encryption key. 20. The method of claim 19 wherein said first node and said decryption agent are communicably coupled via a network, and at least one of said first and second communicating steps comprises the step of communicating the respective message over said network. 21. The method of claim 20 wherein said first and second communicating steps comprise communicating the respective messages over said network. 22. The method of claim 19 wherein said first communicating step comprises the step of communicating said first blinded and encrypted message from said first node to said decryption agent via an anonymizer node and said second communicating step comprises the step of communicating said first blinded message from said decryption agent to said first node via said anonymizer node. 23. The method of claim 19 further including the step of rendering said ephemeral decryption function irretrievably deleted upon the occurrence of said specified event. 24. The method of claim 19 further including the step of generating said message at said first node. 25. The method of claim 19 wherein the decryption step includes the step of raising the product ((R.sup.e*M.sup.e)mod n) to the power d mod n, forming ((R.sup.e*M.sup.e)mod n)).sup.d mod n to form said first blinded message R*M mod n. 26. The method of claim 25 wherein the first unblinding step includes the step of unblinding said first blinded message R*M mod n using R.sup.-1 to obtain said message M. 27. The method of claim 19 further including the step of generating an integer random number and utilizing said random number as the blinding number R. 28. The method of claim 19 further comprising the steps of: obtaining an ephemeral public key associated with said decryption agent, wherein said ephemeral public key is a Diffie-Hellman public key of the form g.sup.x mod p; selecting a blinding number y having an inverse blinding number y.sup.-1 that satisfies y*y.sup.-1=1 mod p-1; raising said public key g.sup.x mod p to the power y to obtain g.sup.xy mod p; raising g to the power y to form g.sup.y mod p; encrypting said message M using g.sup.xy mod p to form an encrypted message of the form {M}g.sup.xy mod p; storing a copy of said encrypted message {M}g.sup.xy mod p; and storing a copy of g.sup.y mod p. 29. The method of claim 28 wherein the step of decrypting said blinded and encrypted message by said first node includes the steps of: selecting a blinding number w having an inverse blinding function w.sup.-1 that satisfies w*w.sup.-1=1 mod p-1; raising said ephemeral public key g.sup.x mod p to the power w to obtain g.sup.yw mod p; forwarding g.sup.yw mod to said decryption agent; receiving g.sup.xyw mod p from said decryption agent; raising g.sup.xyw mod p to the inverse blinding number, w.sup.-1, to form g.sup.xy mod p; and decrypting said encrypted message {M}g.sup.xy mod p using g.sup.xy mod p to obtain said message M. 30. The method of claim 28 wherein y is a randomly selected integer. 31. The method of claim 28 wherein w is a randomly selected integer. 32. The method of claim 19 including, prior to said first blinding step, the steps of: selecting a blinding number y having an inverse blinding number y.sup.-1; in a second blinding step, blinding said message M using said blinding number y to form a second blinded message; forwarding said second blinded message to an encryption agent; encrypting by said encryption agent said second blinded message to form a second blinded and encrypted message, wherein said ephemeral encryption is performed using said ephemeral encryption function and wherein said ephemeral encryption function and said corresponding ephemeral decryption function are secret symmetric ephemeral encryption and ephemeral decryption keys, respectively; forwarding said second blinded and encrypted message from said encryption agent to said first node; and in a second unblinding step, unblinding said second blinded and encrypted message using said inverse blinding number y.sup.-1 to form said encrypted message. 33. The method of claim 32 wherein said second blinding step includes the step of raising said message M to the power y mod p. 34. The method of claim 33 wherein said secret symmetric ephemeral encryption key is a value x and wherein said secret symmetric ephemeral decryption key is x.sup.-1 and wherein said step of encrypting said second blinded message includes the step of raising said second blinded message M.sup.y mod p to the power x mod p to form said second blinded and encrypted message. 35. The method of claim 34 wherein second unblinding step, includes the step of raising said second blinded and encrypted message M.sup.xy mod p to the power y.sup.-1 mod p, to obtain said encrypted message M.sup.x mod p. 36. The method of claim 35 wherein the step of decrypting said first blinded and encrypted message by said decryption agent includes the step of raising said first blinded and encrypted message to said secret ephemeral decryption key x.sup.-1 to form a first blinded message M.sup.z mod p. 37. The method of claim 23 wherein said specified event is the occurrence of a predetermined date and time. 38. The method of claim 23 wherein said specified event includes a request by a user to delete said ephemeral decryption key. 39. A system for performing blinded ephemeral decryption of a message, the system comprising: a processor, a memory; an ephemerizer communicably coupled to a first node via a communications network; the ephemerizer operative to: receive from said first node a blinded and encrypted message, said message being encrypted with an encryption key having a corresponding ephemeral decryption key and said message being blinded with a blinding function to form said blinded and encrypted message, wherein said encryption key and said ephemeral decryption key are public and private keys of an ephemeral public key pair, and wherein said ephemeral public and private keys comprise an ephemeral RSA public/private key pair of the form (e,n) and (d,n) respectively, and wherein said blinding function is a blinding function z, and wherein z is a number R having an inverse R.sup.-1 that satisfies R*R.sup.-1=1 mod n; receive from said first node an ephemeral key ID associated with said ephemeral decryption key; decrypt said blinded and encrypted message using said ephemeral decryption key to form a blinded message; communicate said blinded message to said first node; and irretrievably delete said ephemeral decryption key in response to a specified event; wherein said message being blinded with a blinding function to form said blinded and encrypted message includes the step of forming the first blinded and encrypted message as the product (R.sup.e*M.sup.e mod n) where (M.sup.e mod n) is said message M encrypted using said ephemeral public encryption key. 40. A system for performing blinded ephemeral decryption of a message, the system comprising: a processor, a memory; an ephemerizer communicably coupled to a first node via a communications network; means in said ephemerizer for: receiving from said first node a blinded and encrypted message, said message being encrypted with an encryption key having a corresponding ephemeral decryption key and said message being blinded with a blinding function to form said blinded and encrypted message, wherein said encryption key and said ephemeral decryption key are public and private keys of an ephemeral public key pair, and wherein said ephemeral public and private keys comprise an ephemeral RSA public/private key pair of the form (e,n) and (d,n) respectively, and wherein said blinding function is a blinding function z, and wherein z is a number R having an inverse R.sup.-1 that satisfies R*R.sup.-1=1 mod n; receiving from said first node an ephemeral key ID associated with said ephemeral decryption key; decrypting said blinded and encrypted message using said ephemeral decryption key to form a blinded message; communicating said blinded message to said first node; and irretrievably deleting said ephemeral decryption key in response to a specified event; wherein said message being blinded with a blinding function to form said blinded and encrypted message includes the step of forming the first blinded and encrypted message as the product (R.sup.e*M.sup.e mod n) where (M.sup.e mod n) is said message M encrypted using said ephemeral public encryption key. 41. A computer program product stored on a computer readable physical storage medium, for use in blinded ephemeral decryption, the computer program product including program code, said computer program code being executable on a processor in an ephemerizer comprising program code for: receiving from said first node a blinded and encrypted message, said message being encrypted with an encryption key having a corresponding ephemeral decryption key and said message being blinded with a blinding function to form said blinded and encrypted message, wherein said encryption key and said ephemeral decryption key are public and private keys of an ephemeral public key pair, and wherein said ephemeral public and private keys comprise an ephemeral RSA public/private key pair of the form (e,n) and (d,n) respectively, and wherein said blinding function is a blinding function z, and wherein z is a number R having an inverse R.sup.-1 that satisfies R*R.sup.-1=1 mod n; receiving from said first node an ephemeral key ID associated with said ephemeral decryption key; decrypting said blinded and encrypted message using said ephemeral decryption key to form a blinded message; communicating said blinded message to said first node; and irretrievably deleting said ephemeral decryption key in response to a specified event; wherein said message being blinded with a blinding function to form said blinded and encrypted message includes the step of forming the first blinded and encrypted message as the product (R.sup.e*M.sup.e mod n) where (M.sup.e mod n) is said message M encrypted using said ephemeral public encryption key. 42. The method of claim 1 wherein decrypting said blinded and encrypted message is performed by raising the product ((R.sup.e*M.sup.e)mod n) to the power d mod n, forming ((R.sup.e*M.sup.e)mod n)).sup.d mod n to form a first blinded message R*M mod n.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.