APEX STANDARDS ENTERPRISE
Pseudo Claim Charting for Invalidity Checks



Patent: US8929552
Filed: 2001-06-01
Issued: 2015-01-06
Patent Holder: (Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC
Inventor(s): Paul T. Duncanson, Jr.

Title: Electronic information and cryptographic key management system

Abstract: Systems and methods of electronic information securement. The invention provides for the securement of electrical information and cryptographic keys through cryptographic key management systems providing for the confirmation that one or a plurality of cryptographic keys have been secured to the key management system. Confirmation provided by the key management system enables other systems to perform cryptographic and electronic information functions such as encryption, decryption, saving, and transferring of information. Further systems are provided having at least one client system, at least one cryptographic key management system, and at least one electronic information storage system, whereby the key management system enables functionality of the system after providing securement confirmation of keys and data.




Disclaimer: Pseudo Claim Charting (PCC) conducts aggressive mapping (based on Broadest Reasonable, Ordinary or Customary Interpretation) between a target patent's claim elements and other documents (potential technical standard specifications or prior arts), therefore allowing for a top-down, apriori due diligence, with which, stakeholders can assess standard essentiality (potential strengths) or invalidity (potential weaknesses) quickly and effectively before making critical decisions. PCC is designed to relieve partial burden of proof by means of an exhaustive listing of potential building blocks towards a litigation-ready work product. Stakeholders may then narrow down and modify upon selected PCC to achieve further purposes.

Click on references to view corresponding claim charts.


GroundReferencesTitleTerm NuancesChallenged Claims
1245678910111213141516171819202122232425262728293031323334353637
1US5495533A

(Mark H. Linehan, 1996)
Personal key archive computer system distributed computer system
random number, key management random number, user access
user information said database
XXXXX
2US5689566A

(Minhtam C. Nguyen, 1997)
Network with secure communications sessions key management, key management system session information, random number
XXXXXXXXXXXXXX
3US5315658A

(Silvio Micali, 1994)
Fair cryptosystems and methods of use key arbitration, key arbitration center exchange messages
key backup system secret value
key management, key management system public keys
XXXXXXXXXXXXX
4US4888800A

(Alan D. Marshall, 1989)
Secure messaging systems key management, key distribution center key distribution center
key management system when i
XXXXXXXXX
5US5276737A

(Silvio Micali, 1994)
Fair cryptosystems and methods of use key distribution secret sharing
key management, key management system public keys
XXXXXXXXXXXXX
6US6118874A

(Eiji Okamoto, 2000)
Encrypted data recovery method using split storage key and system thereof key backup system said instructions
securing electronic information comprises restricting access includes means
random number, key management random number
XXXXX
7US4386233A

(Miles E. Smid, 1983)
Crytographic key notarization methods and apparatus key backup, key escrow cryptographic keys
key management center d log
XXXX
8US5933503A

(Roger R. Schell, 1999)
Controlled modular cryptography apparatus and method key management, key backup more cryptographic keys, key management
key escrow, key escrow agent key escrow
second functionality force load
XXXXX
9US5901227A

(Radia J. Perlman, 1999)
Method and apparatus for implementing partial and complete optional key escrow key management, key backup encryption keys
key escrow, key escrow agent key escrow
on module on module
XXXX
10US6185546B1

(Derek L. Davis, 2001)
Apparatus and method for providing secured communications key backup cryptographic operations
random number generator random number generator
key certification, securing electronic information third party
XXXX
11US5862330A

(Vinod Anupam, 1999)
Technique for obtaining and exchanging information on wolrd wide web securing electronic information comprises restricting access includes means
electronic information, securing electronic information comprises transferring electronic information one source
XXX
12US5841865A

(Frank Wells Sudia, 1998)
Enhanced cryptographic system and method with key escrow feature key backup, key escrow cryptographic keys, key escrow
securing electronic information comprises transferring electronic information second user
XXXX
13US5799086A

(Frank Wells Sudia, 1998)
Enhanced cryptographic system and method with key escrow feature key management, key management system public keys
key certification, securing electronic information third party
XXXXXXXXXXXXXXX
14US5764772A

(Charles W. Kaufman, 1998)
Differential work factor cryptography method and system second functionality, computer system computer system
key management, key backup encryption keys
XXXXX
15US5604801A

(George M. Dolan, 1997)
Public key data communications system under control of a portable security device random number, key management random number
key distribution secure manner
XXXXX
16US5301247A

(Harry R. Rasmussen, 1994)
Method for ensuring secure communications key management, key backup encryption keys
first functionality one second
XXXXX
17US5268962A

(Martin Abadi, 1993)
Computer network with modified host-to-host encryption keys second functionality, computer system computer system
securing electronic information comprises restricting access, securing electronic information comprises transferring electronic information includes means, checking step
key management center d log
X
18US5200999A

(Stephen M. Matyas, 1993)
Public key cryptosystem key management based on control vectors second functionality, computer system computer system
key certification authority private keys
key management, key management system public keys
XXXXXXXXXX
19US5164988A

(Stephen M. Matyas, 1992)
Method to establish and enforce a network cryptographic security policy in a public key cryptosystem random number, key management random number
XXXXX
20US5150411A

(Ueli Maurer, 1992)
Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction random number, key management random number
electronic information own base
XXXXXXXXXXXXXXX
21US5142578A

(Stephen M. Matyas, 1992)
Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors electronic information, electronic information securement system storing control information
key certification authority cryptographic communication
securing electronic information comparison means
key management symmetric keys
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
22US4944007A

(Jeffrey R. Austin, 1990)
Public key diversification method key management, key backup public key value
XXXX
23US4941176A

(Stephen M. Matyas, 1990)
Secure management of keys using control vectors key backup, key escrow cryptographic keys, encryption keys
XXXX
24US4918728A

(Stephen M. Matyas, 1990)
Data cryptography operations using control vectors key backup, key escrow cryptographic keys
key management key management
directory service remote data
key arbitration input data
XXXX
25US4850017A

(Stephen M. Matyas, 1989)
Controlled use of cryptographic keys via generating station established control values electronic information temporarily store
random number, key management random number
XXXXXXXXXXXXXXX
26US6230197B1

(Christopher Clemmentt Macleod Beck, 2001)
Method and apparatus for rules-based storage and retrieval of multimedia interactions within a communication center electronic information, electronic information securement system receiving notification
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
27US6185681B1

(Stephen Zizzi, 2001)
Method of transparent encryption and decryption for an electronic document management system second functionality, computer system computer system
key management, key certification access module
XXXXX
28US6088747A

(Lauren Ann Cotugno, 2000)
System for reformatting and burning of data files having a first format onto a compact disk to be utilized in a network using different format key management, key management system computer platform
providing acknowledgment said client
XXXXXXXXXX
29US6088802A

(William P. Bialick, 2000)
Peripheral device with integrated security functionality securing electronic information wireless communication means
key escrow, key certification security operation
directory service remote device
key management center wireless LAN
XXXX
30US6076099A

(Thomas C. H. Chen, 2000)
Method for configurable intelligent-agent-based wireless communication system key arbitration communication controller
directory service wireless controller
securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information plain text
first functionality said sub
X
31US6073234A

(Kenichiro Kigo, 2000)
Device for authenticating user's access rights to resources and method directory service data verification
user information user information
key distribution, key arbitration function value
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
32US6023506A

(Ichiro Ote, 2000)
Data encryption control apparatus and method key management, key certification encryption system, user access
key backup original location
key distribution key generation
random number generator represents a
XXXX
33US6014134A

(Brigham R. Bell, 2000)
Network-based intelligent tutoring system first functionality graphical user interfaces, said sub
key management system, directory service performance information
providing acknowledgment transformation step, said client
key certification, key arbitration generation module
X
34US5991796A

(Vinod Anupam, 1999)
Technique for obtaining and exchanging information on world wide web electronic information, securing electronic information comprises transferring electronic information one source
X
35US5987140A

(Kevin Thomas Bartholomew Rowney, 1999)
System, method and article of manufacture for secure network electronic payment and credit collection key certification, securing electronic information third party
providing acknowledgment said client
XXXX
36US5982857A

(Patrick K. Brady, 1999)
Voice recording method and system providing context specific storage and retrieval key certification, key arbitration data distribution system
XXXX
37US5978475A

(Bruce Schneier, 1999)
Event auditing system key backup, key escrow cryptographic operations, cryptographic keys
first functionality said sub
XXXX
38EP0807911A2

(Burton S. Kaliski, 1997)
Client/server protocol for proving authenticity random number generator random number generator
key distribution, key arbitration function value, public keys
XXXXXXXXXXXXX




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5495533A

Filed: 1994-04-29     Issued: 1996-02-27

Personal key archive

(Original Assignee) International Business Machines Corp     (Current Assignee) Google LLC

Mark H. Linehan, Nicholas J. Simicich, Gene Y. Tsudik
US8929552
CLAIM 7
. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number, user access) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5495533A
CLAIM 1
. A computing system for automatically managing keys to encrypt and decrypt stored data;
comprising: an authentication server;
a key client;
a key generator;
a key server;
a key database;
an encrypted data memory;
said authentication server authenticates said user and provides said user with a ticket identifying said user;
said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory;
said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data.

US5495533A
CLAIM 4
. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) .

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number, user access) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5495533A
CLAIM 1
. A computing system for automatically managing keys to encrypt and decrypt stored data;
comprising: an authentication server;
a key client;
a key generator;
a key server;
a key database;
an encrypted data memory;
said authentication server authenticates said user and provides said user with a ticket identifying said user;
said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory;
said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data.

US5495533A
CLAIM 4
. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) .

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number, user access) system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5495533A
CLAIM 1
. A computing system for automatically managing keys to encrypt and decrypt stored data;
comprising: an authentication server;
a key client;
a key generator;
a key server;
a key database;
an encrypted data memory;
said authentication server authenticates said user and provides said user with a ticket identifying said user;
said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory;
said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data.

US5495533A
CLAIM 4
. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) .

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number, user access) system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5495533A
CLAIM 1
. A computing system for automatically managing keys to encrypt and decrypt stored data;
comprising: an authentication server;
a key client;
a key generator;
a key server;
a key database;
an encrypted data memory;
said authentication server authenticates said user and provides said user with a ticket identifying said user;
said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory;
said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data.

US5495533A
CLAIM 4
. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) .

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number, user access) system, a key backup (random number, user access) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number, user access) authority, a key distribution center, a key management center, a key arbitration (random number, user access) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number, user access) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5495533A
CLAIM 1
. A computing system for automatically managing keys to encrypt and decrypt stored data;
comprising: an authentication server;
a key client;
a key generator;
a key server;
a key database;
an encrypted data memory;
said authentication server authenticates said user and provides said user with a ticket identifying said user;
said key client of a creating user, when a creating user creates stored data invokes said generator to generate a key corresponding to said stored data to form encrypted stored data, said key is provided to said key server, said key client of said creating user uses said key to encrypt said stored data which is stored in said encrypted data memory;
said key client of an accessing user, when an accessing user access (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) es said stored data, sends said ticket and identification data for said stored data to said key server, said key server obtains said authentification data from said ticket for said accessing user, said key server sends said key corresponding to said stored data to said key client of said accessing user, said key client of said accessing user uses said key to decrypt said encrypted stored data.

US5495533A
CLAIM 4
. A computing system according to claim 1 wherein said key is a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) .




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5689566A

Filed: 1995-10-24     Issued: 1997-11-18

Network with secure communications sessions

(Original Assignee) Nguyen; Minhtam C.     

Minhtam C. Nguyen
US8929552
CLAIM 7
. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (session information, random number, d log) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (session information, random number, d log) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (session information, random number, d log) system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (session information, random number, d log) system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (session information, random number, d log) system, a key backup (session information, random number, d log) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (session information, random number, d log) authority, a key distribution center, a key management center, a key arbitration (session information, random number, d log) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (session information, random number, d log) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (session information, random number, d log) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (session information, random number, d log) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (session information, random number, d log) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (session information, random number, d log) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (session information, random number, d log) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (session information, random number, d log) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5689566A
CLAIM 1
. A bi-directional security system for a network, comprising: at least one client, the client further comprising: client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) ;
and means to encrypt at least a portion of the session information in the third packet header prior to transmission;
and the server further comprising: server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission;
and means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.

US5689566A
CLAIM 3
. A security system, as in claim 2, wherein: the client has a userid;
the client has a password;
the first packet is encrypted by: concatenating a random number (key management, key management system, key management center, random number, key backup, key certification, key arbitration, key certification authority, key arbitration center) to a predetermined bit constant to form a value R;
a CRC signature C1 is generated from the value R and the userid;
the value R is used as a DES key to encrypt the userid;
the server name is used to generate a key K to encrypt the value R;
the key Ka is generated by a one way hash function from the userid and password;
and a random number Ra and its CRC signature C2 is generated, Ra and C2 are encrypted using key Ka.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5315658A

Filed: 1993-04-19     Issued: 1994-05-24

Fair cryptosystems and methods of use

(Original Assignee) Silvio Micali     (Current Assignee) Certco Inc

Silvio Micali
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US5315658A
CLAIM 12
. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user;
and having the user send encrypted messages using the secure chip;
and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US5315658A
CLAIM 12
. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user;
and having the user send encrypted messages using the secure chip;
and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US5315658A
CLAIM 12
. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user;
and having the user send encrypted messages using the secure chip;
and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (exchange messages) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US5315658A
CLAIM 12
. A method, using a cryptosystem, for enabling a predetermined entity to confirm that users of a system exchange messages (key arbitration, key arbitration center) encrypted according to a predetermined algorithm, comprising the steps of: providing each user in the system with a secure chip containing at least one secret key unknown to the user;
and having the user send encrypted messages using the secure chip;
and with each encrypted message sent by a user, having the secure chip also send a data string, computed using the secret key, to guarantee the entity that the encrypted message was generated by the secure chip using the predetermined algorithm.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5315658A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key;
and monitoring communications to the suspect user during a time period specified in the predetermined request.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US4888800A

Filed: 1988-03-01     Issued: 1989-12-19

Secure messaging systems

(Original Assignee) HP Inc     (Current Assignee) HP Inc

Alan D. Marshall, Christopher J. Mitchell, Graeme J. Proudler
US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (key distribution center) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (key distribution center) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (key distribution center) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (key distribution center) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (key distribution center) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (key distribution center) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (key distribution center) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (key distribution center) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (key distribution center) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US4888800A
CLAIM 1
. A secure messaging system comprising: at least three terminals;
a key distribution center (key management, key distribution center) ;
communication means for carrying messages amongst the terminals and between the terminals and the center;
and means for providing a key means, a key transport key, and a plurality of data transport keys, the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals, each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

US4888800A
CLAIM 4
. A messaging system according to claim 3 wherein a terminal comprises: means for measuring the usage of its associated data transport key;
means for changing the key when i (key management system) t has been used a predetermined amount in communication with another terminal;
and means for causing the changed key to be sent to the other terminal.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5276737A

Filed: 1992-04-20     Issued: 1994-01-04

Fair cryptosystems and methods of use

(Original Assignee) Silvio Micali     

Silvio Micali
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US5276737A
CLAIM 11
. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user'
s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US5276737A
CLAIM 11
. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user'
s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US5276737A
CLAIM 11
. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user'
s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US5276737A
CLAIM 11
. A method, using a public-key cryptosystem into a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, comprising the step of: verifying secret sharing (key distribution) each user'
s secret key with a plurality of trustees so that each trustee can verify that the share received is part of a secret key of some public key.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5276737A
CLAIM 1
. A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys (key management, key management system) , comprising the steps of: breaking each user'
s secret key into shares;
providing trustees pieces of information enabling the trustees to verify that the pieces of information include shares of a secret key of some given public key;
and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to attempt reconstruction of the secret key for monitoring communications to the suspect user.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6118874A

Filed: 1998-03-30     Issued: 2000-09-12

Encrypted data recovery method using split storage key and system thereof

(Original Assignee) Fujitsu Ltd; Hitachi Ltd     (Current Assignee) Fujitsu Ltd ; Hitachi Ltd ; Mambo Masahiro

Eiji Okamoto, Masahiro Mambo, Seiichi Domyo, Hiroyoshi Tsuchiya, Tooru Kawai, Kazuo Takaragi, Naoya Torii, Takeshi Tanida
US8929552
CLAIM 7
. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US6118874A
CLAIM 5
. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration;
a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus;
and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6118874A
CLAIM 5
. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration;
a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus;
and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6118874A
CLAIM 5
. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration;
a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus;
and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6118874A
CLAIM 5
. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration;
a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus;
and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6118874A
CLAIM 5
. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising: a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration;
a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus;
and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US4386233A

Filed: 1980-09-29     Issued: 1983-05-31

Crytographic key notarization methods and apparatus

(Original Assignee) COMMERCE United States, Secretary of     (Current Assignee) COMMERCE United States, Secretary of

Miles E. Smid, Dennis K. Branstad
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4386233A
CLAIM 1
. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4386233A
CLAIM 1
. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4386233A
CLAIM 1
. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4386233A
CLAIM 1
. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) such that the data encryptor and intended decryptor are positively identified, the method comprising the step of: encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5933503A

Filed: 1996-03-15     Issued: 1999-08-03

Controlled modular cryptography apparatus and method

(Original Assignee) Micro Focus Software Inc     (Current Assignee) EMC Corp

Roger R. Schell, Kevin W. Kingdon, Thomas A. Berson
US8929552
CLAIM 1
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (more cryptographic keys, key management) system;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (force load) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information.
US5933503A
CLAIM 21
. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy.

US5933503A
CLAIM 29
. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow and storage of encrypted backup copies of cryptographic keys.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (more cryptographic keys, key management) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5933503A
CLAIM 21
. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy.

US5933503A
CLAIM 29
. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (more cryptographic keys, key management) system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5933503A
CLAIM 21
. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy.

US5933503A
CLAIM 29
. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (more cryptographic keys, key management) system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5933503A
CLAIM 21
. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy.

US5933503A
CLAIM 29
. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (more cryptographic keys, key management) system, a key backup (more cryptographic keys, key management) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification (more cryptographic keys, key management) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5933503A
CLAIM 21
. The apparatus of claim 19, further comprising a policy, and wherein the engine is a cryptographic engine and the management module is programmed to control use of one or more cryptographic keys (key management, key backup, key certification, key certification authority) by the engine, in accordance with the policy.

US5933503A
CLAIM 29
. The article of claim 28 wherein the management module is programmed to provide key management (key management, key backup, key certification, key certification authority) , including key escrow (key escrow, key escrow agent) and storage of encrypted backup copies of cryptographic keys.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5901227A

Filed: 1996-06-20     Issued: 1999-05-04

Method and apparatus for implementing partial and complete optional key escrow

(Original Assignee) Micro Focus Software Inc     (Current Assignee) EMC Corp

Radia J. Perlman
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5901227A
CLAIM 8
. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5901227A
CLAIM 8
. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5901227A
CLAIM 8
. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow (key escrow) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5901227A
CLAIM 8
. The key escrow (key escrow, key escrow agent) apparatus of claim 7 wherein the escrow instructions comprise a set of elements including a list of public encryption keys (key management, key backup) of the escrow authorities along with a maximum number of unescrowed secret key bits.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6185546B1

Filed: 1998-06-12     Issued: 2001-02-06

Apparatus and method for providing secured communications

(Original Assignee) Intel Corp     (Current Assignee) Intel Corp

Derek L. Davis
US8929552
CLAIM 8
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185546B1
CLAIM 4
. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available.

US6185546B1
CLAIM 22
. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit.

US8929552
CLAIM 11
. A method of securing electronic information (third party) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185546B1
CLAIM 4
. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available.

US6185546B1
CLAIM 22
. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit.

US8929552
CLAIM 12
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185546B1
CLAIM 4
. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available.

US6185546B1
CLAIM 22
. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit.

US8929552
CLAIM 14
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185546B1
CLAIM 4
. The semiconductor device of claim 3 , wherein the second level certificate includes the public key assigned to the semiconductor device encrypted with a private key of a third party (key certification, securing electronic information) , a public key of the third party being widely available.

US6185546B1
CLAIM 22
. The semiconductor device of claim 21 , wherein the volatile memory to store results of cryptographic operations (key backup) performed by the processing unit.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5862330A

Filed: 1996-07-16     Issued: 1999-01-19

Technique for obtaining and exchanging information on wolrd wide web

(Original Assignee) Nokia of America Corp     (Current Assignee) SOUND VIEW INNOVATIONS LLC ; Alcatel Lucent SAS

Vinod Anupam, Narain H. Gehani, Kenneth R. Rodemann
US8929552
CLAIM 4
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information, wherein said step of securing electronic information (one source) comprises restricting access (includes means) to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US5862330A
CLAIM 1
. A server system for communicating with at least one device comprising a browser for receiving information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , other than said server system, on a communications network, comprising: an interface for receiving from said device a request for admission thereof to a session in which said browser receives said information;
a processor responsive to said request for providing program code to said device to create a surrogate therein, said surrogate acquiring data from said browser;
and at least one controller for receiving said data from said surrogate.

US5862330A
CLAIM 11
. The system of claim 10 wherein said controller includes means (securing electronic information comprises restricting access) for selecting said selected surrogate in accordance with a predetermined priority scheme.

US8929552
CLAIM 14
. A method of securing electronic information (one source) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5862330A
CLAIM 1
. A server system for communicating with at least one device comprising a browser for receiving information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , other than said server system, on a communications network, comprising: an interface for receiving from said device a request for admission thereof to a session in which said browser receives said information;
a processor responsive to said request for providing program code to said device to create a surrogate therein, said surrogate acquiring data from said browser;
and at least one controller for receiving said data from said surrogate.

US8929552
CLAIM 15
. A method of securing electronic information (one source) as described in claims 1 , 2 or 3 , wherein said step of securing electronic information comprises restricting access (includes means) to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US5862330A
CLAIM 1
. A server system for communicating with at least one device comprising a browser for receiving information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , other than said server system, on a communications network, comprising: an interface for receiving from said device a request for admission thereof to a session in which said browser receives said information;
a processor responsive to said request for providing program code to said device to create a surrogate therein, said surrogate acquiring data from said browser;
and at least one controller for receiving said data from said surrogate.

US5862330A
CLAIM 11
. The system of claim 10 wherein said controller includes means (securing electronic information comprises restricting access) for selecting said selected surrogate in accordance with a predetermined priority scheme.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5841865A

Filed: 1997-04-11     Issued: 1998-11-24

Enhanced cryptographic system and method with key escrow feature

(Original Assignee) Certco LLC     (Current Assignee) CERTCO Inc A Corp OF DELAWARE

Frank Wells Sudia
US8929552
CLAIM 8
. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5841865A
CLAIM 1
. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users;
verifying each of said plurality of keys at the escrow center;
certifying each of said plurality of keys upon verification;
and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification.

US5841865A
CLAIM 15
. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users;
verifying the keys at the escrow center;
certifying each of the keys upon verification;
initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user.

US5841865A
CLAIM 18
. A method as in claim 15 further including steps of: recovering an escrowed key;
confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device;
and accessing a communication using the key contained in the trusted device.

US5841865A
CLAIM 33
. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center.

US8929552
CLAIM 11
. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5841865A
CLAIM 1
. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users;
verifying each of said plurality of keys at the escrow center;
certifying each of said plurality of keys upon verification;
and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification.

US5841865A
CLAIM 15
. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users;
verifying the keys at the escrow center;
certifying each of the keys upon verification;
initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user.

US5841865A
CLAIM 18
. A method as in claim 15 further including steps of: recovering an escrowed key;
confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device;
and accessing a communication using the key contained in the trusted device.

US5841865A
CLAIM 33
. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center.

US8929552
CLAIM 12
. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5841865A
CLAIM 1
. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users;
verifying each of said plurality of keys at the escrow center;
certifying each of said plurality of keys upon verification;
and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification.

US5841865A
CLAIM 15
. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users;
verifying the keys at the escrow center;
certifying each of the keys upon verification;
initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user.

US5841865A
CLAIM 18
. A method as in claim 15 further including steps of: recovering an escrowed key;
confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device;
and accessing a communication using the key contained in the trusted device.

US5841865A
CLAIM 33
. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center.

US8929552
CLAIM 14
. A method of securing electronic information (cryptographic keys, key escrow, third party, secure manner) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic keys, key escrow, third party, secure manner) system, a key escrow, a key escrow (cryptographic keys, key escrow, third party, secure manner) agent, a cryptographic library, a key certification (cryptographic keys, key escrow, third party, secure manner) authority, a key distribution (cryptographic keys, key escrow, third party, secure manner) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5841865A
CLAIM 1
. A method for generating verifiably trusted communication among a plurality of users, comprising the steps of: escrowing at a trusted escrow center a plurality of secret asymmetric cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) to be used by a plurality of users;
verifying each of said plurality of keys at the escrow center;
certifying each of said plurality of keys upon verification;
and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification.

US5841865A
CLAIM 15
. A method for generating verifiably trusted communications among a plurality of users with third party (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) access, comprising the steps of: escrowing with at least one of a plurality of escrow centers a secret asymmetric cryptographic key associated with each of a plurality of users;
verifying the keys at the escrow center;
certifying each of the keys upon verification;
initiating a trusted communication from a sending user to a receiving user using a verified key, said communication including information to recover a key of the initiating user and a key of the receiving user.

US5841865A
CLAIM 18
. A method as in claim 15 further including steps of: recovering an escrowed key;
confining the recovered key in a trusted device in a secure manner (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) which prevents reading of the key from outside the secure device;
and accessing a communication using the key contained in the trusted device.

US5841865A
CLAIM 33
. The method of claim 30 wherein the access information includes recovery information for recovering a key escrow (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, securing electronic information) ed at an escrow center, said recovery information encrypted by a key of the escrow center.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5799086A

Filed: 1997-02-19     Issued: 1998-08-25

Enhanced cryptographic system and method with key escrow feature

(Original Assignee) Certco LLC     (Current Assignee) CERTCO Inc A Corp OF DELAWARE

Frank Wells Sudia
US8929552
CLAIM 7
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5799086A
CLAIM 1
. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device;
determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules;
electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization;
electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules;
electronically transmitting transaction data from said trusted device to said second party in accordance with said rules.

US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 8
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5799086A
CLAIM 1
. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device;
determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules;
electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization;
electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules;
electronically transmitting transaction data from said trusted device to said second party in accordance with said rules.

US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 9
. A method of securing electronic information (third party) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system.
US5799086A
CLAIM 1
. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device;
determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules;
electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization;
electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules;
electronically transmitting transaction data from said trusted device to said second party in accordance with said rules.

US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 11
. A method of securing electronic information (third party) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5799086A
CLAIM 1
. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device;
determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules;
electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization;
electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules;
electronically transmitting transaction data from said trusted device to said second party in accordance with said rules.

US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 12
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5799086A
CLAIM 1
. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device;
determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules;
electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization;
electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules;
electronically transmitting transaction data from said trusted device to said second party in accordance with said rules.

US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 14
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5799086A
CLAIM 1
. A method of authorizing a trusted device to conduct an electronic transaction between a first user and a second party, and providing assurance that said trusted device will engage in said electronic transaction in accordance with predetermined rules which cannot be changed by said user, said method comprising: electronically transmitting from said trusted device to a third party (key certification, securing electronic information) a request for authorization to engage in said electronic transaction, said request including the identity of said trusted device;
determining, by said third party, that said trusted device should be authorized to engage in said transaction at least in part in accordance with a determination that said trusted device will operate only in accordance with said rules;
electronically transmitting from said third party to said trusted device authorization to engage in said electronic transaction, said authorization including certification that said third party provided said authorization;
electronically transmitting from said trusted device to said second party said certification as assurance that said trusted device is authorized to engage in said electronic transaction and will do so only in accordance with said rules;
electronically transmitting transaction data from said trusted device to said second party in accordance with said rules.

US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5799086A
CLAIM 11
. A method as in claim 8 wherein said first and second device keys are private and public keys (key management, key management system) respectively.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5764772A

Filed: 1995-12-15     Issued: 1998-06-09

Differential work factor cryptography method and system

(Original Assignee) Lotus Development Corp     (Current Assignee) International Business Machines Corp

Charles W. Kaufman, Stephen M. Matyas, Jr.
US8929552
CLAIM 1
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information.
US5764772A
CLAIM 7
. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority.

US5764772A
CLAIM 11
. A data structure for an encrypted message transmitted from one computer system (second functionality, computer system) to another, the data structure providing a reduced work factor for an authorized entity to break the encrypted message, the data structure comprising: a first encrypted data entity comprising the message encrypted with a secret encryption key;
and a second encrypted data entity attached to the first encrypted data entity, the second encrypted data entity comprising, in combination, a partial key of the secret encryption key, a hash of at least part of the secret encryption key and a salt, and all or part of the salt, encrypted using a public key of the authorized entity thereby enabling the authorized entity to decrypt the encrypted partial key and to use the partial key to break the encrypted message.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5764772A
CLAIM 7
. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5764772A
CLAIM 7
. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5764772A
CLAIM 7
. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5764772A
CLAIM 7
. The method of claim 1 wherein a governmental authority imposes one or more restrictions on use, import, or export of encryption hardware or software using encryption keys (key management, key backup) greater than a given size, and wherein the step of splitting the secret encryption key into at least two partial keys comprises making the size of the at least one partial key remaining after splitting off the first partial key equal to or less than the encryption key size subject to the one or more restrictions of the governmental authority.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5604801A

Filed: 1995-02-03     Issued: 1997-02-18

Public key data communications system under control of a portable security device

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

George M. Dolan, Christopher J. Holloway, Stephen M. Matyas, Jr.
US8929552
CLAIM 7
. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5604801A
CLAIM 7
. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5604801A
CLAIM 1
. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key;
the server (130) being adapted for data communication with the portable security device (120);
characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user.

US5604801A
CLAIM 7
. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5604801A
CLAIM 1
. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key;
the server (130) being adapted for data communication with the portable security device (120);
characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user.

US5604801A
CLAIM 7
. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5604801A
CLAIM 1
. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key;
the server (130) being adapted for data communication with the portable security device (120);
characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user.

US5604801A
CLAIM 7
. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution (secure manner) center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5604801A
CLAIM 1
. A communications system in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: a server (130) for performing public key processing using the private key;
the server (130) being adapted for data communication with the portable security device (120);
characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner (key distribution) the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user.

US5604801A
CLAIM 7
. A system as claimed in claim 1 wherein the key encrypting key is a reversible function of a key stored in the security device and a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) , the server (130) comprising means to provide the random number to the security device (120), wherein the server (130) is arranged to reencrypt the private key each time it is used using a new random number, and to provide the new random number to the security device the next time it is required to perform public key processing for a user.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5301247A

Filed: 1992-07-23     Issued: 1994-04-05

Method for ensuring secure communications

(Original Assignee) Crest Industries Inc     (Current Assignee) Crest Industries Inc

Harry R. Rasmussen, Jack D. LaBounty, Michael J. Rosenow
US8929552
CLAIM 1
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality (one second) and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information.
US5301247A
CLAIM 1
. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station;
(b) encrypting the first part encryption key at said one station;
(c) transmitting the encrypted first part encryption key to the other station;
(d) decrypting the first part encryption key at said other station;
(e) encrypting the second part encryption key at said other station;
(f) transmitting the encrypted second part encryption key to said one station;
(g) decrypting the second part encryption key at said one station;
and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5301247A
CLAIM 1
. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station;
(b) encrypting the first part encryption key at said one station;
(c) transmitting the encrypted first part encryption key to the other station;
(d) decrypting the first part encryption key at said other station;
(e) encrypting the second part encryption key at said other station;
(f) transmitting the encrypted second part encryption key to said one station;
(g) decrypting the second part encryption key at said one station;
and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5301247A
CLAIM 1
. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station;
(b) encrypting the first part encryption key at said one station;
(c) transmitting the encrypted first part encryption key to the other station;
(d) decrypting the first part encryption key at said other station;
(e) encrypting the second part encryption key at said other station;
(f) transmitting the encrypted second part encryption key to said one station;
(g) decrypting the second part encryption key at said one station;
and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5301247A
CLAIM 1
. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station;
(b) encrypting the first part encryption key at said one station;
(c) transmitting the encrypted first part encryption key to the other station;
(d) decrypting the first part encryption key at said other station;
(e) encrypting the second part encryption key at said other station;
(f) transmitting the encrypted second part encryption key to said one station;
(g) decrypting the second part encryption key at said one station;
and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (encryption keys) system, a key backup (encryption keys) system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5301247A
CLAIM 1
. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of: (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station;
(b) encrypting the first part encryption key at said one station;
(c) transmitting the encrypted first part encryption key to the other station;
(d) decrypting the first part encryption key at said other station;
(e) encrypting the second part encryption key at said other station;
(f) transmitting the encrypted second part encryption key to said one station;
(g) decrypting the second part encryption key at said one station;
and (h) combining the first part and the second part encryption keys (key management, key backup) at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5268962A

Filed: 1992-07-21     Issued: 1993-12-07

Computer network with modified host-to-host encryption keys

(Original Assignee) Digital Equipment Corp     (Current Assignee) Google LLC

Martin Abadi, Michael Burrows, Butler Lampson
US8929552
CLAIM 4
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information, wherein said step of securing electronic information comprises restricting access (includes means, checking step) to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US5268962A
CLAIM 3
. The network packet receiver of claim 1, each received data packet incorporating an embedded error checking value to enable error checking thereof;
said packet processing means including pipelined decryption means and error checking means that, respectively, decrypt the encrypted portion of said each received data packet and error check said each received data packet as said each received data packet is delivered to said first host computer;
wherein said packet processing means includes means (securing electronic information comprises restricting access, securing electronic information comprises transferring electronic information) for delivering portions of said each received data packet to said first host computer before said error checking means error checks other portions of said each received packet.

US5268962A
CLAIM 12
. The computer system (second functionality, computer system) of claim 11, each said transmitted data packet incorporating an embedded error checking value to enable error checking thereof;
each said packet receiving means including means for error checking said each received data packet as it is delivered to said network controller'
s host computer.

US5268962A
CLAIM 16
. The method of claim 15, said each received data packet incorporating an embedded error checking value to enable error checking thereof;
said method further including: error checking said each received data packet as it is delivered to said first host computer;
and delivering portions of said each received data packet to said first host computer before said error checking step (securing electronic information comprises restricting access, securing electronic information comprises transferring electronic information) error checks other portions of said each received packet.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5200999A

Filed: 1991-09-27     Issued: 1993-04-06

Public key cryptosystem key management based on control vectors

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, William C. Martin, William S. Rohland, John D. Wilkins
US8929552
CLAIM 1
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (public keys) system;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US5200999A
CLAIM 29
. The computer system (second functionality, computer system) of claim 28, which when executed on said data processing system, performs the further steps, comprising: forming a second public key authentication record in said data processing system, by computing a hash value using a hashing function on said public key record;
said public key token including said second public key authentication record.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (public keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (public keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (public keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (public keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5200999A
CLAIM 6
. The method of claim 1, which further comprises: assigning a public control vector for said first public key and said second public key in said data processing system, for defining permitted uses for said first and second public keys (key management, key management system) ;
forming a public key record which includes said first public key and said second public key in said data processing system, and encrypting said public key record under a third master key expression which is a function of said public control vector;
forming a public key token which includes said public control vector and said public key record, and storing said public key token in said data processing system;
receiving a second key use request in said data processing system, regulating said second public key algorithm;
accessing said public key token in said data processing system and checking said public control vector to determine if said public key record contains a key having permitted uses which will satisfy said second request;
decrypting said public key record under said third master key expression in said data processing system and extracting said first public key from said public key record;
selecting said second public key algorithm in said data processing system for said second key use request;
selecting said second public key algorithm in said data processing system using said first public key to perform a cryptographic operation to satisfy said second key use request.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5164988A

Filed: 1991-10-31     Issued: 1992-11-17

Method to establish and enforce a network cryptographic security policy in a public key cryptosystem

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, William C. Martin, William S. Rohland, John D. Wilkins
US8929552
CLAIM 7
. A method of securing electronic information as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5164988A
CLAIM 6
. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key;
and transmitting said nonce with said audit record from said second data processor to said first data processor.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5164988A
CLAIM 6
. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key;
and transmitting said nonce with said audit record from said second data processor to said first data processor.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5164988A
CLAIM 6
. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key;
and transmitting said nonce with said audit record from said second data processor to said first data processor.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5164988A
CLAIM 6
. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key;
and transmitting said nonce with said audit record from said second data processor to said first data processor.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5164988A
CLAIM 6
. The method of claim 5, prior to said step of forming an audit digital signature on a representation of said audit record, which further comprises the steps of: forming a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) nonce in said first data processor and transmitting said nonce to said second data processor in response to said request to certify said public utilization key;
and transmitting said nonce with said audit record from said second data processor to said first data processor.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5150411A

Filed: 1991-01-16     Issued: 1992-09-22

Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction

(Original Assignee) Omnisec     (Current Assignee) Omnisec

Ueli Maurer
US8929552
CLAIM 7
. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 8
. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 9
. A method of securing electronic information (own base) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (random number) system.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 11
. A method of securing electronic information (own base) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 12
. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 14
. A method of securing electronic information (own base) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 16
. An electronic information (own base) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 17
. An electronic information (own base) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 18
. An electronic information (own base) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 19
. An electronic information (own base) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (random number) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 20
. An electronic information (own base) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 21
. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 24
. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (random number) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 25
. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.

US8929552
CLAIM 26
. An electronic information (own base) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5150411A
CLAIM 32
. A cipher key generator means as claimed in claim 26, which further comprises identification protocol means, including a first means for choosing a random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) r and sending a number a r (mod m) to receiving user R, a second means for receiving a binary variable b in the form of "
0"
or "
1"
from user R, and a third means for sending back to the user R the random number r if variable b equals "
0"
, or sending the number r plus secret key s T if variable b equals "
1"
, thereby concealing the value of the secret key s T while allowing the user R to check the equality of the equation: a r+s .sbsp.T ≡a r ·(ID T) 2 (mod m) to confirm user T'
s identity.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5142578A

Filed: 1991-08-22     Issued: 1992-08-25

Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, John D. Wilkins, William C. Martin, William S. Rohland
US8929552
CLAIM 2
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information, wherein said step of securing electronic information (storing control information) comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 4
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information, wherein said step of securing electronic information (storing control information) comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 5
. A method of securing electronic information (storing control information) as described in claims 1 , 2 , or 4 , further comprising the steps of: generating said at least one cryptographic key;

and confirming generation of said at least one cryptographic key.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 6
. A method of securing electronic information (storing control information) as described in claim 5 , wherein said step of confirming generation comprises confirming generation of at least one valid key and further comprising the step of providing said at least one cryptographic key in a read-only format, wherein said step of confirming generation of at least one valid key comprises confirming generation of said cryptographic key in a read-only format.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 7
. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (symmetric keys) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 8
. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (symmetric keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 9
. A method of securing electronic information (storing control information) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (symmetric keys) system.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 10
. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , wherein said step of associating at least one cryptographic key with electronic information comprises associating at least one cryptographic key with at least one system identification selected from the group consisting of: a ticket, a pointer, a certificate, an add-on module, user information, and a random number.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 11
. A method of securing electronic information (storing control information) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (symmetric keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 12
. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (symmetric keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 13
. A method of securing electronic information (storing control information) as described in claim 3 , wherein said step of securing electronic information comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 14
. A method of securing electronic information (storing control information) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (symmetric keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 15
. A method of securing electronic information (storing control information) as described in claims 1 , 2 or 3 , wherein said step of securing electronic information comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 16
. An electronic information (storing control information) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (symmetric keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 17
. An electronic information (storing control information) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (symmetric keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 18
. An electronic information (storing control information) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (symmetric keys) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 19
. An electronic information (storing control information) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (symmetric keys) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 20
. An electronic information (storing control information) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 21
. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 22
. An electronic information (storing control information) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 23
. An electronic information (storing control information) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 24
. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (symmetric keys) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 25
. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 26
. An electronic information (storing control information) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (symmetric keys) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US5142578A
CLAIM 4
. The method of claim 3, which further comprise: said first key expression and said second key expression being symmetric keys (key management) .

US8929552
CLAIM 27
. An electronic information (storing control information) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by a client.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 28
. An electronic information (storing control information) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by an administrator.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 29
. An electronic information (storing control information) securement system as described in claim 16 , 17 or 18 , wherein access to secured electronic information is restricted to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to said secure electronic information under conditions of enhanced security.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 30
. An electronic information (storing control information) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 31
. An electronic information (storing control information) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 32
. An electronic information (storing control information) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 33
. An electronic information (storing control information) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 34
. An electronic information (storing control information) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by a client.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 35
. An electronic information (storing control information) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by a client.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 36
. An electronic information (storing control information) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by an administrator.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.

US8929552
CLAIM 37
. An electronic information (storing control information) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by an administrator.
US5142578A
CLAIM 3
. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising: storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
storing control information (electronic information, electronic information securement system) to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
storing a first key expression at said transmitting node;
concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
transmitting said encrypted key block to said receiving node;
transmitting a second copy of said control information to said receiving node;
storing a second key expression corresponding to said first key expression, at said receiving node;
decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
extracting said control information and said crypto variable from said recovered key block, at said receiving node;
comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
controlling said crypto variable with said control information when said enabling signal has been generated.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US4944007A

Filed: 1989-06-12     Issued: 1990-07-24

Public key diversification method

(Original Assignee) NCR Corp     (Current Assignee) NCR Corp

Jeffrey R. Austin
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (public key value) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4944007A
CLAIM 1
. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S;
transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler'
s totient function;
selecting, at said requesting entity, fifth and sixth prime numbers, T,U;
and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e;
wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1);
and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m .

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (public key value) system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4944007A
CLAIM 1
. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S;
transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler'
s totient function;
selecting, at said requesting entity, fifth and sixth prime numbers, T,U;
and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e;
wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1);
and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m .

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (public key value) system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4944007A
CLAIM 1
. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S;
transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler'
s totient function;
selecting, at said requesting entity, fifth and sixth prime numbers, T,U;
and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e;
wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1);
and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m .

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (public key value) system, a key backup (public key value) system, a key escrow, a key escrow (public key value) agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4944007A
CLAIM 1
. A method of generating key values for use in public key cryptography by a requesting entity, including the step of generating at a parent entity, public key value (key management, key backup, key escrow, key escrow agent, key certification authority) s N, e, where N is the product of first and second prime numbers P,Q and e is a corresponding public key integer value, comprising: selecting, at said parent entity, third and fourth prime numbers R,S;
transmitting to said requesting entity a first value N mi and a second value Φ(N mi) where said first value N mi =N·R·S and where said second value Φ(N mi)=Φ(N)·(R-1)·(S-1), wherein the symbol Φ represents Euler'
s totient function;
selecting, at said requesting entity, fifth and sixth prime numbers, T,U;
and computing, at said requesting entity, a third value N m and a fourth value d m , where N m =N mi ·T·U, and where d m =[1+K Φ(N m)]/e;
wherein Φ(N m)=Φ(N mi)·(T-1)·(U-1);
and wherein K and d m are integers, whereby d m is adapted to be used by said requesting entity as a secret key counterpart of the public key value e with respect to N m .




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US4941176A

Filed: 1988-08-11     Issued: 1990-07-10

Secure management of keys using control vectors

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Stephen M. Matyas, Dennis G. Abraham, Donald B. Johnson, Ramesh K. Karne, An V. Le, Rostislaw Prymak, Julian Thomas, John D. Wilkins, Phil C. Yeh
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (cryptographic keys, encryption keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4941176A
CLAIM 1
. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key.

US4941176A
CLAIM 22
. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (cryptographic keys, encryption keys) system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4941176A
CLAIM 1
. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key.

US4941176A
CLAIM 22
. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (cryptographic keys, encryption keys) system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4941176A
CLAIM 1
. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key.

US4941176A
CLAIM 22
. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (cryptographic keys, encryption keys) system, a key backup (cryptographic keys, encryption keys) system, a key escrow, a key escrow (cryptographic keys, encryption keys) agent, a cryptographic library, a key certification (cryptographic keys, encryption keys) authority, a key distribution (cryptographic keys, encryption keys) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4941176A
CLAIM 1
. In a data processing system which processes cryptographic service requests for the management of cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that key management functions requested for a crytographic key have been authorized by the originator of the key, comprising: a crytographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing key management functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a key management function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic, control means for receiving control signals to initiate checking that said control vector authorizes the key management function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said key management function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested key management function with said cryptographic key.

US4941176A
CLAIM 22
. The apparatus of claim 1, wherein said associated. control vector includes fields enforcing the separation of key encryption keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority, key management) based on two mutually exclusive intended uses.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US4918728A

Filed: 1989-08-30     Issued: 1990-04-17

Data cryptography operations using control vectors

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Stephen M. Matyas, Dennis G. Abraham, Donald B. Johnson, Ramesh K. Karne, An V. Le, Rostislaw Prymak, Julian Thomas, John D. Wilkins, Phil C. Yeh
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (key management) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4918728A
CLAIM 1
. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key.

US4918728A
CLAIM 5
. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated.

US4918728A
CLAIM 21
. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (key management) system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4918728A
CLAIM 1
. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key.

US4918728A
CLAIM 5
. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated.

US4918728A
CLAIM 21
. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (key management) system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4918728A
CLAIM 1
. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key.

US4918728A
CLAIM 5
. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated.

US4918728A
CLAIM 21
. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (key management) system, a key backup (cryptographic keys) system, a key escrow, a key escrow (cryptographic keys) agent, a cryptographic library, a key certification (cryptographic keys) authority, a key distribution (cryptographic keys) center, a key management center, a key arbitration (input data) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4918728A
CLAIM 1
. In a data processing system which processes cryptographic service requests for performing data cryptography functions on data using cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) which are associated with control vectors defining the functions which each key is allowed by its originator to perform, an apparatus for validating that the data cryptography functions requested for a cryptographic key have been authorized by the originator of the key, comprising: a cryptographic facility characterized by a secure boundary through which passes an input path for receiving said cryptographic service requests, data, cryptographic keys and their associated control vectors, and an output path for providing responses thereto, there being included within said boundary a cryptographic control means coupled to said input path, a control vector checking means and a cryptographic processing means coupled to said control means, and a master key storage coupled to said processing means, for providing a secure location for executing data cryptography functions in response to said received service requests;
said cryptographic control means receiving over said input path a cryptographic service request for performing a data cryptography function with a cryptographic key;
said control vector checking means having an input coupled to said input path for receiving a control vector associated with said cryptographic key and an input coupled to said cryptographic control means, for receiving control signals to initiate checking that said control vector authorizes the data cryptographic function which is requested by said cryptographic service request;
said control vector checking means having an authorization output coupled to an input of said cryptographic processing means, for signalling that said data cryptography function is authorized, the receipt of which by said cryptographic processing means initiates the performance of the requested data cryptography function with said cryptographic key.

US4918728A
CLAIM 5
. The apparatus of claim 1, wherein said associated control vector includes fields defining authorized types of cryptographic functions including key management (key management) functions, data cryptography functions and PIN processing functions, and the data cryptography functions type is designated.

US4918728A
CLAIM 21
. The apparatus of claim 18, wherein said associated control vector further includes a usage field designating that said cryptographic key can be used as the input data (key arbitration) key in a translate ciphertext function.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US4850017A

Filed: 1987-05-29     Issued: 1989-07-18

Controlled use of cryptographic keys via generating station established control values

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Stephen M. Matyas, Jr., Carl H. W. Meyer, Bruno O. Brachtl
US8929552
CLAIM 7
. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 8
. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (random number) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 9
. A method of securing electronic information (temporarily store) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (random number) system.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 11
. A method of securing electronic information (temporarily store) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 12
. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 14
. A method of securing electronic information (temporarily store) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (random number) system, a key backup (random number) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (random number) authority, a key distribution center, a key management center, a key arbitration (random number) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number (random number) generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 16
. An electronic information (temporarily store) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 17
. An electronic information (temporarily store) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 18
. An electronic information (temporarily store) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (random number) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 19
. An electronic information (temporarily store) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (random number) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 20
. An electronic information (temporarily store) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 21
. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 24
. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (random number) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 25
. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.

US8929552
CLAIM 26
. An electronic information (temporarily store) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (random number) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US4850017A
CLAIM 4
. The method recited in claim 3 further comprising at a designated using station the steps of: checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f 1 using a combining function g 1 to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f 2 , comparing the temporarily store (electronic information) d combined function f 2 with said authenticating function f 2 , and if said stored combined function f 2 and said authenticating function f 2 are equal, enabling said requested cryptographic operation;
otherwise, aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.

US4850017A
CLAIM 8
. The method recited in claim 7 wherein the step of combining to produce the combined function f 3 is performed by encrypting said random number (random number, key management, key backup, key certification, key arbitration, key certification authority, key management center, key arbitration center) under said decrypted secret transport key for each of the designated using stations.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6230197B1

Filed: 1998-09-11     Issued: 2001-05-08

Method and apparatus for rules-based storage and retrieval of multimedia interactions within a communication center

(Original Assignee) Genesys Telecommunications Laboratories Inc     (Current Assignee) Genesys Telecommunications Laboratories Inc

Christopher Clemmentt Macleod Beck, Jonathan Michael Berke, Joel A Johnstone, Robin Marie Mitchell, James Karl Powers, Mark Franklin Sidell, Charles Dazler Knuff
US8929552
CLAIM 2
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information, wherein said step of securing electronic information (receiving notification) comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 4
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information, wherein said step of securing electronic information (receiving notification) comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 5
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , or 4 , further comprising the steps of: generating said at least one cryptographic key;

and confirming generation of said at least one cryptographic key.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 6
. A method of securing electronic information (receiving notification) as described in claim 5 , wherein said step of confirming generation comprises confirming generation of at least one valid key and further comprising the step of providing said at least one cryptographic key in a read-only format, wherein said step of confirming generation of at least one valid key comprises confirming generation of said cryptographic key in a read-only format.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 7
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 8
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 9
. A method of securing electronic information (receiving notification) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management system.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 10
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , wherein said step of associating at least one cryptographic key with electronic information comprises associating at least one cryptographic key with at least one system identification selected from the group consisting of: a ticket, a pointer, a certificate, an add-on module, user information, and a random number.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 11
. A method of securing electronic information (receiving notification) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 12
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 13
. A method of securing electronic information (receiving notification) as described in claim 3 , wherein said step of securing electronic information comprises transferring electronic information, and further comprising the step of encrypting said electronic information in a secure socket layer during transferring.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 14
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 15
. A method of securing electronic information (receiving notification) as described in claims 1 , 2 or 3 , wherein said step of securing electronic information comprises restricting access to electronic information to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to secure electronic information under conditions of enhanced security.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 16
. An electronic information (receiving notification) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 17
. An electronic information (receiving notification) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 18
. An electronic information (receiving notification) securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 19
. An electronic information (receiving notification) securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 20
. An electronic information (receiving notification) securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 21
. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 22
. An electronic information (receiving notification) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 23
. An electronic information (receiving notification) securement system as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 24
. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 25
. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 26
. An electronic information (receiving notification) securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 27
. An electronic information (receiving notification) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by a client.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 28
. An electronic information (receiving notification) securement system as described in claim 24 , wherein access to secured electronic information is restricted to physical access by an administrator.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 29
. An electronic information (receiving notification) securement system as described in claim 16 , 17 or 18 , wherein access to secured electronic information is restricted to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to said secure electronic information under conditions of enhanced security.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 30
. An electronic information (receiving notification) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 31
. An electronic information (receiving notification) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 32
. An electronic information (receiving notification) securement system as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 33
. An electronic information (receiving notification) securement system as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 34
. An electronic information (receiving notification) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by a client.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 35
. An electronic information (receiving notification) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by a client.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 36
. An electronic information (receiving notification) securement system as described in claim 25 , wherein access to secured electronic information is restricted to physical access by an administrator.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.

US8929552
CLAIM 37
. An electronic information (receiving notification) securement system as described in claim 26 , wherein access to secured electronic information is restricted to physical access by an administrator.
US6230197B1
CLAIM 9
. A method for receiving and routing multimedia communication events in a multimedia-capable call center, and making recordings of the events available to users, comprising steps of;
(a) storing both text-based and non-text-based events involving the call center in a data repository;
(b) preparing a text version of non-text communication events;
(c) storing the text versions in the data repository related to the non-text versions;
(d) receiving notification (electronic information, electronic information securement system, securing electronic information, securing electronic information comprises saving electronic information) of an incoming non-text event by the user and the text-based version of the non-text event is mirrored and routed to the agent along with notification of the incoming event;
(e) relating the stored files in one or more serial strings according to relational criteria;
and (f) providing an interactive display interface on a computer video monitor, the interface adapted for displaying identifiers of the stored files, the identifiers arranged in a serial string according to the relational criteria, wherein the user, after receiving notification of the event along with the text version of non-text events selects identifiers, playing individual ones of the stored files, thereby reviewing the recorded events.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6185681B1

Filed: 1998-05-07     Issued: 2001-02-06

Method of transparent encryption and decryption for an electronic document management system

(Original Assignee) MAZ TECHNOLOGIES Inc; MAZ TECHNOLOGIES Inc A CALIFORNIA Corp     (Current Assignee) RPX Corp

Stephen Zizzi
US8929552
CLAIM 1
. A method of securing electronic information, comprising the steps of: associating at least one cryptographic key with electronic information;

securing said at least one cryptographic key by a first functionality, wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (access module) system;

separately affirmatively confirming that said step of securing at least one cryptographic key has been appropriately accomplished by a second functionality (computer system) apart and independent from said first functionality and communicatively coupled to said first functionality in order to allow initial cryptographic functioning of said at least one cryptographic key;

enabling a function responsive to said step of confirming that said step of securing at least one cryptographic key has been appropriately accomplished;

and securing electronic information.
US6185681B1
CLAIM 4
. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication;
if the access module does not authenticate the user, then always skipping steps (d) and (e);
else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user.

US6185681B1
CLAIM 29
. A program product for use in a general purpose computer that executes program steps recorded in a computer-readable media to perform a method of encrypting an electronic document which is open in an application program running in a general purpose computer, the general purpose computer including a display, a user input device and a processor, the program product comprising: a recordable media;
and a program of computer-readable instructions executable by the computer system (second functionality, computer system) to perform method steps comprising: (a) in response to a user issuing one of a “close,” “save” or “save as” command for the document using the user input device from within the application program and the command being translated into an event, automatically trapping the event;
(b) automatically obtaining an encryption key value;
(c) automatically encrypting the document using the encryption key value;
(d) automatically passing control to an electronic document management system;
whereby the electronic document management system can then execute the issued “close,” “save” or “save as” command and the electronic document is automatically encrypted.

US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (access module) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185681B1
CLAIM 4
. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication;
if the access module does not authenticate the user, then always skipping steps (d) and (e);
else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (access module) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185681B1
CLAIM 4
. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication;
if the access module does not authenticate the user, then always skipping steps (d) and (e);
else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (access module) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185681B1
CLAIM 4
. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication;
if the access module does not authenticate the user, then always skipping steps (d) and (e);
else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (access module) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (access module) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6185681B1
CLAIM 4
. A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of: the user submitting to an access module (key management, key certification, key certification authority) for user authentication;
if the access module does not authenticate the user, then always skipping steps (d) and (e);
else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6088747A

Filed: 1998-02-20     Issued: 2000-07-11

System for reformatting and burning of data files having a first format onto a compact disk to be utilized in a network using different format

(Original Assignee) Unisys Corp     (Current Assignee) Unisys Corp

Lauren Ann Cotugno, Edward Henry Frankel
US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment (said client) to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (computer platform) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US6088747A
CLAIM 5
. A network by which a client user of a first computer platform having an original native specialized format for multiple data files and a directory of said files, is enabled to re-format said files into a Container of standard byte-stream format suitable for use by a second computer platform or for transfer over the Internet, said network comprising: (a) a first computer platform having main memory, a CPU, a Master Control Program operating system, a Work Flow Language computer and a first storage medium (Disk A) for holding said original native specialized format files, said first platform including: (a1) a first program (MCP -- FILEWRAPPER) to verify the name of each data file, to create a directory of said data files in said directory and to open a new file to send to a second storage medium after calling a second program (NCP -- WRAPPER), said first program for placing a directory of files onto said second storage medium as MY/CONTAINER/FILE;
(a2) said second program (MCP -- WRAPPER) for converting said original native specialized format files into a standard byte stream format text data file Container (MY/CONTAINER/FILE) and placed onto a second storage media which is shared by a said second computer platform;
(b) said second computer platform having main memory, a CPU, a different operating system from said first platform and a third storage medium and including: (b1) a special program, initiated by said client (providing acknowledgment) user, for transferring said Container (MY/CONTAINER/FILE) on said second storage medium to said third storage medium as a resultant standard text data file Container (C:\MY\CONTAINER\FILE);
(b2) a CD Writer means connected to said third storage medium for accessing said Container (C:\MY\CONTAINER\FILE);
(c) client user terminal means for initiating said CD Writer means to burn said Container onto a Compact Disk;
(d) said Compact Disk for receiving said resultant Container in said standard byte stream text format utilizable by different computer platforms.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (computer platform) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (computer platform) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (computer platform) system having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (computer platform) system is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (computer platform) system and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (computer platform) system and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (computer platform) system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (computer platform) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (computer platform) system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US6088747A
CLAIM 3
. The method of claim 1 wherein step (c) includes the steps of: (c1) utilizing said second computer platform (key management, key management system, key management center) to transfer C:\MY\CONTAINER\FILE from said second storage medium to a third storage medium;
(c2) utilizing said second computer platform and its CD Write module to access said C:\MY\CONTAINER\FILE from said third storage medium and to burn said Container file onto said CD (Compact Disk).




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6088802A

Filed: 1997-06-04     Issued: 2000-07-11

Peripheral device with integrated security functionality

(Original Assignee) Spyrus Inc     (Current Assignee) SPEX TECHNOLOGIES Inc

William P. Bialick, Mark J. Sutherland, Janet L. Dolphin-Peterson, Thomas K. Rowland, Kirk W. Skeba, Russell D. Housley
US8929552
CLAIM 8
. A method of securing electronic information (wireless communication means) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6088802A
CLAIM 1
. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data;
target means for enabling a defined interaction with a host computing device;
means for enabling communication between the security means and the target means;
means for enabling communication with a host computing device;
means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device;
and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means.

US6088802A
CLAIM 16
. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) .

US8929552
CLAIM 11
. A method of securing electronic information (wireless communication means) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6088802A
CLAIM 1
. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data;
target means for enabling a defined interaction with a host computing device;
means for enabling communication between the security means and the target means;
means for enabling communication with a host computing device;
means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device;
and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means.

US6088802A
CLAIM 16
. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) .

US8929552
CLAIM 12
. A method of securing electronic information (wireless communication means) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6088802A
CLAIM 1
. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data;
target means for enabling a defined interaction with a host computing device;
means for enabling communication between the security means and the target means;
means for enabling communication with a host computing device;
means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device;
and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means.

US6088802A
CLAIM 16
. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) .

US8929552
CLAIM 14
. A method of securing electronic information (wireless communication means) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow (security operation) agent, a cryptographic library, a key certification (security operation) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6088802A
CLAIM 1
. A peripheral device, comprising: security means for enabling one or more security operation (key escrow, key certification, key escrow agent, key certification authority) s to be performed on data;
target means for enabling a defined interaction with a host computing device;
means for enabling communication between the security means and the target means;
means for enabling communication with a host computing device;
means for operably connecting the security means and/or the target means to the host computing device in response to an instruction from the host computing device;
and means for mediating communication of data between the host computing device and the target means so that the communicated data must first pass through the security means.

US6088802A
CLAIM 16
. A peripheral device as in claim 15, wherein the means for enabling communication between the host computing device and a remote device further comprises wireless communication means (securing electronic information) .




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6076099A

Filed: 1997-09-09     Issued: 2000-06-13

Method for configurable intelligent-agent-based wireless communication system

(Original Assignee) Chen; Thomas C. H.; Chen; Conway T.     

Thomas C. H. Chen, Conway T. Chen
US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information (plain text) to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration (communication controller) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6076099A
CLAIM 9
. The method as recited in claim 8, wherein said data form of step (l-13) is selectively to use a plain text (securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) format.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6073234A

Filed: 1998-04-27     Issued: 2000-06-06

Device for authenticating user's access rights to resources and method

(Original Assignee) Fuji Xerox Co Ltd     (Current Assignee) Fuji Xerox Co Ltd

Kenichiro Kigo, Masaki Kyojima, Shunichi Kojima, Kil-Ho Shin
US8929552
CLAIM 7
. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one client system and saving said at least one cryptographic key to at least one cryptographic key management (data C, user access) system, wherein said at least one client system is selected from the group consisting of: a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a rom, a chip, software, and firmware.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 8
. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (data C, user access) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 17
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u'
) X modp) of u'
under the modulus p from said t, said e and said authentication data u'
written in said first memory means.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 9
. A method of securing electronic information (IC cards, plain text) as described in claim 3 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key in a secure socket layer during transmission of said at least one cryptographic key and saving said at least one cryptographic key to at least one cryptographic key management (data C, user access) system.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 11
. A method of securing electronic information (IC cards, plain text) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (data C, user access) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 17
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u'
) X modp) of u'
under the modulus p from said t, said e and said authentication data u'
written in said first memory means.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 12
. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (data C, user access) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 17
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u'
) X modp) of u'
under the modulus p from said t, said e and said authentication data u'
written in said first memory means.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 14
. A method of securing electronic information (IC cards, plain text) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information (IC cards, plain text) to at least one electronic information storage system selected from the group consisting of: a key management (data C, user access) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data C, user access) authority, a key distribution (function value) center, a key management center, a key arbitration (function value) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 17
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof support information t stored in said third memory means is data t (=X-F(p, e)) which is obtained by subtracting a collision-free function value (key distribution, key arbitration, key distribution center, key arbitration center) F(p, e) dependent on user identification information e stored in said second memory means and said p from said X, and said proof data generation means calculates X-power ((u'
) X modp) of u'
under the modulus p from said t, said e and said authentication data u'
written in said first memory means.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 16
. An electronic information (IC cards, plain text) securement system, comprising: an electronic information securement system (IC cards, plain text) having a securement functionality;

at least one cryptographic key management (data C, user access) system (data C, user access) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 17
. An electronic information (IC cards, plain text) securement system, comprising: an electronic information securement system (IC cards, plain text) having a securement functionality;

at least one cryptographic key management (data C, user access) system (data C, user access) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 18
. An electronic information (IC cards, plain text) securement system, comprising: an electronic information securement system (IC cards, plain text) having a securement functionality;

at least one cryptographic key management (data C, user access) system (data C, user access) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 19
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (data C, user access) system (data C, user access) is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 20
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 21
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 22
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 23
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 19 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 24
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (data C, user access) system (data C, user access) is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 25
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 26
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (data C, user access) system (data C, user access) and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
US6073234A
CLAIM 7
. A device for authenticating user'
s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'
s right, said device for authenticating user'
s access rights to resources comprising: first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information;
fourth memory means for storing second authentication data;
random number generation means;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means;
and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C (key management system, key certification, key management, key certification authority) 1 and a second authentication data C 2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C 2 stored in said fourth memory means by decryption key which is said unique security characteristic information;
provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=a x modp where p is a modulus and a is a positive integer.

US6073234A
CLAIM 65
. In a device for authenticating user'
s access rights to resources in which a proof data generation device including at least said first memory means, said second memory means, said third memory means and said proof data generation means and a proof data verification device including at least said verification means and further including seventh memory means for storing authentication data, and eighth memory means for storing proof data are communicated with each other to thereby authenticating user access (key management system, key certification, key management, key certification authority) rights, said device for authenticating user'
s access rights to resources as claimed in claim 1, wherein said proof data verification device stores authentication data stored in said seventh memory means in said first memory means of said proof data generation device, said proof data generation device stores proof data generated based on said authentication data written in said first memory means by said proof data generation means in said eighth memory means in said proof data verification device, and said proof data verification device authenticates user access rights by use of said proof data written in said eighth memory means.

US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 27
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 24 , wherein access to secured electronic information is restricted to physical access by a client.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 28
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 24 , wherein access to secured electronic information is restricted to physical access by an administrator.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 29
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 16 , 17 or 18 , wherein access to secured electronic information is restricted to situations where the system receives substantially simultaneous access requests from a plurality of administrators in order to allow access to said secure electronic information under conditions of enhanced security.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 30
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 31
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by a client.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 32
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 20 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 33
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 21 , wherein access to secured cryptographic keys is restricted to physical access by an administrator.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 34
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 25 , wherein access to secured electronic information is restricted to physical access by a client.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 35
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 26 , wherein access to secured electronic information is restricted to physical access by a client.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 36
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 25 , wherein access to secured electronic information is restricted to physical access by an administrator.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.

US8929552
CLAIM 37
. An electronic information (IC cards, plain text) securement system (IC cards, plain text) as described in claim 26 , wherein access to secured electronic information is restricted to physical access by an administrator.
US6073234A
CLAIM 67
. The device for authenticating user'
s access rights to resources as claimed in claim 1, wherein at least said second memory means and said proof data generation means are arranged as small portable arithmetic units such as IC cards (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) .

US6073234A
CLAIM 70
. The device for authenticating user'
s access rights to resources as claimed in claim 2, wherein said verification means further includes ninth memory means for storing plain text (electronic information securement system, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information, electronic information) data corresponding to said second authentication data which is encrypted data and comparing means and said comparing means compares a value of said proof data generated by said proof data generation means or a calculated result of the computation using said proof data with the plain text data stored in said ninth memory means, and judges that said proof data is valid only when both of them agree with each other.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6023506A

Filed: 1996-10-28     Issued: 2000-02-08

Data encryption control apparatus and method

(Original Assignee) Hitachi Ltd     (Current Assignee) Hitachi Ltd

Ichiro Ote, Kazunori Iwabuchi, Hiroaki Washimi, Hiroshi Furukawa, Masahito Sumitomo, Yuuichi Kobayashi
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (encryption system, user access) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6023506A
CLAIM 1
. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files;
password registration means for registering an authentication password required for a user to access said storage area means;
and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means.

US6023506A
CLAIM 3
. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password;
and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means.

US6023506A
CLAIM 8
. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device.

US6023506A
CLAIM 19
. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files;
receiving from a user a password associated with the encryption folder;
authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder;
storing the password in the encryption folder;
receiving a user selection of an unencrypted data file to be encrypted;
retrieving the password stored in the encryption folder;
automatically generating an encryption key associated with the encryption folder based on the retrieved password;
and encrypting the selected data file using the encryption key.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (encryption system, user access) system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6023506A
CLAIM 1
. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files;
password registration means for registering an authentication password required for a user to access said storage area means;
and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means.

US6023506A
CLAIM 3
. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password;
and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means.

US6023506A
CLAIM 8
. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device.

US6023506A
CLAIM 19
. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files;
receiving from a user a password associated with the encryption folder;
authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder;
storing the password in the encryption folder;
receiving a user selection of an unencrypted data file to be encrypted;
retrieving the password stored in the encryption folder;
automatically generating an encryption key associated with the encryption folder based on the retrieved password;
and encrypting the selected data file using the encryption key.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (encryption system, user access) system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6023506A
CLAIM 1
. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files;
password registration means for registering an authentication password required for a user to access said storage area means;
and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means.

US6023506A
CLAIM 3
. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password;
and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means.

US6023506A
CLAIM 8
. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device.

US6023506A
CLAIM 19
. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files;
receiving from a user a password associated with the encryption folder;
authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder;
storing the password in the encryption folder;
receiving a user selection of an unencrypted data file to be encrypted;
retrieving the password stored in the encryption folder;
automatically generating an encryption key associated with the encryption folder based on the retrieved password;
and encrypting the selected data file using the encryption key.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information (plain text) to at least one electronic information storage system selected from the group consisting of: a key management (encryption system, user access) system, a key backup (original location) system, a key escrow, a key escrow agent, a cryptographic library, a key certification (encryption system, user access) authority, a key distribution (key generation) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6023506A
CLAIM 1
. In a data encryption system (key management, key certification, key management center) for encrypting/decrypting information on a computer, a file encryption apparatus comprising: storage area means for storing one or more encrypted files with a specific encryption key associated with said storage area means and storing encrypted information for managing the files;
password registration means for registering an authentication password required for a user to access said storage area means;
and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means.

US6023506A
CLAIM 3
. A file encryption apparatus according to claim 1, further comprising: automatic encryption key generation (key distribution) means for automatically generating said encryption key associated with said storage means on the basis of said authentication password;
and said file encryption/decryption means performing file encryption and file decryption by using said encryption key automatically generated by said automatic encryption key generation means.

US6023506A
CLAIM 8
. A file encryption apparatus according to claim 1, wherein said storage area means comprises a location information table indicating a location, on a memory device before encryption, of said encrypted file stored in said storage area means, and wherein when decrypting said encrypted file, an unencrypted file obtained after decryption is automatically returned to the original location (key backup) on the memory device.

US6023506A
CLAIM 12
. A method for encrypting and decrypting information on a computer, using an apparatus, said method comprising the steps of: providing a storage area defined as a storage folder, formed by specifying an encrypted file area for storing encrypted files obtained by encrypting plain text (securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) files as said information, an encrypted data area for storing plain text file names in association with encrypted file names, and a password storage area for storing a password obtained by encrypting, by means of a system key, a password inputted by a user;
in encryption, generating an encrypted password by using a system key from a password inputted by an encryption user and storing said encrypted password in said password storage area;
decrypting said encrypted password by using the system key and generating an encryption key;
encrypting a specified plain text file by using said encryption key and said encrypted plain text file in said encrypted file area;
and registering a table representing the relation of plain text file names with encrypted file names in said encrypted data area;
in decryption displaying said registered association table of the encrypted data area on the basis of a password inputted by an decryption user;
making the decryption user specify a file name to be decrypted by referring to said displayed table;
generating said encryption key on the basis of said inputted password;
and decrypting an encrypted file having said specified file name by using said generated encryption key.

US6023506A
CLAIM 19
. A method of encrypting information comprising the steps of: creating an encryption folder for holding a plurality of encrypted files;
receiving from a user a password associated with the encryption folder;
authenticating the password to provide the user access (key management, key certification, key management center) to files in the encryption folder;
storing the password in the encryption folder;
receiving a user selection of an unencrypted data file to be encrypted;
retrieving the password stored in the encryption folder;
automatically generating an encryption key associated with the encryption folder based on the retrieved password;
and encrypting the selected data file using the encryption key.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US6014134A

Filed: 1996-08-23     Issued: 2000-01-11

Network-based intelligent tutoring system

(Original Assignee) US West Inc; MediaOne Group Inc     (Current Assignee) Qwest Communications International Inc

Brigham R. Bell, William D. Hurley, Srdjan N. Kovacevic, Michelle Neves, Alan S. Wolff, Charles P. Bloom
US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment (transformation step, said client) to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (generation module) authority, a key distribution center, a key management center, a key arbitration (generation module) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US6014134A
CLAIM 21
. An apparatus as claimed in claim 14, further including an HTML Internet browser for receiving said collection at said client (providing acknowledgment) node.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5991796A

Filed: 1998-08-13     Issued: 1999-11-23

Technique for obtaining and exchanging information on world wide web

(Original Assignee) Nokia of America Corp     (Current Assignee) SOUND VIEW INNOVATIONS LLC ; Alcatel Lucent SAS

Vinod Anupam, Narain H. Gehani, Kenneth R. Rodemann
US8929552
CLAIM 14
. A method of securing electronic information (one source) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5991796A
CLAIM 20
. A server system for admitting at least a first device and a second device into a session in which the first device is allowed to communicate with the second device, the first device including a browser for obtaining information from at least one source (electronic information, securing electronic information comprises transferring electronic information, securing electronic information comprises saving electronic information) , the system comprising: a processor for providing programming code to the first device to generate a surrogate therein after the first device is admitted to the session, the surrogate obtaining first data from the browser;
and a controller connected to the first device and the second device, the controller receiving the first data from the surrogate and, after the second device is admitted to the session, transmitting to the second device second data based on the first data.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5987140A

Filed: 1996-04-26     Issued: 1999-11-16

System, method and article of manufacture for secure network electronic payment and credit collection

(Original Assignee) VeriFone Inc     (Current Assignee) Hewlett Packard Enterprise Development LP

Kevin Thomas Bartholomew Rowney, Deepak S. Nadig
US8929552
CLAIM 8
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5987140A
CLAIM 1
. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network;
(b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer;
(c) transmitting an encrypted payment transaction from said customer computer to said merchant computer;
(d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm;
and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing.

US8929552
CLAIM 11
. A method of securing electronic information (third party) as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5987140A
CLAIM 1
. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network;
(b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer;
(c) transmitting an encrypted payment transaction from said customer computer to said merchant computer;
(d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm;
and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing.

US8929552
CLAIM 12
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment (said client) to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5987140A
CLAIM 1
. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network;
(b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer;
(c) transmitting an encrypted payment transaction from said customer computer to said merchant computer;
(d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm;
and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing.

US5987140A
CLAIM 5
. A method for initiating secure communication between a first and a second computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) obtaining client information for use in said secure communication between said first and said second computer;
(b) establishing a communication between said first and said second computer via said network;
and (c) reformatting said client (providing acknowledgment) information into said payment transaction which substantially complies with a third party secure protocol for further payment processing.

US8929552
CLAIM 14
. A method of securing electronic information (third party) as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (third party) authority, a key distribution center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5987140A
CLAIM 1
. A method for initiating secure communication between a customer computer and a merchant computer connected to a network for receiving and transmitting a payment transaction, comprising the steps of: (a) establishing a communication between said customer computer and said merchant computer via said network;
(b) identifying an encryption algorithm and a decryption algorithm utilized by said customer computer and said merchant computer;
(c) transmitting an encrypted payment transaction from said customer computer to said merchant computer;
(d) receiving said encrypted payment transaction at said merchant computer and decrypting said encrypted payment transaction utilizing said decryption algorithm;
and (e) reformatting said payment transaction to substantially comply with a third party (key certification, securing electronic information) secure protocol for further payment processing.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5982857A

Filed: 1995-10-23     Issued: 1999-11-09

Voice recording method and system providing context specific storage and retrieval

(Original Assignee) Apropros Technology     (Current Assignee) Apropros Technology ; Apropos Technology inc

Patrick K. Brady
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5982857A
CLAIM 1
. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data;
a computer coupled to said telephony data distribution system;
a storage device coupled to said computer;
a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data;
an automatic recording process for automatically retrievably recording said telephony data;
and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5982857A
CLAIM 1
. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data;
a computer coupled to said telephony data distribution system;
a storage device coupled to said computer;
a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data;
an automatic recording process for automatically retrievably recording said telephony data;
and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5982857A
CLAIM 1
. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data;
a computer coupled to said telephony data distribution system;
a storage device coupled to said computer;
a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data;
an automatic recording process for automatically retrievably recording said telephony data;
and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification (data distribution system) authority, a key distribution center, a key management center, a key arbitration (data distribution system) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5982857A
CLAIM 1
. A telephony data recording system, comprising: a telephony data distribution system (key certification, key arbitration) to distribute telephony data and to determine information associated with said telephony data;
a computer coupled to said telephony data distribution system;
a storage device coupled to said computer;
a recording device coupled to said computer and to said telephony data distribution system to receive said telephony data;
an automatic recording process for automatically retrievably recording said telephony data;
and an application process executing on said computer to obtain said information and to retrievably store said information, wherein said automatic recording process comprises a process for automatically recording the telephony data, or any portion thereof, on the basis of said information, and wherein said information comprises caller identification data and said automatic recording process comprises a process for determining whether to record the telephony data, or any portion thereof, in accordance with said caller identification data.




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
US5978475A

Filed: 1997-07-18     Issued: 1999-11-02

Event auditing system

(Original Assignee) Counterpane Internet Security Inc     (Current Assignee) BT Americas Inc

Bruce Schneier, John M. Kelsey
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5978475A
CLAIM 16
. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines.

US5978475A
CLAIM 42
. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US5978475A
CLAIM 45
. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5978475A
CLAIM 16
. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines.

US5978475A
CLAIM 42
. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US5978475A
CLAIM 45
. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5978475A
CLAIM 16
. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines.

US5978475A
CLAIM 42
. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US5978475A
CLAIM 45
. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management system, a key backup (cryptographic operations, cryptographic keys, secret sharing) system, a key escrow, a key escrow (cryptographic operations, cryptographic keys, secret sharing) agent, a cryptographic library, a key certification (cryptographic operations, cryptographic keys, secret sharing) authority, a key distribution (cryptographic operations, cryptographic keys, secret sharing) center, a key management center, a key arbitration center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
US5978475A
CLAIM 16
. The method of claim 13 where said distributed logging scheme includes using a secret sharing (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) scheme to store a logging parameter among at least some of said untrusted machines.

US5978475A
CLAIM 42
. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .

US5978475A
CLAIM 45
. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys (key backup, key escrow, key certification, key distribution, key backup system, key escrow agent, key certification authority) .




US8929552

Filed: 2001-06-01     Issued: 2015-01-06

Electronic information and cryptographic key management system

(Original Assignee) No Magic Inc     (Current Assignee) Saveitsafe LLC

Paul T. Duncanson, Jr.
EP0807911A2

Filed: 1997-05-12     Issued: 1997-11-19

Client/server protocol for proving authenticity

(Original Assignee) RSA Data Security Inc     (Current Assignee) RSA Security LLC

Burton S. Kaliski, Jr.
US8929552
CLAIM 8
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing at least one cryptographic key comprises encrypting said at least one cryptographic key by at least one electronic information storage system and saving said at least one cryptographic key to at least one cryptographic key management (function value, public keys) system, wherein said at least one electronic information storage system is selected from the group consisting of: a key management system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 11
. A method of securing electronic information as described in claim 10 , further comprising the step of generating said at least one user identification by at least one electronic information storage system selected from the group consisting of: a key management (function value, public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 12
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , further comprising the step of providing acknowledgment to at least one electronic information storage system of said step of securing said at least one cryptographic key in response to said step of confirming, said at least one electronic information storage system selected from the group consisting of: a key management (function value, public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 14
. A method of securing electronic information as described in claims 1 , 2 , 3 , or 4 , wherein said step of securing electronic information comprises saving electronic information to at least one electronic information storage system selected from the group consisting of: a key management (function value, public keys) system, a key backup system, a key escrow, a key escrow agent, a cryptographic library, a key certification authority, a key distribution (function value, public keys) center, a key management center, a key arbitration (function value, public keys) center, a directory service, a database, a computer system, a terminal, a server, a network, a random number generator, a memory, a domain, a smart card, a read-only memory, a chip, software, and firmware.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 16
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (function value, public keys) system (function value, public keys) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one client system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 17
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (function value, public keys) system (function value, public keys) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information;

and at least one electronic information storage system communicatively coupled to said at least one cryptographic key management system and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 18
. An electronic information securement system, comprising: an electronic information securement system having a securement functionality;

at least one cryptographic key management (function value, public keys) system (function value, public keys) having a separate affirmative confirmation functionality configured to confirm that securing of a cryptographic key has been appropriately accomplished by a functionality apart and independent from said securement functionality and communicatively coupled to said securement functionality in order to allow initial cryptographic functioning of said at least one cryptographic key, wherein said at least one cryptographic key management system is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to situations where the system receives substantially simultaneous access requests in order to allow access to said secure electronic information under conditions of enhanced security;

wherein said electronic information securement system is enabled to perform a function in response to a confirmation from said at least one cryptographic key management system and is configured to secure electronic information.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 19
. An electronic information securement system as described in claims 16 , 17 or 18 wherein said at least one cryptographic key management (function value, public keys) system (function value, public keys) is configured to secure cryptographic keys and wherein access to cryptographic keys secured to said at least one cryptographic key management system is restricted to physical access.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 20
. An electronic information securement system as described in claims 16 , 17 or 18 further comprising at least one client system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one client system is restricted to physical access.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 21
. An electronic information securement system as described in claims 16 , 17 , or 18 further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and wherein said at least one electronic information storage system is configured to secure cryptographic keys, and wherein access to cryptographic keys secured to said at least one electronic information storage system is restricted to physical access.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 24
. An electronic information securement system as described in claims 16 , 17 , or 18 , wherein said at least one cryptographic key management (function value, public keys) system (function value, public keys) is configured to secure electronic information, and wherein access to electronic information secured to said at least one cryptographic key management system is restricted to physical access.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 25
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one client system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and configured to secure electronic information, and wherein access to electronic information secured to said at least one client system is restricted to physical access.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.

US8929552
CLAIM 26
. An electronic information securement system as described in claims 16 , 17 , or 18 , further comprising at least one electronic information storage system communicatively coupled to said at least one cryptographic key management (function value, public keys) system (function value, public keys) and configured to secure electronic information, and wherein access to electronic information secured to said at least one electronic information storage system is restricted to physical access.
EP0807911A2
CLAIM 29
A smart card as in claim 28 wherein said read only memory has stored therein a plurality of public keys (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) belonging to respectively different servers which may be used as a source from which the trusted sewers'
public key is produced.

EP0807911A2
CLAIM 78
A method as in claim 65 wherein the data essential to verify the credential includes at least a secret value whose one-way function value (key distribution, key arbitration, key management system, key distribution center, key arbitration center, key management) is contained in the credential.