Values exclusions
US-2024097905-A1 · Mar 21, 2024 · US
Supporting the decryption of encrypted data
US2016149705A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016149705-A1 |
| Application number | US-201514927582-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 30, 2015 |
| Priority date | Aug 12, 2013 |
| Publication date | May 26, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first installation stores a secret key of a user and a second installation provides encrypted data for the user. In order that a user apparatus can decrypt the encrypted data, the apparatus creates a one-time password, encrypts the one-time password by means of a public key of the first installation and causes the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation. The first installation decrypts the one-time password, searches for the secret key based on the key identification, encrypts it with the one-time password and transmits the encrypted secret key to the apparatus via the second installation. There, the secret key of the user is decrypted by means of the one-time password and is used for decrypting the encrypted data.
First claim
Opening claim text (preview).
1 . A method performed by an apparatus, wherein a first installation is configured to provide a secret key of a user of the apparatus, and wherein a second installation is configured to provide data for the user, the method comprising: logging on to the second installation with authentication of the user, receiving encrypted data from the second installation, creating a one-time password, encrypting the one-time password by means of a public key of the first installation, transmitting the encrypted one-time password to the second installation and causing the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation, receiving the secret key of the user, which was encrypted by the first installation with the one-time password, from the second installation, decrypting the secret key of the user by means of the one-time password and decrypting the encrypted data by means of the secret key of the user. 2 . The method according to claim 1 , wherein the one-time password is created automatically, when it is determined that encrypted data has been received from the second installation. 3 . The method according to claim 1 , wherein the apparatus is caused to perform the method one of by program instructions stored in a local memory of the apparatus and executed by a processor of the apparatus or by program instructions received via a browser and executed by a processor of the apparatus. 4 . An apparatus comprising at least one processor and at least one memory with a program, the at least one memory and the program configured to, with the at least one processor, cause the apparatus to perform the following: log on to a second installation with authentication of a user, wherein a first installation is configured to provide a secret key of the user of the apparatus, and wherein the second installation is configured to provide data for the user, receive encrypted data from the second installation, create a one-time password, encrypt the one-time password by means of a public key of the first installation, transmit the encrypted one-time password to the second installation and cause the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation, receive the secret key of the user, which was encrypted by the first installation with the one-time password, from the second installation, decrypt the secret key of the user by means of the one-time password and decrypt the encrypted data by means of the secret key of the user. 5 . The apparatus according to claim 4 , wherein the at least one memory and the program are configured to cause the apparatus to create the one-time password automatically, when it is determined that encrypted data has been received from the second installation. 6 . The apparatus according to claim 4 , wherein the apparatus is one of a device or a module for a device. 7 . A non-transitory computer-readable storage medium which stores a program comprising program instructions, wherein the program instructions when executed by a processor cause an apparatus to perform the following: log on to a second installation with authentication of a user, wherein a first installation is configured to provide a secret key of the user of the apparatus, and wherein the second installation is configured to provide data for the user, receive encrypted data from the second installation, create a one-time password, encrypt the one-time password by means of a public key of the first installation, transmit the encrypted one-time password to the second installation and cause the second installation to retrieve the secret key of the user from the first installation by means of the encrypted one-time password and a key identification allocated to the user in the second installation, receive the secret key of the user, which was encrypted by the first installation with the one-time password, from the second installation, decrypt the secret key of the user by means of the one-time password and decrypt the encrypted data by means of the secret key of the user. 8 . A method performed by an apparatus of a first installation, wherein a second installation is configured to provide data for a user, the method comprising: receiving a key identification and a one-time password, which was generated by an apparatus of a user and encrypted with a public key of the first installation, from the second installation which stores an allocation between users and key identifications, reading a secret key of the user, which is encrypted with the key identification, based on the received key identification from a memory of the first installation, decrypting the encrypted secret key of the user by means of the key identification, decrypting the encrypted one-time password by means of a private key of the first installation, encrypting the secret key of the user with the one-time password and transmitting the secret key of the user encrypted with the one-time password to the second installation for passing on to the apparatus of the user, in order to enable the user to decrypt encrypted data received from the second installation. 9 . The method according to claim 8 , further comprising cryptographically deriving a value from the received key identification, wherein the secret key of the user encrypted with the key identification is stored in the memory of the first installation with an allocation to a value cryptographically derived from the key identification, and wherein reading the secret key of the user encrypted with the key identification is based on the cryptographically derived value of the received key identification. 10 . The method according to claim 8 , wherein a stored, encrypted secret key of a user is generated beforehand by the apparatus of the first installation as follows: receiving a request from the second installation to generate a secret key for a user, generating a secret key for a user independent of a user input, generating a key identification for the secret key for the user, encrypting the secret key for the user with the key identification and storing the encrypted secret key in the memory of the first installation for retrieval by an apparatus of the user via the second installation. 11 . The method according to claim 10 , further comprising: sending the key identification to the second installation for storage of the key identification with an allocation to a user. 12 . The method according to claim 10 , further comprising: cryptographically deriving a value from the generated key identification, storing the cryptographically derived value in the memory of the first installation with an allocation to the secret key encrypted with the key identification and deleting the key identification in the first installation. 13 . The method according to claim 8 , wherein the secret key is one of a private key of a key pair for asymmetric encryption or a key for symmetric encryption. 14 . The method according to claim 10 , wherein the secret key is a private key of a key pair for asymmetric encryption, further comprising generating a public key for the user and one of storing the public key in the first installation only, or transmitting the public key to the second installation for storage in the second installation only, or storing the public key in the first installation and transmitting the pu
Assignees
Inventors
Classifications
using one-time-passwords · CPC title
- H04L9/3228Primary
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
involving passwords or one-time passwords (network architectures or network communication protocols for using one-time keys in a packet data network H04L63/067) · CPC title
- H04L9/0819Primary
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
involving a third party or a trusted authority · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016149705A1 cover?
- A first installation stores a secret key of a user and a second installation provides encrypted data for the user. In order that a user apparatus can decrypt the encrypted data, the apparatus creates a one-time password, encrypts the one-time password by means of a public key of the first installation and causes the second installation to retrieve the secret key of the user from the first insta…
- Who is the assignee on this patent?
- Bobinski Mike, Pabel Jürgen, Deutsche Post Ag
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3228. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu May 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).