WO2007003783A2 - Digital data distributing server, digital data decrypting server, digital data transmitting system and method - Google Patents

Digital data distributing server, digital data decrypting server, digital data transmitting system and method Download PDF

Info

Publication number
WO2007003783A2
WO2007003783A2 PCT/FR2006/001546 FR2006001546W WO2007003783A2 WO 2007003783 A2 WO2007003783 A2 WO 2007003783A2 FR 2006001546 W FR2006001546 W FR 2006001546W WO 2007003783 A2 WO2007003783 A2 WO 2007003783A2
Authority
WO
Grant status
Application
Patent type
Prior art keywords
digital data
server
means
user
group
Prior art date
Application number
PCT/FR2006/001546
Other languages
French (fr)
Other versions
WO2007003783A3 (en )
Inventor
Julie Loc'h
Loïc HOUSSIER
Laurent Frisch
Original Assignee
France Telecom
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Abstract

A digital data distributing server (12) comprises means (12) for receiving encrypted digital data intended for a group of users and means (17) for sending the decrypted digital data to the group of users. Said server also comprises means (24) for transmitting a request containing decrypted digital data received by the receiving means to a decrypting server (20) distinct from the distributing server (12) and means (25) for recovering processed digital data received from the decrypting server and for delivering said data to sending means.

Description

digital data distribution server, digital data decrypting server, transmission system and digital data transmission method

The present invention relates to a digital data distribution server, a digital data decrypting server, and a system and method for transmitting digital data.

To transmit confidential digital data securely to a user it usually makes the encryption of the digital data. This encryption is preferably performed using encryption keys.

To this end, a pair of encryption keys, called public key (used freely by everyone) and private key (used only by the user with the private key) is assigned to each user to receive data. These public and private keys respectively for the encryption and decryption of digital data so that digital data encrypted with the public key can only be decrypted using the corresponding private key.

Thus, when a user wants transmitter transmitting encrypted digital data to a recipient user, encrypts data using the public key of the recipient user. After receipt, the receiving user can then decrypt the digital data using its private key.

In some cases, an issuer user may wish to transmit digital data to a group of users receivers, without knowing the exact composition of this group of users. In this case, a clean pair of public and private key to the user group is assigned to this user group, so the sending user encrypts data using the public key of the group.

already known in the prior art, in particular from

GB 2368756, a digital data distribution server, comprising numerical data means for receiving encrypted for a group of users and means for sending the digital data after decryption to users of the user group.

The user transmitter sends digital data to the distribution server, after the encrypted digital data using the public key of the group. The digital data is then decrypted by the server using the private key of the group. Finally, the digital data is distributed to at least one user of the user group.

In this state of the art, the private key of the group is stored on the distribution server, which must be able to receive digital data of all kinds, making it particularly vulnerable to malicious as viruses and attack programs can especially be sent. Thus, the private key of the user group can be hacked, compromising the reliability of the encryption.

In addition, the transmitter user may wish to send digital data to multiple distribution servers. Each distribution server then distributes digital data to specific users group of users connected to that server.

Each distribution server then contains the private key of the user group, in order to decrypt the digital data transmitted to it. Piracy risk is increased because it is stored on multiple servers.

The invention aims in particular to overcome these disadvantages by providing a digital data distribution server, comprising means for receiving encrypted digital data for a group of users and means for sending this digital data after decryption users of the user group, characterized in that it comprises a motion transmission means containing the encrypted digital data received by the receiving means to a separate decryption server of the distribution server, and means for recover digital data processed from the decryption server and provide the means to send. The cryptographic processing digital data is fully implemented by the decryption server and not by the distribution server. The private key of the user group is solely owned by the decryption server, which may be connected to several different distribution servers.

Thus, it becomes unnecessary to store the private key on multiple distribution servers. In addition, the decryption server can be effectively protected against external attacks because its external trade can be specialized and limited to queries of acceptances from distribution servers and made available to answer these queries.

Optionally, the means for sending and receiving digital data are adapted to send and receive these digital data as an electronic mail. The transmission of digital data is facilitated.

Preferably, a distribution server according to the invention comprises a database comprising e-mail addresses of users of the user group. Thus, the distribution server is capable of distributing digital data via email to every user of the user group. The invention also relates to digital data decrypting server intended to be provided to users of a user group, characterized in that it comprises means for acquiring the encrypted digital data from a request from d a distribution server and means of provision, only the distribution sender of the request server, a response containing the processed digital data using a private key encryption of the user group.

Optionally, the decryption server includes a database in which is stored at least a public encryption key from a user of the user group for encryption of digital data. Thus, the decryption server is also adapted to encrypt again the decrypted digital data, to transmit them securely to the user of the user group.

Optionally, the database includes several private encryption keys associated respectively with separate user groups. Thus, the decryption server is able to implement the cryptographic processing digital data for several different user groups.

Optionally, a decryption server of the invention comprises connection means to a Public Key Infrastructure, the Public Key Infrastructure comprising, in a database, at least a private encryption key of a group of users and possibly a public encryption key from a user of the user group. Thus, the decryption server does not involve itself encryption keys, but can get them through these means for connection to the Public Key Infrastructure.

The invention further relates to a digital data transmission system to a group of users, characterized in that it comprises at least one of the data distribution server and a decryption server as described above, the decryption server being separate from the data distribution server and being for performing a cryptographic processing digital data. The invention finally relates to a method for transmitting digital data to be supplied to a group of users by means of a transmission system as described above, characterized in that it comprises: a step of encrypting digital data using a public key encryption of the user group, - a step of sending encrypted data to the distribution server, a step of transmitting, to the decryption server, a query containing the encrypted data, a data processing step using a private encryption key corresponding to the public key of the group, - a step of provision, only the distribution server sender of the request, a response containing the processed data, and a data distribution step treated with at least one user of the user group.

Optionally, the method comprises a step of digital data encryption using the public key of at least a user to whom data is to be distributed, before putting the processed data available to the distribution server.

The invention will be better understood from reading the description which follows, given as an example only and with reference to the accompanying drawings in which:

- Figure 1 shows a digital data transmission system according to a first embodiment of the invention;

- Figure 2 shows a digital data transmission system according to a second embodiment of the invention; - Figure 3 represents the steps of a digital data transmission method according to the invention.

There is shown in Figure 1 a digital data transmission system designated by the general reference 10.

Note that these digital data are generally provided by an emitter connected to the user system 10 using a terminal 11.

The system 10 comprises at least a first server 12 for the distribution of digital data, adapted to distribute the digital data supplied by the user transmitter 11 to user terminal 14 of a user group.

To this end, the distribution server 12 comprises means 16 and sending means 17 for receiving the digital data in the form of electronic mail, and a database 18 containing user email addresses 14 of the user group.

The transmission system 10 further includes a server 20 for decryption of the digital data separate from the distribution server 12. The decryption server 20 includes a module 21 for cryptographic processing, and a database 22 comprising at least one private key encryption of user group 14. Thus, the cryptographic processing module 21 is able to decrypt digital data for the user group using the private key of that group.

The database 22 further includes at least a public encryption key of a user 14 of the user group.

Alternatively, the data decryption server could include another database separate data from the database 22. In this case, the database 22 is for storing the private key encryption group of users 14 and the other database is for storing the public key encryption of a user 14 of the user group.

Thus, the cryptographic processing module 21 is able to encrypt digital data to be transmitted securely to a user 14 using the public key of the user 14.

So that the distribution server 12 and the decryption server 20 can communicate with each other, the distribution server 12 comprises means 24 for sending a request containing the digital data to the decryption server 20 and means 25 for recovering processed digital data from the decryption server 20 and to provide the sending means 16.

The decryption server 20 comprises means 26 for acquiring the encrypted digital data from the request, and means 28 made available to the digital data processed as a response to the request.

The processed digital data is only available for the server 12 distribution sender of the request.

Note that the transmission system 10 may include multiple digital data distribution servers. Thus, there is shown in Figure 1 a second server 12 'for distribution of digital data to users 14' of a group of users. In some cases, users 14 'may belong to the same user group as users 14 or belong to a second distinct group.

Analogously to the distribution server 12, the second distribution server 12 'includes means 16' and sending means 17, receiving the digital data as an electronic mail, a database 18 'including email addresses users 14 'and means 24' for sending a query containing the digital data to the decryption server 20.

In the case where users 14 'belong to a second group of distinct users of the user group 14, the database 22 of the decryption server 20 includes a second key associated with the second user group encryption 14'.

Thus, the database 22 may include a plurality of private encryption keys respectively assigned to a plurality of user groups. There is shown in Figure 2 a digital data transmission system according to a second embodiment of the invention. In this Figure 2, elements similar to those in Figure 1 are designated by identical references.

In this second embodiment, the decryption server 20 comprises means 30 for connection to a public key infrastructure (PKI) 32. This public key infrastructure 32 has a data base 34 comprising at least one private key encryption users group 14 and at least a public encryption key of a user 14 of the user group.

Thus, each time the decryption server 20 needs an encryption key, it sends a request to the Public Key Infrastructure. The Public Key Infrastructure 20 then verifies that decryption server has the necessary rights to access the private encryption key. If this is the case, he provides it as a response to the request.

There is shown in Figure 3 the steps of a method of transmitting digital data to a group of users by means of a transmission system 10 as described above.

In a first step 100, it encrypts digital data that the transmitting user 11 wishes to send, using the public key encryption of the user group to whom the data is intended. To this end, the sender user

11 got the public key encryption conventional manner, for example by using a certificate.

At step 110, the user transmitter 11 sends the encrypted data to the distribution server 12.

At step 120, the distribution server 12 transmits, to the decryption server 20, a request containing the encrypted data, through the transmission means 24 and the acquisition means 26.

At step 130, the decryption server 20 performs processing of the data using the private encryption key corresponding to the public key of the group used to encrypt the data. Depending on the embodiment used, the decryption server 20 may have this private key can be recovered or from a Public Key Infrastructure 32 using connecting means 30. In a step 140, the server decryption 20 performs, for each user 14 to which the digital data are intended, encryption of digital data using public keys of the users 14. in the same way as before, the public encryption key can be stored in the decryption server 20 or from a Public Key Infrastructure 32.

At step 150, the decryption server 20 provides, the distribution server 12 only, the data processed, thanks to the means 28 for providing and the means 25 for recovering the processed digital data.

At step 160, the distribution server 12 distributes the processed data to the user 14 of the user group by the means 16 for sending electronic mail and the database 18 containing the electronic addresses of the users 14. According cases, digital data can be sent to all users 14 or only to some of these users 14, according to the recipients specified by the sender user 11. Each user 14 receiving the digital data is then only decrypt with its private key encryption.

It is understood that the embodiment just described has no limiting and can receive any desirable modifications without departing from the scope of the invention.

Claims

1. Server (12) for distribution of digital data, comprising means (16) for receiving encrypted digital data to a group of users and means (17) for sending the digital data after decryption to users in the group of users, characterized in that it comprises means (24) sending a request containing the encrypted digital data received by the reception means to a server (20) separate decryption of the distribution server (12) and means (25) for retrieving processed digital data from the decryption server (20) and to provide the sending means (17).
2. Server (12) for dispensing according to claim 1, wherein the means (17) for receiving and the means (16) for sending digital data are respectively adapted to receive and send digital data such as an electronic mail.
3. Server (12) for dispensing according to claim 2, further comprising a database (18) comprising user email addresses (14) of the user group.
4. Server (20) of decryption of digital data to be provided to users (14) of a group of users, characterized in that it comprises means (26) for acquiring the encrypted digital data from a request from a distribution server, and means (28) providing only the distribution server sender of the request, a response containing the processed digital data by using a private key encryption of the user group.
5. Server (20) of decryption according to claim 4, comprising a database (22) having stored therein at least a public key of a user encryption (14) of the user group for the encryption of digital data .
6. Server (20) of decryption according to claim 5, wherein the database (22) comprises a number of private encryption keys respectively associated with separate groups of users.
7. A server (20) of decryption according to claim 4, comprising means (30) for connection to a Public Key Infrastructure (32), the Public Key Infrastructure (32) comprising, in a database (34) at least one private key encryption of a user group.
8. A server (20) of decryption according to claim 7, comprising means for connecting to a Public Key Infrastructure (32) comprising, in its database (34), at least a public key of a user encryption of user group.
9. System (10) for transmitting digital data to a group of users, characterized in that it comprises: - at least a server (12) for distributing data according to any one of claims 1 to 3,
- a server (20) of decryption according to any one of claims 4 to 9, separate from the server (12) for distributing data, for performing cryptographic processing digital data.
10. A method of transmitting digital data to be supplied to a group of users with a system (10) of transmission according to Claim 9, characterized in that it comprises: a step (100) encrypting digital data using an encryption public key of the user group, - a step (110) for sending the encrypted data to the distribution server
(12), a step (120) transmitting, to the decryption server (20), of a request containing the encrypted data,
- a step (130) for processing the data using a private encryption key corresponding to the public key of the group, a step (150) of making available only the distribution server sending the request, d a response containing the processed data, and a step (160) distribution of processed data to at least one user (14) of the user group.
11. A method of transmitting digital data according to claim 10, comprising, before to provide (150) the processed data to the distribution server (12), a step (140) of encrypting digital data using the public key of the user (14) to which the data is distributed.
PCT/FR2006/001546 2005-07-01 2006-06-30 Digital data distributing server, digital data decrypting server, digital data transmitting system and method WO2007003783A3 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
FR0507049 2005-07-01
FR0507049 2005-07-01

Publications (2)

Publication Number Publication Date
WO2007003783A2 true true WO2007003783A2 (en) 2007-01-11
WO2007003783A3 true WO2007003783A3 (en) 2007-04-19

Family

ID=36072048

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2006/001546 WO2007003783A3 (en) 2005-07-01 2006-06-30 Digital data distributing server, digital data decrypting server, digital data transmitting system and method

Country Status (1)

Country Link
WO (1) WO2007003783A3 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6377688B1 (en) * 1997-04-28 2002-04-23 International Business Machines Corporation Cryptographic communication method and system
US20020166054A1 (en) * 2001-03-28 2002-11-07 Sony Computer Entertainment Inc. Contents distribution system
US20030056096A1 (en) * 2001-04-18 2003-03-20 Albert Roy David Method and system for securely authenticating network access credentials for users
US20030172262A1 (en) * 2002-03-06 2003-09-11 Ian Curry Secure communication apparatus and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6377688B1 (en) * 1997-04-28 2002-04-23 International Business Machines Corporation Cryptographic communication method and system
US20020166054A1 (en) * 2001-03-28 2002-11-07 Sony Computer Entertainment Inc. Contents distribution system
US20030056096A1 (en) * 2001-04-18 2003-03-20 Albert Roy David Method and system for securely authenticating network access credentials for users
US20030172262A1 (en) * 2002-03-06 2003-09-11 Ian Curry Secure communication apparatus and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES, VANSTONE, OORSCHOT: "Handbook of Applied Cryptography" 1997, CRC PRESS LLC , USA , XP002375020 page 491 page 547 - page 550 *

Also Published As

Publication number Publication date Type
WO2007003783A3 (en) 2007-04-19 application

Similar Documents

Publication Publication Date Title
US6118874A (en) Encrypted data recovery method using split storage key and system thereof
US6959394B1 (en) Splitting knowledge of a password
US6842628B1 (en) Method and system for event notification for wireless PDA devices
US5509071A (en) Electronic proof of receipt
US7305548B2 (en) Using atomic messaging to increase the security of transferring data across a network
US7082536B2 (en) System and method for computerized global messaging encryption
US6941454B1 (en) System and method of sending and receiving secure data with a shared key
US6292895B1 (en) Public key cryptosystem with roaming user capability
US7305700B2 (en) Secure transport for mobile communication network
US6651166B1 (en) Sender driven certification enrollment system
US20040057579A1 (en) Roaming hardware paired encryption key generation
US20070094503A1 (en) Techniques for key distribution for use in encrypted communications
US6363480B1 (en) Ephemeral decryptability
US6389533B1 (en) Anonymity server
US6988199B2 (en) Secure and reliable document delivery
US20020101998A1 (en) Fast escrow delivery
US20020032861A1 (en) System and method for executing and assuring security of electronic mail for users, and storage medium storing program to cause computer to implement same method
US20030217263A1 (en) System and method for secure real-time digital transmission
US6061448A (en) Method and system for dynamic server document encryption
US20060212706A1 (en) Scalable session management
US20020191797A1 (en) Secure ephemeral decryptability
US20030172262A1 (en) Secure communication apparatus and method
US8447970B2 (en) Securing out-of-band messages
US6915434B1 (en) Electronic data storage apparatus with key management function and electronic data storage method
US5812671A (en) Cryptographic communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06778736

Country of ref document: EP

Kind code of ref document: A2