Patent Issued for Peer-to-peer transmission system with a controlled, double-tier cryptographic key structure (USPTO 11824971): Swiss Reinsurance Company Ltd.

2023 DEC 11 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Fasano, Pierluigi (Morges, CH), Mesiano, Cristian (Adliswil, CH), Turra, Rene (Zumikon, CH), filed on February 8, 2017, was published online on November 21, 2023, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11824971 is assigned to Swiss Reinsurance Company Ltd. (Zurich, Switzerland).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Automated machine-to-machine (or device-to-device) communications are becoming commonplace throughout monitoring and control applications. The broad deployment of technologies utilizing machine-to-machine communications, such as wireless sensor networks or telematics, has been coupled with an increased need to secure the communications between these devices. For example, mobile devices and smart objects, such as cellular telephones, ad hoc sensor devices, radio frequency identification (RFID) devices and/or telematics devices are essential components in the ever more ubiquitous networked information systems that underlie a multitude of interacting applications and services. Information is constantly being captured by, generated by, and moved to and from mobile devices. Thus, end-users produce a multiplicity of personal data through devices such as mobile phones, web browsers, smartboxes for telematics/health/wellness/home. This electronic information can be critical and can include sensitive personal and business information used for financial, security, health, device operations and other applications typically performed by large databases and servers. Furthermore, such data are an intangible asset. If not otherwise stipulated, the owner of the data is normally the subject that produced the data, i.e. the end-user. However, the end-user typically is not willing to share such data with 3rd parties, since it might be perceived as an intrusion in their privacy, all the more so, if end-users do not receive a pay-off for the data that is shared. Besides that, the use and dependence upon mobile devices for critical applications has made them targets of electronic, networked, and other attacks. Combined with their constant use of networked connectivity, these mobile electronic assets are vulnerable to attacks originating anywhere in the world. Consequently, mobile devices and smart objects require a similar level of secure functionality as is provided by their resource-rich server and database counterparts.

“On the other side of the end-user and originator of the personal data, for example telematics data, are the service providers, for example telematics platforms etc., and/or other data consumers (for example risk transfer systems as insurance- and/or reinsurance technology systems), which need to have access to end user data to tailor customized solutions for their respective customers, or to provide the desired service to the end-user. However, data consumers cannot manage data without considering the fact that the data owner is the end-user. The objective of the data consumer is not to own the data. The target is to make sense of the end-user data to in return offer customized services and solutions. Furthermore, the data consumer doesn’t need to own/store the personal data of the user. Nevertheless, the output of end-user data processing (for enrichment/processing/statistical analysis/market analysis . . . ) likewise only belongs to the end-user.

“In the state of the art, appropriate security services are typically supported by or provided by a local security domain authority. One reason behind this is that mobile devices and smart objects are resource-limited. Domain authorities provide a range of security services, such as session key establishment, identity authentication, and data integrity. The security services provided by a domain authority facilitate secure communications and secure operations of mobile devices operating within its domain. This security is achieved primarily through the use of cryptography. As such, the security services rely upon cryptographic ciphers and keys, and are dependent upon the domain authority having, or accessing the cryptographic keys (public keys and/or secret keys) used by the devices within its domain. Moving or roaming mobile network nodes complicate, by their mobility, the delivery of security services, particularly as mobile devices move from one security domain to another, because of the need to securely distribute keys across security domains. Consequently, multi-domain security capabilities are critical components in the use of secured mobile devices and smart objects. The normal approach to multi-domain security services, including identity authentication, is to maintain a peer-to-peer relationship between domain authorities. The establishment and maintenance of a relationship with another domain authority may involve complex and potentially expensive operations and procedures. However, apart from mobility problems, including within a secured domain, the control of the personal data of the end-user is shifted to the security service provider, and a differentiated handling of different data is normally not possible by the end user.

“Secured communications require the use of either a symmetric or asymmetric cryptographic algorithm to prevent a range of attacks on the communications, the machines and the information systems themselves. In a broad range of applications, it is often required that two machines, or devices, need to interact without prior knowledge of one another. In these cases, in the state of the art, the devices normally use a trusted third party in order to authenticate one another’s identity and to establish a secure communication channel. For asymmetric ciphers, such as Elliptic Curve Cryptography (ECC) and RSA, a PKI (Public Key Infrastructure) system is commonly utilized. Such asymmetric ciphers use a public key and a private key. The public key is made available to anyone, whereas the private key is a secret key that is generally not shared with any other devices (except possibly the key generation system used by that device). For the key exchange, the PKI systems are used to generate and assign public-private keys to devices. Regardless of how keys are assigned to a device, a device authenticates itself to the PKI system, typically through some out-of-band method. By authenticating itself to the PKI system, the device receives a digital certificate signed by the PKI system that indicates that the PKI system has authenticated the device and the association of the public key with that device. The certificate is a file containing an encrypted portion, encrypted by the PKI authority’s private key, which binds the device’s identity to its public key. The device’s certificate is stored on the device itself. In the case, where two or more devices interact for the first time, they typically will exchange certificates. Each device will then use the appropriate PKI authority’s public key to authenticate the certificate, thereby authenticating the identity of the other device. Each device determines if the authority is a trusted authority for that device, typically by consulting a list of trusted authorities with their public keys that is stored on the device. Finally, if the devices trust the certificates, then they subsequently use one another’s public keys for secure communication. Typically, the first secure communication, using the asymmetric cipher, is the exchange of a private key for use with a symmetric cipher with the symmetric cipher used thereafter for secure communications.

“However, whereas a PKI system has been made to work for the public-private key cryptographic ciphers, it does not work with symmetric or shared-key ciphers. For symmetric ciphers, domain-specific key management and authentication systems have been developed. A well-known prior art system of this type, which may serve here as an example, is the Kerberos system developed at the Massachusetts Institute of Technology (MIT). Kerberos is a trusted third party (TIP) system that uses symmetric ciphers to authenticate the identity of machines based upon knowledge of a shared secret with the Kerberos system and to securely assign a shared secret session key to machines requesting to communicate securely with one another. Kerberos is domain specific as it operates only within a specific security domain, or network of machines (cf. RFC 1510). The Kerberos system uses a series of encrypted messages to prove to the Kerberos server that a machine is aware of a shared secret with the Kerberos server. Kerberos is used to authenticate all machines that wish to communicate (typically, Kerberos is used to authenticate two machines for pair-wise communication, i.e. one machine to another machine). After all machines are authenticated, the Kerberos server uses each machine’s secret key that is shared with the Kerberos server to encrypt a message that includes a secret key to be shared with the other authenticated machines, called a session key, that is then sent to that machine. Since all authenticated machines that wish to communicate are sent the same session key, they may use that key and a symmetric key cipher to communicate securely with one another. Also, these type of systems have various limitations as regards automated machine-to-machine (or device-to-device) communications, as, for example, provided by mobile telematics devices. Typically, the differentiated, source- or kind-specific control of the personal data by the end-user and a differentiated handling of different data by the end user is not possible. Another limitation of these systems is that it is typically computer-system-domain-specific. For example, Kerberos does not work in a general public environment where devices originate from any domain. A device must be registered with a domain’s Kerberos system prior to the request of the device to be authenticated while it is communicating within that domain. Furthermore, it is normal that these systems, just like Kerberos, work with symmetric key ciphers only, and they do not work with asymmetric ciphers such as ECC or RSA.”

There is additional summary information. Please visit full patent to read further.

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “It is one object of the present invention to provide a system and method for providing a closed cryptosystem for secure content and data distribution within a secured network environment, which does not have the aforementioned drawbacks. In particular, it is meant to be possible to provide an apparatus and method for automated and differentiated access and billing control within a double encrypted system. More particular, it is an object of the invention to realize an automated system allowing the end-user to monetize the intangible asset represented by captured, individual and user-specific raw data. The invention should provide a technical structure allowing an end-user to safely share personal data with a data consumer agent in order to receive in return customized services. Finally, the end-user should be technically enabled to ensure that the data consumer agent will not misuse the data that is shared. On the other hand, the invention should also technically enable a data consumer to verify the raw data produced by the end-user in order to avoid (in)voluntary manipulation thereof.

“According to the present invention, these objects are achieved, particularly, with the features of the independent claims. In addition, further advantageous embodiments can be derived from the dependent claims and the related descriptions.

“According to the present invention, the above-mentioned objects for a secure key management, peer-to-peer transmission system based on a controlled, double-tier encrypting cryptographic key structure providing a closed cryptosystem for secure content distribution and further processing within a provided, secured network environment, wherein individual, user-specific data, are measured and/or captured and/or generated by means of at least one capturing device associated with a user network node. Furthermore, based upon the individual, user-specific data services, the above-mentioned objects are requested from and provided to the user network node by means of a data consumer network node, in which the captured individual, user-specific data are transmitted from the user network node to a central, P2P transmission system via a data transmission network and stored in the central, P2P transmission system, wherein the individual, user-specific data are processed by means of a non-storage-based processing unit associated with the central, P2P transmission system providing the service of the data consumer network node requested by the user network node, in which a first cryptographic key is generated by the non-storage-based processing unit, wherein service response data of the requested service are encrypted by means of the first cryptographic key to single encrypted service response data and transmitted to the user network node in response to the requested service, in which the received single encrypted service response data are encrypted by means of a generated second cryptographic key to double encrypted service response data by the user network node and transmitted back and stored in the central, P2P transmission system by the user network node, and in which the first cryptographic key is transmitted to or made accessible by the user network node, if predefined authorization-parameters are triggered by means of the central, P2P transmission system. The capturing device and/or the user network node can for example comprise a mobile phone and/or a web browser and/or telematics devices or a smartbox capturing health and/or wellness and/or home-related measuring parameters.

“The present invention has, inter alia, the advantage that it allows the digital sharing of personal data, underwriting decisions, policyholder information as well as other data needed to issue a policy, for example underwriting decisions, exclusions, loadings, critical values, notes for claims, name, surname, email address, phone number, address, age, gender, etc. Moreover, the invention generally allows one to exchange secure information between two systems that are controlled on a step-by-step basis and for example are billed on a step-by-step basis by a dedicated third supervising system, i.e. the secure key management system. A further advantage is related to the field of secured data transmission systems related to medical services where sharing of personal health/home etc. information is regulated and otherwise sensitive. A data-sensitive example is where an end-user produces raw data (for example trip data) via telematics devices. The trip data are stored as immutable transactions (1^st transaction) in the central, P2P transmission system. Data are encrypted with the user key. The user requests an enrichment service of the non-storage-based processing about the trip data. The service is provided by a proprietary module developed by a data consumer network node. Data are processed by the platform via a user public key (as address) directly by the central, P2P transmission system. The data consumer network node stores the output of the service in the chain of the user encrypting it via user key and SP1 public key (2^nd transaction). The data of this transaction is owned by the end-user, but encrypted by end-user and data consumer key. To access the data both of the private keys are required. The invention allows one to combine various services. For example, the end-user may ask an additional service of the non-storage-based processing unit, for example, a scoring service. To receive it, the end-user must ask the data consumer to decrypt the data (this may happen automatically in the back end of data consumer), which is represented in the 3^rd transaction. A fee for the transaction might be charged to the end-user’s network node. The user network node receives the service from another data consumer, where again the output is stored in the end-user chain and is encrypted via the public key of the end-user and the public key of data consumer. Here too, the scoring, just like all the other services are data owned by the end-user. The end-user asks for a service of the non-storage-based processing unit, which is broadcast to various different data consumer services able to cope with the request (in this case, risk-transfer data services, for example a premium quote). The non-storage-based processing unit sends the quotes back to the user network node. The end-user selects and/or chooses the preferred option and stores the selection (4^th transaction) in the chain, encrypting it with the public key of the end-user and the public key of the data consumer network node. The 5^th transaction occurs at the time in which the end-user reports (or alternatively the device generating data detects) a crash. The same encryption as above is performed. All the transactions happen securely in the central, P2P transmission system. All the data in the chain belongs to and are controlled by the user network node. The same is true for the output of the services. Services provided by a data consumer network node K to the end-user will be encrypted with the end-user key and the data consumer network node K.”

There is additional summary information. Please visit full patent to read further.

The claims supplied by the inventors are:

“1. An electronic secure peer-to-peer transmission system based upon a controlled, double-tier encrypting cryptographic key structure providing a closed cryptosystem for secure digital data sharing and processing within a provided, secured digital network environment, comprising: a transmission management system; a data consumer network device; a user network device; and a data transmission network communicatively connecting the transmission management system, the data consumer network device, and the user network device, wherein the transmission management system comprises electronic circuits configured to: receive user-specific data from the user network device via the data transmission network; in response to a request for a service that is provided by the data consumer network device and requested by the user network device, process the user-specific data by a processing module that is provided by the data consumer network device to generate service respond data; generate single-encrypted service response data by encrypting, using a first cryptographic key associated with the data consumer network device, the service response data; transmit the single-encrypted service response data to the user network device; and receive double-encrypted service response data from the user network device and store the received double-encrypted service response data, the user network device comprises a processor that is configured to execute computer program codes to: obtain the user-specific data that is measured or captured by a capturing device associated with the user network device; transmit the user-specific data to the transmission management system; receive the single-encrypted service response data from the transmission management system in response to the request for the service that is provided by the data consumer network device and requested by the user network device; generate the double-encrypted service response data by encrypting, using a second cryptographic key associated with the user network device, the single-encrypted service response data; and transmit the double-encrypted service response data to the transmission management system, wherein the data consumer network device is configured to store each double-encrypted service response data in a processing chain as an immutable transaction of a blockchain assigned to a user of the user network device, the double-encrypted service response data is decryptable using private keys corresponding to both the second cryptographic key as a user key and the first cryptographic key as a public key of the data consumer network device, all the data in the chain being controlled by the user network device, and wherein the user network device or the transmission management system is configured to provide the first cryptographic key after the transmission management system receives predetermined authorization parameters associated with the user network device, wherein the first cryptographic key is made to be accessible to the user network device by the transmission management system in response to allowance parameters triggered by the data consumer network device, and wherein the processing module is accessible to the user network device, the user network device being configured to control non-storage of the user-specific data using the processing module.

“2. The electronic secure peer-to-peer transmission system according to claim 1, wherein the user network device comprises a mobile phone, a web browser, one or more telematics devices, or an apparatus that is configured to generate the user-specific data by capturing health, wellness, or home-related measuring parameters.

“3. The electronic secure peer-to-peer transmission system according to claim 1, wherein the processor of the user network device is configured to receive and store payment transfer parameters associated with accessibility of the first cryptographic key to the user network device, and the transmission management system is configured to control transmission of the first cryptographic key to the user network device based on the payment transfer parameters stored in the user network device.

“4. The electronic secure peer-to-peer transmission system according to claim 1, wherein transmission of the single-encrypted service response data and the double-encrypted service response data is performed according to a public key cryptography.

“5. The electronic secure peer-to-peer transmission system according to claim 1, wherein the transmission management system comprises the electronic circuits further configured to: encrypt the first cryptographic key according to a public key cryptography to obtained an encrypted first cryptographic key and provide the encrypted first cryptographic key to the user network device.”

URL and more information on this patent, see: Fasano, Pierluigi. Peer-to-peer transmission system with a controlled, double-tier cryptographic key structure. U.S. Patent Number 11824971, filed February 8, 2017, and published online on November 21, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11824971)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)