DE10028265A1 - Decoding of an encoded document transmission received over the Internet - Google Patents

Abstract

The local data processing system (1) is connected to the Internet (20) on which there is a server (30). The encoded data (40) of a received document is accessed with the aid of a decoding unit (50). This is set by input from a number of units (52,54,56).

Description

The present invention relates to a device for Decrypt an encrypted electronic document ment according to the preamble of claim 1, as made the applicant's German patent application 196 23 868 is known.

In this prior art document, in particular described a procedure to improve Protection of copyright-valuable electronic documents to achieve that only through online contact with a server-side server unit one for decrypting necessary key file is brought up and then by Effect of a on the local data processing unit provided decryption unit a link This key file with (already existing or also externally supplied) encrypted volume data for Decrypt and restore the original, usable electronic document can be done.

With regard to the necessary server contact, this has known device already quite effective Protection against unauthorized access (hereinafter also referred to as a hacker), whereby in this state the Technology described for the first time, for the encrypted or content-related electronic document to be encrypted Encryption through a particularly high level of Si security against unauthorized access.

However, especially in the case of a ge increased need for security, prove necessary, the safety of such a known device (or a corresponding method) to verbes further especially in view of the fact that the be knew one-to-one mapping between encrypted  (Volume) file and key file as well as otherwise known decryption algorithm, the ent encryption and the unimpeded transmission of the ent encrypted document is also possible by unauthorized persons, as soon as, for example through direct access to a loading drive system level of the respective data processing device in addition to the volume file, the key file, itself is unencrypted, accessible. In particular shows the problem of reliable protection of Key files as soon as the local data processing direction is offline.

The object of the present invention is therefore to be known, generic device for decoding egg encrypted electronic document in view for their protection against unintentional, unauthorized Improve access (especially in offline mode) and in particular to create a device that a Hac ker, even after a single, successful attack on a encrypted document, no possibility of future unrestricted access and distribution attempts on this document there.

The task is accomplished by the device with the features of claim 1 solved; independent protection is sought speaks for a method according to claim 17, which in a preferred form of realization as Betriebsver drive suitable for the device according to the main claim is. Advantageous developments of the invention are in the Subclaims described.

This enables the function which can be influenced according to the invention ons unit of the decryption unit, by suitable Configuration the functionality of the decryption influence itself, about the content and the ge design of the key file. This approach poses the actual essence of the present invention: In Further development of known decryption methods, the  usually with known, invariable operation an encrypted file with an associated key Merge file and so the desired, usable Generate result, the present invention provides additional Lich the possibility with the intention of an increase in protection the mode of operation itself (e.g. the algorithms, or Ope rations), which are necessary for decoding, to ma nipulate and thereby operationalize. Corresponding the traditional decryption step expands "Merge the key file with the encrypted one File "around the additional step of a configuration, Setting or parameterizing the radio that can be influenced tion unit, for example in the manufacture or Er possible a radio (necessary for decoding) functionality of the decryption unit, the but especially the actual decryption (Merge) upstream operations such as that Select an appropriate one from a plurality of keys select files.

In this respect, the term "is technically influenced flowable "within the scope of the present invention lay: not only includes a corresponding parameter ter Setting the functional unit (which typically et wa by specifying appropriate, variable tax rates lack to influence the same and therefore the closure selection process can happen), is also with "Programmable influence" includes that functional units as (program-related) modules within the framework of the Decryption unit added, deleted or changed can be.

Such a con figuration through at least one-time online contact represents, so this additional, decrypting determining process under control of a (via the Da server connected) remains, so that a possibility of checking the electronic do  documented right now not only about the key part (or the way they are provided) possible is, but also via the - according to a preferred Further training even determined depending on the document, further preferably client-specific, d. H. depending on the local da predetermined processing device - configuration is determined. In other words, the traditional one one-dimensional focus on the key occurs by the invention a second sequence or procedure dimen sion, namely the process of decoding itself.

Like the problem arising from the prior art position, the vulnerability of the gat lies appropriate method especially in offline mode, d. H. after the local data processing device from the Server connection was disconnected and now the key file locally (encrypted or unencrypted) on the local data processing device. As part of the This invention overcomes this problem the additional manipulability of the functionality of the Decryption device, although this also via the online contact is configured at least once, for example at the beginning of a session, but after that the advantageous protective effects especially in offline mode. Variants of "at least one-time online contact" in The meaning of the invention would be that only one online contact during the (first) installation of the decryption unit the local data processing device takes place (and a variety of functions in this context can be saved locally for later selection), alternatively it is also possible to decrypt one to make permanent online contact dependent. Generally is it also encompasses the invention, this online contact even in an encrypted account to operate text, d. H. especially that of the server unit functional units, configurati to encrypt ons data etc. in a suitable manner.  

A particularly simple form of realization of the present Invention impressively illustrates this argument; no if, as a particularly effective encryption technology, the so-called semantic encryption is used, such as for example from the (unpublished) German Applicant's patent application 199 32 703 (relating to this encryption technology as fully in the present application as belonging to the invention drawn should apply). Basic idea of this semantic ver It is key that the meaning of electronic data can be changed very easily without this affecting the is recognizable at first glance, namely through operations of the Exchange, exchange, omit or add Content components (e.g. words or sentences in one Text), so that the (encrypted) result is again a Text is created that is legible and has an apparent meaning results, but the content of the unencrypted Original text differs and cannot be used in this respect is. However, it is for the unauthorized accesser (Attacker) not immediately recognizable that it is such a semantically encrypted document (still) about an encrypted document, and not about is already doing what he wants, unencrypted. Will now not only be within the scope of the invention (semantic) key in the form of a key file provided, but a plurality of keys, each but not all lead to the actually correct result ren, but an apparently correct, but in terms of content produce a decrypting result, then the Attackers faced with a problem of uniqueness: Ty Typically, many can use this level of encryption lead to an (apparently) meaningful result, due to the non-mathematical principle of the semantic However, encryption can be done without further information (from the attacker's point of view) not ascertaining or even proving which decrypted version is the correct one.  

In the context of the present invention there is therefore a be particularly suitable embodiment in that the programmtech nisch influenceable functional unit so that these seem to be the correct out of a variety of uses selectable key files so that before the actual Chen decryption process (namely the merge key file and encrypted volume file) one again through online contact to the predetermined confi guration required, safety-increasing selection step through the functional unit. Accordingly, in the practical implementation of the invention then the semantic encrypted (volume) data with the correct recon structural instructions as a key file, but together also with a plurality of incorrect reconstructions instructions (as additional key files). There with there are a variety of possible reconstructions that to a plurality of possible and seemingly meaningful Ent key results, that is actually correct is, however, only on one by means of the radio according to the invention tion unit of the key files to be selected.

The ambiguity or lack of security achieved in this way on the part of an unauthorized accessing person, also actually Having deciphered the correct result is important thus essential to the security enhancing effect of the front enclosed invention.

According to preferred developments of the present invention dung, the presentation according to the invention unit as (e.g. HTML, VisualBasic Script, JAVA, Yes vaScript-enabled) browser, then continue preferably the decryption unit according to the invention as Plugin for this browser is realized. In this To the protocols are particularly useful HTTP, Biztalk (XML), SOAP etc. for handling, introductory ren of key and / or volume files.  

Offer in the practical implementation of the functional unit also go different ways: First, it is possible Lich, the functional unit as one or more programs to implement library (s) (e.g. as. d11 in a Windows System environment), whereby then a configuration of the funct ons unit by appropriate introduction (for example by the Online contact) of such a program module as a file rea is lized. Additionally or alternatively, the Ent key unit using a suitable program Mier or script language responsive or controllable cut own as a functional unit, the configura tion by appropriate program or script commands takes place and so the decryption unit and therefore the Decryption process is affected.

In particular, is within a preferred embodiment form of the invention, a constellation is also conceivable which has a program file double function, näm Lich a corresponding confi in their execution guration of the decryption process (e.g. a Setting a decryption mode, for example based on the order of decryption commands with which the Decrypt) and also the ones for decryption instructs necessary operations (so far also acts as a key file).

A particularly preferred embodiment of the present Invention is also that for decryption egg nes (preferably semantically) encrypted document A plurality of key files is necessary: As an additional che functionality of the decryption unit (namely through suitable configuration) not only results here the task of selecting this multitude of necessary key files from a variety of additional to care; in addition, the selected keys would be in a row necessary for concrete decoding order.  

According to further training, the security of the additionally improve the present invention in that Complexity of the units and partners involved is further increased: So it is then preferred, not to provide only (significantly) more key files than did are actually needed for a specific decryption (with the purpose of additionally accessing the unauthorized to face the task of correct selection), too it includes the present invention, a more Number of (influenceable, i.e. configurable) functions to provide ons units, which are also preferred not all for correct decryption (Reconstruction) are required: Here, too, the present invention to increase security against one unjustifiably accessing the need in the first place identify the correct functional unit (s) and to activate, namely their functionality at all only the intended decryption enabled. At this Continuing education, namely the provision of a plurality of Functional units with different functions functionality, it has also proven its worth, the function not (as in the case of an openly read with commands real script language) recognizable by simple file access close; rather, it is featured here according to further training propose to provide binary data formats or the like that the Classify and understand a functional unit (from hackers view) make it even more difficult.

According to a further preferred development, which in be manipulation or your own in a particularly elegant way Creation of functional units within the scope of the invention can prevent by unauthorized users is pre see the functional unit (s) of the decryption unit with a digital signature or a such (otherwise known) one-way function on the radio unit (in the concrete example e.g. on the corresponding appropriate program library). Now find one Manipulation of this functional unit by an unnech  takes access instead, z. B. because this tries through a self-made program library of the decisions production operation properly (again), so in this advantageous embodiment of the invention Decryption unit when forming the digital signature to the (incorrect) functional unit a non- Find agreement and accordingly could more preferred, in a not immediately apparent process-related or temporal relationship of the decision selungsbetriebes, issue an error message, the Ent cancel the encryption process and / or another, for Take appropriate measures to avert the attack. For this could in particular also give a note to the Accessible count that the result of the decisions development process is incorrect, and that a new ent key (including the configuration provided according to the invention the functional unit) is necessary.

As a result, the present invention thus enables the security of known decryption methods, esp especially on the basis of semantic encryption, further increase and by an additional dimension, näm Lich the manipulation of the functionality of the decisions selection itself (or the decryption function) Zen.  

Further advantages, features and details of the invention result from the following description more preferred Exemplary embodiments and with reference to the drawings; this show in:

Fig. 1 is a schematic block diagram with the device for decrypting an encrypted electronic document according to a first embodiment of the invention and

Fig. 2 shows an alternative embodiment of the present invention.

A local data processing device 10 shown in FIG. 1 is via an otherwise known Internet connection (shown schematically as 20) with a document and / or key server unit 30 (via an optional proxy unit 32 , which is used in particular for identification / authorization purposes as well can be set up to check access rights of an accessing person) via which the browser unit 40 present in the local data processing device (PC) 10 communicates as a display unit in a generally known manner with the server unit and in particular after it has been authorized (or another one) for the transmission of the process required for the decryption key file) from the server unit 30 receives the key file required for decrypting. The decryption unit 50 can then be used to merge the key file received by the server unit 30 with data of the encrypted document (volume data), stored in a volume data storage unit 60 , in order then to be returned to the browser 40 for display. More specifically, for this purpose, both the key data received by the server unit 30 and the data of the decrypted document generated after the reconstruction flow via a connection 70 between the browser unit 40 and the decision unit 50 .

However, as FIG. 1 additionally shows, the decryption unit has three functional components 52 , 54 , 56 , each of which is implemented as a program library of the decryption unit (which can be executed as a program by calling the browser unit 40 ) and is necessary for the decoder unit to function properly.

In the context of the exemplary embodiment described, however, the decryption unit 50 can be configured in such a way that (selectively) the functional units 52 , 54 , 56 can be activated, deactivated, replaced by units which can preferably be brought up by the server unit 30 (externally) and / or set via parameter specifications, so that the correct reconstruction of the volume data held in the storage unit 60 not only depends on the correctly presented key file, but also on the fact that the function units 52 , 54 , 56 as part of the decryption unit also correctly perform the task assigned to them during the decryption process .

This is explained in an operating example of the embodiment according to FIG. 1: It is assumed that a semantically encrypted text document is present in the volume data storage unit 60 , namely one in which the meaning-distorting encryption by swapping, exchanging, omitting and one Adding words and sentences has been achieved (without the resulting encrypted volume document necessarily losing its apparent meaning). The information required to restore the original text form, namely information about the components that have been replaced, replaced, added and / or removed, are part of the associated key file, which is provided by an authorized user in an otherwise known manner from the server unit 30 (acting as a key server) is brought up in order to then link them after being called up by the browser unit 40 by means of the decryption unit 50 . In this example it is assumed that the functional unit 52 is the operation of swapping, the functional unit 54 for the function of replacement, and the functional unit 56 for the function of insertion and removal is functionally set up. However, to increase security within the scope of the present invention, the functional unit 56 is now specifically deactivated (be it that it is not at all available, but must first be introduced by the server unit 30 as a program module or program library, or else to others The functionality of the key file (which a hacker received via unauthorized access, e.g. via direct memory access) takes place, but not with regard to the inserted and / or removed content components of the document. The result is an apparently decrypted document from a hacker's point of view, but still one that does not correspond to the original, unencrypted document and is therefore usable.

A complete, correct decryption, on the other hand, is only possible if the functional unit 56 is additionally configured properly, in addition to the introduction of the correct key file, either because an associated program module for integration into the decryption unit is also brought in via the network is, or that a locally existing unit 56 is activated in its proper operation via a (server side authorized) command. (Alternatively, a suitable one from a large number of locally available (stored) program modules could also be selected, activated and thus included).

A hacker thus has the problem of ensuring, in addition to determining and obtaining the key file, the correct functionality of all the functional components of the decryption unit involved in the decryption process, which is further complicated by the fact that - as provided for in a further education - the settings or configuration measures are also made here document-dependent (i.e. differ for the respective documents to be decrypted), for example are additionally client-dependent (ie differ for different operating environments of the local data processing device 10 ), and / or change fundamentally in the case of successive decryption processes (also of the same document), so that any decryption success would in any case be temporary and limited to a single operation. In a further development of this approach, provision can also be made to generally temporarily secure a decryption process (or even document access to the document secured in accordance with the invention) in such a way that, in principle, after a predetermined period of time has elapsed (e.g. measured in terms of an access time) by a user) it is necessary to reconfigure the decryption unit, that is to say a (re) decryption. Accordingly, after the predeterminable period of time, the electronic file would change its composition so that this security-increasing re-decoding (after reconfiguration of the functional unit) is necessary.

. Referring to Figure 2, a second exporting the invention will now be described approximately, for example; Identical reference signs correspond in this respect to equivalent units to the first embodiment in FIG. 1.

The embodiment shown in FIG. 2 differs from the first in that a functional unit 58 of the decryption unit 50 has the task (and must be configured accordingly), a selection from a plurality of (received from the server unit 30 and in a key storage unit 80 locally stored) key files, in the exemplary embodiment only one of a plurality of files stored in the unit 80 is correct in order to correctly decrypt a corresponding volume file (from the unit 60 ); in this case, the decryption unit 50 also receives information (ie configuration) via the Internet 20 from the server unit 30 within the scope of the invention as to which of the plurality of received and locally stored key files is the correct one. If this information is missing, any further attempt to decrypt any of the files stored in unit 80 would lead to an (apparently correct) result with a further training, but the hacker remains in any case uncertain whether he is dealing with the correctly decrypted result and, as explained above, this proof is not possible without the additional information.

According to a development of the embodiment according to FIG. 2, it is also necessary not only to use one key file for the decryption process of the volume document, but also to select several from the large number of key files, which will then have to be taken into account in a suitable sequence for the decryption process . A suitable configuration of the functional unit 58 within the framework of the decryption unit 50 could then lie in the fact that the required correct key files from the unit 80 are first selected and loaded, for example by a script (received by the server unit 30 ) for controlling the units 50 , 58 are then decrypted in the correct order, and then finally the actual merging of the reconstruction instructions contained therein with the volume data.

This embodiment can also be particularly preferred the allocation of reconstruction files - e.g. B. in the case a text document - page-specific, where the mathematical operation of the cyclic permutation in the  Able to do the correct one before merging Order.

Through additional measures, the provision of something redundant (or functionally differently functioning) function units, the complexity can be increased almost arbitrarily hen, with the result that the decryption for an un entitles accessors to a frustrating process a certain deterrent effect.

The present invention also assigns numerous references another, previously unpublished patent application on the applicant (who, regarding the respective discu technologies or solution complexes also in the present application as invention properly included gel German patent application 199 53 055 proposed an approach by which De construction and subsequent (server-side) reconfig In particular, the commands and protocols for communication cation between server unit and local data processing unit can be additionally secured. This one sentence is easily transferred to the present application bar.

Accordingly, it is advisable to transfer the approach known from the German utility model application 200 00 957 of the applicant, which provides for server-side redirection to further secure the Internet connection, to the present invention and thus in particular the connection between the units 30 and 40 additionally to guarantee.

According to a further advantageous embodiment of the invention, as described in the German application 200 03 844 of the applicant, it could be provided that the locally seen data storage units (60, 80 in FIGS. 1, 2), in particular one for storing the externally zoom out key files used storage unit (80) to be regarded as a local file server unit, which can then be addressed with appropriate, typical protocols.

Claims (17)

1. Device for decrypting an encrypted electronic document by means of a key file brought up from a server side ( 30 ) via a public data transmission network ( 20 ), preferably the Internet,
wherein the decrypted electronic document can be displayed on a local data processing device ( 10 ), which is a display unit ( 40 ) set up to display the unencrypted electronic document,
and has a decryption unit ( 50 ) set up for merging the encrypted document and the key file for generating the decrypted document,
characterized in that
the decryption unit in the ready-to-run state has at least one function unit ( 52 , 54 , 56 ; 58 ) which can be influenced by the program and which can be used to select a key file from a plurality of local or server-side key files and / or to carry out one for merging to generate the decrypted document necessary operation of the decryption unit and / or for targeted access to a server-side address having a key file is configurable
and influences a decryption operation of the decryption unit in such a way that the merging by the decryption unit leads to the correct decrypted document only in the case of a predetermined configuration of the functional unit,
and wherein the predetermined configuration of the functional unit is produced by at least one online contact of the local data processing device with the server and a parameter setting of the functional unit or decryption unit and / or an assignment of a program file or command component to the decryption unit and / or generation of the Functional and / or decryption unit includes. 2. Device according to claim 1, characterized in that that the display unit realizes as a browser and as a decryption unit either a plug used in the browser, or the decisions is integrated in the browser, or the Decryption unit as the local server unit of the local data processing device responsive is formed, or as, for example via an intranet Connection to the functional unit of the local data processing working device when decrypting. 3. Device according to claim 1 or 2, characterized records that the functional unit as Programmbi library of the decryption unit and / or display unit than on an operating system platform executable by the local data processing device File and / or as a command line and / or element of a preferably the pro controlling the decryption unit grammar or scripting language is realized and esp in particular by means of a digital signature the functional unit, when the Ent key unit as correct, not manipulated and / or correctly recognizes and influences results send can be evaluated. 4. Device according to one of claims 1 to 3, characterized in that the encrypted electronic document is realized by means of an encryption method in which the encrypted document and the key file are generated from an original data set corresponding to the decrypted document, which results from a sequence of information components of a metalanguage in the form of a written language, a number system or of information components consisting of data elements arranged in a predetermined uniform format structure, in particular image, sound or program information, is stored in a plurality of electronically addressable memory areas and that encrypted document is generated by the following operations:
Exchanging and / or removing an information component in the data set and / or adding an information component to a predetermined position in the sequence of information components and / or exchanging an information component for an information component that is preferably not contained in the original data set,
wherein the key file has information about the exchanged, removed, added and / or exchanged information components and is designed such that it allows the original amount of data to be restored. 5. The device according to claim 4, characterized in that the decryption unit as a reconstruction unit is realized, which is used to process the ver encrypted data volume and the key file for Generate the decrypted document is. 6. The device according to claim 4 or 5, characterized records that each encrypted document has a A plurality of processed by the decryption unit editable key files is assigned, of which at least one to generate the decrypted elek tronic document, and at least one to generate one apparently correct for a user, however does not correspond to the correct decrypted document appropriate electronic document is formed.   7. Device according to one of claims 1 to 6, characterized characterized that to generate the decrypted A number of key files are required is. 8. Device according to one of claims 1 to 8, characterized characterized that the for merging to Generation of the decrypted document necessary drive process selecting a key file a plurality of key files and / or the fro put an order of consecutive Decryption steps and / or of for together has the required key files. 9. Device according to one of claims 1 to 8, characterized characterized that the predetermined configuration is document-specific, especially according to Expiration of a predetermined period of use of a decrypted electronic document a new one Decryption required after reconfiguration. 10. Device according to one of claims 1 to 9, characterized characterized that the predetermined configuration depend on the local data processing device gig, especially trained specifically for this is. 11. The device according to one of claims 1 to 10, characterized characterized that the decryption unit so is trained that a repeated and / or new Decrypt the encrypted document using a configuration of the functional unit takes place different from the configuration of a previous Ent differentiation process and in particular of operating and / or status data of the previous one Decryption process is affected.   12. The device according to one of claims 1 to 11, characterized characterized that the decryption unit a A plurality of functional units is assigned, wherein configuring selecting one of the functions units and their assignment to a decision Has operation of the decryption unit. 13. The apparatus according to claim 12, characterized in that the respective one of the plurality of functional units examined their effects on the decisions operating mode of the decryption unit and preferably as binary files or modules rea are listed. 14. Device according to one of claims 1 to 13, characterized characterized that the key file as executable entire program is implemented, which also functions as a function ons unit of the decryption unit acts, whereby in particular information on generating the decree rarely document arises from interaction between compo nent, internal variables or other programs parameters of the executable program and to the encrypted document work. 15. The device according to one of claims 1 to 14, characterized characterized that the electronic document from selected from the group consisting of audio, music, Video, program, multimedia, animation, 3D, Text, image and / or game files exist. 16. The device according to one of claims 1 to 15, characterized in that a proxy unit ( 32 ) is connected upstream of a server unit ( 30 ) on the server side, which can be addressed by the function of the functional unit and an identification and / or authentication process of the accessing local data processing device carries out, in particular for aligning document-related usage rights of the user, local data processing device with the key files that can be brought up on the server side. 17. A method for decrypting an encrypted electronic document by means of a key file brought up from a server side via a public data transmission network, preferably the Internet, in particular a method for operating the device according to one of claims 1 to 15.
wherein the decrypted electronic document can be displayed on a local data processing device, which is a display unit configured to display the unencrypted electronic document,
and has a decryption unit set up for merging the encrypted document and the key file for generating the decrypted document, with the steps:

• - partial or complete transfer of the key file via the data transmission network,
• - Transferring at least one predetermined functional unit of the decryption unit as a file, command component and / or script via the data transmission network to the local data processing device,
• - activation of the decryption unit,
• - Decrypting the encrypted document by electronically processing one of the key files and / or the encrypted document corresponding data stream using the predetermined functional unit and
• - Displaying the decrypted document using the display unit.