System and method to enable PKI- and PMI- based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added

US 10,038,678 B2
Filed: 07/05/2017
Issued: 07/31/2018
Est. Priority Date: 04/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for secure communication between a first electronic device and a second electronic device, each electronic device including a hardware processor and associated memory, the method comprising:

creating, by the first electronic device, a first set of encryption keys including a first public encryption key, and a first private encryption key and a first digital token;

creating, by the second electronic device, a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token;

receiving, by the second electronic device, an invitation request to establish a secure communication line between the first electronic device and the second electronic device, the invitation request including a challenge question;

transmitting to a trusted third party, by the first electronic device, an answer to the challenge question;

transmitting to the trusted third party, by the second electronic device, a response to the challenge question;

authenticating, by the trusted third party, the second electronic device based on the response to the challenge question and the answer to the challenge question; and

establishing the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.

Citations

17 Claims

1. A method for secure communication between a first electronic device and a second electronic device, each electronic device including a hardware processor and associated memory, the method comprising:
- creating, by the first electronic device, a first set of encryption keys including a first public encryption key, and a first private encryption key and a first digital token;
  
  creating, by the second electronic device, a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token;
  
  receiving, by the second electronic device, an invitation request to establish a secure communication line between the first electronic device and the second electronic device, the invitation request including a challenge question;
  
  transmitting to a trusted third party, by the first electronic device, an answer to the challenge question;
  
  transmitting to the trusted third party, by the second electronic device, a response to the challenge question;
  
  authenticating, by the trusted third party, the second electronic device based on the response to the challenge question and the answer to the challenge question; and
  
  establishing the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the secure communication line includes a digital agreement to enable the first electronic device to designate a specific endpoint recipient for information being sent by the first electronic device.
  - 3. The method of claim 2, wherein only the specific endpoint recipient is able to receive and use said information being sent by the first electronic device.
  - 4. The method of claim 1, wherein the secure communication line is revocable by the first electronic device.
  - 5. The method of claim 1, wherein the secure communication line is revocable by a third party indicated in a digital agreement included with the secure communication line.
  - 6. The method of claim 1, further comprising grouping a plurality of electronic devices into a group with an attribute certificate issued to said group.

7. A system for secure communication comprising:
- a first electronic device electronic device including a first hardware processor and associated memory for creating a first set of encryption keys including a first public encryption key, and a first private encryption key and a first digital token;
  
  a second electronic device electronic device including a second hardware processor and associated memory a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token; and
  
  a trusted third party server computer, whereinthe first electronic device transmits an invitation request to the second electronic device to establish a secure communication line with the second electronic device, the invitation request including a challenge question, whereinthe first electronic device transmits to the trusted third party server an answer to the challenge question, whereinthe second electronic device transmits to the trusted third party server a response to the challenge question, whereinthe trusted third party server authenticates the second electronic device based on the response to the challenge question and the answer to the challenge question, and establishes the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein the secure communication line includes a digital agreement to enable the first electronic device to designate a specific recipient for information being sent by the first electronic device.
  - 9. The system of claim 8, wherein only the specific recipient is capable of gaining access to said information sent by the first electronic device.
  - 10. The system of claim 7, wherein the secure communication line is revocable by the first electronic device.
  - 11. The system of claim 7, wherein the secure communication line is revocable by a third party indicated in a digital agreement included with the secure communication line.

12. A non-transitory computer storage medium for storing a plurality of instructions, the plurality of instructions when executed by one or more processors performing a method for secure communication between a first electronic device and a second electronic device, each electronic device including a hardware processor and associated memory, the method comprising:
- creating, by the first electronic device, a first set of encryption keys including a first public encryption key, and a first private encryption key and a first cliental token;
  
  creating, by the second electronic device, a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token;
  
  receiving, by the second electronic device, an invitation request to establish a secure communication line between the first electronic device and the second electronic device, the invitation request including a challenge question;
  
  transmitting to a trusted third party, by the first electronic device, an answer to the challenge question;
  
  transmitting to the trusted third party, by the second electronic device, a response to the challenge question;
  
  authenticating, by the trusted third party, the second electronic device based on the response to the challenge question and the answer to the challenge question; and
  
  establishing the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer storage medium of claim 12, wherein the secure communication line includes a digital agreement to enable the first electronic device to designate a specific recipient for information being sent by the first electronic device.
  - 14. The non-transitory computer storage medium of claim 13, wherein only the specific recipient is able to gain access to said information being sent by the first electronic device.
  - 15. The non-transitory computer storage medium of claim 12, wherein the secure communication line is revocable by the first electronic device.
  - 16. The non-transitory computer storage medium of claim 12, wherein the secure communication line is revocable by a third party indicated in a digital agreement included with the secure communication line.
  - 17. The non-transitory computer storage medium of claim 12, further comprising grouping a plurality of electronic devices into a group with an attribute certificate issued to said group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Central, Inc.
Original Assignee
T-Central, Inc.
Inventors
Kravitz, David W., Graham, III, Donald Houston, Boudett, Josselyn L., Dietz, Russell S.
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/642,304
Publication Number

US 20170324717A1
Time in Patent Office

391 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/53   using third party service p...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

System and method to enable PKI- and PMI- based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to enable PKI- and PMI- based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links