System and method to enable PKI- and PMI- based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added
First Claim
1. A method for secure communication between a first electronic device and a second electronic device, each electronic device including a hardware processor and associated memory, the method comprising:
- creating, by the first electronic device, a first set of encryption keys including a first public encryption key, and a first private encryption key and a first digital token;
creating, by the second electronic device, a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token;
receiving, by the second electronic device, an invitation request to establish a secure communication line between the first electronic device and the second electronic device, the invitation request including a challenge question;
transmitting to a trusted third party, by the first electronic device, an answer to the challenge question;
transmitting to the trusted third party, by the second electronic device, a response to the challenge question;
authenticating, by the trusted third party, the second electronic device based on the response to the challenge question and the answer to the challenge question; and
establishing the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively.
1 Assignment
0 Petitions
Accused Products
Abstract
A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.
-
Citations
17 Claims
-
1. A method for secure communication between a first electronic device and a second electronic device, each electronic device including a hardware processor and associated memory, the method comprising:
-
creating, by the first electronic device, a first set of encryption keys including a first public encryption key, and a first private encryption key and a first digital token; creating, by the second electronic device, a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token; receiving, by the second electronic device, an invitation request to establish a secure communication line between the first electronic device and the second electronic device, the invitation request including a challenge question; transmitting to a trusted third party, by the first electronic device, an answer to the challenge question; transmitting to the trusted third party, by the second electronic device, a response to the challenge question; authenticating, by the trusted third party, the second electronic device based on the response to the challenge question and the answer to the challenge question; and establishing the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for secure communication comprising:
-
a first electronic device electronic device including a first hardware processor and associated memory for creating a first set of encryption keys including a first public encryption key, and a first private encryption key and a first digital token; a second electronic device electronic device including a second hardware processor and associated memory a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token; and a trusted third party server computer, wherein the first electronic device transmits an invitation request to the second electronic device to establish a secure communication line with the second electronic device, the invitation request including a challenge question, wherein the first electronic device transmits to the trusted third party server an answer to the challenge question, wherein the second electronic device transmits to the trusted third party server a response to the challenge question, wherein the trusted third party server authenticates the second electronic device based on the response to the challenge question and the answer to the challenge question, and establishes the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer storage medium for storing a plurality of instructions, the plurality of instructions when executed by one or more processors performing a method for secure communication between a first electronic device and a second electronic device, each electronic device including a hardware processor and associated memory, the method comprising:
-
creating, by the first electronic device, a first set of encryption keys including a first public encryption key, and a first private encryption key and a first cliental token; creating, by the second electronic device, a second set of encryption keys including a second public encryption key, and a second private encryption key and a second digital token; receiving, by the second electronic device, an invitation request to establish a secure communication line between the first electronic device and the second electronic device, the invitation request including a challenge question; transmitting to a trusted third party, by the first electronic device, an answer to the challenge question; transmitting to the trusted third party, by the second electronic device, a response to the challenge question; authenticating, by the trusted third party, the second electronic device based on the response to the challenge question and the answer to the challenge question; and establishing the secure communication line by uniquely associating the first public encryption key and the second public encryption key to the first and second electronic device, respectively. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification