System and method for privacy-enhanced data synchronization

US 10,176,310 B2
Filed: 03/18/2014
Issued: 01/08/2019
Est. Priority Date: 03/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method for establishing trust between two or more devices comprising:

transmitting first data from a first device to a second device over a secure communication channel, the first data including at least a public key of the first device, a session key randomly generated by the first device, and an identification code identifying a trust circle which includes the first device;

the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service, the second data comprising the public key of the second device combined with a timestamp, wherein the combination is encrypted with the session key, the second data further comprising a signature over the public key of the first device using a private key of the second device;

the first device connecting to the service using the identification code to identify the second data, the first device validating the integrity of the second data and responsively generating third data, the third data comprising a signature over a public key of the second device using a private key of the first device; and

the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device, wherein the second device is added to the trust circle on the service with a combination of (1) the signature over the public key of the first device using the private key of the second device and (2) the signature over the public key of the second device using the private key of the first device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, method, and machine readable medium are described for establishing a trust circle between multiple devices. For example, one embodiment of a method comprises: transmitting first data from a first device to a second device over a secure communication channel, the first data including at least one key and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service; the first device connecting to the service using the identification code to identify the second data, validating the integrity of the second data, and responsively generating third data; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device.

357 Citations

23 Claims

1. A method for establishing trust between two or more devices comprising:
- transmitting first data from a first device to a second device over a secure communication channel, the first data including at least a public key of the first device, a session key randomly generated by the first device, and an identification code identifying a trust circle which includes the first device;
  
  the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service, the second data comprising the public key of the second device combined with a timestamp, wherein the combination is encrypted with the session key, the second data further comprising a signature over the public key of the first device using a private key of the second device;
  
  the first device connecting to the service using the identification code to identify the second data, the first device validating the integrity of the second data and responsively generating third data, the third data comprising a signature over a public key of the second device using a private key of the first device; and
  
  the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device, wherein the second device is added to the trust circle on the service with a combination of (1) the signature over the public key of the first device using the private key of the second device and (2) the signature over the public key of the second device using the private key of the first device.
- View Dependent Claims (2, 3)
- - 2. The method as in claim 1 wherein validating the integrity of the second data comprises validating a public key of the second device and the timestamp using the session key.
  - 3. The method as in claim 1 further comprising:
    - performing data synchronization operations between the first and second devices in which the data being synchronized is transmitted and stored on the service in an encrypted format.

4. A method for synchronizing data comprising:
- a first device downloading trust data from a service, the trust data associated a set of one or more other devices, including a second device, which are considered trusted devices;
  
  the first device generating a first encryption key and deriving a session key for each of the one or more other devices including the second device;
  
  the first device encrypting the first encryption key with each of the session keys to generate an encrypted encryption key for each of the one or more other devices;
  
  the first device encrypting the data to be synchronized with the first encryption key to generate encrypted data and providing each of the encrypted encryption keys and the encrypted data to the service;
  
  the second device deriving its session key, retrieving the encrypted data and the encrypted encryption key from the service; and
  
  the second device decrypting the encrypted encryption key using the session key and using the first encryption key to decrypt the data to be synchronized.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
- - 5. The method as in claim 4 wherein the trust data comprises a chain of authorization blocks each of which asserts a trust relationship between two devices.
  - 6. The method as in claim 5 wherein the trust data includes public keys of the trusted devices.
  - 7. The method as in claim 4 wherein the session keys for each of the devices are derived using the Diffie-Hellman key exchange algorithm.
  - 8. The method as in claim 7 wherein the first device derives the session key for the second device using a public key of the second device and a private key of the first device.
  - 9. The method as in claim 8 wherein the second device derives the session key for the first device using a public key of the first device and a private key of the first device.
  - 10. The method as in claim 4 wherein generating the first encryption key comprises generating a random encryption key (REK).
  - 11. The method as in claim 4 wherein the data to be synchronized is selected from the group consisting of:
    - multimedia data files, productivity data files, client configuration data, and/or service registration data.
  - 12. The method as in claim 11 wherein the service registration data comprises data usable for authentication with each service with which a device is registered.

13. A method implemented in a circle cloud comprising a plurality of storage servers, the method comprising:
- logically grouping, by a trust chain hardware, multiple device into a trust circle, wherein any device in the trust circle trusts any other devices in the trust circle;
  
  implementing, by a circle channel hardware, private data synchronization for synchronizing private data across multiple devices in the trust circle through the cloud storage service, where the data to be synchronized is stored in the cloud storage service in a secure format and the trust circle is identified with a circle-id;
  
  performing a hash of the circle-id and storing the hash on a circle-cloud within the cloud storage service instead of on each of the devices; and
  
  wherein each device is provided with a public and private key for authorizing other devices to be part of the trust circle.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method as in claim 13 further comprising:
    - generating a trust-chain to indicate trust relationships between the devices within the same trust circle.
  - 15. The method as in claim 14 wherein the devices use a key exchange algorithm to generate mutual session keys and encrypt the private data with those keys.
  - 16. The method as in claim 15 wherein the key exchange algorithm comprises the Diffie-Hellman algorithm.
  - 17. The method as in claim 15 wherein circle-cloud uses a challenge response protocol to authenticate a device before allowing it to put any data in a secure communication channel provided by the circle cloud.
  - 18. The method as in claim 17 wherein a permanent circle group key is used to encrypt the private data to be synchronized.
  - 19. The method as in claim 18 further comprising:
    - executing an application on each of the devices to share a user'"'"'s private data among multiple other devices via the circle-cloud and stores an encrypted backup of the private data in the circle-cloud.
  - 20. The method as in claim 19 wherein each device'"'"'s private key (d.priv) and all operations that use this key are implemented inside an authenticator for remotely authenticating a user over a network.
  - 21. The method as in claim 20 further comprising:
    - performing private data synchronization for user-controlled trust delegation to share authenticator registrations with a new device.
  - 22. The method as in claim 20 further comprising:
    - using the private data synchronization for user-controlled trust delegation to a new device to share new registrations among a user'"'"'s devices wherein a user does not need to authenticate with an authenticator every time when a new registration is being delegated to other devices.
  - 23. The method as in claim 22 wherein the devices include a set of authenticators belonging to the same user and forming a circle, wherein these authenticators use the private data synchronization to synchronize authentication key pairs in order to share registrations of a single authenticator with other authenticators belonging to the same circle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nok Nok Labs Incorporated
Original Assignee
Nok Nok Labs Incorporated
Inventors
Baghdasaryan, Davit
Primary Examiner(s)
Nguyen, Thu Ha T

Application Number

US14/218,743
Publication Number

US 20140289528A1
Time in Patent Office

1,757 Days
Field of Search

713171
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2115   Third party

G06Q 20/204   comprising interface for re...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3274   using a pictured code, e.g....

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

G07F 19/20   Automatic teller machines [...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/102   applying security measure f...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

H04L 9/0819   Key transport or distributi...

H04L 9/0822 : using key encryption key

H04L 9/0841 : involving Diffie-Hellman or...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

H04L 9/3297 : involving time stamps, e.g....

H04W 12/06 : Authentication

H04W 12/065 : Continuous authentication

View All

System and method for privacy-enhanced data synchronization

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

357 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for privacy-enhanced data synchronization

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

357 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links