System and method for privacy-enhanced data synchronization
First Claim
1. A method for establishing trust between two or more devices comprising:
- transmitting first data from a first device to a second device over a secure communication channel, the first data including at least a public key of the first device, a session key randomly generated by the first device, and an identification code identifying a trust circle which includes the first device;
the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service, the second data comprising the public key of the second device combined with a timestamp, wherein the combination is encrypted with the session key, the second data further comprising a signature over the public key of the first device using a private key of the second device;
the first device connecting to the service using the identification code to identify the second data, the first device validating the integrity of the second data and responsively generating third data, the third data comprising a signature over a public key of the second device using a private key of the first device; and
the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device, wherein the second device is added to the trust circle on the service with a combination of (1) the signature over the public key of the first device using the private key of the second device and (2) the signature over the public key of the second device using the private key of the first device.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for establishing a trust circle between multiple devices. For example, one embodiment of a method comprises: transmitting first data from a first device to a second device over a secure communication channel, the first data including at least one key and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service; the first device connecting to the service using the identification code to identify the second data, validating the integrity of the second data, and responsively generating third data; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device.
357 Citations
23 Claims
-
1. A method for establishing trust between two or more devices comprising:
-
transmitting first data from a first device to a second device over a secure communication channel, the first data including at least a public key of the first device, a session key randomly generated by the first device, and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service, the second data comprising the public key of the second device combined with a timestamp, wherein the combination is encrypted with the session key, the second data further comprising a signature over the public key of the first device using a private key of the second device; the first device connecting to the service using the identification code to identify the second data, the first device validating the integrity of the second data and responsively generating third data, the third data comprising a signature over a public key of the second device using a private key of the first device; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device, wherein the second device is added to the trust circle on the service with a combination of (1) the signature over the public key of the first device using the private key of the second device and (2) the signature over the public key of the second device using the private key of the first device. - View Dependent Claims (2, 3)
-
-
4. A method for synchronizing data comprising:
-
a first device downloading trust data from a service, the trust data associated a set of one or more other devices, including a second device, which are considered trusted devices; the first device generating a first encryption key and deriving a session key for each of the one or more other devices including the second device; the first device encrypting the first encryption key with each of the session keys to generate an encrypted encryption key for each of the one or more other devices; the first device encrypting the data to be synchronized with the first encryption key to generate encrypted data and providing each of the encrypted encryption keys and the encrypted data to the service; the second device deriving its session key, retrieving the encrypted data and the encrypted encryption key from the service; and the second device decrypting the encrypted encryption key using the session key and using the first encryption key to decrypt the data to be synchronized. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method implemented in a circle cloud comprising a plurality of storage servers, the method comprising:
-
logically grouping, by a trust chain hardware, multiple device into a trust circle, wherein any device in the trust circle trusts any other devices in the trust circle; implementing, by a circle channel hardware, private data synchronization for synchronizing private data across multiple devices in the trust circle through the cloud storage service, where the data to be synchronized is stored in the cloud storage service in a secure format and the trust circle is identified with a circle-id; performing a hash of the circle-id and storing the hash on a circle-cloud within the cloud storage service instead of on each of the devices; and wherein each device is provided with a public and private key for authorizing other devices to be part of the trust circle. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification