Encrypting and decrypting data on an electronic device

US 10,348,502 B2
Filed: 09/02/2016
Issued: 07/09/2019
Est. Priority Date: 09/02/2016
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting data, the method comprising:

generating, by a primary data service application on an electronic device, a first primary secret key based on a primary ephemeral key pair and a primary master public key;

generating, by the primary data service application, a first primary ciphertext by encrypting a first portion of the data using the first primary secret key;

generating a second primary secret key based on the first primary secret key;

deleting the first primary secret key;

sending the first primary ciphertext from the primary data service application to a secondary data service application;

receiving, by the primary data service application, a first encrypted text from the secondary data service application, wherein the first encrypted text is generated by encrypting the first primary ciphertext;

generating, by the primary data service application, a second primary ciphertext by encrypting a second portion of the data using the second primary secret key;

deleting the second primary secret key;

sending the second primary ciphertext from the primary data service application to the secondary data service application; and

receiving, by the primary data service application, a second encrypted text from the secondary data service application, wherein the second encrypted text is generated by encrypting the second primary ciphertext.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a first primary secret key based on a primary ephemeral key pair and a primary master public key is generated by a primary data service application on an electronic device. A first primary ciphertext is generated by encrypting a first portion of the data using the first primary secret key. A second primary secret key is generated based on the first primary secret key. The first primary secret key is deleted. The first primary ciphertext is sent from the primary data service application to a secondary data service application. A first encrypted text is received from the secondary data service application. The first encrypted text is generated by encrypting the first primary ciphertext.

34 Citations

View as Search Results

20 Claims

1. A method of encrypting data, the method comprising:
- generating, by a primary data service application on an electronic device, a first primary secret key based on a primary ephemeral key pair and a primary master public key;
  
  generating, by the primary data service application, a first primary ciphertext by encrypting a first portion of the data using the first primary secret key;
  
  generating a second primary secret key based on the first primary secret key;
  
  deleting the first primary secret key;
  
  sending the first primary ciphertext from the primary data service application to a secondary data service application;
  
  receiving, by the primary data service application, a first encrypted text from the secondary data service application, wherein the first encrypted text is generated by encrypting the first primary ciphertext;
  
  generating, by the primary data service application, a second primary ciphertext by encrypting a second portion of the data using the second primary secret key;
  
  deleting the second primary secret key;
  
  sending the second primary ciphertext from the primary data service application to the secondary data service application; and
  
  receiving, by the primary data service application, a second encrypted text from the secondary data service application, wherein the second encrypted text is generated by encrypting the second primary ciphertext.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the primary ephemeral key pair includes a primary ephemeral private key and a corresponding primary ephemeral public key.
  - 3. The method of claim 2, further comprising:
    - generating a primary shared secret based on the primary master public key and the primary ephemeral private key;
      
      generating the first primary secret key; and
      
      deleting the primary ephemeral private key and the primary shared secret after the first primary secret key is generated.
  - 4. The method of claim 1, further comprising:
    - prior to deleting the second primary secret key, generating, using a key derivation function, a third primary secret key from the second primary secret key.
  - 5. The method of claim 1, wherein the first encrypted text is generated by encrypting the first primary ciphertext using a first secondary secret key, the second encrypted text is generated by encrypting the second primary ciphertext using a second secondary secret key, and the second secondary secret key is derived from the first secondary secret key.
  - 6. The method of claim 5, further comprising:
    - receiving a secondary ephemeral public key from the secondary data service application, wherein the first secondary secret key is generated based on a secondary ephemeral key pair and a secondary master public key, and the secondary ephemeral key pair includes the secondary ephemeral public key.
  - 7. The method of claim 6, further comprising:
    - sending a key request from the primary data service application to the secondary data service application; and
      
      wherein the secondary ephemeral public key is received in response to the key request.

8. An electronic device, comprising:
- a memory; and
  
  at least one hardware processor communicatively coupled with the memory and configured to;
  
  generate, by a primary data service application on the electronic device, a first primary secret key based on a primary ephemeral key pair and a primary master public key;
  
  generate, by the primary data service application, a first primary ciphertext by encrypting a first portion of data using the first primary secret key;
  
  generate a second primary secret key based on the first primary secret key;
  
  delete the first primary secret key;
  
  send the first primary ciphertext from the primary data service application to a secondary data service application;
  
  receive, by the primary data service application, a first encrypted text from the secondary data service application, wherein the first encrypted text is generated by encrypting the first primary ciphertext;
  
  generate, by the primary data service application, a second primary ciphertext by encrypting a second portion of the data using the second primary secret key;
  
  delete the second primary secret key;
  
  send the second primary ciphertext from the primary data service application to the secondary data service application; and
  
  receive, by the primary data service application, a second encrypted text from the secondary data service application, wherein the second encrypted text is generated by encrypting the second primary ciphertext.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The electronic device of claim 8, wherein the primary ephemeral key pair includes a primary ephemeral private key and a corresponding primary ephemeral public key.
  - 10. The electronic device of claim 9, wherein the at least one hardware processor is configured to:
    - generate a primary shared secret based on the primary master public key and the primary ephemeral private key;
      
      generate the first primary secret key; and
      
      delete the primary ephemeral private key and the primary shared secret after the first primary secret key is generated.
  - 11. The electronic device of claim 8, wherein the at least one hardware processor is configured to:
    - prior to deleting the second primary secret key, generate, using a key derivation function, a third primary secret key from the second primary secret key.
  - 12. The electronic device of claim 8, wherein the first encrypted text is generated by encrypting the first primary ciphertext using a first secondary secret key, the second encrypted text is generated by encrypting the second primary ciphertext using a second secondary secret key, and the second secondary secret key is derived from the first secondary secret key.
  - 13. The electronic device of claim 12, wherein the at least one hardware processor is configured to:
    - receive a secondary ephemeral public key from the secondary data service application, wherein the first secondary secret key is generated based on a secondary ephemeral key pair and a secondary master public key, and the secondary ephemeral key pair includes the secondary ephemeral public key.
  - 14. The electronic device of claim 13, wherein the at least one hardware processor is configured to:
    - send a key request from the primary data service application to the secondary data service application; and
      
      wherein the secondary ephemeral public key is received in response to the key request.

15. A non-transitory computer-readable medium containing instructions which, when executed, cause an electronic device to perform operations comprising:
- generating, by a primary data service application on the electronic device, a first primary secret key based on a primary ephemeral key pair and a primary master public key;
  
  generating, by the primary data service application, a first primary ciphertext by encrypting a first portion of data using the first primary secret key;
  
  generating a second primary secret key based on the first primary secret key;
  
  deleting the first primary secret key;
  
  sending the first primary ciphertext from the primary data service application to a secondary data service application;
  
  receiving, by the primary data service application, a first encrypted text from the secondary data service application, wherein the first encrypted text is generated by encrypting the first primary ciphertext;
  
  generating, by the primary data service application, a second primary ciphertext by encrypting a second portion of the data using the second primary secret key;
  
  deleting the second primary secret key;
  
  sending the second primary ciphertext from the primary data service application to the secondary data service application; and
  
  receiving, by the primary data service application, a second encrypted text from the secondary data service application, wherein the second encrypted text is generated by encrypting the second primary ciphertext.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the primary ephemeral key pair includes a primary ephemeral private key and a corresponding primary ephemeral public key.
  - 17. The non-transitory computer-readable medium of claim 16,the operations further comprising:
    - generating a primary shared secret based on the primary master public key and the primary ephemeral private key;
      
      generating the first primary secret key; and
      
      deleting the primary ephemeral private key and the primary shared secret after the first primary secret key is generated.
  - 18. The non-transitory computer-readable medium of claim 15, the operations further comprising:
    - prior to deleting the second primary secret key, generating, using a key derivation function, a third primary secret key from the second primary secret key.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the first encrypted text is generated by encrypting the first primary ciphertext using a first secondary secret key, the second encrypted text is generated by encrypting the second primary ciphertext using a second secondary secret key, and the second secondary secret key is derived from the first secondary secret key.
  - 20. The non-transitory computer-readable medium of claim 19, the operations further comprising:
    - receiving a secondary ephemeral public key from the secondary data service application, wherein the first secondary secret key is generated based on a secondary ephemeral key pair and a secondary master public key, and the secondary ephemeral key pair includes the secondary ephemeral public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Bowman, Roger Paul, Pechkin, Dmitri, Sarrazin, David Hughston Rodrigue, Segato, Timothy Lee
Primary Examiner(s)
Holder, Bradley W

Application Number

US15/255,921
Publication Number

US 20180069695A1
Time in Patent Office

1,040 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0631   Substitution permutation ne...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/16   the keys or algorithms bein...

Encrypting and decrypting data on an electronic device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Encrypting and decrypting data on an electronic device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links