End-to end encryption for personal communication nodes

US 10,367,792 B2
Filed: 02/21/2017
Issued: 07/30/2019
Est. Priority Date: 08/25/2016
Status: Active Grant

First Claim

Patent Images

1. A method for end-to-end encryption of streaming group communications, the method comprising:

a first end user device obtaining an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first end user device and a second end user devicewherein the first and second end user devices are members of a communication group comprising a plurality of end user devices;

the first end user device generating an unencrypted first stream key;

the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key;

the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data; and

the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other member of the communication group; and

the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.

17 Citations

20 Claims

1. A method for end-to-end encryption of streaming group communications, the method comprising:
- a first end user device obtaining an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first end user device and a second end user devicewherein the first and second end user devices are members of a communication group comprising a plurality of end user devices;
  
  the first end user device generating an unencrypted first stream key;
  
  the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key;
  
  the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data; and
  
  the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other member of the communication group; and
  
  the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the first end user device obtains the encrypted group key by one of the following:
    - generating the unencrypted group key and encrypting the unencrypted group key using the message key;
      
      orreceiving the encrypted group key from the second end user device and decrypting the encrypted group key using the message key, wherein the second end user device;
      
      generates the unencrypted group key;
      
      generates the encrypted group key by encrypting the unencrypted group key using the message key; and
      
      transmits the encrypted group key to the first end user device.
  - 3. The method of claim 1 wherein the pairwise encryption process implemented by the first and second end user devices comprises using identity key pairs and respective signed pre keys for each of the first and second end user devices to generate a root key, the root key generating the chain key.
  - 4. The method of claim 1 wherein the unencrypted group key comprises a symmetric encryption key.
  - 5. The method of claim 1 wherein each end user device communicates with other members of the communication group using an intermediate communication device.
  - 6. The method of claim 5 wherein each end user device comprises a wearable personal communication device configured to wirelessly communicate with a linked intermediate communication device.
  - 7. The method of claim 5 wherein each intermediate communication device comprises one of the following:
    - a smartphone, a tablet, a cellphone, a laptop computer, a gaming device, or a personal computer.
  - 8. The method of claim 1 further comprising:
    - the first end user device receiving encrypted second stream data and an encrypted second stream key from a third end user device, wherein the encrypted second stream key comprises an unencrypted stream key encrypted using the unencrypted group key and further wherein the encrypted second stream data comprises unencrypted second stream data encrypted using the unencrypted second stream key; and
      
      decrypting the encrypted second stream data using the unencrypted second stream key.
  - 9. The method of claim 1, wherein a second message key is needed, the chain key is one in a plurality of chain keys, and a new chain key is generated by ratcheting forward one step at a time using the chain key in a cryptographic hash function, such that neither of current and past values of the chain key and the new chain key can be derived.

10. A non-transitory computer readable storage medium having stored thereon program instructions to perform end-to-end encryption of streaming group communications, including instructions, which when executed by one or more processors of a first computing system, cause the first computing system to:
- generate an unencrypted first stream key;
  
  encrypt the unencrypted first stream key using an unencrypted group key to generate an encrypted first stream key, wherein an encrypted group key is generated by encrypting the unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first computing system and a second computing system, wherein the first and second computing systems are members of a communication group comprising a plurality of end user devices, wherein each end user device in the plurality of end user devices comprises a computing system;
  
  encrypt first stream data using the unencrypted first stream key to generate encrypted first stream data; and
  
  transmit the encrypted first stream key and the encrypted stream data to the plurality of end user devices; and
  
  update the chain key each time a new message key is needed, such that the message key and chain key are ephemeral.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The non-transitory computer readable storage medium of claim 10 wherein the pairwise encryption process implemented by the first and second computing systems comprises using identity key pairs and respective signed pre keys for each of the first and second computing systems to generate a root key, the root key generating the chain key.
  - 12. The non-transitory computer readable storage medium of claim 10 wherein the unencrypted group key comprises a symmetric encryption key.
  - 13. The non-transitory computer readable storage medium of claim 10 wherein each end user device communicates with other members of the communication group using an intermediate communication device.
  - 14. The non-transitory computer readable storage medium of claim 13 wherein each end user device comprises a wearable personal communication device configured to wirelessly communicate with a linked intermediate communication device.
  - 15. The non-transitory computer readable storage medium of claim 13 wherein each intermediate communication device comprises one of the following:
    - a smartphone, a tablet, a cellphone, a laptop computer, a gaming device, or a personal computer.
  - 16. The non-transitory computer readable storage medium of claim 10, the chain key is one in a plurality of chain keys, and a new chain key is generated by ratcheting forward one step at a time using the chain key in a cryptographic hash function, such that neither of current and past values of the chain key and the new chain key can be derived.

17. A method for end-to-end encryption of streaming group communications, the method comprising:
- generating, at a first end user device a first identity key and a first pre-signed key;
  
  obtaining a second identity key and a second pre signed key from the second end user device, wherein the first and second end user devices are members of a communication group comprising a plurality of end user devices;
  
  generating a root key from the first and second identity keys and the first and second pre-signed keys,deriving a plurality of chain keys from the root key;
  
  deriving a message key from one of the plurality of chain keys;
  
  obtaining, at the first end user device, an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with the message key;
  
  the first end user device generating an unencrypted first stream key, wherein the unencrypted first stream key is a symmetric encryption key;
  
  the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key;
  
  the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data, wherein the first stream data comprises voice communication data; and
  
  the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other end user device in the communication group; and
  
  the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17 wherein the first end user device obtaining the encrypted group key comprises one of the following:
    - the first end user device receiving the encrypted group key from the second end user device;
      
      orthe first end user device generating the unencrypted group key, encrypting the unencrypted group key, and transmitting the encrypted group key to the second end user device.
  - 19. The method of claim 17 wherein each end user device comprises a wearable communication device.
  - 20. The method of claim 17 wherein each end user device is linked to an intermediate communication device, and further wherein each intermediate communication device is linked to a network linking the one or more end user devices in the communication group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orion Labs
Original Assignee
Orion Labs
Inventors
Albrecht, Greg
Primary Examiner(s)
Gracia, Gary S

Application Number

US15/437,661
Publication Number

US 20180063094A1
Time in Patent Office

889 Days
Field of Search

380270, 380281, 713151, 713153, 713168, 713189
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

End-to end encryption for personal communication nodes

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

End-to end encryption for personal communication nodes

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links