End-to end encryption for personal communication nodes
First Claim
1. A method for end-to-end encryption of streaming group communications, the method comprising:
- a first end user device obtaining an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first end user device and a second end user devicewherein the first and second end user devices are members of a communication group comprising a plurality of end user devices;
the first end user device generating an unencrypted first stream key;
the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key;
the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data; and
the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other member of the communication group; and
the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.
17 Citations
20 Claims
-
1. A method for end-to-end encryption of streaming group communications, the method comprising:
-
a first end user device obtaining an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first end user device and a second end user device wherein the first and second end user devices are members of a communication group comprising a plurality of end user devices; the first end user device generating an unencrypted first stream key; the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key; the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data; and the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other member of the communication group; and the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable storage medium having stored thereon program instructions to perform end-to-end encryption of streaming group communications, including instructions, which when executed by one or more processors of a first computing system, cause the first computing system to:
-
generate an unencrypted first stream key; encrypt the unencrypted first stream key using an unencrypted group key to generate an encrypted first stream key, wherein an encrypted group key is generated by encrypting the unencrypted group key with a message key, the message key being generated from a chain key, the chain key being generated using a pairwise encryption process implemented by the first computing system and a second computing system, wherein the first and second computing systems are members of a communication group comprising a plurality of end user devices, wherein each end user device in the plurality of end user devices comprises a computing system; encrypt first stream data using the unencrypted first stream key to generate encrypted first stream data; and transmit the encrypted first stream key and the encrypted stream data to the plurality of end user devices; and update the chain key each time a new message key is needed, such that the message key and chain key are ephemeral. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for end-to-end encryption of streaming group communications, the method comprising:
-
generating, at a first end user device a first identity key and a first pre-signed key; obtaining a second identity key and a second pre signed key from the second end user device, wherein the first and second end user devices are members of a communication group comprising a plurality of end user devices; generating a root key from the first and second identity keys and the first and second pre-signed keys, deriving a plurality of chain keys from the root key; deriving a message key from one of the plurality of chain keys; obtaining, at the first end user device, an encrypted group key, wherein the encrypted group key is generated by encrypting an unencrypted group key with the message key; the first end user device generating an unencrypted first stream key, wherein the unencrypted first stream key is a symmetric encryption key; the first end user device encrypting the unencrypted first stream key using the unencrypted group key to generate an encrypted first stream key; the first end user device encrypting first stream data using the unencrypted first stream key to generate encrypted first stream data, wherein the first stream data comprises voice communication data; and the first end user device transmitting the encrypted first stream key and the encrypted stream data to the second end user device and at least one other end user device in the communication group; and the first end user device updating the chain key each time a new message key is needed, such that the message key and chain key are ephemeral. - View Dependent Claims (18, 19, 20)
-
Specification