Key management and dynamic perfect forward secrecy

US 10,382,197 B1
Filed: 08/18/2016
Issued: 08/13/2019
Est. Priority Date: 02/24/2014
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor configured to;

transmit, from a first device, a first request to a server for a first public key associated with a first recipient;

receive, at the first device, the first public key and an associated first key reference value;

receive, by the first device, at least one message control option for a first message;

prepare a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server;

transmit the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient;

destroy the first public key; and

request, from the server, a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first public key associated with a first recipient is requested from a server. The first public key is received, as is an associated first key reference value. The first public key is used in conjunction with securing a first message. The first public key is destroyed. A second public key associated with the first recipient is requested from the server. A second public key and an associated second key reference value are received. The second public key is different from the first public key and the first key reference value is different from the second key reference value. The second public key is used in conjunction with the securing of a second message and the second public key is destroyed.

389 Citations

19 Claims

1. A system, comprising:
- a processor configured to;
  
  transmit, from a first device, a first request to a server for a first public key associated with a first recipient;
  
  receive, at the first device, the first public key and an associated first key reference value;
  
  receive, by the first device, at least one message control option for a first message;
  
  prepare a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server;
  
  transmit the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient;
  
  destroy the first public key; and
  
  request, from the server, a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 19)
- - 2. The system of claim 1, wherein the processor is further configured to:
    - receive the second public key and an associated second key reference value from the server.
  - 3. The system of claim 2 wherein the processor is further configured to:
    - prepare a second message for transmission to the first recipient by encrypting a second message with a second symmetric message key and encrypting the second symmetric message key using the second public key received from the server.
  - 4. The system of claim 3, wherein the processor is further configured to:
    - transmit the second encrypted message, the second encrypted symmetric message key, and the associated second key reference value to the first recipient.
  - 5. The system of claim 4, wherein the processor is further configured to:
    - destroy the second public key after transmitting the second encrypted message, the second encrypted symmetric message key, and the associated second key reference value to the first recipient.
  - 6. The system of claim 1, wherein the first public key is a random key selected by the server from a pool of public keys stored on the server for the first recipient.
  - 19. The system of claim 1, wherein the first key reference value is a unique identifier for identifying a first asymmetric key pair in a pool of asymmetric key pairs.

7. A method, comprising:
- transmitting, from a first device, a first request to a server for a first public key associated with a first recipient;
  
  receiving, at the first device, the first public key and an associated first key reference value from the server;
  
  receiving, by the first device, at least one message control option for a first message;
  
  preparing a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server;
  
  transmitting the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient;
  
  destroying the first public key; and
  
  transmitting, from the first device, a second request to the server for a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - receiving the second public key and an associated second key reference value from the server.
  - 9. The method of claim 8, further comprising:
    - preparing a second message for transmission to the first recipient by encrypting a second message with a second symmetric message key and encrypting the second symmetric message key using the second public key received from the server.
  - 10. The method of claim 9, further comprising:
    - transmitting the second encrypted message, the second encrypted symmetric message key, and the associated second key reference value to the first recipient.
  - 11. The method of claim 10, further comprising:
    - destroying the second public key after transmitting the second encrypted message, the second encrypted symmetric message key, and the associated second key reference value to the first recipient.
  - 12. The method of claim 7, wherein the first public key is a random key selected by the server from a pool of public keys stored on the server for the first recipient.

13. A computer program product embodied on a non-transitory computer readable storage medium that includes instructions, which when executed by a processor, comprise:
- transmitting a first request to a server for a first public key associated with a first recipient;
  
  receiving the first public key and an associated first key reference value from the server;
  
  receiving at least one message control option for a first message;
  
  preparing a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server;
  
  transmitting the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient;
  
  destroying the first public key; and
  
  transmitting a second request to the server for a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, further comprising instructions for receiving the second public key and an associated second key reference value from the server.
  - 15. The computer program product of claim 14, further comprising instructions for preparing a second message for transmission to the first recipient by encrypting a second message with a second symmetric message key and encrypting the symmetric message key using the second public key received from the server.
  - 16. The computer program product of claim 15, further comprising instructions for transmitting the second encrypted message, the second encrypted symmetric message key, and the associated second key reference value to the first recipient.
  - 17. The computer program product of claim 16, further comprising instructions for destroying the second public key after transmitting the second encrypted message, the second encrypted symmetric message key, and the associated second key reference value to the first recipient.
  - 18. The computer program product of claim 13, wherein the first public key is a random key selected by the server from a pool of public keys stored on the server for the first recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wickr Inc. (Amazon.com, Inc.)
Original Assignee
Wickr Inc. (Amazon.com, Inc.)
Inventors
Statica, Robert, Howell, Christopher A.
Primary Examiner(s)
Lemma, Samson B

Application Number

US15/240,981
Time in Patent Office

1,090 Days
Field of Search

380282
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Key management and dynamic perfect forward secrecy

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

389 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Key management and dynamic perfect forward secrecy

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

389 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others