Key management and dynamic perfect forward secrecy
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
transmit, from a first device, a first request to a server for a first public key associated with a first recipient;
receive, at the first device, the first public key and an associated first key reference value;
receive, by the first device, at least one message control option for a first message;
prepare a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server;
transmit the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient;
destroy the first public key; and
request, from the server, a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value; and
a memory coupled to the processor and configured to provide the processor with instructions.
4 Assignments
0 Petitions
Accused Products
Abstract
A first public key associated with a first recipient is requested from a server. The first public key is received, as is an associated first key reference value. The first public key is used in conjunction with securing a first message. The first public key is destroyed. A second public key associated with the first recipient is requested from the server. A second public key and an associated second key reference value are received. The second public key is different from the first public key and the first key reference value is different from the second key reference value. The second public key is used in conjunction with the securing of a second message and the second public key is destroyed.
389 Citations
19 Claims
-
1. A system, comprising:
-
a processor configured to; transmit, from a first device, a first request to a server for a first public key associated with a first recipient; receive, at the first device, the first public key and an associated first key reference value; receive, by the first device, at least one message control option for a first message; prepare a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server; transmit the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient; destroy the first public key; and request, from the server, a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 19)
-
-
7. A method, comprising:
-
transmitting, from a first device, a first request to a server for a first public key associated with a first recipient; receiving, at the first device, the first public key and an associated first key reference value from the server; receiving, by the first device, at least one message control option for a first message; preparing a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server; transmitting the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient; destroying the first public key; and transmitting, from the first device, a second request to the server for a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product embodied on a non-transitory computer readable storage medium that includes instructions, which when executed by a processor, comprise:
-
transmitting a first request to a server for a first public key associated with a first recipient; receiving the first public key and an associated first key reference value from the server; receiving at least one message control option for a first message; preparing a first message for transmission to the first recipient by encrypting the first message and the at least one message control option with a first symmetric message key and encrypting the first symmetric message key using the first public key received from the server; transmitting the first encrypted message, the at least one encrypted message control option, the first encrypted symmetric message key, and the associated first key reference value to the first recipient; destroying the first public key; and transmitting a second request to the server for a second public key associated with the first recipient, wherein the second public key is different from the first public key and the first key reference value is different from the second key reference value. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification