System and method to enable PKI- and PMI-based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added

US 10,567,361 B2
Filed: 07/25/2018
Issued: 02/18/2020
Est. Priority Date: 04/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for establishing secure communication between a plurality of devices, each device including a hardware processor and associated memory, the method comprising:

receiving a first unique identification and a first cryptographic key by a first device, and a second unique identification and a second cryptographic key by a second device;

producing a digital certificate using the first and second unique identifications and the first and second cryptographic keys, or a reference to the first and second unique identifications and the first and second cryptographic keys;

authenticating a communication line between the first device and the second device by issuing the digital certificate to the communication line to establish a secure communication line between the first device and the second device; and

authenticating each of the plurality of devices using a unique identification or a cryptographic key of said each of the plurality of devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.

Citations

15 Claims

1. A method for establishing secure communication between a plurality of devices, each device including a hardware processor and associated memory, the method comprising:
- receiving a first unique identification and a first cryptographic key by a first device, and a second unique identification and a second cryptographic key by a second device;
  
  producing a digital certificate using the first and second unique identifications and the first and second cryptographic keys, or a reference to the first and second unique identifications and the first and second cryptographic keys;
  
  authenticating a communication line between the first device and the second device by issuing the digital certificate to the communication line to establish a secure communication line between the first device and the second device; and
  
  authenticating each of the plurality of devices using a unique identification or a cryptographic key of said each of the plurality of devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein each of the secure communication lines includes a digital agreement establishing terms of use and rules of said each secure communication line between respective devices.
  - 3. The method of claim 1, further comprising including a group membership for a group of the plurality of devices in an attribute certificate indicating group characterization, wherein the attribute certificate is owned by one of the plurality of devices and references a public key or a public key certificate for said one of the plurality of devices.
  - 4. The method of claim 3, further comprising preventing a device for which a secure communication line to any one of the plurality of devices has not been established, or which is not a member of a group with an approved attribute certificate, from communicating with said any one of the plurality of devices.
  - 5. The method of claim 3, wherein the group of the plurality of devices includes sub-groups.
  - 6. The method of claim 3, wherein the group of the plurality of devices includes associated rules of the group.
  - 7. The method of claim 1, wherein at least one of the plurality of devices assumes different identities to represent itself to external devices or endpoints.
  - 8. The method of claim 1, further comprising preventing an endpoint which is not a member of a group of the plurality of devices or is not authenticated with an approved attribute certificate, from communicating with the plurality of devices.
  - 9. The method of claim 1, further comprising authenticating a device using an inviter-invitee protocol.
  - 10. The method of claim 1, further comprising establishing a second group of external devices;
    - issuing a second group public key to each member of the second group;
      
      or establishing an attribute certificate to the second group to a member of a different group.
  - 11. The method of claim 1, wherein the cryptographic key is a public key for a public key infrastructure (PKI).
  - 12. The method of claim 1, wherein the cryptographic key is a public key certificate containing a public key for a public key infrastructure (PKI).
  - 13. The method of claim 1, wherein at least one of the secure communication lines between the plurality of devices is a persistent and revocable secure communication line.
  - 14. The method of claim 1, wherein at least one of the plurality of devices assumes different identities to represent itself to external devices or endpoints and wherein said different identities are established via one or more attribute authorities or mediating service providers.
  - 15. The method of claim 1, further comprising authenticating a device of the plurality of devices using an attribute authority or mediating service provider as a trusted third party to mediate an inviter-invitee protocol between said device and another device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Central, Inc.
Original Assignee
T-Central, Inc.
Inventors
Kravitz, David W., Graham, III, Donald Houston, Boudett, Josselyn L., Dietz, Russell S.
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US16/045,646
Publication Number

US 20180332014A1
Time in Patent Office

573 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/53   using third party service p...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

System and method to enable PKI- and PMI-based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to enable PKI- and PMI-based distributed locking of content and distributed unlocking of protected content and/or scoring of users and/or scoring of end-entity access means-added

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links