Method and apparatus for extinguishing ephemeral keys
First Claim
1. A method for performing ephemeral decryption comprising:
- associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair comprising said ephemeral decryption key and an ephemeral encryption key;
storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
receiving at said tamper resistant cryptographic processor unit from a first node an ephemeral message encrypted with said ephemeral encryption key; and
decrypting said ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key to form a decrypted ephemeral message in the event said ephemeral message is associated with a message time that is prior to said expiration time.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for performing ephemeral communication and assuring that an ephemeral decryption key is not accessible subsequent to an expiration time associated with the respective key. An ephemeral key pair is preferably generated within a tamper resistant cryptographic processor unit. The ephemeral key pair comprises and ephemeral encryption key and an ephemeral decryption key. The ephemeral decryption key is prevented from being accessed external of the tamper resistant cryptographic processor unit. Ephemeral messages encrypted using an ephemeral encryption key are decrypted by the cryptographic processor unit if associated with a time that precedes the expiration time for the respective ephemeral decryption key. A decrypted ephemeral message is prevented from being transmitted from the cryptographic processor unit in the event a time associated with a received encrypted ephemeral message is subsequent to the expiration time for the respective ephemeral key pair.
131 Citations
45 Claims
-
1. A method for performing ephemeral decryption comprising:
-
associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair comprising said ephemeral decryption key and an ephemeral encryption key;
storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
receiving at said tamper resistant cryptographic processor unit from a first node an ephemeral message encrypted with said ephemeral encryption key; and
decrypting said ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key to form a decrypted ephemeral message in the event said ephemeral message is associated with a message time that is prior to said expiration time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 39, 40)
-
-
19. A method for communicating an ephemeral message comprising:
-
associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair including said ephemeral decryption key and an ephemeral encryption key;
storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit in communication with a first node such that said ephemeral decryption key is not accessible external of said tamper resistant processor unit;
encrypting at a second node a message to form an encrypted ephemeral message, wherein said encrypting is performed using said ephemeral encryption key;
in a first transmitting step, transmitting said ephemeral message to a third node;
forwarding by said third node to said tamper resistant cryptographic processor unit via said first node said encrypted ephemeral message;
decrypting said encrypted ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key in the event said message is associated with a message time prior to said expiration time;
forwarding said decrypted ephemeral message from said tamper resistant cryptographic processor cryptographic processor unit to a fourth node; and
in a second transmitting step, transmitting said decrypted ephemeral message from said fourth node to said third node.
-
-
23. An apparatus for use in ephemeral communications comprising:
a tamper resistant cryptographic processor unit including a memory, said unit operative to;
associate an expiration time with at least an ephemeral decryption key of an ephemeral key pair including an ephemeral encryption key and said ephemeral decryption key;
store at least said ephemeral decryption key in said memory such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
receive from a first node coupled to a network at said tamper resistant cryptographic processor unit an ephemeral message that has been encrypted with said ephemeral encryption key;
decrypt said encrypted ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key in the event said message is associated with a message time related to the time of receipt of said encrypted ephemeral message prior to said expiration time; and
forward said decrypted message to a second node.
-
35. A computer program product including a computer readable medium, said computer readable medium having a computer program stored thereon for use in ephemeral communication, said computer program being executable on a processor and comprising:
-
program code for associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair including said ephemeral decryption key and a corresponding ephemeral encryption key;
program code for storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
program code for receiving at said tamper resistant cryptographic processor unit from a first node an ephemeral message encrypted with said ephemeral encryption key; and
program code for decrypting said ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key to form a decrypted ephemeral message in the event said message is associated with a message time prior to said expiration time.
-
-
38. A computer data signal, said computer data signal including a computer program for use in ephemeral communication, said computer program comprising:
-
program code for associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair including said ephemeral decryption key and an ephemeral encryption key;
program code for storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit such that said ephemeral decryption key is inaccessible external of said tamper resistant cryptographic processor unit;
program code for receiving at said tamper resistant cryptographic processor unit from a first node an ephemeral message encrypted with said ephemeral encryption key; and
program code for decrypting said ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key to form a decrypted ephemeral message in the event said message is associated with a message time prior to said expiration time.
-
-
41. An apparatus for use in ephemeral communication of information comprising:
-
means for associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair including said ephemeral decryption key and a corresponding ephemeral encryption key;
means for storing at least said ephemeral decryption key in a memory within said tamper resistant cryptographic processor unit such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
means for receiving at said tamper resistant cryptographic processor unit from a first node an ephemeral message encrypted with said ephemeral encryption key; and
means for decrypting said ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key in the event said message is associated with a message time prior to said expiration time.
-
-
42. A method for performing ephemeral decryption comprising:
-
associating an expiration time with at least an ephemeral decryption key of an ephemeral key pair comprising said ephemeral decryption key and an ephemeral encryption key;
storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
comparing a time stamp associated with an encrypted ephemeral message with said expiration time, wherein said encrypted ephemeral message is encrypted with said ephemeral encryption key; and
decrypting said encrypted ephemeral message within said tamper resistant cryptographic processor unit using said ephemeral decryption key if said time stamp is prior to said expiration time.
-
-
43. A method for employing ephemeral keys comprising:
-
associating a time duration defined by an initial value and an ending value with at least an ephemeral decryption key of an ephemeral key pair comprising said ephemeral decryption key and an ephemeral encryption key;
storing at least said ephemeral decryption key in a memory within a tamper resistant cryptographic processor unit such that said ephemeral decryption key is not accessible external of said tamper resistant cryptographic processor unit;
modifying said duration value in a predetermined manner between said initial value and said ending value;
extinguishing at least said ephemeral decryption key within said tamper resistant cryptographic processor unit after said duration value reaches said ending value. - View Dependent Claims (44, 45)
-
Specification