Secure ephemeral decryptability
First Claim
1. A method for performing secure ephemeral communication comprising:
- receiving at a first node a triply wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with a second encryption key to form a doubly wrapped value and said doubly wrapped value being encrypted with a third encryption key to form said triply wrapped value;
decrypting said triply wrapped value using a third decryption key associated with said third encryption key to obtain said doubly wrapped value;
securely communicating said doubly wrapped value to said second node;
obtaining a second decryption key having a predetermined expiration time at a second node;
decrypting said doubly wrapped value using said second decryption key to produce said singly wrapped value if said second decryption key has not expired; and
securely communicating said singly wrapped value to a third node.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for securely communicating ephemeral information from a first node to a second node. In a first embodiment, the first node encodes and transmits an ephemeral message encrypted at least in part with an ephemeral key, from the first node to the second node. Only the second node has available to it the information that is needed to achieve decryption by an ephemeral key server of a decryption key that is needed to decrypt certain encrypted payload information contained within the message communicated from the first node to the second node. In a second embodiment the first node transmits to the second node an ephemeral message that is encrypted at least in part with an ephemeral key. The ephemeral message includes enough information to permit the second node to communicate at least a portion of the message to an ephemeral key server and for the ephemeral key server to verify that the second node is an authorized decryption agent for the message. After verifying that the second node is an authorized decryption agent for the message, the ephemeral key server returns to the second node an encrypted decryption key that is needed to decrypt the encrypted message. The ephemeral message may comprise an encrypted decryption key that may be used after decryption of the decryption key to decrypt other encrypted information communicated to the second node.
-
Citations
36 Claims
-
1. A method for performing secure ephemeral communication comprising:
-
receiving at a first node a triply wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with a second encryption key to form a doubly wrapped value and said doubly wrapped value being encrypted with a third encryption key to form said triply wrapped value;
decrypting said triply wrapped value using a third decryption key associated with said third encryption key to obtain said doubly wrapped value;
securely communicating said doubly wrapped value to said second node;
obtaining a second decryption key having a predetermined expiration time at a second node;
decrypting said doubly wrapped value using said second decryption key to produce said singly wrapped value if said second decryption key has not expired; and
securely communicating said singly wrapped value to a third node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29)
-
-
18. A method for performing secure ephemeral communication comprising:
-
receiving at a first node a doubly wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with a second encryption key to form said doubly wrapped value;
receiving at said first node an integrity verification key securely associated with said doubly wrapped value;
communicating from a second node to said first node proof that said second node is an authorized decryption agent for said value;
obtaining at said first node a second decryption key associated with said second encryption key, said second decryption key having a predetermined expiration time;
decrypting said doubly wrapped value using said second decryption key to obtain said singly wrapped value in the event said second decryption key has not expired;
verifying said proof at first node using said integrity verification key to ascertain whether said second node is an authorized decryption agent for said value; and
in response to verification that said second node is an authorized decryption agent for said value, securely communicating said singly wrapped value to said second node.
-
-
27. A system for performing secure ephemeral communication comprising:
-
first, second and third communicably coupled nodes, each of said nodes including a processor and a memory, the processor in each respective node being operative to execute program code contained within the respective memory;
program code within said first node memory for receiving a triply wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with s second encryption key to form a doubly wrapped value, and said doubly wrapped value being encrypted with a third encryption key to form said triply wrapped value;
program code within said first node memory for decrypting said triply wrapped value using a third decryption key associated with said third encryption key to obtain said doubly wrapped value;
program code within said first node memory for securely communicating said doubly wrapped value to said second node;
program code for obtaining a second decryption key having a predetermined expiration time at said second node, wherein said second decryption key is associated with said second encryption key;
program code within said second node memory for decrypting said doubly wrapped value using said second decryption key to obtain said singly wrapped value if said second decryption key has not expired; and
program code within said second node memory for securely communicating said singly wrapped value to a third node following decryption of said doubly wrapped value.
-
-
30. A system for performing secure ephemeral communication comprising:
-
first and second communicably coupled nodes, said nodes including a processor and a memory, the processor in each respective node being operative to execute program code contained within the respective memory;
program code within said first node memory for receiving a doubly wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with a second encryption key to form a doubly wrapped value;
program code within said first node memory for receiving an integrity verification key securely associated with said doubly wrapped value;
program code within said second node for communicating from said second node to said first node proof that said second node is an authorized decryption agent for said value;
program code within said first node for obtaining a second decryption key associated with said second encryption key, said second decryption key having a predetermined expiration time;
program code within said first node memory for decrypting said doubly wrapped value using said second decryption key to obtain said singly wrapped value in the event said second decryption key has not expired;
program code within said first node memory for verifying said proof at first node using said integrity verification key to ascertain whether said second node is an authorized decryption agent for said value; and
program code within said first node memory for securely communicating said singly wrapped value to said second node in response to verification that said second node is an authorized decryption agent for said value. - View Dependent Claims (31)
-
-
32. A system for performing secure ephemeral communication comprising:
-
first, second and third communicably coupled nodes, each of said nodes including a processor and a memory, the processor in each respective node being operative to execute program code contained within the respective memory;
means associated with said first node for receiving a triply wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with s second encryption key to form a doubly wrapped value, and said doubly wrapped value being encrypted with a third encryption key to form said triply wrapped value;
means associated with said first node for decrypting said triply wrapped value using a third decryption key associated with said third encryption key to obtain said doubly wrapped value;
means associated with said first node memory for securely communicating said doubly wrapped value to said second node;
means associated with said second node for obtaining a second decryption key having a predetermined expiration time, wherein said second decryption key is associated with said second encryption key;
means associated with said second node for decrypting said doubly wrapped value using said second decryption key to obtain said singly wrapped value if said second decryption key has not expired; and
means associated with said second node memory for securely communicating said singly wrapped value to a third node following decryption of said doubly wrapped value. - View Dependent Claims (33, 34, 36)
-
-
35. A system for performing secure ephemeral communication comprising:
-
first and second communicably coupled nodes, said nodes including a processor and a memory, the processor in each respective node being operative to execute program code contained within the respective memory;
means associated with said first node for receiving a doubly wrapped value, said value being encrypted with a first encryption key to form a singly wrapped value, said singly wrapped value being encrypted with a second encryption key to form a doubly wrapped value;
means associated with said first node for receiving an integrity verification key securely associated with said doubly wrapped value;
means associated with said second node for communicating from said second node to said first node proof that said second node is an authorized decryption agent for said value;
means associated with said first node for obtaining a second decryption key associated with said second encryption key, said second decryption key having a predetermined expiration time;
means associated with said first node for decrypting said doubly wrapped value using said second decryption key to obtain said singly wrapped value in the event said second decryption key has not expired;
means associated with said first node for verifying said proof at first node using said integrity verification key to ascertain whether said second node is an authorized decryption agent for said value; and
means associated with said first node for securely communicating said singly wrapped value to said second node in response to verification that said second node is an authorized decryption agent for said value.
-
Specification