MEDIATED KEY EXCHANGE BETWEEN SOURCE AND TARGET OF COMMUNICATION
First Claim
1. A process for communicating a message securely between a sender-client and a receiver-client, the process comprising:
- at the sender-client, providing a key server with a receiver string specifying one or more attributes of the receiver-client;
at said key server, obtaining a first private value (a) corresponding with a first public value (A), obtaining a second public value (B) of an authentication server corresponding with a second private value (b) of said authentication server, obtaining a message key, calculating a hash (h) of said receiver string, calculating an envelope decryption key (d), wherein d=gˆ
{Bah mod p} mod q in which g is a generator of and p and q are prime numbers in a group in which calculation is performed, calculating an envelope encryption key (e), wherein e=gd mod p, encrypting said message key with said envelope encryption key (e), thereby creating the envelope; and
providing said envelope to the sender-client;
at the sender-client, encrypting the message into a secure message with said message key, and providing said secure message and said envelope to the receiver-client;
at the receiver-client, accepting said secure message and said envelope, and asking said authentication server for said envelope decryption key (a);
at said authentication server, obtaining said first public value (A) of said key server, calculating said envelope decryption key (d), wherein d=gˆ
{Abh mod p} mod q, and providing said envelope decryption key (d) to the receiver-client; and
at the receiver-client, decrypting said envelope with said envelope decryption key (d) into said message key, and decrypting said secure message with said message key into the message.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for communicating a message securely between a sender and a receiver. The sender provides a key server with a string specifying the receiver. The key server obtains a message key and a particular envelope encryption key corresponding with a particular envelope decryption key, encrypts the message key with the envelope encryption key (creating the envelope), and provides the envelope to the sender-client. The sender-client encrypts the message with the message key and provides it and the envelope to the receiver. The receiver-client receives these and asks an authentication server for the envelope decryption key. The authentication server obtains the envelope decryption key and provides it to the receiver. The receiver then decrypts the envelope with the envelope decryption key, to get the message key, and decrypts the message.
29 Citations
27 Claims
-
1. A process for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
at the sender-client, providing a key server with a receiver string specifying one or more attributes of the receiver-client;
at said key server, obtaining a first private value (a) corresponding with a first public value (A), obtaining a second public value (B) of an authentication server corresponding with a second private value (b) of said authentication server, obtaining a message key, calculating a hash (h) of said receiver string, calculating an envelope decryption key (d), wherein d=gˆ
{Bah mod p} mod q in which g is a generator of and p and q are prime numbers in a group in which calculation is performed, calculating an envelope encryption key (e), wherein e=gd mod p, encrypting said message key with said envelope encryption key (e), thereby creating the envelope; and
providing said envelope to the sender-client;
at the sender-client, encrypting the message into a secure message with said message key, and providing said secure message and said envelope to the receiver-client;
at the receiver-client, accepting said secure message and said envelope, and asking said authentication server for said envelope decryption key (a);
at said authentication server, obtaining said first public value (A) of said key server, calculating said envelope decryption key (d), wherein d=gˆ
{Abh mod p} mod q, and providingsaid envelope decryption key (d) to the receiver-client; and
at the receiver-client, decrypting said envelope with said envelope decryption key (d) into said message key, and decrypting said secure message with said message key into the message.
-
-
2. A process for making an envelope encryption key (e) that corresponds with an envelope decryption key (d), for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
selecting a generator (g) of a group in which calculation is performed;
selecting a prime number (p) in said group;
calculating e=gd mod p. - View Dependent Claims (3, 4)
-
-
5. A process for making an envelope decryption key (d) that corresponds with an envelope encryption key (e), for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
obtaining a hash (h) of a receiver string specifying one or more attributes of the receiver-client;
obtaining a public value (A) of a party that created the envelope encryption key (e); and
calculating d=gˆ
{Abh mod p} mod q, wherein b is a private value and g is a generator of and pand qare prime numbers in a group in which calculation is performed. - View Dependent Claims (6)
-
-
7. A process for making an envelope for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
obtaining a message key;
obtaining an envelope encryption key (e) corresponding with an envelope decryption key (d), wherein e=gd mod p in which g is a generator of and p is a prime number in a group in which calculation is performed; and
encrypting said message key with said envelope encryption key (e), thereby creating the envelope. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A process for a sender-client to encrypt a message for a receiver-client, the process comprising:
-
obtaining a message key;
obtaining an envelope containing said message key encrypted with an envelope encryption key (e) corresponding with an envelope decryption key (a), wherein e=gd mod p in which g is a generator of and p is a prime number in a group in which calculation is performed; and
encrypting the message into a secure message with said message key. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A process for a receiver-client to decrypt a message, the process comprising:
-
obtaining a secure message including the message in encrypted form;
obtaining an envelope including a message key to decrypt said secure message, wherein said envelope has been encrypted with an envelope encryption key (e) corresponding with an envelope decryption key (d);
obtaining said envelope decryption key (d), wherein d=gˆ
{Abh mod p} mod q in which A is a public value of a first party that created e, b is a private value of a second party that is providing d, h is a hash of a receiver string specifying one or more attributes of the receiver-client, and g is a generator of and p and q are prime numbers in a group in which calculation is performed;
decrypting said envelope with said envelope decryption key (d) into said message key; and
decrypting said secure message with said message key into the message. - View Dependent Claims (20, 21, 22)
-
- 23. A computer program, embodied on a computer readable storage medium, for making an envelope encryption key (e) that corresponds with an envelope decryption key (d), for communicating a message securely between a sender-client and a receiver-client, the computer program comprising a code segment that calculates the envelope encryption key (e) such that e=gd mod p in which g is a generator of and p is a prime number in a group in which calculation is performed.
-
25. A computer program, embodied on a computer readable storage medium, for making an envelope decryption key (d) that corresponds with an envelope encryption key (e), for communicating a message securely between a sender-client and a receiver-client, the computer program comprising:
-
a code segment that obtains a hash (h) of a receiver string specifying one or more attributes of the receiver-client;
a code segment that obtains a public value (A) of a party that created the envelope encryption key (e); and
a code segment that calculates d=gˆ
{Abh mod p} mod q, wherein b is a private value and g is a generator of and p and q are prime numbers in a group in which calculation is performed.
-
-
26. A computer program, embodied on a computer readable storage medium, for making an envelope for communicating a message securely between a sender-client and a receiver-client, the computer program comprising:
-
a code segment that obtains a message key;
a code segment that obtains an envelope encryption key (e) corresponding with an envelope decryption key (d), wherein e=gd mod p in which g is a generator of and p is a prime number in a group in which calculation is performed; and
a code segment that encrypts said message key with said envelope encryption key (e), thereby creating the envelope. - View Dependent Claims (27)
-
Specification