Identity-Based Decryption

US 20120254616A1
Filed: 03/29/2012
Published: 10/04/2012
Est. Priority Date: 04/01/2011
Status: Active Grant

First Claim

Patent Images

1. A client node, comprising:

processing logic operable to;

generate a random key;

use said random key to process message content data to generate encrypted message content data; and

use a public key associated with a server node to process said random key and a first set of authentication data associated with a user of a second client node to generate a wrapped key ciphertext;

wherein said processing logic is further operable to;

process said encrypted message content data and said wrapped key ciphertext to generate a message text; and

provide said message text to said second client lode for decryption.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob'"'"'s authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content.

38 Citations

View as Search Results

30 Claims

1. A client node, comprising:
- processing logic operable to;
  
  generate a random key;
  
  use said random key to process message content data to generate encrypted message content data; and
  
  use a public key associated with a server node to process said random key and a first set of authentication data associated with a user of a second client node to generate a wrapped key ciphertext;
  
  wherein said processing logic is further operable to;
  
  process said encrypted message content data and said wrapped key ciphertext to generate a message text; and
  
  provide said message text to said second client lode for decryption.
- View Dependent Claims (5)
- - 5. The client node of claim 1, wherein a user of said client node provides the first set of authentication data to said user of said second client node in one of the set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

2. The client node of claim wherein:
- said second client node receives said message text and processes said message text to provide said wrapped key ciphertext and a second set of authentication data associated with said user of said second client node to said client server;
  
  said server node uses a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and
  
  provide said random key to said second client node if said first set of authentication data matches said second set of authentication data.
- View Dependent Claims (3, 4)
- - 3. The client node of claim 2, wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.
  - 4. The client node of claim 2, wherein said decrypted random key is provided by said server node to said second client node over a secure channel.

6. A method for managing identity-based decryption, comprising:
- using a client node comprising processing logic to;
  
  generate a random key;
  
  use said random key to process message content data to generate encrypted message content data; and
  
  use a public key associated with a server node to process said random key and a first set of authentication data associated with a user of a second client node to generate a wrapped key ciphertext;
  
  wherein said processing logic is further operable to;
  
  process said encrypted message content data and said wrapped key ciphertext to generate a message text; and
  
  provide said message text to said second client node for decryption.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein:
    - said second client node receives said message text and processes said message text to provide said wrapped key ciphertext and a second set of authentication data associated with said user of said second client node to said client server;
      
      said server node uses a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and
      
      provide said random key to said second client node if said first set of authentication data matches said second set of authentication data.
  - 8. The method of claim 7, wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.
  - 9. The method of claim 7, wherein said decrypted random key is provided by said server node to said second client node over a secure channel.
  - 10. The method of claim 6, wherein a user of said client ode provides the first set of authentication data to said user of said second client node in one of the set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

11. A server node, comprising:
- processing logic operable to;
  
  provide a public key associated with said server node to a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising a random key and a first set of authentication data associated with a user of a second client node, said random key generated by said first client node;
  
  receive said wrapped key ciphertext and a second set of authentication data associated with said user of said second node from said second client node;
  
  use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and
  
  provide said random key to said second client node if said first set of authentication data matches said second set of authentication data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The server node of claim 11, wherein said random key was generated by said first client node.
  - 13. The server node of claim 12, wherein said first client node:
    - uses said random key to process message content data to generate encrypted message content data; and
      
      uses said public key to process said random key and said first set of authentication data to generate said wrapped key ciphertext.
  - 14. The server node of claim 13, wherein said first client node:
    - processes said encrypted message content data and said wrapped key ciphertext to generate a message text; and
      
      provides said message text to said second client node for decryption.
  - 15. The server node of claim 11, wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.

16. A method for managing identity-based decryption, comprising:
- using a server node to;
  
  provide a public key associated with said server node to a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising a random key and a first set of authentication data associated with a user of a second client node, said random key generated by said first client node;
  
  receive said wrapped key ciphertext and a second set of authentication data associated with said user of said second node from said second client node;
  
  use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and
  
  provide said random key to said second client node if said first set of authentication data matches said second set of authentication data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein said random key was generated by said first client node.
  - 18. The method of claim 17, wherein said first client node:
    - uses said random key to process message content data to generate encrypted message content data; and
      
      uses said public key to process said random key and said first set of authentication data to generate said wrapped key ciphertext.
  - 19. The method of claim 18, wherein said first client node:
    - processes said encrypted message content data and said wrapped key ciphertext to generate a message text; and
      
      provides said message text to said second client node for decryption.
  - 20. The method of claim 16, wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.

21. A client node, comprising:
- processing logic operable to;
  
  receive a message text from a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data;
  
  provide said wrapped key ciphertext and a first set of authentication data associated with a user of said client node to a server node for processing, said wrapped key ciphertext comprising a random key generated by said second client node and a second set of authentication data associated with said client node encrypted with a public key associated with said server node;
  
  receive said random key in decrypted form from said server node if said first set of authentication data matches said second set of authentication data.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The client node of claim 21, wherein said second client node uses a public key corresponding to said private key to generate said wrapped key ciphertext.
  - 23. The client node of claim 21, wherein said client node uses said decrypted random key to decrypt said encrypted message content data.
  - 24. The client node of claim 22, wherein said decrypted random key is provided by said server node to said client node over a secure channel.
  - 25. The client node of claim 21, wherein a user of said second client node provides the second set of authentication data to said user of said client node in one of the set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

26. A method for managing identity-based decryption, comprising:
- using a client node to;
  
  receive a message text from a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data;
  
  provide said wrapped key ciphertext and a first set of authentication data associated with a user of said client node to a server node for processing, said wrapped key ciphertext comprising a random key generated by said second client node and a second set of authentication data associated with said client node encrypted with a public key associated with said server node;
  
  receive said random key in decrypted form from said server node if said first set of authentication data matches said second set of authentication data.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26, wherein said second client node uses a public key corresponding to said private key to generate said wrapped key ciphertext.
  - 28. The method of claim 26, wherein said client node uses said decrypted random key to decrypt said encrypted message content data.
  - 29. The method of claim 27, wherein said decrypted random key is provided by said server node to said client node over a secure channel.
  - 30. The method of claim 26, wherein a user of said second client node provides the second set of authentication data to said user of said client node in one of the set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Brown, Daniel R.L.

Granted Patent

US 9,490,974 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3073   involving pairings, e.g. id...

Identity-Based Decryption

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-Based Decryption

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links