Methods and apparatus for secure data sharing
First Claim
1. A communication method comprising:
- receiving from a first client a communication request that includes an encrypted conversation, a first key, and authentication bits, the communication request requesting that a host server sends the encrypted conversation and a decryption key for the encrypted conversation to a second client, wherein the first key is the decryption key that has been encrypted using a first public key associated with a first user at the first client;
in order to retrieve the decryption key from the first key,retrieving, at the host server, an encrypted secret key associated with the first user;
decrypting the encrypted secret key using the authentication bits included in the communication request received from the first user, thereby retrieving a secret key associated with the first user;
retrieving, at the host server, an encrypted private key associated with the first user;
decrypting the encrypted private key using the secret key associated with the first user, thereby retrieving a private key associated with the first user;
decrypting the first key using the private key associated with the first user, thereby retrieving the decryption key;
encrypting the decryption key using a second public key associated with a second user at the second client to generate a second key; and
sending to the second client the encrypted conversation and the second key.
5 Assignments
0 Petitions
Accused Products
Abstract
This disclosure relates to methods and apparatus for securely and easily sharing data over a communications network. As communications services on a communications network are continuously becoming cheaper, faster, and easier to use, more users are becoming receptive to the idea of sharing data over the communications network. However, although E-mails and web folders, to a certain degree, provide easy-to-use or secure data sharing mechanisms, none of the existing data sharing methods is both easy-to-use and highly secure. This disclosure provides methods and apparatus for easily and securely sharing data over a communications network.
109 Citations
24 Claims
-
1. A communication method comprising:
-
receiving from a first client a communication request that includes an encrypted conversation, a first key, and authentication bits, the communication request requesting that a host server sends the encrypted conversation and a decryption key for the encrypted conversation to a second client, wherein the first key is the decryption key that has been encrypted using a first public key associated with a first user at the first client; in order to retrieve the decryption key from the first key, retrieving, at the host server, an encrypted secret key associated with the first user; decrypting the encrypted secret key using the authentication bits included in the communication request received from the first user, thereby retrieving a secret key associated with the first user; retrieving, at the host server, an encrypted private key associated with the first user; decrypting the encrypted private key using the secret key associated with the first user, thereby retrieving a private key associated with the first user; decrypting the first key using the private key associated with the first user, thereby retrieving the decryption key; encrypting the decryption key using a second public key associated with a second user at the second client to generate a second key; and sending to the second client the encrypted conversation and the second key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
an interface that is configured to provide communication with a first client and a second client; a memory that is configured to maintain an encrypted private key and an encrypted secret key associated with the first client, wherein the encrypted private key is derived from encrypting a private key of the first client with a secret key of the first client, and wherein the encrypted secret key is derived from encrypting the secret key using authentication bits of the first client; a module that is configured to receive an encrypted conversation, an encrypted decryption key, and authentication bits associated with the first client, the module configured to retrieve a decryption key for the encrypted conversation by retrieving the secret key from the encrypted secret key using the authentication bits, by retrieving the private key from the encrypted private key using the secret key, and by decrypting the encrypted decryption key using the private key, the module further configured to generate a second key by encrypting the decryption key using a second public key associated with a second user at the second client, and to send to the second client the encrypted conversation and the second key. - View Dependent Claims (15, 16, 17)
-
-
18. Logic encoded on one or more tangible media for execution and when executed operable to:
-
receive a communication request that includes an encrypted conversation, a first key, and authentication bits, the communication request requesting that a host server sends the encrypted conversation and a decryption key for the encrypted conversation to a second client, wherein the first key is the decryption key that has been encrypted using a first public key associated with a first user at the first client; in order to retrieve the decryption key from the first key, retrieve an encrypted secret key associated with the first user; decrypt the encrypted secret key using the authentication bits included in the communication request received from the first user, thereby retrieving a secret key associated with the first user; retrieve an encrypted private key associated with the first user; decrypt the encrypted private key using the secret key associated with the first user, thereby retrieving a private key associated with the first user; decrypt the first key using the private key associated with the first user, thereby retrieving the decryption key; encrypt the decryption key using a second public key associated with a second user at the second client to generate a second key; and send to the second client the encrypted conversation and the second key. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification