Public Key Encryption Algorithms for Hard Lock File Encryption

US 20150124961A1
Filed: 11/06/2013
Published: 05/07/2015
Est. Priority Date: 11/06/2013
Status: Active Grant

First Claim

Patent Images

1. An encryption method comprising:

encrypting, by operation of a computing device, a first portion of a message using a first secret key, the first secret key being generated based on a public key of an entity;

using a one-way function to generate a second secret key from the first secret key;

discarding the first secret key; and

encrypting, by operation of the computing device, a second portion of the message using the second secret key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

31 Citations

View as Search Results

18 Claims

1. An encryption method comprising:
- encrypting, by operation of a computing device, a first portion of a message using a first secret key, the first secret key being generated based on a public key of an entity;
  
  using a one-way function to generate a second secret key from the first secret key;
  
  discarding the first secret key; and
  
  encrypting, by operation of the computing device, a second portion of the message using the second secret key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the one-way function comprises at least one of a hash function or a key derivation function, the one-way function produces one or more outputs comprising the second secret key, and the one-way function operates on one or more inputs comprising the first secret key.
  - 3. The method of claim 2, wherein the one or more outputs further comprise at least one of an initialization vector or a key to be used in a message authentication code.
  - 4. The method of claim 1, comprising using an iterative algorithm to encrypt the message, wherein the iterative algorithm comprises, on each respective iteration:
    - accessing a current portion of the message to be encrypted by the current iteration of the iterative algorithm;
      
      encrypting the current portion of the message using a current secret key generated for the current iteration;
      
      using a one-way function and the current secret key to generate a subsequent secret key for a subsequent iteration of the iterative algorithm; and
      
      discarding the current secret key before the subsequent iteration.
  - 5. The method of claim 4, wherein the iterative algorithm comprises, on each respective iteration:
    - incrementing a counter to a new value for the current iteration; and
      
      using the new value of the counter as an input to the one-way function.
  - 6. The method of claim 1, comprising:
    - generating a shared secret based on the public key of the entity and an ephemeral private key;
      
      using a key derivation function to generate the first secret key from the shared secret;
      
      using the key derivation function to generate the second secret key from the first secret key;
      
      providing an ephemeral public key associated with the ephemeral private key to the entity; and
      
      providing the encrypted first portion of the message and the encrypted second portion of the message to the entity.
  - 7. The method of claim 6, comprising:
    - generating multiple distinct secret keys from the ephemeral private key; and
      
      using each distinct secret key to encrypt respective, distinct portions of the message.
  - 8. The method of claim 1, wherein generating the first secret key based on the public key of the entity consumes more computational resources than using the one-way function to generate the second secret key from the first secret key.

9. A non-transitory computer-readable medium comprising instructions that are operable when executed by data processing apparatus to perform operations comprising:
- encrypting a first portion of a message using a first secret key generated from a shared secret;
  
  using a one-way function to generate a second secret key from the first secret key;
  
  discarding the first secret key;
  
  encrypting a second portion of the message using the second secret key;
  
  providing the encrypted first and second portions of the message to an entity; and
  
  providing the shared secret to the entity using a public key of the entity.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer-readable medium of claim 9, wherein the one-way function comprises at least one of a hash function or a key derivation function, the one-way function produces one or more outputs comprising the second secret key, and the one-way function operates on one or more inputs comprising the first secret key.
  - 11. The computer-readable medium of claim 9, the operations comprising using an iterative algorithm to encrypt the message, wherein the iterative algorithm comprises, on each respective iteration:
    - accessing a current portion of the message to be encrypted by the current iteration of the iterative algorithm;
      
      encrypting the current portion of the message using a current secret key generated for the current iteration;
      
      using a one-way function and the current secret key to generate a subsequent secret key for a subsequent iteration of the iterative algorithm; and
      
      discarding the current secret key before the subsequent iteration.
  - 12. The computer-readable medium of claim 9, wherein the shared secret is generated based on the public key of the entity and an ephemeral private key, and providing the shared secret to the entity comprises providing an ephemeral public key associated with the ephemeral private key to the entity.
  - 13. The computer-readable medium of claim 9, wherein providing the shared secret to the entity comprises:
    - encrypting the shared secret using the public key of the entity; and
      
      providing the encrypted shared secret to the entity.

14. A device comprising:
- one or more processors operable to decrypt an encrypted message by performing operations comprising;
  
  accessing an encrypted message, the encrypted message having been encrypted using multiple secret keys based on a public key of an entity;
  
  generating a first secret key based on an ephemeral public key and a private key of the entity;
  
  decrypting a first portion of the message using the first secret key;
  
  using a one-way function to generate a second secret key from the first secret key; and
  
  decrypting a second portion of the message using the second secret key.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The device of claim 14, wherein the one-way function comprises at least one of a hash function or a key derivation function, the one-way function produces one or more outputs comprising the second secret key, and the one-way function operates on one or more inputs comprising the first secret key.
  - 16. The device of claim 14, the operations comprising using an iterative algorithm to decrypt the message, wherein the iterative algorithm comprises, on each respective iteration:
    - accessing a current portion of the message to be decrypted by the current iteration of the iterative algorithm;
      
      decrypting the current portion of the message using a current secret key generated for the current iteration of the iterative algorithm;
      
      using a one-way function and the current secret key to generate a subsequent secret key for a subsequent iteration; and
      
      discarding the current secret key before the subsequent iteration.
  - 17. The device of claim 14, the operations comprising:
    - generating a shared secret based on the private key of the entity and the ephemeral public key;
      
      using a key derivation function to generate the first secret key from the shared secret; and
      
      using the key derivation function to generate the second secret key from the first secret key.
  - 18. The device of claim 14, the operations comprising:
    - generating multiple distinct secret keys from the ephemeral public key; and
      
      using each distinct secret key to decrypt respective, distinct portions of the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited, Certicom Corporation (Blackberry Limited)
Inventors
Lambert, Robert John, Brown, Daniel Richard L., Yamada, Atsushi

Granted Patent

US 9,178,699 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/3066   involving algebraic varieti...

H04L 9/3242   involving keyed hash functi...

Public Key Encryption Algorithms for Hard Lock File Encryption

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Public Key Encryption Algorithms for Hard Lock File Encryption

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others