System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added

US 20150312233A1
Filed: 03/18/2014
Published: 10/29/2015
Est. Priority Date: 04/30/2010
Status: Active Grant

First Claim

Patent Images

1. A system of communication comprising:

a client app, a user facing domain, a key escrow domain, and an inviter-invitee protocol wherein the user facing domain securely relates to multiple parties via the client app and the key escrow domain authenticates secure lines of communication amongst the parties;

the said client app in claim 1 consisting of but not limited to a local key store module and a digital identity token;

the said user facing domain in claim 1 consisting of but not limited to a login interface on a server, hardware security module (hsm) and lightweight directory access protocol application (ldap) on a server;

the said key escrow domain consisting of consisting a registration authority, certificate authority, attribute authority (each installed on a server) and hardware security module (hsm);

the said initiation protocol in claim 1 consisting of multiple steps but not limited to sending an invitation, receiving the invitation, downloading the client app, installation and registration, authentication, and single or multiple key requests, creation, and exchanges;

the said invitation consisting of, but not limited to, a client app with digital identity token, e-mail address, designated attributes, authentication question, answer to authentication question, and a cryptographic digital signature.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.

137 Citations

3 Claims

1. A system of communication comprising:
- a client app, a user facing domain, a key escrow domain, and an inviter-invitee protocol wherein the user facing domain securely relates to multiple parties via the client app and the key escrow domain authenticates secure lines of communication amongst the parties;
  
  the said client app in claim 1 consisting of but not limited to a local key store module and a digital identity token;
  
  the said user facing domain in claim 1 consisting of but not limited to a login interface on a server, hardware security module (hsm) and lightweight directory access protocol application (ldap) on a server;
  
  the said key escrow domain consisting of consisting a registration authority, certificate authority, attribute authority (each installed on a server) and hardware security module (hsm);
  
  the said initiation protocol in claim 1 consisting of multiple steps but not limited to sending an invitation, receiving the invitation, downloading the client app, installation and registration, authentication, and single or multiple key requests, creation, and exchanges;
  
  the said invitation consisting of, but not limited to, a client app with digital identity token, e-mail address, designated attributes, authentication question, answer to authentication question, and a cryptographic digital signature.
- View Dependent Claims (2, 3)
- - 2. A method of secure communication based on the system of communication in claim 1 wherein a persistent, yet revocable, a secure line of communication is established and authenticated;
    - the said method in claim 2 wherein the secure line of communication is established by the said invitation protocol in claim 1.
  - 3. The said method in claim 2 whereby a user on an electronic device has the ability to install an application that:
    - creates a set of public and private encryption keys for;
      
      encrypting and decrypting documents, digital signing and other purposes;
      
      allows a first user to invite a second user using a second electronic device to share a communication line with the first user on the first user'"'"'s electronic device;
      
      provides a method whereby the second user may respond to the invitation of the first user and install a comparable application on the second user'"'"'s electronic device and thereafter have a comparable set of public and private encryption keys on that electronic device;
      
      the invitation a method that will include authentication steps that the second user must comply with in a specified method on his electronic device so that the identify of the second user, together with the associated installation of the application on his specific electronic device together with that specific electronic device are all linked together in such a manner that the first user can be assured by the server of the trusted third party that provided and monitored the installation and authentication of the app on the physical electronic device controlled by the second user confirms this described association through this method;
      
      such that the public encryption key of each user is made available to the other user'"'"'s application in a manner in which the authenticity of the keys is assured by the server of the trusted third party that provided the app to each party;
      
      such that by relying on the representation and authentication provided through the server of the trusted third party that the parties can thereafter use encryption capabilities of the app to first encrypt a digital asset on one electronic device with a symmetric encryption key followed by the encryption of that symmetric encryption key using the public encryption key known to be that of the other user, followed by having the ability to transfer (in any manner selected by the originating user) both the encrypted digital asset together with the symmetric encryption key which has been encrypted using the public encryption of the second usersuch that the second user, upon receipt of these two will be able to use his private key to decrypt the symmetric key and thereafter decrypt the encrypted digital asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Central, Inc.
Original Assignee
T-Central, Inc.
Inventors
Kravitz, David W., Graham, Donald Houston III, Boudett, Josselyn, Dietz, Russell S.

Granted Patent

US 9,270,663 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/53   using third party service p...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

3 Claims

Specification

Use Cases

Quick Links

Others

System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

3 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others