Ephemeral decryptability
First Claim
1. A method of supporting data encryption, comprising:
- indicating to a first party at least one expiration time, said indicating of said at least one expiration time performed by a second party;
providing, by said first party, at least one encryption key associated with said expiration time to said second party;
receiving data encrypted by said second party using said encryption key;
decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
destroying, by said first party, said decryption key associated with said encryption key at said expiration time.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for a user to encrypt data in a way that ensures the data cannot be decrypted after a finite period. A number of ephemeral encryption keys are established by a first party, each of which will be destroyed at an associated time in the future (the “expiration time”). A second party selects or requests one of the ephemeral encryption keys for encrypting a message. The first party provides an ephemeral encryption key to the second party. Subsequently, the first party decrypts at least a portion of the message, using an ephemeral decryption key associated with the ephemeral encryption key provided to the second party. At the expiration time, the first party destroys all copies of at least the ephemeral decryption key, thus rendering any messages encrypted using the ephemeral encryption key permanently undecipherable. In an alternative embodiment, a number of ephemeral key servers provide a respective number of ephemeral encryption keys having associated expiration times. A party wishing to transmit an ephemeral message uses the provided ephemeral encryption keys to encrypt at least a portion of the message. The receiver of the message uses at least a subset of the ephemeral key servers to decrypt at least a portion of the encrypted message. At the expiration time(s), at least one of the ephemeral key servers permanently destroys at least one of the decryption keys associated with the provided ephemeral encryption keys.
-
Citations
66 Claims
-
1. A method of supporting data encryption, comprising:
-
indicating to a first party at least one expiration time, said indicating of said at least one expiration time performed by a second party;
providing, by said first party, at least one encryption key associated with said expiration time to said second party;
receiving data encrypted by said second party using said encryption key;
decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
destroying, by said first party, said decryption key associated with said encryption key at said expiration time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
9. A method of supporting data encryption, comprising:
-
providing, by a first party, at least one encryption key associated with an expiration time to a second party;
receiving data encrypted by said second party using said encryption key, wherein said encrypted data includes at least a portion of an electronic mail message;
decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
destroying, by said first party, said decryption key associated with said encryption key at said expiration time.
-
-
25. A computer program product including a computer readable medium, said computer readable medium having a data encryption computer program stored thereon, said data encryption computer program comprising:
-
program code for indicating to a first party at least one expiration time, said indicating of said at least one expiration time by a second party;
program code for providing, by said first party, at least one encryption key associated with an expiration time to said second party;
program code for receiving data encrypted by said second party using said encryption key;
program code for decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
program code for destroying, by said first party, said decryption key associated with said encryption at said expiration time.
-
-
26. A computer data signal embodied in a carrier wave, said computer data signal including a computer program for providing data encryption, said data encryption computer program comprising:
-
program code for indicating to a first party at least one expiration time, said indicating of said at least one expiration time by a second party;
program code for providing, by said first party, at least one encryption key associated with an expiration time to said second party;
program code for receiving data encrypted by said second party using said encryption key;
program code for decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
program code for destroying, by said first party, said decryption key associated with said encryption at said expiration time.
-
-
27. A method of encrypting data to be passed from a first party to a second party, comprising:
-
indicating at least one expiration time, said indicating of said at least one expiration time by said first party;
providing a plurality of encryption keys to said first party, each of said plurality of encryption keys associated with at least one of a plurality of encryption key servers, each of said plurality of encryption keys having an associated decryption key and an associated expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party;
successively encrypting said data, by said first party, using each one of said plurality of encryption keys;
decrypting, at least in part, said encrypted data, by at least a subset of said plurality of encryption key servers, using at least an associated subset of said decryption keys associated with said encryption keys; and
destroying at least one of said plurality of encryption keys by at least an associated one of said plurality of encryption key servers.
-
-
28. A computer program product including a computer readable medium, said computer readable medium having a data encryption computer program stored thereon, said data encryption computer program comprising:
-
program code for indicating at least one expiration time, said indicating of said at least one expiration time by said first party;
program code for providing a plurality of encryption keys to said first party, each of said plurality of encryption keys associated with at least one of a plurality of encryption key servers, each of said plurality of encryption keys having an associated decryption key and an associated expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party;
program code for encrypting said data, by said first party, using each one of said plurality of encryption keys;
program code for decrypting, at least in part, said encrypted data, by at least a subset of said plurality of encryption key servers, using at least an associated subset of said decryption keys associated with said encryption keys; and
program code for destroying at least one of said plurality of encryption keys by at least an associated one of said plurality of encryption key servers.
-
-
29. A computer data signal embodied in a carrier wave, said computer data signal including a computer program for providing data encryption, said data encryption computer program comprising:
-
program code for indicating at least one expiration time, said indicating of said at least one expiration time by said first party;
program code for providing a plurality of encryption keys to said first party, each of said plurality of encryption keys associated with at least one of a plurality of encryption key servers, each of said plurality of encryption keys having an associated decryption key and an associated expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party;
program code for encrypting said data, by said first party, using each one of said plurality of encryption keys;
program code for decrypting, at least in part, said encrypted data, by at least a subset of said plurality of encryption key servers, using at least an associated subset of said decryption keys associated with said encryption keys; and
program code for destroying at least one of said plurality of encryption keys by at least an associated one of said plurality of encryption key servers.
-
-
30. A method of encrypting data to be passed from a first party to a second party, comprising:
-
indicating at least one expiration time, said indicating of said at least one expiration time by said first party;
providing a plurality of N encryption keys to said first party, each of said plurality of N encryption keys associated with a respective one of a plurality of N encryption key servers, each of said plurality of N encryption keys having an associated decryption key and an associated expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party;
encrypting said data, by said first party, using each one of said plurality of N encryption keys, said encryption performed such that at least K of said associated decryption keys are required to decrypt said data, where K is less than N;
decrypting said encrypted data using less than N, but at least K of said plurality of N encryption key servers, using at least K of said associated decryption keys; and
destroying said associated decryption keys by said plurality of N encryption servers at said associated expiration time.
-
-
31. A method of encrypting data to be passed from a first party to a second party, comprising:
-
indicating at least one expiration time, said indicating of said at least one expiration time by said first party;
encrypting said data in a plurality of encryption stages, using a respective set of one or more encryption key servers at each one or said plurality of encryption stages, wherein each encryption key server provides an encryption key associated with a decryption key and an expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party, and wherein said data is encrypted in at least one of said plurality of encryption stages such that less than all of the associated decryption keys of the encryption key servers in the respective encryption key server set are necessary to decrypt said data at that one of said plurality of encryption stages;
decrypting, at least in part, said encrypted data, using less than all of said encryption key servers in said encryption key server set associated with said at least one of said plurality of encryption stages; and
destroying said associated decryption keys by said encryption key servers at said associated expiration time.
-
-
32. A method of supporting data encryption, comprising:
-
receiving an indication of an expiration time from a remote system;
providing, to said remote system, at least one encryption key associated with an expiration time, wherein said associated expiration time is equal to said expiration time received from said remote system;
receiving data encrypted using said encryption key;
decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
destroying said decryption key associated with said encryption at said expiration time. - View Dependent Claims (33, 34, 35, 36, 37, 38, 41, 42, 43, 44)
-
-
39. A method of supporting data encryption, comprising:
-
providing at least one encryption key associated with an expiration time;
receiving data encrypted using said encryption key, wherein said encrypted data includes at least a portion of an electronic mail message;
decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
destroying said decryption key associated with said encryption at said expiration time.
-
-
40. A method of supporting data encryption, comprising:
-
providing at least one encryption key associated with an expiration time;
receiving data encrypted using said encryption key, wherein said encrypted data includes at least a portion of a file;
decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
destroying said decryption key associated with said encryption at said expiration time.
-
-
45. A method of supporting data encryption between a first party and a remote second party, comprising:
-
indicating, by said first party to said second party, at least one expiration time;
obtaining, from said second party, an encryption key associated with an expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party, said expiration time indicating a time at which a decryption key associated with said encryption key will be destroyed;
encrypting data using said encryption key; and
transmitting said encrypted data to said second party prior to said expiration time. - View Dependent Claims (46, 47, 48, 49, 50, 55, 56, 57, 60)
-
-
51. A method of supporting data encryption comprising:
-
obtaining an encryption key associated with an expiration time, said expiration time indicating a time at which a decryption key associated with said encryption key will be destroyed, wherein said encryption key is a public key of an encryption key pair, said encryption key pair further including a private key, and wherein said decryption key is the same as said private key wherein said encryption key pair is one of a plurality of encryption key pairs, each of said plurality of encryption key pairs including a public and a private key, each of said encryption key pairs associated with a respective expiration time, and wherein said obtaining further comprises selecting one of said encryption key pairs, said selected one of said encryption key pairs including a public key equal to said encryption key, and said selected one of said encryption key pairs having a respective expiration time equal to said expiration time associated with said encryption key;
encrypting data using said encryption key; and
transmitting said encrypted data to a second party prior to said expiration time. - View Dependent Claims (54, 58, 59)
-
-
52. A method of supporting data encryption comprising:
-
obtaining an encryption key associated with an expiration time, said expiration time indicating a time at which a decryption key associated with said encryption key will be destroyed;
encrypting data using said encryption key wherein said encrypted data includes at least a portion of an electronic mail message; and
transmitting said encrypted data to a second party prior to said expiration time.
-
-
53. A method of supporting data encryption comprising:
-
obtaining an encryption key associated with an expiration time, said expiration time indicating a time at which a decryption key associated with said encryption key will be destroyed;
encrypting data using said encryption key wherein said encrypted data includes at least a portion of an electronic mail message; and
transmitting said encrypted data to a second party prior to said expiration time.
-
-
61. A system for supporting data encryption, comprising:
-
means for indicating to a first party at least one expiration time, wherein said indicating is by a remote second party;
means for providing, by said first party, at least one encryption key associated with an expiration time to said second party, wherein said associated expiration time is equal to said indicated expiration time;
means for receiving data encrypted by said second party using said encryption key;
means for decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
means for destroying, by said first party, said decryption key associated with said encryption at said expiration time.
-
-
62. A system for encrypting data to be passed from a first party to a remote second party, comprising:
-
means for indicating to said second party at least one expiration time, said indicating of said at least one expiration time by said first party, wherein said indicating is by said first party;
means for providing a plurality of encryption keys to said first party, each of said plurality of encryption keys associated with at least one of a plurality of encryption key servers, each of said plurality of encryption keys having an associated decryption key and an associated expiration time, wherein said associated expiration time is equal to said indicated expiration time;
means for successively encrypting said data, by said first party, using each one of said plurality of encryption keys;
means for decrypting, at least in part, said encrypted data, by at least a subset of said plurality of encryption key servers, using at least an associated subset of said decryption keys associated with said encryption keys; and
means for destroying at least one of said plurality of encryption keys by at least an associated one of said plurality of encryption key servers.
-
-
63. A system for encrypting data to be passed from a first party to a second party, comprising:
-
means for indicating to said second party at least one expiration time, wherein said indicating is by said first party;
means for providing a plurality of N encryption keys to said first party, each of said plurality of N encryption keys associated with a respective one of a plurality of N encryption key servers, each of said plurality of N encryption keys having an associated decryption key and an associated expiration time, wherein said associated expiration time is equal to said expiration time indicated by said first party;
means for encrypting said data, by said first party, using each one of said plurality of N encryption keys, said encryption performed such that at least K of said associated decryption keys are required to decrypt said data, where K is less than N;
means for decrypting said encrypted data using less than N, but at least K of said plurality of N encryption key servers, using at least K of said associated decryption keys; and
means for destroying said associated decryption keys by said plurality of N encryption servers at said associated expiration time.
-
-
64. A system for encrypting data to be passed from a first party to a second party, comprising:
-
means for indicating at least one expiration time, wherein said indicating is by said first party;
means for encrypting said data in a plurality of encryption stages, using a respective set of one or more encryption key servers at each one or said plurality of encryption stages, wherein each encryption key server provides an encryption key associated with a decryption key and an expiration time, wherein said associated expiration is equal to said expiration time indicated by said first party, and wherein said data is encrypted in at least one of said plurality of encryption stages such that less than all of the associated decryption keys of the encryption key servers in the respective encryption key server set are necessary to decrypt said data at that one of said plurality of encryption stages;
means for decrypting, at least in part, said encrypted data, using less than all of said encryption key servers in said encryption key server set associated with said at least one of said plurality of encryption stages; and
means for destroying said associated decryption keys by said encryption key servers at said associated expiration time.
-
-
65. A system for supporting data encryption, comprising:
-
means for indicating to a second party at least one expiration time;
means for obtaining, from said second party, an encryption key associated with an expiration time, said expiration time indicating a time at which a decryption key associated with said encryption key will be destroyed;
means for encrypting data using said encryption key; and
means for transmitting said encrypted data to said second party prior to said expiration time.
-
-
66. A system for supporting data encryption, comprising:
-
means for receiving an indication from a remote system of at least one expiration time;
means for providing at least one encryption key associated with said expiration time;
means for receiving data encrypted using said encryption key;
means for decrypting, at least in part, said encrypted data using a decryption key associated with said encryption key; and
means for destroying said decryption key associated with said encryption at said expiration time.
-
Specification