Method and system for secure key exchange

US 6,898,288 B2
Filed: 05/23/2002
Issued: 05/24/2005
Est. Priority Date: 10/22/2001
Status: Active Grant

First Claim

Patent Images

1. A method for secure transmission of a data message between a sender and a receiver, the method comprising:

locking, at the sender, the data message using a first lock;

prior to locking the data message at the sender, encoding the data message, said encoding including partitioning the data message into partition blocks and encoding each partition block by performing one or more operations selected from the set comprising;

rearranging data within the block when the partition block matches a first predefined data pattern, expanding the partition block by adding one or more predefined data values when the partition block matches a second predefined data pattern, and expanding the partition by adding a data value obtained by performing a mathematical linear operation on one or more data values within the partition block;

transmitting the locked data message to the receiver;

double-locking, at the receiver, the locked data message using a second lock;

transmitting the double-locked data message back to the sender;

unlocking, at the sender, the first lock of the double-locked data message using a first key, leaving the data message single-locked by the second lock;

transmitting the single-locked data message back to the receiver; and

unlocking, at the receiver, the second lock of the single-locked data message using a second key to generate the data message;

wherein the locking and unlocking at the sender comprise mathematical linear computations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure transmission of a data message locks, at the sender, the data message using a first lock. The locked data message is transmitted to the receiver. Next, the locked data message is double-locked, at the receiver, using a second lock. Then, this double-locked data message is transmitted back to the sender. The first lock of the double-locked data message is then unlocked, at the sender, using a first key, leaving the data message single-locked by the second lock. The single-locked data message is transmitted back to the receiver, where the second lock of the single-locked data message is unlocked, using a second key, to generate the data message, completing the secure transmission.

48 Citations

View as Search Results

43 Claims

1. A method for secure transmission of a data message between a sender and a receiver, the method comprising:
- locking, at the sender, the data message using a first lock;
  
  prior to locking the data message at the sender, encoding the data message, said encoding including partitioning the data message into partition blocks and encoding each partition block by performing one or more operations selected from the set comprising;
  
  rearranging data within the block when the partition block matches a first predefined data pattern, expanding the partition block by adding one or more predefined data values when the partition block matches a second predefined data pattern, and expanding the partition by adding a data value obtained by performing a mathematical linear operation on one or more data values within the partition block;
  
  transmitting the locked data message to the receiver;
  
  double-locking, at the receiver, the locked data message using a second lock;
  
  transmitting the double-locked data message back to the sender;
  
  unlocking, at the sender, the first lock of the double-locked data message using a first key, leaving the data message single-locked by the second lock;
  
  transmitting the single-locked data message back to the receiver; and
  
  unlocking, at the receiver, the second lock of the single-locked data message using a second key to generate the data message;
  
  wherein the locking and unlocking at the sender comprise mathematical linear computations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the secure transmission of the data message occurs without a public key exchange.
  - 3. The method of claim 1, wherein the data message unlocked at the receiver is identical to the data message prior to locking at the sender.
  - 4. The method of claim 3, wherein the encoding utilizes a code table.
  - 5. The method of claim 3, further comprising, subsequent to unlocking the second lock of the single-locked and encoded data message, decoding the encoded data message to generate the data message.
  - 6. The method of claim 1, further comprising transmitting from the sender to the receiver a computer program capable of performing the double-locking of the locked data message, and the unlocking of the second lock of the single-locked data message, at the receiver.
  - 7. The method of claim 6, wherein the computer program is a Java applet.
  - 8. The method of claim 1, further comprising transmitting from the receiver to the sender a computer program capable of performing the locking of the data message, and the unlocking of the first lock of the double-locked data message, at the sender.
  - 9. The method of claim 8, wherein the computer program is a Java applet.
  - 10. The method of claim 1, wherein the data message is a secret key.
  - 11. The method of claim 1, wherein the data message is a digital signature.
  - 12. The method of claim 1, wherein the data message is a digital envelope.

13. A method for secure key exchange between a sender and a receiver, the method comprising:
- generating a plurality of sender lock-key pairs for the sender and a plurality of receiver lock-key pairs for the receiver;
  
  encrypting, at the sender, a secret key to be transmitted from the sender to the receiver, using one or more locks of the plurality of sender lock-key pairs;
  
  transmitting the sender-encrypted secret key to the receiver;
  
  encrypting, at the receiver, the sender-encrypted secret key using one or more locks of the plurality of receiver lock-key pairs;
  
  transmitting the receiver- and sender-encrypted secret key back to the sender;
  
  decrypting, at the sender, the sender-encrypted portion of the receiver- and sender-encrypted secret key, using one or more keys of the plurality of sender lock-key pairs, leaving the secret key receiver-encrypted;
  
  transmitting the receiver-encrypted secret key back to the receiver;
  
  decrypting, at the receiver, the receiver-encrypted secret key using one or more keys of the plurality of receiver lock-key pairs, to generate the secret key;
  
  encrypting at the sender a data message using the secret key to generate an encrypted data message, and transmitting the encrypted data message to the receiver; and
  
  decrypting at the receiver the encrypted data message using the secret key so as to regenerate the data message at the receiver.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 14. The method of claim 13, wherein the data message decrypted at the receiver is identical to the data message prior to encryption at the sender.
  - 15. The method of claim 13, wherein the generating occurs periodically.
  - 16. The method of claim 13, wherein the generating occurs using one or more algorithms, and a plurality of random values as variables for the one or more algorithms.
  - 17. The method of claim 16, wherein the plurality of random values are generated by a random number generator.
  - 18. The method of claim 16, wherein the plurality of random values are generated at least in part by user input.
  - 19. The method of claim 13, wherein the method is used in a portable electronic device, and wherein the generating occurs at least when batteries for the portable electronic device are recharging.
  - 20. The method of claim 13, wherein a representation of each of the plurality of sender lock-key pairs corresponding to the one or more locks used to encrypt the secret key are stored in a memory.
  - 21. The method of claim 13, wherein a representation of each of the plurality of receiver lock-key pairs corresponding to the one or more locks used to encrypt the sender-encrypted secret key are stored in a memory.
  - 22. The method of claim 13, wherein the decrypting of the sender-encrypted portion of the receiver- and sender-encrypted secret key utilizes commutative mathematic operations.
  - 23. The method of claim 13, wherein, prior to the decrypting at the sender, the sender verifies that the receiver- and sender-encrypted secret key was transmitted by the receiver.
  - 24. The method of claim 13, further comprising, prior to encrypting the secret key at the sender, encoding the secret key.
  - 25. The method of claim 24, wherein the encoding utilizes a code table.
  - 26. The method of claim 24, further comprising, subsequent to decrypting the receiver-encrypted and encoded secret key, decoding the encoded secret key to generate the secret key.
  - 27. The method of claim 13, further comprising transmitting from the sender to the receiver a computer program capable of performing the encrypting of the sender-encrypted secret key, and the decrypting of the receiver-encrypted secret key, at the receiver.
  - 28. The method of claim 27, wherein the computer program is a Java applet.
  - 29. The method of claim 13, further comprising transmitting from the receiver to the sender a computer program capable of performing the encrypting of the secret key, and the decrypting of the sender-encrypted portion of the receiver- and sender-encrypted secret key, at the sender.
  - 30. The method of claim 29, wherein the computer program is a Java applet.

31. A method for secure key exchange between a sender and a receiver, the method comprising:
- encrypting, at the sender, a secret key to be transmitted from the sender to the receiver, using one or more locks of a plurality of sender lock-key pairs;
  
  transmitting the sender-encrypted secret key to the receiver;
  
  encrypting, at the receiver, the sender-encrypted secret key using one or more locks of a plurality of receiver lock-key pairs;
  
  transmitting the receiver- and sender-encrypted secret key back to the sender;
  
  decrypting, at the sender, the sender-encrypted portion of the receiver- and sender-encrypted secret key, using one or more keys of the plurality of sender lock-key pairs, leaving the secret key receiver-encrypted;
  
  transmitting the receiver-encrypted secret key back to the receiver;
  
  decrypting, at the receiver, the receiver-encrypted secret key using one or more keys of the plurality of receiver lock-key pairs, to generate the secret key;
  
  wherein each lock of the plurality of sender lock-key pairs comprises a plurality of values capable of forming a lock matrix, and further wherein each key corresponding to each lock of the plurality of sender lock-key pairs comprises a plurality of values capable of forming a key matrix, and further wherein the key matrix is the inverse of the lock matrix.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31, wherein each lock of the plurality of receiver lock-key pairs comprises a plurality of values capable of forming a lock matrix, and further wherein each key corresponding to each lock of the plurality of receiver lock-key pairs comprises a plurality of values capable of forming a key matrix, and further wherein the key matrix is the inverse of the lock matrix.
  - 33. The method of claim 31, wherein, before encrypting the secret key at the sender, the secret key is partitioned into a plurality of partitioned blocks, and further wherein the encrypting at the sender comprises multiplying each partitioned block of the plurality of partitioned blocks against an encrypting lock of the one or more locks of the plurality of sender lock-key pairs.

34. A method for secure key exchange between a sender and a receiver, the method comprising:
- encrypting, at the sender, a secret key to be transmitted from the sender to the receiver, using one or more locks of a plurality of sender lock-key pairs;
  
  transmitting the sender-encrypted secret key to the receiver;
  
  encrypting, at the receiver, the sender-encrypted secret key using one or more locks of a plurality of receiver lock-key pairs;
  
  transmitting the receiver- and sender-encrypted secret key back to the sender;
  
  decrypting, at the sender, the sender-encrypted portion of the receiver- and sender-encrypted secret key, using one or more keys of the plurality of sender lock-key pairs, leaving the secret key receiver-encrypted;
  
  transmitting the receiver-encrypted secret key back to the receiver;
  
  decrypting, at the receiver, the receiver-encrypted secret key using one or more keys of the plurality of receiver lock-key pairs, to generate the secret key;
  
  encrypting at the sender a data message using the secret key to generate an encrypted data message, and transmitting the encrypted data message to the receiver; and
  
  decrypting at the receiver the encrypted data message using the secret key so as to regenerate the data message at the receiver;
  
  wherein the secure key exchange occurs between a sender and a plurality of receivers, and further wherein, prior to the decrypting at the sender, the sender verifies that each receiver of the plurality of receivers has transmitted a receiver- and sender-encrypted secret key, and further comprising decrypting, at the sender, the sender-encrypted portion of each of the receiver- and sender-encrypted secret keys transmitted from each receiver of the plurality of receivers.
- View Dependent Claims (35, 36)
- - 35. The method of claim 34, wherein if, prior to the decrypting at the sender, the sender receives a greater number of receiver- and sender-encrypted secret keys than the number of the plurality of receivers, the plurality of receivers are warned of a possible adversary and the secure key exchange is canceled.
  - 36. The method of claim 34, wherein if, prior to the decrypting at the sender, the sender receives a lesser number of receiver- and sender-encrypted secret keys than the number of the plurality of receivers, the plurality of receivers are warned of a possible adversary and the secure key exchange is canceled.

37. A secure transmission module for securely transmitting a data message to at least one receiver, the module comprising:
- a lock-key pair generator for generating a plurality of lock-key pairs, using one or more algorithms and a plurality of random values as variables for the one or more algorithms;
  
  a first encryption module configured to encrypt a data message using one or more locks of the plurality of lock-key pairs;
  
  wherein the data message includes a secret key;
  
  a commutative decryption module configured to decrypt encryption applied by the encryption module to the data message, using one or more keys of the plurality of lock-key pairs, after the data message has been additionally encrypted at least once more at the at least one receiver;
  
  a second encryption module configured to encrypt session messages with the secret key; and
  
  a communication module for transmitting encrypted data messages, encrypted session messages and commutatively-decrypted data messages to the at least one receiver, and for receiving additionally-encrypted data messages from the at least one receiver.
- View Dependent Claims (38, 39)
- - 38. The secure transmission module of claim 37, wherein the secure transmission of the data message occurs without a public key exchange.
  - 39. The secure transmission module of claim 37, further comprising an encoder for encoding the data message prior to initially encrypting the data message.

40. A secure receiver module for securely receiving a data message from a sender, the module comprising:
- a lock-key pair generator for generating a plurality of lock-key pairs, using one or more algorithms and a plurality of random values as variables for the one or more algorithms;
  
  a double-encryption module configured to encrypt an already-encrypted data message using one or more locks of the plurality of lock-key pairs;
  
  a first decryption module configured to recover the data message by decrypting encryption applied by the double-encryption module to a data message, utilizing one or more keys of the plurality of lock-key pairs, to generate the data message from the sender, the decryption occurring after the already-encrypted portion of the data message has been commutatively decrypted at the sender;
  
  a second decryption module for decrypting session messages encrypted with a secret key, wherein the secret key is included in the recovered data message; and
  
  a communication module for receiving messages, including already-encrypted data messages, commutatively-decrypted data messages and session messages from the sender, and for transmitting double-encrypted data messages to the sender.
- View Dependent Claims (41, 42, 43)
- - 41. The secure receiver module of claim 40, wherein the secure receipt of the data message occurs without a public key exchange.
  - 42. The secure receiver module of claim 40, wherein the data message recovered at the secure receiver module is identical to the data message, prior to encryption at the sender.
  - 43. The secure receiver module of claim 40, wherein the data message is encoded, and further comprising a decoder for decoding the data message upon finally decrypting the data message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telesecura Limited
Original Assignee
Telesecura Corporation
Inventors
Chui, Charles K.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
HAMILTON, MONPLAISIR G

Application Number

US10/154,795
Publication Number

US 20030076959A1
Time in Patent Office

1,097 Days
Field of Search

380/283, 380/277, 380/278, 380/37, 713/176, 713/168, 705/51, 705/71
US Class Current

380/278
CPC Class Codes

H04K 1/00   Secret communication

H04L 9/088   Usage controlling of secret...

H04N 19/635   characterised by filter def...

Method and system for secure key exchange

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

43 Claims

Specification

Use Cases

Quick Links

Others

Method and system for secure key exchange

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

43 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others