Method for offloading encryption and decryption of a message received at a message server to remote end devices

US 7,827,398 B2
Filed: 10/27/2005
Issued: 11/02/2010
Est. Priority Date: 10/27/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for offloading message encryption and message decryption from a message server to an encrypting end device and a decrypting end device that are remote from the message server, the method comprising:

the message server establishing a secure communication path between the message server and the encrypting end device;

the message server receiving, from the encrypting end device via the secure communication path between the message server and the encrypting end device, a cryptographic context usable by the encrypting end device to encrypt a message and the message server responsively storing the cryptographic context;

the message server receiving an encrypted message from the encrypting end device via a communication path between the message server and the encrypting end device, but other than the secure communication path between the message server and the encrypting end device, and the message server responsively storing the encrypted message, wherein the encrypting end device creates the encrypted message by encrypting a message with the cryptographic context;

the message server receiving a request for the message server to transmit the encrypted message to the decrypting end device; and

in response to receiving the request, the message server transmitting the cryptographic context and the encrypted message to the decrypting end device for decryption of the encrypted message by the decrypting end device, wherein transmitting the cryptographic context to the decrypting end device occurs via a secure communication path established between the message server and the decrypting end device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for offloading encryption and decryption of a message received at a message server to one or more end devices that are remote from the message server. An encrypting end device remote from the message server encrypts a message using cryptographic context and transmits the cryptographic context and encrypted message to the message server for storage at the message server. The message server stores the encrypted message as received without decrypting the message. The message server sends the stored cryptographic context and the encrypted message to a decrypting end device in response to the decrypting end device sending a request for the message server to transmit the encrypted message to the decrypting end device. The decrypting end device uses the cryptographic context to decrypt the encrypted message and then presents the decrypted message to a user of the decrypting end device.

24 Citations

View as Search Results

19 Claims

1. A method for offloading message encryption and message decryption from a message server to an encrypting end device and a decrypting end device that are remote from the message server, the method comprising:
- the message server establishing a secure communication path between the message server and the encrypting end device;
  
  the message server receiving, from the encrypting end device via the secure communication path between the message server and the encrypting end device, a cryptographic context usable by the encrypting end device to encrypt a message and the message server responsively storing the cryptographic context;
  
  the message server receiving an encrypted message from the encrypting end device via a communication path between the message server and the encrypting end device, but other than the secure communication path between the message server and the encrypting end device, and the message server responsively storing the encrypted message, wherein the encrypting end device creates the encrypted message by encrypting a message with the cryptographic context;
  
  the message server receiving a request for the message server to transmit the encrypted message to the decrypting end device; and
  
  in response to receiving the request, the message server transmitting the cryptographic context and the encrypted message to the decrypting end device for decryption of the encrypted message by the decrypting end device, wherein transmitting the cryptographic context to the decrypting end device occurs via a secure communication path established between the message server and the decrypting end device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the secure communication path between the message server and the encrypting end device comprises a first Transport Layer Security (TLS) secure communication path arranged according to a TLS protocol, and the secure communication path established between the message server and the decrypting end device comprises a second TLS secure communication path arranged according to the TLS protocol.
  - 3. The method of claim 2, further comprising:
    - the message server using one or more Session Initiation Protocol (SIP) messages to establish a first communication session between the message server and the encrypting end device,wherein the encrypted message is transmitted to the message server from the encrypting end device using a Secure Real-time Transport Protocol (SRTP) during the first communication session.
  - 4. The method of claim 3, further comprising:
    - the message server using one or more SIP messages to establish a second communication session between the message server and the decrypting end device,wherein the message server transmitting the encrypted message to the decrypting end device occurs during the second communication session and in accordance with the SRTP.
  - 5. The method of claim 2, further comprising:
    - the message server using one or more H.323 protocol messages to establish a first communication session between the message server and the encrypting end device,wherein the encrypted message is transmitted to the message server from the encrypting end device using a Secure Real-time Transport Protocol (SRTP) during the first communication session.
  - 6. The method of claim 5, further comprising:
    - the message server using one or more H.323 protocol messages to establish a second communication session between the message server and the decrypting end device,wherein the stored encrypted message is transmitted to the decrypting end device from the message server using the SRTP during the second communication session.
  - 7. The method of claim 1, further comprising:
    - the message server encrypting at least a portion of the cryptographic context such that at least a portion of the stored cryptographic context is encrypted by the message server.
  - 8. The method of claim 7, further comprising:
    - the message server decrypting the at least a portion of the cryptographic context encrypted by the message server.
  - 9. The method of claim 1, further comprising:
    - the message server (i) establishing a communication session with the decrypting end device, and (ii) verifying that a user of the decrypting end device is allowed to access the stored encrypted message.
  - 10. The method of claim 1, wherein the encrypted message comprises a voice message arranged as encoded speech.
  - 11. The method of claim 1, wherein the encrypted message comprises a video message.
  - 12. The method of claim 1, wherein the cryptographic context is selected from the group consisting of (i) an encryption/decryption key, (ii) a salt value, and (iii) an encryption scheme identifier.
  - 13. The method of claim 1, wherein the cryptographic context comprises a plurality of encryption/decryption keys, wherein each of the plurality of encryption/decryption keys is associated with the encrypted message.
  - 14. The method of claim 1, further comprising:
    - the decrypting end device decrypting the encrypted message according to the cryptographic context so as to produce a decrypted version of the encrypted message; and
      
      the decrypting end device presenting the decrypted version of the encrypted message to a user of the decrypting end device.

15. A method for offloading message encryption and message decryption from a message server to an encrypting end device and a decrypting end device that are remote from the message server, the method comprising:
- the message server establishing a secure communication path on a packet-network between the message server and the encrypting end device;
  
  the message server receiving, from the encrypting end device via the secure communication path on the packet-network between the message server and the encrypting end device, a cryptographic context useable by the encrypting end device to encrypt a message and the message server responsively storing the cryptographic context, wherein the message server and the encrypting end device are coupled to the packet-network;
  
  the message server receiving an encrypted message from the encrypting end device via a path on the packet-network between the message server and the encrypting end device, but other than the secure communication path on the packet-network between the message server and the encrypting end device, and the message server responsively storing the encrypted message, wherein the encrypting end device creates the encrypted message by encrypting a message with the cryptographic context, and wherein storing the encrypted message includes storing the encrypted message as encrypted by the encrypting end device;
  
  the message server receiving, from the decrypting end device via the packet-network, a request for the message server to transmit the encrypted message to the decrypting end device, wherein the decrypting end device is coupled to the packet-network; and
  
  in response to receiving the request, the message server transmitting the cryptographic context and the encrypted message to the decrypting end device for decryption of the encrypted message by the decrypting end device, wherein transmitting the cryptographic context to the decrypting end device occurs via a secure communication path established on the packet-network between the message server and the decrypting end device.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the encrypting end device and the decrypting end device are both Voice over Internet Protocol (VoIP) telephones.

17. A method for offloading message encryption and message decryption from a message server to an encrypting end device and a decrypting end device that are remote from the message server, the method comprising:
- the message server negotiating with an encrypting end device to establish a first secure communication path, the first secure communication path being between the message server and the encrypting end device;
  
  the message server receiving, from the encrypting end device via the first secure communication path between the message server and the encrypting end device, a cryptographic context useable by the encrypting end device to encrypt a message, and the message server responsively storing the cryptographic context;
  
  the message server receiving an encrypted message from the encrypting end device via a communication path between the message server and the encrypting end device, but other than the first secure communication path between the message server and the encrypting end device, and the message server responsively storing the encrypted message, wherein the encrypting end device creates the encrypted message by encrypting a message with the cryptographic context;
  
  the message server negotiating with a decrypting end device to establish a second secure communication path, the second secure communication path being between the message server and the decrypting end device;
  
  the message server receiving a request for the message server to transmit the encrypted message to the decrypting end device; and
  
  in response to receiving the request for the message server to transmit the encrypted message to the decrypting end device, the message server transmitting the cryptographic context to the decrypting end device via the second secure communication path and transmitting the encrypted message to the decrypting end device for decryption of the encrypted message by the decrypting end device.
- View Dependent Claims (19)
- - 19. The method of claim 17, wherein the first secure communication path is arranged as a virtual private network (VPN).

18. A method for offloading message encryption and message decryption from a message server to an encrypting end device and a decrypting end device that are remote from the message server, the method comprising:
- the message server establishing a secure communication path between the message server and the encrypting end device;
  
  the message server receiving, from the encrypting end device via the secure communication path between the message server and the encrypting end device, a cryptographic context useable by the encrypting end device to encrypt a message in real-time as the message is being created, and the message server responsively storing the cryptographic context;
  
  the message server receiving an encrypted message from the encrypting end device via a communication path between the message server and the encrypting end device, but other than the secure communication path between the message server and the encrypting end device, and the message server responsively storing the encrypted message, wherein the encrypting end device creates the encrypted message by encrypting a message with the cryptographic context;
  
  the message server receiving a request for the message server to transmit the encrypted message to the decrypting end device; and
  
  in response to receiving the request, the message server transmitting the cryptographic context and the encrypted message to the decrypting end device, for decryption of the encrypted message by the decrypting end device, wherein transmitting the cryptographic context to the decrypting end device occurs via a secure communication path established between the message server and the decrypting end device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Singh, Arun, Poplett, John, Liu, Xiufen
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Jackson; Jenise E

Application Number

US11/260,728
Publication Number

US 20070101133A1
Time in Patent Office

1,832 Days
Field of Search

713/153, 713170-171, 380/255
US Class Current

713/153
CPC Class Codes

H04L 63/0485   Networking architectures fo...

H04L 63/166   at the transport layer

H04L 9/14   using a plurality of keys o...

Method for offloading encryption and decryption of a message received at a message server to remote end devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method for offloading encryption and decryption of a message received at a message server to remote end devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others