Secure instant messaging

US 7,949,873 B2
Filed: 06/30/2005
Issued: 05/24/2011
Est. Priority Date: 06/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

utilizing a digital rights management service of a messaging device to randomly generate a challenge identifier;

encrypting, at the messaging device, the challenge identifier with a first encryption key embedded in a first issuance license, thereby generating an encrypted challenge message, wherein the first issuance license is associated with a recipient messaging device located at a separate network location;

communicating, from the messaging device to the recipient messaging device, the encrypted challenge message via a peer-to-peer communication link without utilizing a centralized messaging service;

receiving, at the messaging device, an encrypted challenge return from the recipient messaging device, wherein the encrypted challenge return is a return challenge identifier encrypted with a second encryption key that is embedded in a second issuance license specific to the messaging device;

decrypting the encrypted challenge return thereby providing the return challenge identifier;

verifying that the return challenge identifier matches the challenge identifier;

responsive to the verifying, establishing that network communications are secure when transmitting communications with the recipient messaging device;

encrypting a communication to generate an encrypted communication that includes a control policy limiting use of the communication when received at the recipient messaging device; and

communicating, from the messaging device to the recipient messaging device, the encrypted communication via the peer-to-peer communication link.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure instant messaging is described. In an embodiment, a messaging device encrypts a challenge identifier to generate an encrypted challenge message, and communicates the encrypted challenge message via a peer-to-peer communication link to a recipient messaging device. The recipient messaging device decrypts the encrypted challenge message and encrypts the challenge identifier as a return challenge identifier to generate an encrypted challenge return. The messaging device receives the encrypted challenge return from the recipient messaging device, decrypts the encrypted challenge return, and verifies that the return challenge identifier matches the challenge identifier to establish that communications are secure when communicated via the peer-to-peer communication link and, optionally, to establish control policies pertaining to a communication received at the recipient messaging device.

Citations

12 Claims

1. A method, comprising:
- utilizing a digital rights management service of a messaging device to randomly generate a challenge identifier;
  
  encrypting, at the messaging device, the challenge identifier with a first encryption key embedded in a first issuance license, thereby generating an encrypted challenge message, wherein the first issuance license is associated with a recipient messaging device located at a separate network location;
  
  communicating, from the messaging device to the recipient messaging device, the encrypted challenge message via a peer-to-peer communication link without utilizing a centralized messaging service;
  
  receiving, at the messaging device, an encrypted challenge return from the recipient messaging device, wherein the encrypted challenge return is a return challenge identifier encrypted with a second encryption key that is embedded in a second issuance license specific to the messaging device;
  
  decrypting the encrypted challenge return thereby providing the return challenge identifier;
  
  verifying that the return challenge identifier matches the challenge identifier;
  
  responsive to the verifying, establishing that network communications are secure when transmitting communications with the recipient messaging device;
  
  encrypting a communication to generate an encrypted communication that includes a control policy limiting use of the communication when received at the recipient messaging device; and
  
  communicating, from the messaging device to the recipient messaging device, the encrypted communication via the peer-to-peer communication link.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, wherein the control policy designates an extent to which the recipient messaging device at least one of distributes or uses the communication after decryption.
  - 3. The method as recited in claim 1, wherein the control policy designates an extent to which the recipient messaging device maintains the communication for future reference after decryption.
  - 4. The method as recited in claim 1, wherein the control policy designates an extent to which a user of the recipient messaging device at least one of maintains, uses, or distributes the communication after decryption at the recipient messaging device.
  - 5. The method as recited in claim 1, wherein the control policy precludes distribution of the communication and additional data associated with the communication.
  - 6. The method as recited in claim 1, wherein the communication includes at least one of an instant message, a file transfer, an image transfer, a text based communication, an audio communication, a video communication, or an audio/video communication that is encrypted at the messaging device and communicated via the peer to peer communication link to the recipient messaging device as a secure communication.

7. One or more computer readable storage devices comprising computer executable instructions stored thereon that, when executed, direct an instant messaging device to perform operations comprising:
- utilizing a digital rights management service of the instant messaging device to randomly generate a challenge identifier;
  
  encrypting, at the instant messaging device, the challenge identifier with a first encryption key embedded in a first issuance license, thereby generating an encrypted challenge message, wherein the first issuance license is associated with a recipient messaging device located at a separate network location;
  
  communicating, from the instant messaging device to the recipient messaging device, the encrypted challenge message via a peer-to-peer communication link;
  
  receiving, at the instant messaging device, an encrypted challenge return from the recipient messaging device, wherein the encrypted challenge return is a return challenge identifier encrypted with a second encryption key that is embedded in a second issuance license specific to the instant messaging device;
  
  decrypting the encrypted challenge return thereby providing the return challenge identifier;
  
  validating that an instant message is secure when transmitted from the instant messaging device to the recipient messaging device via the peer-to-peer communication link by verifying that the return challenge identifier matches the challenge identifier;
  
  responsive to the validating, encrypting the instant message to generate an encrypted instant message which includes a control policy limiting use of the instant message; and
  
  communicating, from the instant messaging device to the recipient messaging device, the encrypted instant message via the peer-to-peer communication link.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The one or more computer readable storage devices as recited in claim 7, further comprising computer executable instructions stored thereon that, when executed, direct the instant messaging device to designate, via the control policy, an extent to which the recipient messaging device distributes the instant message after decryption.
  - 9. The one or more computer readable storage devices as recited in claim 7, further comprising computer executable instructions stored thereon that, when executed, direct the instant messaging device to designate, via the control policy, an extent to which the recipient messaging device maintains the instant message for future reference after decryption.
  - 10. The one or more computer readable storage devices as recited in claim 7, further comprising computer executable instructions stored thereon that, when executed, direct the instant messaging device to designate, via the control policy, to preclude distribution of the instant message and additional data associated with the instant message.
  - 11. The one or more computer readable storage devices as recited in claim 7, further comprising computer executable instructions stored thereon that, when executed, direct the instant messaging device to designate, via the control policy, that an instant messaging application at the recipient messaging device be validated by the digital rights management service to receive and decrypt the encrypted instant message.
  - 12. The one or more computer readable storage devices as recited in claim 7, wherein:
    - the encrypted challenge message and the encrypted challenge return are communicated between the instant messaging device and the recipient messaging device independent of a centralized messaging service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schwartz, Eyal, Holmes, John S, Ford, Peter S.
Primary Examiner(s)
Korzuch; William
Assistant Examiner(s)
Su; Sarah

Application Number

US11/172,424
Publication Number

US 20070003065A1
Time in Patent Office

2,154 Days
Field of Search

380/286, 713/168, 713/169, 713/170, 726/1, 726/26, 709/204, 709/205, 709/206, 709/227
US Class Current

713/169
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

H04L 2209/603   Digital right managament [DRM]

H04L 2209/80   Wireless

H04L 51/04   Real-time or near real-time...

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04L 9/3271   using challenge-response

Secure instant messaging

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure instant messaging

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links