System, device and method for dynamically securing instant messages

US 8,364,772 B1
Filed: 01/18/2012
Issued: 01/29/2013
Est. Priority Date: 07/11/2003
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

intercepting an unencrypted instant messaging (IM) communication sent by an originating device for transmission over a wide area network to a remote destination device;

determining, using a first IM security device associated with the originating device, whether a second IM security device is available for the destination device, the determining including;

transmitting, in response to intercepting the unencrypted instant messaging communication, a discovery communication including data indicating that the unencrypted instant messaging communication can be encrypted according to one or more security protocols available at the first IM security device; and

determining whether a response message to the discovery communication is received from the second IM security device;

in response to determining that the second IM security device is available for the destination device;

transmitting a first negotiation communication to the second IM security device, the first negotiation communication including data for negotiating an encryption technique between the first and the second IM security devices to encrypt unencrypted instant messaging communications from the originating device to the destination device and to decrypt encrypted instant messaging communications from the destination device to the originating device;

receiving a second negotiation communication from the second IM security device, the second negotiation communication specifying the encryption technique;

encrypting the unencrypted instant messaging communication from the originating device using the encryption technique; and

transmitting the encrypted instant messaging communication to the destination device, wherein the encrypted instant messaging communication is decrypted by the second IM security device for delivery to the destination device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Instant Messaging security system that encrypts Instant Messages sent by a Instant Messaging user to an Instant Messaging server by intercepting the messages, negotiating a preferred security algorithm and forwarding the encrypted messages to the server. The security system intercepts and decrypts encrypted messages sent by the server to the user. The security system is able to determine whether a receiving user is equipped with a similar security system without prior knowledge of network addresses, configuration or capability. The security system is transparent to the Instant Message service provider and may provide one or more indicators to users that messages are encrypted during forwarding.

Citations

17 Claims

1. A computer implemented method, comprising:
- intercepting an unencrypted instant messaging (IM) communication sent by an originating device for transmission over a wide area network to a remote destination device;
  
  determining, using a first IM security device associated with the originating device, whether a second IM security device is available for the destination device, the determining including;
  
  transmitting, in response to intercepting the unencrypted instant messaging communication, a discovery communication including data indicating that the unencrypted instant messaging communication can be encrypted according to one or more security protocols available at the first IM security device; and
  
  determining whether a response message to the discovery communication is received from the second IM security device;
  
  in response to determining that the second IM security device is available for the destination device;
  
  transmitting a first negotiation communication to the second IM security device, the first negotiation communication including data for negotiating an encryption technique between the first and the second IM security devices to encrypt unencrypted instant messaging communications from the originating device to the destination device and to decrypt encrypted instant messaging communications from the destination device to the originating device;
  
  receiving a second negotiation communication from the second IM security device, the second negotiation communication specifying the encryption technique;
  
  encrypting the unencrypted instant messaging communication from the originating device using the encryption technique; and
  
  transmitting the encrypted instant messaging communication to the destination device, wherein the encrypted instant messaging communication is decrypted by the second IM security device for delivery to the destination device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein transmitting the first negotiation communication comprises transmitting a nonce and identifying information, wherein the nonce is a random unique value.
  - 3. The method of claim 2, wherein transmitting the first negotiation communication further comprises transmitting a key identification, key data, and authentication information.
  - 4. The method of claim 1, wherein transmitting the first negotiation communication comprises transmitting a master key information request;
    - and the method further comprises;
      
      receiving master key information.
  - 5. The method of claim 1, wherein the first negotiation communication and the second negotiation communication include information used to generate encryption keys.
  - 6. The method of claim 5, wherein the information used to generate encryption keys includes Diffie-Hellman keys.

7. A system, comprising:
- one or more data processors; and
  
  a data storage apparatus encoded with instructions that when executed by the one or more data processors cause the one or more data processors to perform operations comprising;
  
  intercepting an unencrypted instant messaging (IM) communication sent by an originating device for transmission over a wide area network to a remote destination device;
  
  determining, using a first IM security device associated with the originating device, whether a second IM security device is available for the destination device, the determining including;
  
  transmitting, in response to intercepting the unencrypted instant messaging communication, a discovery communication including data indicating that the unencrypted instant messaging communication can be encrypted according to one or more security protocols available at the first IM security device; and
  
  determining whether a response message to the discovery communication is received from the second IM security device;
  
  in response to determining that the second IM security device is available for the destination device;
  
  transmitting a first negotiation communication to the second IM security device, the first negotiation communication including data for negotiating an encryption technique between the first and the second IM security devices to encrypt unencrypted instant messaging communications from the originating device to the destination device and to decrypt encrypted instant messaging communications from the destination device to the originating device;
  
  receiving a second negotiation communication from the second IM security device, the second negotiation communication specifying the encryption technique;
  
  encrypting the unencrypted instant messaging communication from the originating device using the encryption technique; and
  
  transmitting the encrypted instant messaging communication to the destination device, wherein the encrypted instant messaging communication is decrypted by the second IM security device for delivery to the destination device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein transmitting the first negotiation communication comprises transmitting a nonce and identifying information, wherein the nonce is a random unique value.
  - 9. The system of claim 8, wherein transmitting the first negotiation communication further comprises transmitting a key identification, key data, and authentication information.
  - 10. The system of claim 7, wherein transmitting the first negotiation communication comprises transmitting a master key information request, and the instructions cause the one or more data processors to further perform operations comprising:
    - receiving master key information.
  - 11. The system of claim 7, wherein the first negotiation communication and the second negotiation communication include information used to generate encryption keys.
  - 12. The system of claim 11, wherein the information used to generate encryption keys includes Diffie-Hellman keys.

13. A non-transitory computer storage medium encoded with a computer program, the program comprising instructions that when executed by one or more data processing apparatuses cause the one or more data processing apparatuses to perform operations, comprising:
- intercepting an unencrypted instant messaging (IM) communication sent by an originating device for transmission over a wide area network to a remote destination device;
  
  determining, using a first IM security device associated with the originating device, whether a second IM security device is available for the destination device, the determining including;
  
  transmitting, in response to intercepting the unencrypted instant messaging communication, a discovery communication including data indicating that the unencrypted instant messaging communication can be encrypted according to one or more security protocols available at the first IM security device; and
  
  determining whether a response message to the discovery communication is received from the second IM security device;
  
  in response to determining that the second IM security device is available for the destination device;
  
  transmitting a first negotiation communication to the second IM security device, the first negotiation communication including data for negotiating an encryption technique between the first and the second IM security devices to encrypt unencrypted instant messaging communications from the originating device to the destination device and to decrypt encrypted instant messaging communications from the destination device to the originating device;
  
  receiving a second negotiation communication from the second IM security device, the second negotiation communication specifying the encryption technique;
  
  encrypting the unencrypted instant messaging communication from the originating device using the encryption technique; and
  
  transmitting the encrypted instant messaging communication to the destination device, wherein the encrypted instant messaging communication is decrypted by the second IM security device for delivery to the destination device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer storage medium of claim 13, wherein transmitting the first negotiation communication comprises transmitting a nonce and identifying information wherein the nonce is a random unique value.
  - 15. The non-transitory computer storage medium of claim 14, wherein transmitting the first negotiation communication further comprises transmitting a key identification, key data, and authentication information.
  - 16. The non-transitory computer storage medium of claim 13, wherein transmitting the first negotiation communication comprises transmitting a master key information request, and the instructions cause the one or more data processing apparatuses to further perform operations comprising:
    - receiving master key information.
  - 17. The non-transitory computer storage medium of claim 13, wherein the first negotiation communication and the second negotiation communication include information used to generate encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Mathur, Saroop, Venkatraman, Rajamadam C., Kim, Charlie, Warty, Ashish, Liao, Yih-Ming
Primary Examiner(s)
Dalencourt, Yves
Assistant Examiner(s)
Lai, Michael C

Application Number

US13/352,480
Time in Patent Office

377 Days
Field of Search

709/206, 709/207, 713/150, 713/153, 713/168, 713/171, 713/175
US Class Current

709/206
CPC Class Codes

H04L 51/04   Real-time or near real-time...

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

System, device and method for dynamically securing instant messages

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System, device and method for dynamically securing instant messages

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links