Secure key distribution for private communication in an unsecured communication channel
First Claim
Patent Images
1. A computer-implemented method for sending private messages in an unsecured communication network, comprising:
- (a) transmitting an electronic share request for a private message associated with one or more recipients to a trusted third-party, the share request including an encryption key and a share value, wherein the share value is based on a number of the one or more recipients, and the encryption key is distributed by the trusted third-party according to the share value;
(b) receiving, electronically from the trusted third-party, a key identifier based on the transmitted share request, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests;
(c) sending the received key identifier electronically to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party, and the encryption key is used by the one or more recipients to decrypt the encrypted private message;
(d) verifying that a receipt notification is received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party; and
(e) sending the encrypted private message to the one or more recipients based on the verifying in step (d), wherein the encrypted message is sent only after the receipt notification is received from each recipient in the one or more recipients.
2 Assignments
0 Petitions
Accused Products
Abstract
A method to enable the secure distribution of encryption keys so as to facilitate private communication between users in an unsecured communication network is provided. Such a method may also provide a way to detect an unauthorized access of an encryption key so as to mitigate or prevent any loss of confidential information during communication.
95 Citations
22 Claims
-
1. A computer-implemented method for sending private messages in an unsecured communication network, comprising:
-
(a) transmitting an electronic share request for a private message associated with one or more recipients to a trusted third-party, the share request including an encryption key and a share value, wherein the share value is based on a number of the one or more recipients, and the encryption key is distributed by the trusted third-party according to the share value; (b) receiving, electronically from the trusted third-party, a key identifier based on the transmitted share request, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests; (c) sending the received key identifier electronically to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party, and the encryption key is used by the one or more recipients to decrypt the encrypted private message; (d) verifying that a receipt notification is received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party; and (e) sending the encrypted private message to the one or more recipients based on the verifying in step (d), wherein the encrypted message is sent only after the receipt notification is received from each recipient in the one or more recipients. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method for distributing an encryption key in an unsecured communication network, comprising:
-
(a) receiving, by at least one computing device, a share request from a sender, the share request comprising the encryption key and a share value based on a number of one or more recipients, wherein the share value is used to determine a number of times the encryption key may be distributed to the one or more recipients; (b) generating a key identifier in response to the received share request, wherein a new key identifier is generated by the at least one computing device for each new encryption key included in each of a plurality of share requests; (c) transmitting the generated key identifier to the sender; (d) storing, in a memory of the at least one computing device, the received share value, the received encryption key, and the generated key identifier; (e) receiving, by the at least one computing device, a key access request from the one or more recipients, the key access request comprising the key identifier, wherein the key identifier is used by the one or more recipients to request the encryption key from the at least one computing device; and (f) distributing, by the at least one computing device, the stored encryption key to the one or more recipients based on the received retrieval request and the stored share value, wherein the encryption key is used by the one or more recipients to decrypt an encrypted private message. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for sending private messages in an unsecured communication network, comprising:
-
a message interface to enable a user to select an option to electronically send a private message to one or more recipients, and to receive the selected option to electronically send the private message from the user; a key generator to generate an encryption key for the private message; a share request generator to; encrypt the private message using the generated encryption key and generate a share value for the private message, the share value based on a number of the one or more recipients, wherein the share value is used to determine a number of times an encryption key may be distributed, and transmit a share request for the private message to a trusted third-party, the share request including the generated encryption key and the generated share value, wherein the trusted, third-party distributes the encryption key according to the share value; and a verification unit to; receive, from the trusted third-party, a key identifier based on the transmitted share request, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests; send the received key identifier to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party and the encryption key is used by the one or more recipients to decrypt the encrypted private message; verify that a receipt notification has been received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party, the generated encryption key is discarded when the receipt notification is not received from each recipient, and the operations performed by the key generator, the share request generator, and the verification unit are repeated for a new encryption key; and send the encrypted private message to the one or more recipients based on the verification, wherein the encrypted private message is sent only after the receipt notification is received from each recipient in the one or more recipients.
-
-
13. A system for distributing an encryption key associated with a private message sent in an unsecured communication network, comprising:
-
a share request manager to receive a share request from a sender, the share request from a sender, the share value based on a number of one or more recipients, wherein the share value is used to determine a number of times the encryption key may be distributed; an encryption key manager to generate a key identifier for the encryption key, to transmit the generated key identifier to the sender, and to store, in a memory, the received share value, the encryption key, and the generated key identifier; and a key distribution manager to receive a key access request from the one or more recipients, the key access request comprising the key identifier, wherein the key identifier is used by the one or more recipients to request the encryption key, and to distribute the stored encryption key to the one or more recipients based on the received key access request and the stored share value, wherein the encryption key is used by the one or more recipients to decrypt an encrypted version of the private message. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for sending private messages
a message interface to enable a user to select an option to electronically send a private message to one or more recipients, and to receive the selected option to electronically send the private message from the user; -
a share request generator to; to generate a share value for the private message, the share value based on a number of the one or more recipients, wherein the share value is used to determine a number of times an encryption key may be distributed, and transmit a share request for the private message to a trusted third-party, the share request including the encryption key and the generated share value, wherein the trusted third-party distributes the encryption key according to the share value; and a verification unit to; receive, from the trusted third-party, a key identifier based on the transmitted share request and an encrypted version of the private message, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests; send the received key identifier to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party and the encryption key is used by the one or more recipients to decrypt the encrypted version of the private message; verify that a receipt notification has been received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party, the encryption key is discarded when the receipt notification is not received from each recipient, and the operations performed by the key generator, the share request generator, and the verification unit are repeated for a new encryption key; and send the encrypted version of the private message to the one or more recipients based on the verification, wherein the encrypted version of the private message is sent only after the receipt notification is received from each recipient in the one or more recipients.
-
Specification