Secure key distribution for private communication in an unsecured communication channel

US 8,379,857 B1
Filed: 03/30/2011
Issued: 02/19/2013
Est. Priority Date: 03/30/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for sending private messages in an unsecured communication network, comprising:

(a) transmitting an electronic share request for a private message associated with one or more recipients to a trusted third-party, the share request including an encryption key and a share value, wherein the share value is based on a number of the one or more recipients, and the encryption key is distributed by the trusted third-party according to the share value;

(b) receiving, electronically from the trusted third-party, a key identifier based on the transmitted share request, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests;

(c) sending the received key identifier electronically to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party, and the encryption key is used by the one or more recipients to decrypt the encrypted private message;

(d) verifying that a receipt notification is received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party; and

(e) sending the encrypted private message to the one or more recipients based on the verifying in step (d), wherein the encrypted message is sent only after the receipt notification is received from each recipient in the one or more recipients.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to enable the secure distribution of encryption keys so as to facilitate private communication between users in an unsecured communication network is provided. Such a method may also provide a way to detect an unauthorized access of an encryption key so as to mitigate or prevent any loss of confidential information during communication.

95 Citations

View as Search Results

22 Claims

1. A computer-implemented method for sending private messages in an unsecured communication network, comprising:
- (a) transmitting an electronic share request for a private message associated with one or more recipients to a trusted third-party, the share request including an encryption key and a share value, wherein the share value is based on a number of the one or more recipients, and the encryption key is distributed by the trusted third-party according to the share value;
  
  (b) receiving, electronically from the trusted third-party, a key identifier based on the transmitted share request, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests;
  
  (c) sending the received key identifier electronically to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party, and the encryption key is used by the one or more recipients to decrypt the encrypted private message;
  
  (d) verifying that a receipt notification is received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party; and
  
  (e) sending the encrypted private message to the one or more recipients based on the verifying in step (d), wherein the encrypted message is sent only after the receipt notification is received from each recipient in the one or more recipients.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising:
    - repeating steps (a)-(d) for a new encryption key based on the verifying in step (d), wherein the encryption key is discarded when the receipt notification is not received from each recipient.
  - 3. The method of claim 1, wherein steps (c)-(g) are performed automatically, without user intervention, in response to the receiving in step (b).

4. A computer-implemented method for distributing an encryption key in an unsecured communication network, comprising:
- (a) receiving, by at least one computing device, a share request from a sender, the share request comprising the encryption key and a share value based on a number of one or more recipients, wherein the share value is used to determine a number of times the encryption key may be distributed to the one or more recipients;
  
  (b) generating a key identifier in response to the received share request, wherein a new key identifier is generated by the at least one computing device for each new encryption key included in each of a plurality of share requests;
  
  (c) transmitting the generated key identifier to the sender;
  
  (d) storing, in a memory of the at least one computing device, the received share value, the received encryption key, and the generated key identifier;
  
  (e) receiving, by the at least one computing device, a key access request from the one or more recipients, the key access request comprising the key identifier, wherein the key identifier is used by the one or more recipients to request the encryption key from the at least one computing device; and
  
  (f) distributing, by the at least one computing device, the stored encryption key to the one or more recipients based on the received retrieval request and the stored share value, wherein the encryption key is used by the one or more recipients to decrypt an encrypted private message.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The method of claim 4, further comprising:
    - (g) deleting, from the memory of the at least one computing device, the stored share value, encryption key, and key identifier after a predetermined duration of time.
  - 6. The method of claim 4, wherein the generating the key identifier in step (b) comprises generating a random number value to produce the key identifier.
  - 7. The method of claim 4, wherein the storing (d) comprises:
    - (i) initializing a counter value to zero;
      
      (ii) associating the received share value, the received encryption key, the generated key identifier, and the initialized counter value; and
      
      (iii) storing, in the memory of the at least one computing device, the associated share value, encryption key, key identifier, and counter value.
  - 8. The method of claim 7, wherein the distributing (f) comprises:
    - (i) comparing the stored share value with the associated counter value;
      
      (ii) sending a response to the one or more recipients based on the comparing (i); and
      
      (iii) incrementing the counter value by a value of one based on the comparing (i),wherein the response includes the encryption key only when the counter value is less than the share value,wherein the response includes an error message when the counter value is equivalent to the share value, andwherein the incrementing (iii) is performed only when the counter value is less than the share value.
  - 9. The method of claim 8, further comprising:
    - (iv) deleting, from the memory of the at least one computing device, the associated share value, encryption key, key identifier, and counter value when the counter value is equivalent to the share value.
  - 10. The method of claim 4, wherein the receiving (a) comprises receiving, by the at least one computing device, the share request from the sender via a secure communication channel, the share request comprising the encryption key and the share value based on the number of one or more recipients, wherein the share value is used to determine the number of times the encryption key may be distributed to the one or more recipients, andwherein the transmitting (c) comprises transmitting the generated key identifier to the sender via the secure communication channel.
  - 11. The method of claim 10, wherein the communication channel uses Hypertext Transfer Protocol Secure (HTTPS).

12. A system for sending private messages in an unsecured communication network, comprising:
- a message interface to enable a user to select an option to electronically send a private message to one or more recipients, and to receive the selected option to electronically send the private message from the user;
  
  a key generator to generate an encryption key for the private message;
  
  a share request generator to;
  
  encrypt the private message using the generated encryption key and generate a share value for the private message, the share value based on a number of the one or more recipients, wherein the share value is used to determine a number of times an encryption key may be distributed, andtransmit a share request for the private message to a trusted third-party, the share request including the generated encryption key and the generated share value, wherein the trusted, third-party distributes the encryption key according to the share value; and
  
  a verification unit to;
  
  receive, from the trusted third-party, a key identifier based on the transmitted share request, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests;
  
  send the received key identifier to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party and the encryption key is used by the one or more recipients to decrypt the encrypted private message;
  
  verify that a receipt notification has been received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party, the generated encryption key is discarded when the receipt notification is not received from each recipient, and the operations performed by the key generator, the share request generator, and the verification unit are repeated for a new encryption key; and
  
  send the encrypted private message to the one or more recipients based on the verification, wherein the encrypted private message is sent only after the receipt notification is received from each recipient in the one or more recipients.

13. A system for distributing an encryption key associated with a private message sent in an unsecured communication network, comprising:
- a share request manager to receive a share request from a sender, the share request from a sender, the share value based on a number of one or more recipients, wherein the share value is used to determine a number of times the encryption key may be distributed;
  
  an encryption key manager to generate a key identifier for the encryption key, to transmit the generated key identifier to the sender, and to store, in a memory, the received share value, the encryption key, and the generated key identifier; and
  
  a key distribution manager to receive a key access request from the one or more recipients, the key access request comprising the key identifier, wherein the key identifier is used by the one or more recipients to request the encryption key, and to distribute the stored encryption key to the one or more recipients based on the received key access request and the stored share value, wherein the encryption key is used by the one or more recipients to decrypt an encrypted version of the private message.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13, wherein the encryption key manager is further configured to delete, from the memory, the stored share value, encryption key, and key identifier after a predetermined duration of time.
  - 15. The system of claim 13, further comprising:
    - a key generator to generate the encryption key in response to the received share request, wherein a new encryption key is generated for each of a plurality of share requests.
  - 16. The system of claim 15, wherein the key generator is configured to generate the key identifier by generating a random number value.
  - 17. The system of claim 13, wherein the encryption key manager is further configured to initialize a counter value to zero, to associate the received share value, the generated encryption key, the generated key identifier, and the initialized counter value, and to store, in the memory, the associated share value, encryption key, key identifier, and counter value.
  - 18. The system of claim 17, wherein the key distribution manager is configured to compare the stored share value with the associated counter value, to send a response to the one or more recipients based on the comparison, and to increment the counter value by a value of one based on the comparison, wherein the response comprises the encryption key when the counter value is less than the share value, wherein the response comprises an error message when the counter value is equivalent to the share value, and wherein the counter value is incremented only when the counter value is less than the share value.
  - 19. The system of claim 18 wherein the encryption key manager is further configured to delete, from the memory, the associated share value, encryption key, key identifier, and counter value when the counter value is equivalent to the share value.
  - 20. The system of claim 13, wherein the share request manager is configured to receive the share request from the sender via a secure communication channel, the share request comprising the share value based on the number of one or more recipients, wherein the share value is used to determine the number of times the encryption key may be distributed, andwherein the encryption key manager is configured to transmit the generated encryption key and the generated key identifier to the sender via the secure communication channel, and to store, in the memory, the received share value, the generated encryption key, and the generated key identifier.
  - 21. The system of claim 20, wherein the communication channel uses Hypertext Transfer Protocol Secure (HTTPS).

22. A system for sending private messagesa message interface to enable a user to select an option to electronically send a private message to one or more recipients, and to receive the selected option to electronically send the private message from the user;
- a share request generator to;
  
  to generate a share value for the private message, the share value based on a number of the one or more recipients, wherein the share value is used to determine a number of times an encryption key may be distributed, andtransmit a share request for the private message to a trusted third-party, the share request including the encryption key and the generated share value, wherein the trusted third-party distributes the encryption key according to the share value; and
  
  a verification unit to;
  
  receive, from the trusted third-party, a key identifier based on the transmitted share request and an encrypted version of the private message, wherein a new key identifier is generated by the trusted third-party for each of a plurality of share requests;
  
  send the received key identifier to the one or more recipients, wherein the key identifier is used by the one or more recipients to request the encryption key from the trusted third-party and the encryption key is used by the one or more recipients to decrypt the encrypted version of the private message;
  
  verify that a receipt notification has been received from each recipient in the one or more recipients, wherein the receipt notification is sent by each recipient in response to obtaining the encryption key from the trusted third-party, the encryption key is discarded when the receipt notification is not received from each recipient, and the operations performed by the key generator, the share request generator, and the verification unit are repeated for a new encryption key; and
  
  send the encrypted version of the private message to the one or more recipients based on the verification, wherein the encrypted version of the private message is sent only after the receipt notification is received from each recipient in the one or more recipients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Zheng, Lantian
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/075,927
Time in Patent Office

692 Days
Field of Search

380/255
US Class Current

380/255
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0833   involving conference or gro...

Secure key distribution for private communication in an unsecured communication channel

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

95 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Secure key distribution for private communication in an unsecured communication channel

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others