Systems and methods for secure workgroup management and communication

US 8,656,167 B2
Filed: 02/23/2009
Issued: 02/18/2014
Est. Priority Date: 02/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method for secure workgroup communication, the method comprising:

recording, at a key server, a plurality of public keys associated with a plurality of clients in a workgroup;

generating a time-to-live (TTL) value for a workgroup key, wherein the workgroup key is generated by the key server and used to encrypt workgroup communications, and the TTL value indicates a period of time until the workgroup key expires;

generating a workgroup key update message, wherein the workgroup key update message includes the workgroup key, a workgroup key version number, and the TTL value for the workgroup key;

encrypting the workgroup key update message using at least a subset of the public keys;

wherein encrypting the workgroup key update message comprises generating separate ciphertexts for each of the at least a subset of public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key; and

broadcasting the encrypted workgroup key update message to the workgroup.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Citations

18 Claims

1. A method for secure workgroup communication, the method comprising:
- recording, at a key server, a plurality of public keys associated with a plurality of clients in a workgroup;
  
  generating a time-to-live (TTL) value for a workgroup key, wherein the workgroup key is generated by the key server and used to encrypt workgroup communications, and the TTL value indicates a period of time until the workgroup key expires;
  
  generating a workgroup key update message, wherein the workgroup key update message includes the workgroup key, a workgroup key version number, and the TTL value for the workgroup key;
  
  encrypting the workgroup key update message using at least a subset of the public keys;
  
  wherein encrypting the workgroup key update message comprises generating separate ciphertexts for each of the at least a subset of public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key; and
  
  broadcasting the encrypted workgroup key update message to the workgroup.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein encrypting the workgroup key update message comprising encrypting the workgroup key update message using a public-key broadcast encryption scheme.
  - 3. The method of claim 2 wherein encrypting the workgroup key update message using a public-key broadcast encryption scheme comprises:
    - generating a binary tree of span M, wherein M is the maximum size of the workgroup;
      
      associating the public key of each client of the workgroup with a unique leaf of the binary tree;
      
      identifying all nodes of the binary tree that are coexistent to or parents of leaves associated with non-revoked clients of the workgroup; and
      
      encrypting the workgroup key update message under each of the public keys associated with the identified nodes.
  - 4. The method of claim 1 wherein the generating the workgroup key update message and broadcasting are performed periodically on a predefined schedule.
  - 5. The method of claim 1 wherein the generating the workgroup key update message and broadcasting are performed automatically in response to the communication privileges of a client of the workgroup being revoked.
  - 6. The method of claim 1 wherein broadcasting the encrypted workgroup key update message to the workgroup comprises posting the key update message to a website.
  - 7. The method of claim 1, wherein the workgroup key update message further includes a timestamp which indicates when the workgroup key was generated.
  - 8. The method of claim 1, wherein the workgroup key comprises a session key used by the clients in the workgroup to encrypt the workgroup communications.
  - 9. The method of claim 1, wherein the workgroup communications comprise one or more key exchange messages for communicating a cryptographic key within the workgroup, and the workgroup key is used to encrypt the cryptographic key.

10. A system for secure workgroup communication, the system comprising:
- a workgroup key server configured to;
  
  record a plurality of public keys associated with a plurality of clients in a workgroup;
  
  generate a time-to-live (TTL) value for a workgroup key, wherein the workgroup key is generated by the workgroup key server and used to encrypt workgroup communications, and the TTL value indicates a period of time until the workgroup key expires;
  
  generate a workgroup key update message, wherein the workgroup key update message includes the workgroup key, a workgroup key version number, and the TTL value for the workgroup key;
  
  encrypt the workgroup key update message using at least a subset of the public keys;
  
  wherein the workgroup key server is configured to encrypt the workgroup key update message by generating separate ciphertexts for each of the at least a subset of public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key; and
  
  broadcast the encrypted workgroup key update message to the workgroup.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10 wherein the workgroup key server is configured to encrypt the workgroup key update message using a public-key broadcast encryption scheme.
  - 12. The system of claim 10 wherein the workgroup key server is configured to encrypt the workgroup key update message using a public-key broadcast encryption scheme by:
    - generating a binary tree of span M, wherein M is the maximum size of the workgroup;
      
      associating the public key of each client of the workgroup with a unique leaf of the binary tree;
      
      identifying all nodes of the binary tree that are coexistent to or parents of leaves associated with non-revoked clients of the workgroup; and
      
      encrypting the workgroup key update message under each of the public keys associated with the identified nodes.
  - 13. The system of claim 10 wherein the workgroup key server is configured to generate the workgroup key update message and broadcast the encrypted workgroup key update message periodically on a predefined schedule.
  - 14. The system of claim 10 wherein the workgroup key server is configured to generate the workgroup key update message and broadcast the encrypted workgroup key update message automatically in response to the communication privileges of a client of the workgroup being revoked.
  - 15. The system of claim 10 wherein the workgroup key server is configured to broadcast the encrypted workgroup key update message to the workgroup by posting the key update message to a website.
  - 16. The system of claim 10 wherein the workgroup key update message further includes a timestamp which indicates when the workgroup key was generated.
  - 17. The system of claim 10, wherein the workgroup key comprises a session key used by the clients in the workgroup to encrypt the workgroup communications.
  - 18. The system of claim 10, wherein the workgroup communications comprise one or more key exchange messages for communicating a cryptographic key within the workgroup, and the workgroup key is used to encrypt the cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Bono, Stephen C., Green, Matthew D., Landau, Gabriel D., Orsini, Rick L., O'Hare, Mark S., Davenport, Roger
Primary Examiner(s)
Gee, Jason

Application Number

US12/391,025
Publication Number

US 20090254750A1
Time in Patent Office

1,821 Days
Field of Search

713/170, 380/277
US Class Current

713/170
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/067   using one-time keys cryptog...

H04L 63/068   using time-dependent keys, ...

H04L 63/0846   using time-dependent-passwo...

H04L 9/0822   using key encryption key

Systems and methods for secure workgroup management and communication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure workgroup management and communication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links