×

Secure messaging using a trusted third party

  • US 8,726,009 B1
  • Filed: 01/24/2011
  • Issued: 05/13/2014
  • Est. Priority Date: 01/26/2010
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for sending a secure encrypted message from a sender to a recipient over a network comprising:

  • at a sender,creating a message to be sent to a recipient;

    creating a set of at least one question involving known or shared information for identification of the recipient;

    creating random salt for use with the recipient identification questions;

    creating a set of salted hashes corresponding to correct answers for each of the questions;

    creating a first symmetric encryption key;

    creating a random symmetric key salt;

    creating a salted version of the created first symmetric key using the random symmetric key salt;

    encrypting the message using the salted version of the first symmetric key;

    computing, using a computer, a message digest of the encrypted message;

    requesting a message serial number and a public key for the recipient from a third party by use of a secure data package including a recipient identifier, the message digest of the encrypted message, a hash of the first symmetric key, control data, the salted hashes corresponding to correct answers for the created questions, and identification criteria;

    at the third party,receiving the secure data package from the sender;

    generating a new message serial number;

    storing the new message serial number, the recipient identifier, the message digest of the encrypted message, the hash of the first symmetric key, the control data, the salted hashes corresponding to correct answers for the recipient identification questions, and the identification criteria for later use;

    accessing or creating a public/private key pair for the recipient identifier;

    returning to the sender a response that includes the new message serial number and the public key for the recipient identifier, wherein the response is digitally-signed by the third party;

    at the sender,receiving from the third party the response that includes the message serial number and the public key for the recipient;

    confirming the correctness of the digital signature for the third party response;

    creating an encrypted first data package, using the received public key for the recipient, that contains the received message serial number and the first symmetric key;

    creating a second data package, digitally-signed by sender'"'"'s private key, that contains the message serial number, the message digest of the encrypted message, and the encrypted first data package;

    sending to the recipient, a recipient data package containing the encrypted message, the second data package, the random symmetric key salt, the set of recipient identification questions, and the random salt for use with the recipient identification questions along with embedded instructions and processes allowing for a successful identification of the recipient by the third party and for decryption of the encrypted message by the recipient after the successful identification by the third party of the recipient;

    at the recipient,receiving the recipient data package from the sender;

    providing an answer by recipient to each of the recipient identification questions in accordance with the embedded instructions and processes;

    using the random salt associated with the questions to produce a hashed salted answer for each of the questions;

    uploading securely to the third party, the second data package and the produced hashed salted answers for the questions;

    at the third party,receiving securely from the recipient the second data package;

    confirming the validity of the digital signature by the sender for the second data package;

    retrieving the stored information for the message serial number including the recipient identifier, the message digest of the encrypted message, the hash of the first symmetric key, the control data, and the identification criteria;

    retrieving the private key for the recipient;

    decrypting part of the second data package using the recipient'"'"'s private key in order to retrieve the message serial number and the first symmetric key;

    computing the hash of the decrypted first symmetric key and comparing it to the stored hash of the first symmetric key received from the sender;

    determining a success or a failure condition based upon the identification criteria and upon the control data restraints;

    creating a response to the recipient that, based upon a success condition, would include the first symmetric key for use by the recipient in creating a decryption key or, based upon a failure condition, would include instructions on additional permitted attempts or alternatives to create a success condition, or would include access denial information to the recipient based upon the control data and the identification criteria;

    sending the created response to the recipient;

    at the recipient,receiving the response from the third party;

    determining the success or the failure condition from the received response;

    recreating, if the success condition is determined, the salted version of first symmetric key used in the original encryption of the encrypted message by combining the first symmetric key received from the third party with the random key salt received from the sender and then use the recreated salted version of the first symmetric key to decrypt the encrypted message; and

    following alternate instructions included in the response when the failure condition is determined.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×