System and method for protecting secrets file

US 8,726,032 B2
Filed: 03/25/2010
Issued: 05/13/2014
Est. Priority Date: 03/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting communication, comprising:

receiving a request to communicate with a group;

obtaining a group agreed connect name corresponding to the group;

obtaining a username and password of a user of a member connecting to the group;

generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;

extracting a secrets file name from the first message digest;

obtaining an encrypted secrets file from a secrets directory;

decrypting the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;

generating a second message digest using the n-bit generator and a first secret and a second secret from the secrets file;

extracting algorithm selector bits from the second message digest;

selecting, from a plurality of encryption algorithms, an encryption algorithm corresponding to the algorithm selector bits; and

encrypting communication between the member and the group using an encryption key obtained, at least in part, from the second message digest,wherein the communication is encrypted using the encryption algorithm.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory.

56 Citations

View as Search Results

15 Claims

1. A method for encrypting communication, comprising:
- receiving a request to communicate with a group;
  
  obtaining a group agreed connect name corresponding to the group;
  
  obtaining a username and password of a user of a member connecting to the group;
  
  generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extracting a secrets file name from the first message digest;
  
  obtaining an encrypted secrets file from a secrets directory;
  
  decrypting the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;
  
  generating a second message digest using the n-bit generator and a first secret and a second secret from the secrets file;
  
  extracting algorithm selector bits from the second message digest;
  
  selecting, from a plurality of encryption algorithms, an encryption algorithm corresponding to the algorithm selector bits; and
  
  encrypting communication between the member and the group using an encryption key obtained, at least in part, from the second message digest,wherein the communication is encrypted using the encryption algorithm.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the secrets directory comprises a plurality of decoy files.
  - 3. The method of claim 2, wherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
  - 4. The method of claim 3, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 5. The method of claim 1, wherein the first secret is a static secret and the second secret is a dynamic secret.

6. A computing device for encrypting communication, comprising:
- a processor;
  
  a memory; and
  
  software instructions stored in memory for causing the computing device to;
  
  receive a request to communicate with a group;
  
  obtain a group agreed connect name corresponding to the group;
  
  obtain a username and password of a user of a member of the group;
  
  generate a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extract a secrets file name from the first message digest;
  
  obtain an encrypted secrets file from a secrets directory;
  
  decrypt the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;
  
  generate a second message digest using the n-bit generator and a first secret and a second secret from the secrets file;
  
  extract algorithm selector bits from the second message digest;
  
  select, from a plurality of encryption algorithms, an encryption algorithm corresponding to the algorithm selector bits; and
  
  encrypt communication between the member and the group using an encryption key obtained, at least in part, from the second message digest,wherein the communication is encrypted using the encryption algorithm.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computing device of claim 6, wherein the secrets directory comprises a plurality of decoy files.
  - 8. The computing device of claim 7, wherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
  - 9. The computing device of claim 8, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 10. The computing device of claim 6, wherein the first secret is a static secret and the second secret is a dynamic secret.

11. A non-transitory computer readable medium comprising computer readable program code embodied therein for causing a computer system to perform a method for encrypting communication, the method comprising:
- receiving a request to communicate with a group;
  
  obtaining a group agreed connect name corresponding to the group;
  
  obtaining a username and password of a user of a member of the group;
  
  generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extracting a secrets file name from the first message digest;
  
  obtaining an encrypted secrets file from a secrets directory;
  
  decrypting the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;
  
  generating a second message digest using the n-bit generator and a first secret and a second secret from the secrets file;
  
  extracting algorithm selector bits from the second message digest;
  
  selecting, from a plurality of encryption algorithms, an encryption algorithm corresponding to the algorithm selector bits; and
  
  encrypting communication between the member and the group using an encryption key obtained, at least in part, from the second message digest,wherein the communication is encrypted using the encryption algorithm.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable medium of claim 11, wherein the secrets directory comprises a plurality of decoy files.
  - 13. The non-transitory computer readable medium of claim 12, wherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
  - 14. The non-transitory computer readable medium of claim 12, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 15. The non-transitory computer readable medium of claim 11, wherein the first secret is a static secret and the second secret is a dynamic secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US13/203,327
Publication Number

US 20110307705A1
Time in Patent Office

1,510 Days
Field of Search

713/181, 713/168, 713/169, 713/171, 713/189, 713/156, 709/204, 370/338
US Class Current

713/181
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 2221/2123   Dummy operation

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H05K 999/99   dummy group

System and method for protecting secrets file

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting secrets file

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links