Methods and apparatus for secure data sharing
First Claim
Patent Images
1. A communication method comprising:
- receiving from a first client a communication request that includes an encrypted conversation, a first key, and authentication bits, the communication request requesting that a host server sends the encrypted conversation and a decryption key for the encrypted conversation to a second client, wherein the first key is the decryption key that has been encrypted using a first public key associated with a first user at the first client;
in order to retrieve the decryption key from the first key,retrieving, at the host server, an encrypted secret key associated with the first user;
decrypting the encrypted secret key using the authentication bits included in the communication request received from the first user, thereby retrieving a secret key associated with the first user;
retrieving, at the host server, an encrypted private key associated with the first user;
decrypting the encrypted private key using the secret key associated with the first user, thereby retrieving a private key associated with the first user;
decrypting the first key using the private key associated with the first user, thereby retrieving the decryption key;
encrypting the decryption key using a second public key associated with a second user at the second client to generate a second key; and
sending to the second client the encrypted conversation and the second key;
receiving, from the first client, a password reset notification notifying that a password associated with the first user is lost;
receiving new authentication bits derived from a new password to be associated with the first user;
retrieving a backup secret key associated with the first user, wherein the backup secret key is encrypted using a master public key;
sending a password reset request to a management server that maintains a master private key paired with the master public key, wherein the password reset request includes the backup secret key;
receiving from the management server a password reset response that includes the secret key associated with the first user;
encrypting the secret key using the new authentication bits; and
storing the secret key encrypted using the new authentication bits.
5 Assignments
0 Petitions
Accused Products
Abstract
This disclosure relates to methods and apparatus for securely and easily sharing data over a communications network. As communications services on a communications network are continuously becoming cheaper, faster, and easier to use, more users are becoming receptive to the idea of sharing data over the communications network. However, although E-mails and web folders, to a certain degree, provide easy-to-use or secure data sharing mechanisms, none of the existing data sharing methods is both easy-to-use and highly secure. This disclosure provides methods and apparatus for easily and securely sharing data over a communications network.
34 Citations
22 Claims
-
1. A communication method comprising:
-
receiving from a first client a communication request that includes an encrypted conversation, a first key, and authentication bits, the communication request requesting that a host server sends the encrypted conversation and a decryption key for the encrypted conversation to a second client, wherein the first key is the decryption key that has been encrypted using a first public key associated with a first user at the first client; in order to retrieve the decryption key from the first key, retrieving, at the host server, an encrypted secret key associated with the first user; decrypting the encrypted secret key using the authentication bits included in the communication request received from the first user, thereby retrieving a secret key associated with the first user; retrieving, at the host server, an encrypted private key associated with the first user; decrypting the encrypted private key using the secret key associated with the first user, thereby retrieving a private key associated with the first user; decrypting the first key using the private key associated with the first user, thereby retrieving the decryption key; encrypting the decryption key using a second public key associated with a second user at the second client to generate a second key; and sending to the second client the encrypted conversation and the second key; receiving, from the first client, a password reset notification notifying that a password associated with the first user is lost; receiving new authentication bits derived from a new password to be associated with the first user; retrieving a backup secret key associated with the first user, wherein the backup secret key is encrypted using a master public key; sending a password reset request to a management server that maintains a master private key paired with the master public key, wherein the password reset request includes the backup secret key; receiving from the management server a password reset response that includes the secret key associated with the first user; encrypting the secret key using the new authentication bits; and storing the secret key encrypted using the new authentication bits. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
an interface that is configured to provide communication with a first client and a second client; a memory that is configured to maintain an encrypted private key and an encrypted secret key associated with the first client, wherein the encrypted private key is derived from encrypting a private key of the first client with a secret key of the first client, and wherein the encrypted secret key is derived from encrypting the secret key using authentication bits of the first client; a module that is configured to receive an encrypted conversation, an encrypted decryption key, and authentication bits associated with the first client, the module configured to retrieve a decryption key for the encrypted conversation by retrieving the secret key from the encrypted secret key using the authentication bits, by retrieving the private key from the encrypted private key using the secret key, and by decrypting the encrypted decryption key using the private key, the module further configured to generate a second key by encrypting the decryption key using a second public key associated with a second user at the second client, and to send to the second client the encrypted conversation and the second key, wherein the module is further configured to receive, from the first client, a password reset notification notifying that a password associated with the first user is lost;
receive new authentication bits derived from a new password to be associated with the first user;
retrieve a backup secret key associated with the first user, wherein the backup secret key is encrypted using a master public key;
send a password reset request to a management server that maintains a master private key paired with the master public key, wherein the password reset request includes the backup secret key;
receive from the management server a password reset response that includes the secret key associated with the first user;
encrypt the secret key using the new authentication bits; and
store the secret key encrypted using the new authentication bits. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory computer-readable medium for execution and when executed operable to:
-
receive a communication request that includes an encrypted conversation, a first key, and authentication bits, the communication request requesting that a host server sends the encrypted conversation and a decryption key for the encrypted conversation to a second client, wherein the first key is the decryption key that has been encrypted using a first public key associated with a first user at the first client; in order to retrieve the decryption key from the first key, retrieve an encrypted secret key associated with the first user; decrypt the encrypted secret key using the authentication bits included in the communication request received from the first user, thereby retrieving a secret key associated with the first user; retrieve an encrypted private key associated with the first user; decrypt the encrypted private key using the secret key associated with the first user, thereby retrieving a private key associated with the first user; decrypt the first key using the private key associated with the first user, thereby retrieving the decryption key; encrypt the decryption key using a second public key associated with a second user at the second client to generate a second key; send to the second client the encrypted conversation and the second key; receive, from the first client, a password reset notification notifying that a password associated with the first user is lost; receive new authentication bits derived from a new password to be associated with the first user; retrieve a backup secret key associated with the first user, wherein the backup secret key is encrypted using a master public key; send a password reset request to a management server that maintains a master private key paired with the master public key, wherein the password reset request includes the backup secret key; receive from the management server a password reset response that includes the secret key associated with the first user; encrypt the secret key using the new authentication bits; and store the secret key encrypted using the new authentication bits. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification