Systems and methods for secure workgroup management and communication

US 8,898,464 B2
Filed: 06/05/2013
Issued: 11/25/2014
Est. Priority Date: 02/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method for secure workgroup communication, the method comprising:

receiving, at a first workgroup client, an encrypted message from a workgroup key server, wherein the encrypted message comprises a workgroup key, a workgroup key version number, and a time to live (TTL) value for the workgroup key; and

initiating a communication session with a second workgroup client, wherein initiating the communication session comprises;

determining, at the first workgroup client, if the workgroup key is expired based, at least in part, on the TTL value for the workgroup key;

in response to determining that the workgroup key is expired, checking the availability of a new workgroup key from the key server;

in response to determining that the workgroup key is not expired, sending, to the second workgroup client, a plurality of share headers, wherein the share headers include the workgroup key and the workgroup key version number; and

verifying, at the second workgroup client, that the second workgroup client'"'"'s workgroup key version matches the first workgroup client'"'"'s workgroup key version.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Citations

20 Claims

1. A method for secure workgroup communication, the method comprising:
- receiving, at a first workgroup client, an encrypted message from a workgroup key server, wherein the encrypted message comprises a workgroup key, a workgroup key version number, and a time to live (TTL) value for the workgroup key; and
  
  initiating a communication session with a second workgroup client, wherein initiating the communication session comprises;
  
  determining, at the first workgroup client, if the workgroup key is expired based, at least in part, on the TTL value for the workgroup key;
  
  in response to determining that the workgroup key is expired, checking the availability of a new workgroup key from the key server;
  
  in response to determining that the workgroup key is not expired, sending, to the second workgroup client, a plurality of share headers, wherein the share headers include the workgroup key and the workgroup key version number; and
  
  verifying, at the second workgroup client, that the second workgroup client'"'"'s workgroup key version matches the first workgroup client'"'"'s workgroup key version.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising generating the plurality of share headers before sending the plurality of share headers, wherein generating the plurality of share headers comprises distributing the workgroup key into the plurality of share headers using a secret sharing scheme.
  - 3. The method of claim 1 wherein the encrypted message is encrypted under a symmetric cipher using the first workgroup client'"'"'s secret key.
  - 4. The method of claim 1 wherein the encrypted message is encrypted under an asymmetric cipher using the first workgroup client'"'"'s public key.
  - 5. The method of claim 1 wherein the share headers additionally include a workgroup identifier, the method further comprising verifying, at the second workgroup client, that the workgroup identifier is valid for a workgroup to which the second workgroup client belongs.
  - 6. The method of claim 1 further comprising:
    - receiving, at the first workgroup client, a workgroup key update message, the workgroup key update message including a new workgroup key, a new workgroup key version number, and a new TTL value for the new workgroup key; and
      
      updating, at the first workgroup client, a workgroup key refresh alarm based, at least in part, on the new TTL value.
  - 7. The method of claim 6 wherein updating the workgroup key refresh alarm comprises setting the workgroup key refresh alarm to the current time plus the new TTL value.
  - 8. The method of claim 1, wherein the share headers are associated with a plurality of shares stored at two or more different locations.
  - 9. The method of claim 8, wherein the shares comprise a substantially random distribution of data from a data set.
  - 10. The method of claim 9, wherein restoring the data set requires at least a minimum number that is less than all of the data portions.

11. A system for secure workgroup communication, the system comprising:
- a first workgroup client configured to;
  
  receive, using processing circuitry, an encrypted message from a workgroup key server, wherein the encrypted message comprises a workgroup key, a workgroup key version number, and a time to live (TTL) value for the workgroup key; and
  
  initiate a communication session with a second workgroup client, wherein the first workgroup client is configured to;
  
  determine if the workgroup key is expired based, at least in part, on the TTL value for the workgroup key;
  
  in response to determining that the workgroup key is expired, check the availability of a new workgroup key from the key server;
  
  in response to determining that the workgroup key is not expired, send, to the second workgroup client, a plurality of share headers, wherein the share headers include the workgroup key and the workgroup key version number; and
  
  a second workgroup client configured to verify that the second workgroup client'"'"'s workgroup key version matches the first workgroup client'"'"'s workgroup key version.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein the first workgroup client is configured to generate the plurality of share headers by distributing the workgroup key into the plurality of share headers using a secret sharing scheme.
  - 13. The system of claim 11 wherein the encrypted message is encrypted under a symmetric cipher using the first workgroup client'"'"'s secret key.
  - 14. The system of claim 11 wherein the encrypted message is encrypted under an asymmetric cipher using the first workgroup client'"'"'s public key.
  - 15. The system of claim 11 wherein the share headers additionally include a workgroup identifier, the second workgroup client further configured to verify that the workgroup identifier is valid for a workgroup to which the second workgroup client belongs.
  - 16. The system of claim 11 wherein the first workgroup client is configured to:
    - receive a workgroup key update message, the workgroup key update message including a new workgroup key, a new workgroup key version number, and a new TTL value for the new workgroup key; and
      
      update a workgroup key refresh alarm based, at least in part, on the new TTL value.
  - 17. The system of claim 16 wherein the first workgroup client is configured to update the workgroup key refresh alarm by setting the workgroup key refresh alarm to the current time plus the new TTL value.
  - 18. The system of claim 11, wherein the share headers are associated with a plurality of shares stored at two or more different locations.
  - 19. The system of claim 18, wherein the shares comprise a substantially random distribution of data from a data set.
  - 20. The system of claim 19, wherein restoring the data set requires at least a minimum number that is less than all of the data portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Bono, Stephen C., Green, Matthew D., Landau, Gabriel D., Orsini, Rick L., O'Hare, Mark S., Davenport, Roger S.
Primary Examiner(s)
Gee, Jason K

Application Number

US13/910,798
Publication Number

US 20130268760A1
Time in Patent Office

538 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/067   using one-time keys cryptog...

H04L 63/068   using time-dependent keys, ...

H04L 63/0846   using time-dependent-passwo...

H04L 9/0822   using key encryption key

Systems and methods for secure workgroup management and communication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure workgroup management and communication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links