Method of decrypting encrypted information for unsecure phone

US 9,049,025 B1
Filed: 06/20/2011
Issued: 06/02/2015
Est. Priority Date: 06/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server, registration information of a plurality of devices, including information indicating whether each device is a secure device having encryption and decryption capabilities or a non-secure device not having encryption and decryption capabilities;

distributing, by a key management server, to the server and to the secure devices, respective encryption and decryption keys;

receiving, in the server, information encrypted by and sent from one of the secure devices to an intended recipient device through a communication network, the encrypted information being accompanied with information identifying the intended recipient and the encrypted information being encrypted using the respective secure device encryption key that is different from the encryption keys used by other secure devices;

determining in the server, based on the recipient information and the registration information, whether a device of the intended recipient is a secure or a non-secure device; and

upon determining that the intended recipient device is a non-secure device;

storing the encrypted information with a reference identifier identifying the encrypted information;

sending a notification message to the intended recipient device, the notification message including;

(a) a flag indicating that the server received the encrypted information addressed to the intended recipient device and, (b) the reference identifier;

receiving a response to the notification message from the intended recipient device, the response including the reference identifier and a token acquired by the intended recipient device from an authentication and authorization system connected to the communication network via direct communication between the intended recipient device and the authentication and authorization systems, wherein the authentication and authorization system is different from the server;

after receiving the response, authenticating the intended recipient device by the server, based on the token received in the response to the notification message by communicating with the authentication and authorization system through the communication network;

decrypting the encrypted information identified by the reference identifier included in the response using the decryption key of the secure device wherein the decryption key of the secure device is different from the token;

establishing, by the server, a secured network connection between the server and the intended recipient device; and

sending the decrypted information, to the intended recipient device, via the established secured network connection;

wherein at least one of the decrypting and sending steps is responsive to the server determining, based on the communication with the authentication and authorization system, that the token is valid.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server receives encrypted information for an intended recipient. The server determines, based on recipient information, whether the recipient'"'"'s device is able to decrypt the encrypted information. If so, the encrypted information is provided to the device. Upon determining that the device is unable to decrypt the encrypted information, the server sends a notification message to the device. The notification message indicates that the encrypted message has been received. In response to the notification message, the server receives a response from the device. If the device is successfully authenticated, based on the response, the server decrypts the encrypted information and provides the decrypted information to the device for presentation to the recipient.

78 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a server, registration information of a plurality of devices, including information indicating whether each device is a secure device having encryption and decryption capabilities or a non-secure device not having encryption and decryption capabilities;
  
  distributing, by a key management server, to the server and to the secure devices, respective encryption and decryption keys;
  
  receiving, in the server, information encrypted by and sent from one of the secure devices to an intended recipient device through a communication network, the encrypted information being accompanied with information identifying the intended recipient and the encrypted information being encrypted using the respective secure device encryption key that is different from the encryption keys used by other secure devices;
  
  determining in the server, based on the recipient information and the registration information, whether a device of the intended recipient is a secure or a non-secure device; and
  
  upon determining that the intended recipient device is a non-secure device;
  
  storing the encrypted information with a reference identifier identifying the encrypted information;
  
  sending a notification message to the intended recipient device, the notification message including;
  
  (a) a flag indicating that the server received the encrypted information addressed to the intended recipient device and, (b) the reference identifier;
  
  receiving a response to the notification message from the intended recipient device, the response including the reference identifier and a token acquired by the intended recipient device from an authentication and authorization system connected to the communication network via direct communication between the intended recipient device and the authentication and authorization systems, wherein the authentication and authorization system is different from the server;
  
  after receiving the response, authenticating the intended recipient device by the server, based on the token received in the response to the notification message by communicating with the authentication and authorization system through the communication network;
  
  decrypting the encrypted information identified by the reference identifier included in the response using the decryption key of the secure device wherein the decryption key of the secure device is different from the token;
  
  establishing, by the server, a secured network connection between the server and the intended recipient device; and
  
  sending the decrypted information, to the intended recipient device, via the established secured network connection;
  
  wherein at least one of the decrypting and sending steps is responsive to the server determining, based on the communication with the authentication and authorization system, that the token is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the intended recipient device is a mobile phone.
  - 3. The method of claim 2, wherein the recipient information includes a mobile directory number of the mobile phone.
  - 4. The method of claim 1, wherein:
    - the notification message includes;
      
      a network address which is sent to the intended recipient device for responding to the notification message and from which the intended recipient device receives the decrypted information.
  - 5. The method of claim 4, wherein to the sending of the network address to the intended recipient device is via the established secured network connection.
  - 6. The method of claim 4, wherein the server finds the encrypted information based on the reference identifier included in the response, and decrypts the found encrypted information.
  - 7. The method of claim 4, wherein the notification message is sent as a short messaging service (SMS) message.
  - 8. The method of claim 1, further comprising the server:
    - in response to sending the notification message, receiving an acknowledgment from the intended recipient device; and
      
      in response to receiving the acknowledgment, sending a delivery acknowledgment to the respective secure device subscriber.
  - 9. The method of claim 1, further comprising, the server:
    - receiving non-encrypted information from the intended recipient device;
      
      encrypting the non-encrypted information; and
      
      sending the encrypted information to a designated receiver device.
  - 10. The method of claim 1, wherein the token is valid for a limited period of time after the token is acquired by the intended recipient device from the authentication and authorization system via the direct communication and for a single authentication.
  - 11. The method of claim 1, wherein the token:
    - is valid for a limited period of time after the token is acquired by the intended recipient device from the authentication and authorization system via the direct communication, andincludes;
      
      a first token that is valid for a first limited period of time and is valid for multiple authentications, anda second token that is valid for a second limited period of time shorter than the first limited period of time and is valid only for a single authentication.

12. A system comprising:
- an authentication and authorization system;
  
  a key management server;
  
  a server, configured to be in communication with the authentication and authorization system and the key management server;
  
  wherein;
  
  the key management server is configured to distribute, to the server and to respective subscribers of the secure devices, respective encryption and decryption keys; and
  
  the server is configured to;
  
  receive registration information for a plurality of subscriber devices, including information indicating whether each device is a secure device having encryption and decryption capabilities or a non-secure device not having encryption and decryption capabilities;
  
  receive information encrypted by and sent from one of the secure devices to an intended recipient through a communication network, the encrypted information being accompanied with information identifying the intended recipient and the encrypted information being encrypted using the respective secure device encryption key that is different from the encryption keys used by other secure devices;
  
  determine, based on the recipient information and the registration information, whether a device of the intended recipient of the encrypted information is a secure or a non-secure device; and
  
  upon determining that the intended recipient device is a non-secure device;
  
  store the encrypted information with a reference identifier identifying the encrypted information;
  
  send a notification message to the intended recipient device that includes;
  
  (a) a flag which indicates that the server received the encrypted message addressed to the intended recipient device and the reference identifier;
  
  receive a response to the notification message from the intended recipient device, the response including the reference identifier and a token acquired by the intended recipient device from the authentication and authorization system connected to the communication network via direct communication between the intended recipient device and the authentication and authorization system, wherein the authentication and authorization system is different from the server;
  
  after reception of the response, the server is configured to;
  
  authenticate the intended recipient device based on the token received in the response to the notification message by communicating with the authentication and authorization system through the communication network;
  
  decrypt the encrypted information identified by the reference identifier included in the response using the decryption key of the secure device and wherein the decryption key of the secure device is different from the token;
  
  establish a secured network connection between the server and the intended recipient device; and
  
  send the decrypted information, to the intended recipient device, via the established secured network connection;
  
  wherein at least one of the decryption and sending is responsive to the determination performed by the server, based on the communication with the authentication and authorization system, that the token is valid.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the intended recipient device is a mobile phone.
  - 14. The system of claim 13, wherein the recipient information includes a mobile directory number of the mobile phone.
  - 15. The system of claim 12, wherein:
    - the notification message includes a network address sent by the server for responding to the notification message and from which the intended recipient device receives the decrypted information.
  - 16. The system of claim 15, wherein the sending the network address is provided via the secure network connection.
  - 17. The system of claim 15, wherein the server finds the encrypted information based on the reference identifier included in the response, and decrypts the found encrypted information.
  - 18. The system of claim 15, wherein the server sends the notification message as a short messaging service (SMS) message.
  - 19. The system of claim 12, wherein the server is further configured to:
    - receive an acknowledgment from the intended recipient device, in response to sending the notification message; and
      
      in response to receiving the acknowledgment, send a delivery acknowledgment to the respective secure device subscriber.
  - 20. The system of claim 12, wherein the server is further configured to:
    - receive non-encrypted information from the intended recipient device;
      
      encrypt the non-encrypted information; and
      
      send the encrypted information to a designated receiver device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Huang, Ye, Kupsh, Jerry, Mayblum, Amir
Primary Examiner(s)
Vostal, O. C.

Application Number

US13/164,138
Time in Patent Office

1,443 Days
Field of Search

380/270, 726/28, 726/3, 726/26, 709/206, 713/168
US Class Current

1/1
CPC Class Codes

H04L 51/066   Format adaptation, e.g. for...

H04L 9/32   including means for verifyi...

H04W 12/033   of the user plane, e.g. use...

Method of decrypting encrypted information for unsecure phone

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of decrypting encrypted information for unsecure phone

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links