Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
First Claim
1. At least one non-transitory computer-readable medium containing computer program instructions for performing the steps of:
- a first entity A generates a private key/public key pair to be used by a second entity B in subsequent communications with A, where B has been selected by A to receive confidential communications from A;
A encrypts said key pair with P, where P is a secret shared by A and B;
A sends the encrypted key pair to a trusted intermediary L;
A encrypts a message M, and sends the encrypted M to B over a communications channel;
B retrieves B'"'"'s private key/public key pair from L, along with means to decrypt M; and
B decrypts M using B'"'"'s private key retrieved from L and said means to decrypt retrieved from L.
1 Assignment
0 Petitions
Accused Products
Abstract
Key exchange methods, apparati, and computer-readable media for a cryptographic communication system. The system, which employs a novel combination of multiple channel communication, symmetric cryptography, and asymmetric cryptography, allows an entity A to bootstrap the exchange of cryptographic secrets EQB to a second entity B through an alternate communication channel 30 for the transmission of a cryptographically secure message M. The system is secure against various passive and active attacks. The encryption key transfer is briefly vulnerable to man-in-the-middle attacks, but this can be prevented in preferred embodiments.
35 Citations
22 Claims
-
1. At least one non-transitory computer-readable medium containing computer program instructions for performing the steps of:
-
a first entity A generates a private key/public key pair to be used by a second entity B in subsequent communications with A, where B has been selected by A to receive confidential communications from A; A encrypts said key pair with P, where P is a secret shared by A and B; A sends the encrypted key pair to a trusted intermediary L; A encrypts a message M, and sends the encrypted M to B over a communications channel; B retrieves B'"'"'s private key/public key pair from L, along with means to decrypt M; and B decrypts M using B'"'"'s private key retrieved from L and said means to decrypt retrieved from L. - View Dependent Claims (2, 3)
-
-
4. Apparatus for facilitating confidential communications between a first entity A and a second entity B, where B has been selected by A to be a recipient of confidential communications from A, said apparatus comprising:
-
coupled to A and to B, a shared secret P; coupled to A, and accessible to B upon presentation of proper credentials, a trusted intermediary L; associated with A, means for generating a public/private key pair to be used by B in subsequent confidential communications with A; coupled to the generating means, means for encrypting the newly generated public/private key pair for B with P; coupled to the encrypting means, means for transmitting the encrypted public/private key pair to L; and associated with A, means for conveying to B a pointer to L and a randomly generated number Z adapted to enable B to retrieve B'"'"'s encrypted public/private key pair from L. - View Dependent Claims (5, 6)
-
-
7. A computer-implemented method for a first entity A to initiate confidential communications with a second entity B that A has selected to be a recipient of said communications, said method comprising the steps of:
-
A generates a private key/public key pair to be used by B in subsequent communications with A, encrypts said key pair with P, and sends the encrypted key pair to a trusted intermediary L, where P is a secret shared by A and B; A encrypts a message M, and sends the encrypted M to B over a communications channel; B retrieves B'"'"'s private key/public key pair from L, along with means to decrypt M; and B decrypts M using B'"'"'s private key retrieved from L and said means to decrypt retrieved from L. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification