Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary

US 9,130,744 B1
Filed: 09/22/2014
Issued: 09/08/2015
Est. Priority Date: 09/22/2014
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory computer-readable medium containing computer program instructions for performing the steps of:

a first entity A generates a private key/public key pair to be used by a second entity B in subsequent communications with A, where B has been selected by A to receive confidential communications from A;

A encrypts said key pair with P, where P is a secret shared by A and B;

A sends the encrypted key pair to a trusted intermediary L;

A encrypts a message M, and sends the encrypted M to B over a communications channel;

B retrieves B'"'"'s private key/public key pair from L, along with means to decrypt M; and

B decrypts M using B'"'"'s private key retrieved from L and said means to decrypt retrieved from L.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Key exchange methods, apparati, and computer-readable media for a cryptographic communication system. The system, which employs a novel combination of multiple channel communication, symmetric cryptography, and asymmetric cryptography, allows an entity A to bootstrap the exchange of cryptographic secrets EQ_Bto a second entity B through an alternate communication channel 30 for the transmission of a cryptographically secure message M. The system is secure against various passive and active attacks. The encryption key transfer is briefly vulnerable to man-in-the-middle attacks, but this can be prevented in preferred embodiments.

35 Citations

View as Search Results

22 Claims

1. At least one non-transitory computer-readable medium containing computer program instructions for performing the steps of:
- a first entity A generates a private key/public key pair to be used by a second entity B in subsequent communications with A, where B has been selected by A to receive confidential communications from A;
  
  A encrypts said key pair with P, where P is a secret shared by A and B;
  
  A sends the encrypted key pair to a trusted intermediary L;
  
  A encrypts a message M, and sends the encrypted M to B over a communications channel;
  
  B retrieves B'"'"'s private key/public key pair from L, along with means to decrypt M; and
  
  B decrypts M using B'"'"'s private key retrieved from L and said means to decrypt retrieved from L.
- View Dependent Claims (2, 3)
- - 2. The at least one non-transitory computer-readable medium of claim 1 wherein the encryption of M comprises A encrypting M and A encrypting A'"'"'s public key with a randomly generated symmetric key R.
  - 3. The at least one non-transitory computer-readable medium of claim 2 further comprising computer program instructions enabling A to encrypt R with B'"'"'s public key.

4. Apparatus for facilitating confidential communications between a first entity A and a second entity B, where B has been selected by A to be a recipient of confidential communications from A, said apparatus comprising:
- coupled to A and to B, a shared secret P;
  
  coupled to A, and accessible to B upon presentation of proper credentials, a trusted intermediary L;
  
  associated with A, means for generating a public/private key pair to be used by B in subsequent confidential communications with A;
  
  coupled to the generating means, means for encrypting the newly generated public/private key pair for B with P;
  
  coupled to the encrypting means, means for transmitting the encrypted public/private key pair to L; and
  
  associated with A, means for conveying to B a pointer to L and a randomly generated number Z adapted to enable B to retrieve B'"'"'s encrypted public/private key pair from L.
- View Dependent Claims (5, 6)
- - 5. The apparatus of claim 4 further comprising means within A to encrypt a message destined for B and encrypt a public key of A with a randomly generated symmetric key R.
  - 6. The apparatus of claim 5 further comprising, within A, means for encrypting R with B'"'"'s newly generated public key.

7. A computer-implemented method for a first entity A to initiate confidential communications with a second entity B that A has selected to be a recipient of said communications, said method comprising the steps of:
- A generates a private key/public key pair to be used by B in subsequent communications with A, encrypts said key pair with P, and sends the encrypted key pair to a trusted intermediary L, where P is a secret shared by A and B;
  
  A encrypts a message M, and sends the encrypted M to B over a communications channel;
  
  B retrieves B'"'"'s private key/public key pair from L, along with means to decrypt M; and
  
  B decrypts M using B'"'"'s private key retrieved from L and said means to decrypt retrieved from L.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 8. The method of claim 7 wherein the communications channel comprises an open network.
  - 9. The method of claim 8 wherein the open network comprises the Internet.
  - 10. The method of claim 7 wherein the encryption with P uses symmetric key cryptography.
  - 11. The method of claim 7 wherein the means to decrypt comprises an asymmetric key cryptographic algorithm.
  - 12. The method of claim 7 wherein A'"'"'s encryption of M comprises A encrypting M and A encrypting A'"'"'s public key.
  - 13. The method of claim 12 wherein the encryption of M and A'"'"'s public key comprises encrypting with a randomly generated symmetric key R.
  - 14. The method of claim 13 further comprising the step of A sending to B, over the communications channel, R encrypted with B'"'"'s public key.
  - 15. The method of claim 14 further comprising the steps of:
    - B using B'"'"'s private key to retrieve R; and
      
      B using R to decrypt M and A'"'"'s public key.
  - 16. The method of claim 7 further comprising the step of A sending to B over the communications channel a pointer to L and a random value Z.
  - 17. The method of claim 16 further comprising the step of B using Z and the pointer to L to retrieve from L B'"'"'s public private key pair.
  - 18. The method of claim 16 wherein Z is used once and then discarded.
  - 19. The method of claim 7 wherein B does not use B'"'"'s public key for communicating with any entity other than A.
  - 20. The method of claim 7 wherein M does not contain any non-random padding.
  - 21. The computer-implemented method of claim 7, wherein;
    - there are N second entities B with whom A wishes to communicate confidentially, where N is an integer greater than or equal to 2; and
      
      A sends to the trusted intermediary L a number N of encrypted private key/public key pairs, one pair for each B.
  - 22. The computer-implemented method of claim 7, wherein:
    - there are a plurality of second entities B with whom A wishes to communicate confidentially;
      
      for each B, A sends a public/private key pair to be used by that B to the trusted intermediary L, along with a unique random value derived from a master random value and from some identifiable information associated with that particular B; and
      
      each B derives its unique random value from the master random value and from said identifiable information associated with that particular B.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Envelope LLC
Original Assignee
Envelope LLC
Inventors
Bergersen, Brad, King, Kevin
Primary Examiner(s)
Patel, Haresh N

Application Number

US14/492,847
Time in Patent Office

351 Days
Field of Search

380/282, 380/258, 380/255, 713/156
US Class Current

1/1
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links