Systems and methods for secure workgroup management and communication

US 9,215,218 B2
Filed: 02/14/2014
Issued: 12/15/2015
Est. Priority Date: 02/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method for secure workgroup communication, the method comprising:

generating a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes;

encrypting the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and

broadcasting the encrypted workgroup key update messages and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Citations

24 Claims

1. A method for secure workgroup communication, the method comprising:
- generating a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes;
  
  encrypting the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and
  
  broadcasting the encrypted workgroup key update messages and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein encrypting the workgroup key update message comprises encrypting the workgroup key update message using a public-key broadcast encryption scheme.
  - 3. The method of claim 2 wherein encrypting the workgroup key update message using a public-key broadcast encryption scheme comprises:
    - generating a binary tree of span M, wherein M is the maximum size of the workgroup;
      
      associating the public key of each parent node of the workgroup with a unique leaf of the binary tree;
      
      identifying all parent nodes of the binary tree that are coexistent to or parents of leaves associated with non-revoked child nodes of the workgroup; and
      
      encrypting the workgroup key update message under each of the public keys associated with the identified parent nodes.
  - 4. The method of claim 1 wherein the generating the workgroup key update message and broadcasting are performed periodically on a predefined schedule.
  - 5. The method of claim 1 wherein the generating the workgroup key update message and broadcasting are performed automatically in response to the communication privileges of a parent node or child node of the workgroup being revoked.
  - 6. The method of claim 1 wherein broadcasting the encrypted workgroup key update messages to the workgroup comprises posting the encrypted workgroup key update messages to a website.
  - 7. The method of claim 1, wherein encrypting the workgroup key update message comprises generating separate ciphertexts for each of at least a subset of the public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key.
  - 8. The method of claim 1, wherein the workgroup key comprises a session key used by the parent nodes in the workgroup to encrypt the workgroup communications.
  - 9. The method of claim 1, wherein the workgroup communications comprise one or more key exchange messages for communicating a cryptographic key within the workgroup, and the workgroup key is used to encrypt the cryptographic key.
  - 10. The method of claim 1, wherein the workgroup key update message further includes a timestamp which indicates when the workgroup key was generated.
  - 11. The method of claim 1, wherein each child node is capable of decrypting at least one of the encrypted workgroup key update messages using a public key for a parent node associated with the child node.

12. A system for secure workgroup communication, the system comprising:
- a workgroup key server configured to;
  
  generate a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes;
  
  encrypt the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and
  
  broadcast the encrypted workgroup key update message and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12 wherein the workgroup key server is configured to encrypt the workgroup key update message using a public-key broadcast encryption scheme.
  - 14. The system of claim 12 wherein the workgroup key server is configured to encrypt the workgroup key update message using a public-key broadcast encryption scheme by:
    - generating a binary tree of span M, wherein M is the maximum size of the workgroup;
      
      associating the public key of each parent node of the workgroup with a unique leaf of the binary tree;
      
      identifying all parent nodes of the binary tree that are coexistent to or parents of leaves associated with non-revoked child nodes of the workgroup; and
      
      encrypting the workgroup key update message under each of the public keys associated with the identified parent nodes.
  - 15. The system of claim 12 wherein the workgroup key server is configured to generate the workgroup key update message and broadcast the encrypted workgroup key update message periodically on a predefined schedule.
  - 16. The system of claim 12 wherein the workgroup key server is configured to generate the workgroup key update message and broadcast the encrypted workgroup key update message automatically in response to the communication privileges of a parent node or child node of the workgroup being revoked.
  - 17. The system of claim 12 wherein the workgroup key server is configured to broadcast the encrypted workgroup key update messages to the workgroup by posting the key update message to a website.
  - 18. The system of claim 12 wherein the workgroup key update message further includes a timestamp which indicates when the workgroup key was generated.
  - 19. The system of claim 12, wherein the workgroup key server is configured to encrypt the workgroup key update message by generating separate ciphertexts for each of at least a subset of the public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key.
  - 20. The system of claim 12, wherein the workgroup key comprises a session key used by the parent nodes in the workgroup to encrypt the workgroup communications.
  - 21. The system of claim 12, wherein the workgroup communications comprise one or more key exchange messages for communicating a cryptographic key within the workgroup, and the workgroup key is used to encrypt the cryptographic key.
  - 22. The system of claim 12, wherein each child node is capable of decrypting at least one of the encrypted workgroup key update messages using a public key for a parent node associated with the child node.

23. A non-transitory computer-readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for secure workgroup communication, the method comprising:
- generating a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes;
  
  encrypting the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and
  
  broadcasting the encrypted workgroup key update message and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.
- View Dependent Claims (24)
- - 24. The non-transitory computer-readable medium of claim 23, wherein each child node is capable of decrypting at least one of the encrypted workgroup key update messages using a public key for a parent node associated with the child node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Bono, Stephen C., Green, Matthew D., Landau, Gabriel D., Davenport, Roger S.
Primary Examiner(s)
Gee, Jason K

Application Number

US14/181,257
Publication Number

US 20140281542A1
Time in Patent Office

669 Days
Field of Search

713/170
US Class Current

1/1
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/067   using one-time keys cryptog...

H04L 63/068   using time-dependent keys, ...

H04L 63/0846   using time-dependent-passwo...

H04L 9/0822   using key encryption key

Systems and methods for secure workgroup management and communication

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure workgroup management and communication

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links