System and method for merging encryption data using circular encryption key switching

US 9,325,671 B2
Filed: 02/19/2014
Issued: 04/26/2016
Est. Priority Date: 02/19/2014
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for data privacy in a distributed communication system, in which a plurality of client terminals are arranged in a ring configuration, the method comprising:

receiving by a first client terminal of the plurality of client terminals, a second public key from a second client terminal of the plurality of client terminals;

generating a second key switch hint for the second client terminal, by the first client terminal, using the second public key and a first private key of the first client terminal;

transmitting the second key switch hint and first encryption data from the first client terminal to a mixer;

receiving by the second client terminal, a third public key from a third client terminal of the plurality of client terminals;

generating a third key switch hint for the third client terminal, by the second client terminal, using the third public key and a second private key of the second client terminal;

transmitting the third key switch hint and second encryption data from the second client terminal to the mixer;

receiving by the third client terminal, a first public key from the first client terminal;

generating a first key switch hint for the first client terminal, by the third client terminal, using the first public key and a first private key of the first client terminal;

transmitting the first key switch hint and third encryption data from the third client terminal to the mixer;

using, by the mixer, the second key switch hint and the first encrypted data from the first client terminal to switch the first encrypted data to generate a first switched encrypted data;

adding the encrypted data representation for the second client terminal to the second encryption data from the second client terminal to output a first summed data encryption;

using, by the mixer, the third key switch hint and the first summed data encryption to switch the first summed data encryption to generate a second switched encrypted data;

adding the second switched encrypted data to the third encryption data from the third client terminal to output a third encryption data representation for the third client terminal; and

sending the third encryption data representation to the third client terminal to be decrypted by the third client terminal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for data privacy in a distributed communication system, in which a plurality of client terminals are arranged in a ring configuration merges encrypted streaming data using circular encryption key switching and without sharing any private keys in a distributed communication system. The merged data is then sent to client terminals to be further process by respective client terminals.

19 Citations

View as Search Results

20 Claims

1. A computer implemented method for data privacy in a distributed communication system, in which a plurality of client terminals are arranged in a ring configuration, the method comprising:
- receiving by a first client terminal of the plurality of client terminals, a second public key from a second client terminal of the plurality of client terminals;
  
  generating a second key switch hint for the second client terminal, by the first client terminal, using the second public key and a first private key of the first client terminal;
  
  transmitting the second key switch hint and first encryption data from the first client terminal to a mixer;
  
  receiving by the second client terminal, a third public key from a third client terminal of the plurality of client terminals;
  
  generating a third key switch hint for the third client terminal, by the second client terminal, using the third public key and a second private key of the second client terminal;
  
  transmitting the third key switch hint and second encryption data from the second client terminal to the mixer;
  
  receiving by the third client terminal, a first public key from the first client terminal;
  
  generating a first key switch hint for the first client terminal, by the third client terminal, using the first public key and a first private key of the first client terminal;
  
  transmitting the first key switch hint and third encryption data from the third client terminal to the mixer;
  
  using, by the mixer, the second key switch hint and the first encrypted data from the first client terminal to switch the first encrypted data to generate a first switched encrypted data;
  
  adding the encrypted data representation for the second client terminal to the second encryption data from the second client terminal to output a first summed data encryption;
  
  using, by the mixer, the third key switch hint and the first summed data encryption to switch the first summed data encryption to generate a second switched encrypted data;
  
  adding the second switched encrypted data to the third encryption data from the third client terminal to output a third encryption data representation for the third client terminal; and
  
  sending the third encryption data representation to the third client terminal to be decrypted by the third client terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - using, by the mixer, the first key switch hint and the third encryption data representation to switch the third encryption data representation to a first encryption data representation for the first client; and
      
      sending the first encryption data representation to the first client terminal to be decrypted by the first client terminal.
  - 3. The method of claim 2, further comprising:
    - using, by the mixer, the second key switch hint and the first encryption data representation to switch the first encryption data representation to a second encryption data representation for the second client; and
      
      sending the second encryption data representation to the second client terminal to be decrypted by the second client terminal.
  - 4. The method of claim 3, further comprising:
    - combining the first, second and third encryption data representations in a matrix, a first column of the matrix including the first encryption data representation, a second column of the matrix including the second encryption data representation, and a third column of the matrix including the third encryption data representation.
  - 5. The method of claim 4, further comprising sending one or more columns of the matrix to a respective client terminal.
  - 6. The method of claim 4, further comprising sending the matrix to all of the client terminals.
  - 7. The method of claim 4, further comprising replacing the content of a respective column of the matrix corresponding to a respective client terminal with all zeroes, before sending the matrix to the respective client terminal.
  - 8. The method of claim 1, wherein the data communication between the plurality of client terminals is one or more voice data communication and video data communication.
  - 9. The method of claim 1, wherein the first encryption data, the second encryption data and the third encryption data are encoded before being encrypted by the respective client terminal.
  - 10. The method of claim 1, wherein each of the first, second and third encryption data representations is decrypted and decoded by a respective client terminal.
  - 11. The method of claim 1, further comprising:
    - adding a new fourth client terminal to the ring configuration of the plurality of the client terminals and arranging the ring configuration so that the second client terminal receives the first public key, the third client terminal receives the second public key, the new fourth client terminal receives the third public key and the first client terminal receives a fourth public key of the new fourth client terminal.
  - 12. The method of claim 8, further comprising:
    - removing the fourth client terminal from the ring configuration of the plurality of the client terminals and arranging the ring configuration so that second client terminal receives the first public key, the third client terminal receives the second public key, and the first client terminal receives the third public key.
  - 13. The method of claim 1, further comprising:
    - authenticating a sending client terminal by a receiving client terminal.

14. A distributed communication system, in which a plurality of client terminals are arranged in a ring configuration, comprising:
- a mixer to performing operation on encrypted data streams;
  
  a first client terminal for receiving a second public key from a second client terminal;
  
  generating a second key switch hint for the second client terminal, using the second public key and a first private key of the first client terminal; and
  
  transmitting the second key switch hint and first encryption data from the first client terminal to the mixer,wherein the second client terminal receives a third public key from a third client terminal;
  
  generates a third key switch hint for the third client terminal, using the third public key and a second private key of the second client terminal; and
  
  transmits the third key switch hint and second encryption data to the mixer,wherein the third client terminal receives a first public key from the first client terminal;
  
  generates a first key switch hint for the first client terminal, using the first public key and a first private key of the first client terminal; and
  
  transmits the first key switch hint and third encryption data to the mixer,wherein the mixer uses the second key switch hint and the first encrypted data from the first client terminal to switch the first encrypted data to generate a first switched encrypted data; and
  
  adds the encrypted data representation for the second client terminal to the second encryption data from the second client terminal to output a first summed data encryption, andwherein the mixer uses the third key switch hint and the first summed data encryption to switch the first summed data encryption to generate a second switched encrypted data;
  
  adds the second switched encrypted data to the third encryption data from the third client terminal to output a third encryption data representation for the third client terminal; and
  
  sends the third encryption data representation to the third client terminal to be decrypted by the third client terminal.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The distributed communication system of claim 14, wherein the mixer is further configured to use the first key switch hint and the third encryption data representation to switch the third encryption data representation to a first encryption data representation for the first client;
    - and send the first encryption data representation to the first client terminal to be decrypted by the first client terminal.
  - 16. The distributed communication system of claim 15, wherein the mixer is further configured to use the second key switch hint and the first encryption data representation to switch the first encryption data representation to a second encryption data representation for the second client;
    - and send the second encryption data representation to the second client terminal to be decrypted by the second client terminal.
  - 17. The distributed communication system of claim 16, wherein the mixer is further configured to combine the first, second and third encryption data representations in a matrix, a first column of the matrix including the first encryption data representation, a second column of the matrix including the second encryption data representation, and a third column of the matrix including the third encryption data representation.
  - 18. The distributed communication system of claim 17, wherein the mixer is further configured to send a respective column of the matrix to a respective client terminal.
  - 19. The distributed communication system of claim 17, wherein the mixer is further configured to send the matrix to all of the client terminals.
  - 20. The distributed communication system of claim 17, wherein the mixer is further configured to replace the content of a respective column of the matrix corresponding to a respective client terminal with all zeroes, before sending the matrix to the respective client terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Inventors
Rohloff, Kurt Ryan
Primary Examiner(s)
Jeudy, Josnel

Application Number

US14/184,541
Publication Number

US 20150237019A1
Time in Patent Office

797 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

System and method for merging encryption data using circular encryption key switching

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for merging encryption data using circular encryption key switching

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links