Identity-based decryption

US 9,490,974 B2
Filed: 03/29/2012
Issued: 11/08/2016
Est. Priority Date: 04/01/2011
Status: Active Grant

First Claim

Patent Images

1. A client node, comprising:

identity-based encryption processing circuitry configured to;

receive input from a message sender, the input including;

message content data for a message to be sent to a message recipient at a second client node; and

first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password;

generate a random key;

use said random key to process the message content data to generate encrypted message content data; and

use a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext;

process said encrypted message content data and said wrapped key ciphertext to generate a message text;

provide the password to the message recipient at the second client node; and

transmit said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; and

wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob'"'"'s authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content.

Citations

32 Claims

1. A client node, comprising:
- identity-based encryption processing circuitry configured to;
  
  receive input from a message sender, the input including;
  
  message content data for a message to be sent to a message recipient at a second client node; and
  
  first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password;
  
  generate a random key;
  
  use said random key to process the message content data to generate encrypted message content data; and
  
  use a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext;
  
  process said encrypted message content data and said wrapped key ciphertext to generate a message text;
  
  provide the password to the message recipient at the second client node; and
  
  transmit said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; and
  
  wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The client node of claim 1, wherein:
    - said second client node receives said message text and processes said message text to provide said wrapped key ciphertext and the password to said server node;
      
      said server node uses a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and
      
      said random key is provided to said second client node when said decrypted first authentication data matches the password.
  - 3. The client node of claim 2, wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.
  - 4. The client node of claim 2, wherein said decrypted random key is provided by said server node to said second client node over a secure channel.
  - 5. The client node of claim 1, wherein the message sender separately provides the first authentication data to the message recipient at the second client node in one of a set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.
  - 6. The client node of claim 1, wherein the message text includes content ciphertext corresponding to the encrypted message content, the wrapped key ciphertext, instructions for the message recipient, and formatting information.

7. A method for managing identity-based decryption, at a client node comprising identity-based encryption processing circuitry the method comprising:
- receiving input from a message sender, the input including;
  
  message content data for a message to be sent to a message recipient at a second client node; and
  
  first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password;
  
  generate a random key;
  
  use said random key to process the message content data to generate encrypted message content data; and
  
  using a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext;
  
  processing said encrypted message content data and said wrapped key ciphertext to generate a message text;
  
  providing a password to the message recipient at the second client node; and
  
  transmitting said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; and
  
  wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of the encrypted message content based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein:
    - said second client node receives said message text and processes said message text to provide said wrapped key ciphertext and the password to said server node;
      
      said server node uses a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and
      
      said random key is provided to said second client node when said decrypted first authentication data matches the password.
  - 9. The method of claim 8, wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.
  - 10. The method of claim 8, wherein said decrypted random key is provided by said server node to said second client node over a secure channel.
  - 11. The method of claim 7, wherein the message sender provides the first authentication data to said message recipient at said second client node in one of a set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

12. A server node, comprising:
- processing logic circuitry configured to;
  
  provide a public key associated with said server node to a message sender at a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising;
  
  a random key generated by said first client node to encrypt message content data; and
  
  a first authentication data associated with a message recipient at a second client node, said first authentication data comprising a password;
  
  wherein the password is provided by the message sender to the message recipient;
  
  wherein the encrypted message content data and the wrapped key ciphertext are transmitted in a message text by the first client node to the second client node in a transaction separate from provision of the password;
  
  receive said wrapped key ciphertext and the password from said second client node;
  
  use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and
  
  provide said random key to said second client node if said decrypted first authentication data matches the password, andwherein said message recipient at the second client node obtains permitted access to said random key from the server node based on provision of the password matching said decrypted first authentication data, said second client node decrypting the encrypted message content data using the random key, said message text being generated by said first client node based on the encrypted message content data and the wrapped key ciphertext.
- View Dependent Claims (13, 14)
- - 13. The server node of claim 12, wherein said first client node:
    - uses said random key to process message content data to generate said encrypted message content data; and
      
      uses said public key to process said random key and said first authentication data to generate said wrapped key ciphertext.
  - 14. The server node of claim 13, wherein said first client node:
    - processes said encrypted message content data and said wrapped key ciphertext to generate said message text; and
      
      provides said message text to said second client node for decryption.

15. A method for managing identity-based decryption, comprising:
- using a server node comprising processing circuitry to;
  
  provide a public key associated with said server node to a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising;
  
  a random key generated by the first client node to encrypt message content data for a message sender; and
  
  a first authentication data associated with a message recipient at a second client node, said first authentication data comprising a password;
  
  wherein the password is provided by the message sender to the message recipient;
  
  wherein the encrypted message content data and the wrapped key ciphertext are transmitted in a message text by the first client node to the second client node in a transaction separate from provision of the password;
  
  receive said wrapped key ciphertext and the password from said second client node;
  
  use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and
  
  provide said random key from said server node to said second client node if said decrypted first authentication data matches the password; and
  
  wherein said message recipient at the second client node obtains permitted access to said random key based on provision of the password matching said decrypted first authentication data, said second client node decrypting the encrypted message content data using the random key, said message text being generated by said first client node based on encrypted message content data and the wrapped key ciphertext.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein said first client node:
    - uses said random key to process message content data to generate said encrypted message content data; and
      
      uses said public key to process said random key and said first authentication data to generate said wrapped key ciphertext.
  - 17. The method of claim 16, wherein said first client node:
    - processes said encrypted message content data and said wrapped key ciphertext to generate said message text; and
      
      provides said message text to said second client node for decryption.

18. A client node, comprising:
- identity-based decryption processing circuitry configured to;
  
  receive a message text from a message sender at a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data;
  
  receive a first authentication data from the message sender at the second client node in a separate transaction, the first authentication data comprising a password;
  
  provide said wrapped key ciphertext and the password to a server node for processing, said wrapped key ciphertext comprising;
  
  a random key generated by said second client node; and
  
  the first authentication data associated with said message recipient at the client node encrypted with a public key associated with said server node for decrypting the wrapped key ciphertext; and
  
  receive said random key in decrypted form from said server node if said first authentication data from the decrypted wrapped key ciphertext matches the password, andwherein said message recipient at the client node obtains permitted access to said random key for decryption of said encrypted message content data based on provision of said password matching said first authentication data.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The client node of claim 18, wherein said second client node uses a public key corresponding to said server node to generate said wrapped key ciphertext.
  - 20. The client node of claim 19, wherein said decrypted random key is provided by said server node to said client node over a secure channel.
  - 21. The client node of claim 18, wherein said client node uses said decrypted random key to decrypt said encrypted message content data.
  - 22. The client node of claim 18, wherein the message sender at said second client node provides the password to said message recipient at said client node in one of a set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

23. A method for managing identity-based decryption, comprising:
- using a client node including identity-based decryption processing circuitry to;
  
  receive a message text from a message sender at a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data;
  
  receive a first authentication data from the message sender at the second client node in a separate transaction, the first authentication data comprising a password;
  
  provide said wrapped key ciphertext and the password associated with a user of said client node to a server node for processing, said wrapped key ciphertext comprisinga random key generated by said second client node; and
  
  a second authentication data associated with said client node encrypted with a public key associated with said server node; and
  
  receive said random key in decrypted form from said server node if the password matches said second authentication data, andwherein the message recipient at said client node obtains permitted access to said random key for decryption of said encrypted message content data based on provision of the second authentication data matching the password.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The method of claim 23, wherein said second client node uses a public key corresponding to said server node to generate said wrapped key ciphertext.
  - 25. The method of claim 24, wherein said decrypted random key is provided by said server node to said client node over a secure channel.
  - 26. The method of claim 23, wherein said client node uses said decrypted random key to decrypt said encrypted message content data.
  - 27. The method of claim 23, wherein the message sender at said second client node provides the first authentication data to said message recipient at said client node in one of a set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

28. A computer program product comprising a non-transitory computer readable medium comprising computer executable instructions for a client node, said computer executable instructions comprising instructions for:
- receiving from a message sender at a second client node;
  
  message content data for a message to be sent to a message recipient at a second client node; and
  
  first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password provided to said message recipient at said second client node;
  
  generating a random key;
  
  using said random key to process the message content data to generate encrypted message content data; and
  
  using a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext;
  
  wherein said processing circuitry is further configured to;
  
  process said encrypted message content data and said wrapped key ciphertext to generate a message text; and
  
  provide said message text to said second client node for decryption, wherein the message text is transmitted in a separate transaction from the password; and
  
  wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The computer program product of claim 28, wherein:
    - said second client node receives said message text and processes said message text to provide said wrapped key ciphertext and the password associated with a user of said second client node to said server node;
      
      said server node uses a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and
      
      said random key is provided to said second client node when said first authentication data matches said password.
  - 30. The computer program product of claim 29 wherein said second client node uses said decrypted random key to decrypt said encrypted message content data.
  - 31. The computer program product of claim 29, wherein said decrypted random key is provided by said server node to said second client node over a secure channel.
  - 32. The computer program product of claim 28, wherein the sender separately provides the first authentication data to said message recipient at said second client node in one of a set of:
    - a verbal communication;
      
      an email message; and
      
      a short message service (SMS) message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Brown, Daniel R. L.
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US13/433,747
Publication Number

US 20120254616A1
Time in Patent Office

1,685 Days
Field of Search

713168-171
US Class Current

1/1
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3073   involving pairings, e.g. id...

Identity-based decryption

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based decryption

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links