Method for payload encryption of digital voice or data communications
First Claim
1. A method for transmitting real-time end-to-end encrypted software based voice communications, between at least a first digital or computing device with software program installed and a second digital or computer device which also has software installed, interfacing with a portal, or gateway or proxy or server, or other types of digital or computing device designed to process requests and deliver voice using different types of communications medium or protocol, comprising of:
- receiving at the portal a request from the first digital or computing device to communicate with the second digital or computing device;
registering and/or authenticating at least the first digital or computing device and the second digital or computing device at a portal;
receiving authorization from the second digital or computing device to set up a secure session with the first digital or computing device;
providing the first digital or computing device and the second digital or computing device with at least first and/or second encryption keys, with one or more of the following functionality;
receiving real-time software based voice messages which have been encrypted from the first digital or computing device and the second digital or computing device;
real-time decrypting at the portal, the encrypted voice messages with the keys provided to the first digital or computing device and the second digital or computing device;
re-encrypting at the portal, the received messages which were decrypted real-time from the first digital or computing device and the second digital or computing device with the provided encryption keys;
sending the re-encrypted messages in real-time to the first digital or computing device and the second digital or computing device;
wherein the first digital device and the second device securely communicate in real-time with each other by encrypting and decrypting the messages sent to and received from the portal;
wherein AES (Advanced Encryption Standard) or other type of encryption algorithm, applying either hashing, symmetric or asymmetric methods, is utilized to encrypt the payload (data packets) in transit between the first digital or computing device and the second digital or computing device;
the portal re-encrypts encrypted messages which were decrypted by the portal;
the portal assigns separate keys to each end point—
for use of different types of encryption, one of which is symmetric, between the end point and portal;
The portal re-encrypts and routes to a destination with destination'"'"'s keys whereas the received message is decrypted using source'"'"'s key;
there are five functions to the portal of which one or more applies;
the portal;
a. registers devices and/or users based on credentialsb. authenticates devices and/or users based on credentialsc. authorizes devices and/or users based on credentialsd. exchanges encryption keys with client 2 once devices and/or users are authorized and authenticated using different types of encryption, Handles call setup and call handoffe. ensures that users have the correct encryption keys in order to operate a voice encrypted session;
wherein the overall method comprises;
1. a portal accepts incoming registration or authentication requests or call request for client software programs or devices;
2. a client registers;
a. when the client registers Secure Socket Layer (SSL), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using both a client side and portal side certificate so that the client authenticates with the portal and the portal authenticates the client which is based on using different types of encryption methods, of which standard PKI (Public Key Infrastructure) practices is one such method;
b. once the secure channel is established, the client registers his/her ‘
phone number’ and
/or internet protocol address with the portal and the portal gives the client a generated key through the secure channel to be used in the voice encryption or let the client devices coordinate keys through using different types of encryption methods;
3. other clients register;
a. client 1 wishes to talk to client 2;
client 1 requests the portal to setup a call with client 2;
b. the portal searches for client 2 and notifies client 2 of a call;
If client 2 accepts, the portal notifies both clients to start flowing voice or data traffic through the portal;
4. clients use Voice over IP (VoIP) or other similar technologies to communicate end-to-end.
2 Assignments
0 Petitions
Accused Products
Abstract
A security platform or network for transmitting end-to-end encrypted voice or data communications between at least a first digital device and a second device is disclosed. The network includes a network portal for registering the first digital device and the second device. The portal provides the first digital device and second device with at least first and second keys and receives requests from each device to communicate with each other. The portal searches for and receives authorization from the called device to set up a secure session with the calling device. The portal receives encrypted messages from the devices, decrypts the encrypted messages with the keys provided to the devices, and re-encrypts the received messages. The portal sends the re-encrypted messages to the other device. Accordingly, the devices are capable of securely communicating with each other by encrypting and decrypting the messages sent to and received from the portal. The intent is to provide a commercially feasible approach to protect sensitive information that is not government classified, with potential users including (a) Individuals—for protecting private information and conversations; (b) Companies—for protecting proprietary/sensitive information; and (c) Government—for protecting SBU conversations and information.
20 Citations
3 Claims
-
1. A method for transmitting real-time end-to-end encrypted software based voice communications, between at least a first digital or computing device with software program installed and a second digital or computer device which also has software installed, interfacing with a portal, or gateway or proxy or server, or other types of digital or computing device designed to process requests and deliver voice using different types of communications medium or protocol, comprising of:
-
receiving at the portal a request from the first digital or computing device to communicate with the second digital or computing device; registering and/or authenticating at least the first digital or computing device and the second digital or computing device at a portal; receiving authorization from the second digital or computing device to set up a secure session with the first digital or computing device; providing the first digital or computing device and the second digital or computing device with at least first and/or second encryption keys, with one or more of the following functionality; receiving real-time software based voice messages which have been encrypted from the first digital or computing device and the second digital or computing device;
real-time decrypting at the portal, the encrypted voice messages with the keys provided to the first digital or computing device and the second digital or computing device;re-encrypting at the portal, the received messages which were decrypted real-time from the first digital or computing device and the second digital or computing device with the provided encryption keys; sending the re-encrypted messages in real-time to the first digital or computing device and the second digital or computing device; wherein the first digital device and the second device securely communicate in real-time with each other by encrypting and decrypting the messages sent to and received from the portal; wherein AES (Advanced Encryption Standard) or other type of encryption algorithm, applying either hashing, symmetric or asymmetric methods, is utilized to encrypt the payload (data packets) in transit between the first digital or computing device and the second digital or computing device; the portal re-encrypts encrypted messages which were decrypted by the portal;
the portal assigns separate keys to each end point—
for use of different types of encryption, one of which is symmetric, between the end point and portal;
The portal re-encrypts and routes to a destination with destination'"'"'s keys whereas the received message is decrypted using source'"'"'s key;
there are five functions to the portal of which one or more applies;
the portal;a. registers devices and/or users based on credentials b. authenticates devices and/or users based on credentials c. authorizes devices and/or users based on credentials d. exchanges encryption keys with client 2 once devices and/or users are authorized and authenticated using different types of encryption, Handles call setup and call handoff e. ensures that users have the correct encryption keys in order to operate a voice encrypted session; wherein the overall method comprises; 1. a portal accepts incoming registration or authentication requests or call request for client software programs or devices; 2. a client registers; a. when the client registers Secure Socket Layer (SSL), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using both a client side and portal side certificate so that the client authenticates with the portal and the portal authenticates the client which is based on using different types of encryption methods, of which standard PKI (Public Key Infrastructure) practices is one such method; b. once the secure channel is established, the client registers his/her ‘
phone number’ and
/or internet protocol address with the portal and the portal gives the client a generated key through the secure channel to be used in the voice encryption or let the client devices coordinate keys through using different types of encryption methods;3. other clients register; a. client 1 wishes to talk to client 2;
client 1 requests the portal to setup a call with client 2;b. the portal searches for client 2 and notifies client 2 of a call;
If client 2 accepts, the portal notifies both clients to start flowing voice or data traffic through the portal;4. clients use Voice over IP (VoIP) or other similar technologies to communicate end-to-end. - View Dependent Claims (3)
-
-
2. A method for transmitting real-time end-to-end encrypted software based voice communications, directly between at least a first digital or computing device with software installed computer program and a second digital or computing device which also has software program installed, comprising of:
-
registering and/or authentication at least the first digital or computing device and the second digital or computing device with each other in peer to peer communications; providing the first digital or computing device and the second digital or computing device with at least first and second encryption keys with one or more of the following functionality; receiving a request from the first digital or computing device to communicate with the second digital or computing device; receiving authorization from the second digital or computing device to set up a secure session with the first device; receiving real-time software based voice messages which have been encrypted from the first digital or computing device and the second digital or computing device;
real-time decryption of the encrypted messages with the keys provided from each respective digital or computing device or from other technologies, of which PKI is one such technology, to the first digital or computing device and the second digital or computing device;sending the encrypted voice messages in real-time to the first digital device and the second device; wherein the first digital or computing device and the second digital or computing device securely communicate in real-time with each other by encrypting and decrypting the messages sent to and received from each digital or computing device; wherein AES (Advanced Encryption Standard) or other type of encryption algorithm, of which symmetric or asymmetric encryption algorithm are utilized to encrypt the payload (data packets) in transit between the first digital or computing device and the second digital or computing device; keys are generated per session in the first device for encrypting the communication session between the first digital or computing device and the second digital or computing device using different types of encryption key scheme;
the received message is decrypted using source'"'"'s key;
there are five functions performed by one or the other device in a peer-to-peer or equivalent communications manner;
one or more of the following apply;a. registers devices and/or users based on credentials b. authenticates devices and/or users based on credentials C. Authorizes devices and/or users based on credentials d. exchanges encryption keys once devices and/or users are authorized and authenticated using type of encryption that was selected e. end devices handle call setup wherein the overall system comprises; 1. a first digital or computing device and a second digital and computing device which accept incoming registration and/or authentication requests or call request for client software programs or devices; 2. a client registers; a. when a client registers Secure Socket Layer (“
SSL”
), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using a client side and/or peer client side certificate so that the client authenticate the other client which is based on using different types of encryption methods, either public or private encryption types;when the client registers Secure Socket Layer (SSL), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using both a client side and portal side certificate so that the client authenticates with the portal and the portal authenticates the client which is based on using different types of encryption methods, of which standard PKI (Public Key Infrastructure) practices is one method; b. once the secure channel is established the client registers his ‘
phone number’
with the end client providing the client a generated key through the secure connection to be used in the voice encryption or let the client devices coordinate keys through using different types of encryption methods, which are public or private encryption methods;3. other clients register; a. client 1 wishes to talk to client 2;
client 1 generates setup a call with client 2;b. client 1 searches for client 2 and notifies client 2 of a call;
if client 2 accepts, both clients start flowing voice traffic;4. clients use Voice over IP (VoIP) or other similar technologies to communicate end-to-end.
-
Specification