Method for payload encryption of digital voice or data communications

US 9,674,163 B1
Filed: 08/30/2013
Issued: 06/06/2017
Est. Priority Date: 03/18/2008
Status: Active Grant

First Claim

Patent Images

1. A method for transmitting real-time end-to-end encrypted software based voice communications, between at least a first digital or computing device with software program installed and a second digital or computer device which also has software installed, interfacing with a portal, or gateway or proxy or server, or other types of digital or computing device designed to process requests and deliver voice using different types of communications medium or protocol, comprising of:

receiving at the portal a request from the first digital or computing device to communicate with the second digital or computing device;

registering and/or authenticating at least the first digital or computing device and the second digital or computing device at a portal;

receiving authorization from the second digital or computing device to set up a secure session with the first digital or computing device;

providing the first digital or computing device and the second digital or computing device with at least first and/or second encryption keys, with one or more of the following functionality;

receiving real-time software based voice messages which have been encrypted from the first digital or computing device and the second digital or computing device;

real-time decrypting at the portal, the encrypted voice messages with the keys provided to the first digital or computing device and the second digital or computing device;

re-encrypting at the portal, the received messages which were decrypted real-time from the first digital or computing device and the second digital or computing device with the provided encryption keys;

sending the re-encrypted messages in real-time to the first digital or computing device and the second digital or computing device;

wherein the first digital device and the second device securely communicate in real-time with each other by encrypting and decrypting the messages sent to and received from the portal;

wherein AES (Advanced Encryption Standard) or other type of encryption algorithm, applying either hashing, symmetric or asymmetric methods, is utilized to encrypt the payload (data packets) in transit between the first digital or computing device and the second digital or computing device;

the portal re-encrypts encrypted messages which were decrypted by the portal;

the portal assigns separate keys to each end point—

for use of different types of encryption, one of which is symmetric, between the end point and portal;

The portal re-encrypts and routes to a destination with destination'"'"'s keys whereas the received message is decrypted using source'"'"'s key;

there are five functions to the portal of which one or more applies;

the portal;

a. registers devices and/or users based on credentialsb. authenticates devices and/or users based on credentialsc. authorizes devices and/or users based on credentialsd. exchanges encryption keys with client 2 once devices and/or users are authorized and authenticated using different types of encryption, Handles call setup and call handoffe. ensures that users have the correct encryption keys in order to operate a voice encrypted session;

wherein the overall method comprises;

1. a portal accepts incoming registration or authentication requests or call request for client software programs or devices;

2. a client registers;

a. when the client registers Secure Socket Layer (SSL), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using both a client side and portal side certificate so that the client authenticates with the portal and the portal authenticates the client which is based on using different types of encryption methods, of which standard PKI (Public Key Infrastructure) practices is one such method;

b. once the secure channel is established, the client registers his/her ‘

phone number’ and

/or internet protocol address with the portal and the portal gives the client a generated key through the secure channel to be used in the voice encryption or let the client devices coordinate keys through using different types of encryption methods;

3. other clients register;

a. client 1 wishes to talk to client 2;

client 1 requests the portal to setup a call with client 2;

b. the portal searches for client 2 and notifies client 2 of a call;

If client 2 accepts, the portal notifies both clients to start flowing voice or data traffic through the portal;

4. clients use Voice over IP (VoIP) or other similar technologies to communicate end-to-end.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security platform or network for transmitting end-to-end encrypted voice or data communications between at least a first digital device and a second device is disclosed. The network includes a network portal for registering the first digital device and the second device. The portal provides the first digital device and second device with at least first and second keys and receives requests from each device to communicate with each other. The portal searches for and receives authorization from the called device to set up a secure session with the calling device. The portal receives encrypted messages from the devices, decrypts the encrypted messages with the keys provided to the devices, and re-encrypts the received messages. The portal sends the re-encrypted messages to the other device. Accordingly, the devices are capable of securely communicating with each other by encrypting and decrypting the messages sent to and received from the portal. The intent is to provide a commercially feasible approach to protect sensitive information that is not government classified, with potential users including (a) Individuals—for protecting private information and conversations; (b) Companies—for protecting proprietary/sensitive information; and (c) Government—for protecting SBU conversations and information.

20 Citations

View as Search Results

3 Claims

1. A method for transmitting real-time end-to-end encrypted software based voice communications, between at least a first digital or computing device with software program installed and a second digital or computer device which also has software installed, interfacing with a portal, or gateway or proxy or server, or other types of digital or computing device designed to process requests and deliver voice using different types of communications medium or protocol, comprising of:
- receiving at the portal a request from the first digital or computing device to communicate with the second digital or computing device;
  
  registering and/or authenticating at least the first digital or computing device and the second digital or computing device at a portal;
  
  receiving authorization from the second digital or computing device to set up a secure session with the first digital or computing device;
  
  providing the first digital or computing device and the second digital or computing device with at least first and/or second encryption keys, with one or more of the following functionality;
  
  receiving real-time software based voice messages which have been encrypted from the first digital or computing device and the second digital or computing device;
  
  real-time decrypting at the portal, the encrypted voice messages with the keys provided to the first digital or computing device and the second digital or computing device;
  
  re-encrypting at the portal, the received messages which were decrypted real-time from the first digital or computing device and the second digital or computing device with the provided encryption keys;
  
  sending the re-encrypted messages in real-time to the first digital or computing device and the second digital or computing device;
  
  wherein the first digital device and the second device securely communicate in real-time with each other by encrypting and decrypting the messages sent to and received from the portal;
  
  wherein AES (Advanced Encryption Standard) or other type of encryption algorithm, applying either hashing, symmetric or asymmetric methods, is utilized to encrypt the payload (data packets) in transit between the first digital or computing device and the second digital or computing device;
  
  the portal re-encrypts encrypted messages which were decrypted by the portal;
  
  the portal assigns separate keys to each end point—
  
  for use of different types of encryption, one of which is symmetric, between the end point and portal;
  
  The portal re-encrypts and routes to a destination with destination'"'"'s keys whereas the received message is decrypted using source'"'"'s key;
  
  there are five functions to the portal of which one or more applies;
  
  the portal;
  
  a. registers devices and/or users based on credentialsb. authenticates devices and/or users based on credentialsc. authorizes devices and/or users based on credentialsd. exchanges encryption keys with client 2 once devices and/or users are authorized and authenticated using different types of encryption, Handles call setup and call handoffe. ensures that users have the correct encryption keys in order to operate a voice encrypted session;
  
  wherein the overall method comprises;
  
  1. a portal accepts incoming registration or authentication requests or call request for client software programs or devices;
  
  2. a client registers;
  
  a. when the client registers Secure Socket Layer (SSL), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using both a client side and portal side certificate so that the client authenticates with the portal and the portal authenticates the client which is based on using different types of encryption methods, of which standard PKI (Public Key Infrastructure) practices is one such method;
  
  b. once the secure channel is established, the client registers his/her ‘
  
  phone number’ and
  
  /or internet protocol address with the portal and the portal gives the client a generated key through the secure channel to be used in the voice encryption or let the client devices coordinate keys through using different types of encryption methods;
  
  3. other clients register;
  
  a. client 1 wishes to talk to client 2;
  
  client 1 requests the portal to setup a call with client 2;
  
  b. the portal searches for client 2 and notifies client 2 of a call;
  
  If client 2 accepts, the portal notifies both clients to start flowing voice or data traffic through the portal;
  
  4. clients use Voice over IP (VoIP) or other similar technologies to communicate end-to-end.
- View Dependent Claims (3)
- - 3. The method for transmitting real-time end-to-end encrypted software based voice or data or game consoles, or video players incorporating DVD, Blu-ray, Red Laser, Optical, and/or streaming technologies, or video, or video teleconferences or other network-connected appliances type of communications, between at least a first digital or computing device with software installed (computer program) and a second digital or computing device which also has software application installed, interfacing with a portal according to claim 1, or peer to peer in accordance to claim 2 to deliver using any-type different types of communications for two or more multiple recipients.

2. A method for transmitting real-time end-to-end encrypted software based voice communications, directly between at least a first digital or computing device with software installed computer program and a second digital or computing device which also has software program installed, comprising of:
- registering and/or authentication at least the first digital or computing device and the second digital or computing device with each other in peer to peer communications;
  
  providing the first digital or computing device and the second digital or computing device with at least first and second encryption keys with one or more of the following functionality;
  
  receiving a request from the first digital or computing device to communicate with the second digital or computing device;
  
  receiving authorization from the second digital or computing device to set up a secure session with the first device;
  
  receiving real-time software based voice messages which have been encrypted from the first digital or computing device and the second digital or computing device;
  
  real-time decryption of the encrypted messages with the keys provided from each respective digital or computing device or from other technologies, of which PKI is one such technology, to the first digital or computing device and the second digital or computing device;
  
  sending the encrypted voice messages in real-time to the first digital device and the second device;
  
  wherein the first digital or computing device and the second digital or computing device securely communicate in real-time with each other by encrypting and decrypting the messages sent to and received from each digital or computing device;
  
  wherein AES (Advanced Encryption Standard) or other type of encryption algorithm, of which symmetric or asymmetric encryption algorithm are utilized to encrypt the payload (data packets) in transit between the first digital or computing device and the second digital or computing device;
  
  keys are generated per session in the first device for encrypting the communication session between the first digital or computing device and the second digital or computing device using different types of encryption key scheme;
  
  the received message is decrypted using source'"'"'s key;
  
  there are five functions performed by one or the other device in a peer-to-peer or equivalent communications manner;
  
  one or more of the following apply;
  
  a. registers devices and/or users based on credentialsb. authenticates devices and/or users based on credentialsC. Authorizes devices and/or users based on credentialsd. exchanges encryption keys once devices and/or users are authorized and authenticated using type of encryption that was selectede. end devices handle call setup wherein the overall system comprises;
  
  1. a first digital or computing device and a second digital and computing device which accept incoming registration and/or authentication requests or call request for client software programs or devices;
  
  2. a client registers;
  
  a. when a client registers Secure Socket Layer (“
  
  SSL”
  
  ), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using a client side and/or peer client side certificate so that the client authenticate the other client which is based on using different types of encryption methods, either public or private encryption types;
  
  when the client registers Secure Socket Layer (SSL), Transport Layer Security (TLS) or other standard security technology is used, for establishing an encrypted link or secure channel that is opened using both a client side and portal side certificate so that the client authenticates with the portal and the portal authenticates the client which is based on using different types of encryption methods, of which standard PKI (Public Key Infrastructure) practices is one method;
  
  b. once the secure channel is established the client registers his ‘
  
  phone number’
  
  with the end client providing the client a generated key through the secure connection to be used in the voice encryption or let the client devices coordinate keys through using different types of encryption methods, which are public or private encryption methods;
  
  3. other clients register;
  
  a. client 1 wishes to talk to client 2;
  
  client 1 generates setup a call with client 2;
  
  b. client 1 searches for client 2 and notifies client 2 of a call;
  
  if client 2 accepts, both clients start flowing voice traffic;
  
  4. clients use Voice over IP (VoIP) or other similar technologies to communicate end-to-end.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Secureant, Inc.
Original Assignee
Christopher V. Feudo, Thomas J. Zacharkevics
Inventors
Feudo, Christopher V., Zacharkevics, Thomas J.
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/014,441
Time in Patent Office

1,376 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/166   at the transport layer

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Method for payload encryption of digital voice or data communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Method for payload encryption of digital voice or data communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links