Confidential communication management
First Claim
1. A computer-implemented method, comprising:
- receiving, by a server computer from a client computer, at least a portion of a request message including a protected server key identifier, a one-time client public key, and encrypted request data, wherein request data is encrypted using a request shared secret derived using a server public key and a one-time client private key associated with the one-time client public key;
decrypting, by the server computer, the protected server key identifier using a server identifier encryption key to obtain and to validate a server key identifier;
determining, by the server computer, a server private key associated with the validated server key identifier; and
decrypting, by the server computer, the encrypted request data using the server private key and the one-time client public key to obtain the request data associated with the portion of the request message.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for confidential communication management. For instance, a server computer can include a protected server key identifier in a response message to a client computer. The protected server key identifier can include a server key identifier that identifies a server private key used to encrypt the response message. The client computer can pass the protected server key back in a subsequent request, so that the server computer can identify the proper server private key to use for decrypting the request message. In another example, a message may include encrypted protocol data (e.g., cipher suite) and separately encrypted payload data. The encrypted payload data can include a plurality of individually encrypted payload data elements.
-
Citations
38 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by a server computer from a client computer, at least a portion of a request message including a protected server key identifier, a one-time client public key, and encrypted request data, wherein request data is encrypted using a request shared secret derived using a server public key and a one-time client private key associated with the one-time client public key; decrypting, by the server computer, the protected server key identifier using a server identifier encryption key to obtain and to validate a server key identifier; determining, by the server computer, a server private key associated with the validated server key identifier; and decrypting, by the server computer, the encrypted request data using the server private key and the one-time client public key to obtain the request data associated with the portion of the request message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method, comprising:
-
encrypting, by a sender computer, protocol data using one or more protocol encryption keys to generate encrypted protocol data, the protocol data indicating a cipher suite and/or a key identifier; encrypting, by the sender computer, at least a portion of payload data using the protocol data and one or more payload encryption keys to generate encrypted payload data, wherein the one or more protocol encryption keys and the one or more payload encryption keys are determined based on one or more shared secrets, each generated using a receiver public key of a receiver computer and a sender private key of the sender computer, at least one of which is a one-time key; and transmitting, by the sender computer to the receiver computer, a message comprising the encrypted payload data and the encrypted protocol data. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a memory that stores computer-executable instructions; and one or more hardware processors configured to access the memory and execute the computer-executable instructions to implement a method comprising; receiving a message comprising encrypted protocol data and encrypted payload data; determining one or more protocol decryption keys; decrypting the encrypted protocol data using the one or more protocol decryption keys to obtain protocol data indicating a cipher suite and/or a key identifier; determining one or more payload decryption keys, wherein the one or more payload decryption keys and the one or more protocol decryption keys are determined based on one or more shared secrets, each generated using a sender public key and a receiver private key, at least one of which is a one-time key; and decrypting the encrypted payload data using the protocol data and the one or more payload decryption keys to obtain payload data. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer system comprising:
-
a memory that stores computer-executable instructions; and one or more hardware processors configured to access the memory and execute the computer-executable instructions to implement a method comprising; receiving, by a server computer from a client computer, at least a portion of a request message including a protected server key identifier, a one-time client public key, and encrypted request data, wherein request data is encrypted using a request shared secret derived using a server public key and a one-time client private key associated with the one-time client public key; decrypting, by the server computer, the protected server key identifier using a server identifier encryption key to obtain and to validate a server key identifier; determining, by the server computer, a server private key associated with the validated server key identifier; and decrypting, by the server computer, the encrypted request data using the server private key and the one-time client public key to obtain the request data associated with the portion of the request message. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer system comprising:
-
a memory that stores computer-executable instructions; and one or more hardware processors configured to access the memory and execute the computer-executable instructions to implement a method comprising; encrypting, by a sender computer, protocol data using one or more protocol encryption keys to generate encrypted protocol data, the protocol data indicating a cipher suite and/or a key identifier; encrypting, by the sender computer, at least a portion of payload data using the protocol data and one or more payload encryption keys to generate encrypted payload data, wherein the one or more protocol encryption keys and the one or more payload encryption keys are derived using one or more shared secrets, each generated using a receiver public key of a receiver computer and a sender private key of the sender computer, at least one of which is a one-time key; and transmitting, by the sender computer to the receiver computer, a message comprising the encrypted payload data and the encrypted protocol data. - View Dependent Claims (30, 31, 32, 33)
-
-
34. A computer-implemented method comprising:
-
receiving a message comprising encrypted protocol data and encrypted payload data; determining one or more protocol decryption keys; decrypting the encrypted protocol data using the one or more protocol decryption keys to obtain protocol data indicating a cipher suite and/or a key identifier; determining one or more payload decryption keys, wherein the one or more payload decryption keys and the one or more protocol decryption keys are determined based on one or more shared secrets, each generated using a sender public key and a receiver private key, at least one of which is a one-time key; and decrypting the encrypted payload data using the protocol data and the one or more payload decryption keys to obtain payload data. - View Dependent Claims (35, 36, 37, 38)
-
Specification