Key management and dynamic perfect forward secrecy
First Claim
Patent Images
1. A system, comprising:
- an interface configured to;
receive an indication from a server that a plurality of public keys should be transmitted to a server;
receive an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value;
a processor configured to;
generate a plurality of asymmetric key pairs in response to the received indication;
assign each of the plurality of asymmetric key pairs a reference value;
transmit the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server;
retrieve, using the first reference value included with the encrypted communication, the first private key corresponding to a first public key used by the sender device;
decrypt a symmetric key using, in part, the retrieved first private key;
decrypt the encrypted communication using the decrypted symmetric key; and
delete at least one of a first private key from a first memory after decrypting the encrypted communication; and
a memory coupled to the processor and configured to provide the processor with instructions.
4 Assignments
0 Petitions
Accused Products
Abstract
An indication is received from a server that a first pool of public keys should be transmitted to a server. At least one public-private keypair is generated in response to the received indication. The public key portion of the generated keypair is transmitted to the server. A subsequent indication is received from the server that an additional public key should be transmitted to the server.
389 Citations
15 Claims
-
1. A system, comprising:
-
an interface configured to; receive an indication from a server that a plurality of public keys should be transmitted to a server; receive an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value; a processor configured to; generate a plurality of asymmetric key pairs in response to the received indication; assign each of the plurality of asymmetric key pairs a reference value; transmit the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server; retrieve, using the first reference value included with the encrypted communication, the first private key corresponding to a first public key used by the sender device; decrypt a symmetric key using, in part, the retrieved first private key; decrypt the encrypted communication using the decrypted symmetric key; and delete at least one of a first private key from a first memory after decrypting the encrypted communication; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
receiving an indication from a server that a plurality of public keys should be transmitted to the server; generating a plurality of asymmetric key pairs in response to the received indication; assigning each of the plurality of asymmetric key pairs a reference value; transmitting the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server; receiving an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value; retrieving, using the first reference value, the first private key corresponding to a first public key used by the sender device; decrypting a symmetric key using, in part, the retrieved first private key; decrypting the encrypted communication received from the sender device using the decrypted symmetric key; and deleting at least one of a first private key from a first memory after decrypting the encrypted communication. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving an indication from a server that a plurality of public keys should be transmitted to the server; generating a plurality of asymmetric key pairs in response to the received indication; assigning each of the plurality of asymmetric key pairs a reference value; transmitting the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server; receiving an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value; retrieving, using the first reference value, the first private key corresponding to a first public key used by the sender device; decrypting a symmetric key using, in part, the retrieved first private key; decrypting the encrypted communication received from the sender device using the decrypted symmetric key; and deleting at least one of a first private key from a first memory after decrypting the encrypted communication. - View Dependent Claims (12, 13, 14, 15)
-
Specification