Key management and dynamic perfect forward secrecy

US 10,396,982 B1
Filed: 08/18/2016
Issued: 08/27/2019
Est. Priority Date: 02/24/2014
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an interface configured to;

receive an indication from a server that a plurality of public keys should be transmitted to a server;

receive an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value;

a processor configured to;

generate a plurality of asymmetric key pairs in response to the received indication;

assign each of the plurality of asymmetric key pairs a reference value;

transmit the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server;

retrieve, using the first reference value included with the encrypted communication, the first private key corresponding to a first public key used by the sender device;

decrypt a symmetric key using, in part, the retrieved first private key;

decrypt the encrypted communication using the decrypted symmetric key; and

delete at least one of a first private key from a first memory after decrypting the encrypted communication; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An indication is received from a server that a first pool of public keys should be transmitted to a server. At least one public-private keypair is generated in response to the received indication. The public key portion of the generated keypair is transmitted to the server. A subsequent indication is received from the server that an additional public key should be transmitted to the server.

389 Citations

15 Claims

1. A system, comprising:
- an interface configured to;
  
  receive an indication from a server that a plurality of public keys should be transmitted to a server;
  
  receive an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value;
  
  a processor configured to;
  
  generate a plurality of asymmetric key pairs in response to the received indication;
  
  assign each of the plurality of asymmetric key pairs a reference value;
  
  transmit the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server;
  
  retrieve, using the first reference value included with the encrypted communication, the first private key corresponding to a first public key used by the sender device;
  
  decrypt a symmetric key using, in part, the retrieved first private key;
  
  decrypt the encrypted communication using the decrypted symmetric key; and
  
  delete at least one of a first private key from a first memory after decrypting the encrypted communication; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1 wherein the indication includes a number of public keys that should be transmitted.
  - 3. The system of claim 2 wherein the number of public keys that should be transmitted maintains a first pool size.
  - 4. The system of claim 2 wherein the number of public keys that should be transmitted increases a first pool size to a larger second pool size.
  - 5. The system of claim 4 wherein the number of public keys that should be transmitted is determined based at least in part on an expansion factor.

6. A method, comprising:
- receiving an indication from a server that a plurality of public keys should be transmitted to the server;
  
  generating a plurality of asymmetric key pairs in response to the received indication;
  
  assigning each of the plurality of asymmetric key pairs a reference value;
  
  transmitting the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server;
  
  receiving an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value;
  
  retrieving, using the first reference value, the first private key corresponding to a first public key used by the sender device;
  
  decrypting a symmetric key using, in part, the retrieved first private key;
  
  decrypting the encrypted communication received from the sender device using the decrypted symmetric key; and
  
  deleting at least one of a first private key from a first memory after decrypting the encrypted communication.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6 wherein the indication includes a number of public keys that should be transmitted.
  - 8. The method of claim 7 wherein the number of public keys that should be transmitted maintains a first pool size.
  - 9. The method of claim 7 wherein the number of public keys that should be transmitted increases a first pool size to a larger second pool size.
  - 10. The method of claim 9 wherein the number of public keys that should be transmitted is determined based at least in part on an expansion factor.

11. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
- receiving an indication from a server that a plurality of public keys should be transmitted to the server;
  
  generating a plurality of asymmetric key pairs in response to the received indication;
  
  assigning each of the plurality of asymmetric key pairs a reference value;
  
  transmitting the plurality of public keys and the reference value assigned to each of the plurality of public keys to the server;
  
  receiving an encrypted communication from a sender device, wherein the encrypted communication includes a first reference value;
  
  retrieving, using the first reference value, the first private key corresponding to a first public key used by the sender device;
  
  decrypting a symmetric key using, in part, the retrieved first private key;
  
  decrypting the encrypted communication received from the sender device using the decrypted symmetric key; and
  
  deleting at least one of a first private key from a first memory after decrypting the encrypted communication.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11 wherein the indication includes a number of public keys that should be transmitted.
  - 13. The computer program product of claim 12 wherein the number of public keys that should be transmitted maintains a first pool size.
  - 14. The computer program product of claim 12 wherein the number of public keys that should be transmitted increases a first pool size to a larger second pool size.
  - 15. The computer program product of claim 14 wherein the number of public keys that should be transmitted is determined based at least in part on an expansion factor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wickr Inc. (Amazon.com, Inc.)
Original Assignee
Wickr Inc. (Amazon.com, Inc.)
Inventors
Statica, Robert, Howell, Christopher A.
Primary Examiner(s)
Naghdali, Khalil

Application Number

US15/240,989
Time in Patent Office

1,104 Days
Field of Search

380282
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Key management and dynamic perfect forward secrecy

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

389 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Key management and dynamic perfect forward secrecy

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

389 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links