Mediated key exchange between source and target of communication
First Claim
1. A process for communicating a message securely between a sender-client and a receiver-client, the process comprising:
- at the sender-client, providing a key server with a receiver string specifying one or more attributes of the receiver-client;
at said key server, obtaining a first private value (a) corresponding with a first public value (A), obtaining a second public value (B) of an authentication server corresponding with a second private value (b) of said authentication server, obtaining a message key, calculating a hash (h) of said receiver string, calculating an envelope decryption key (d), wherein d=g^{Bah mod p} mod q in which g is a generator of and p and q are prime numbers in a group in which calculation is performed, calculating an envelope encryption key (e), wherein e=gd mod p, encrypting said message key with said envelope encryption key (e), thereby creating an envelope, and providing said envelope to the sender-client;
at the sender-client, encrypting the message into a secure message with said message key, and providing said secure message and said envelope to the receiver-client;
at the receiver-client, accepting said secure message and said envelope, and asking said authentication server for said envelope decryption key (d);
at said authentication server, obtaining said first public value (A) of said key server, calculating said envelope decryption key (d), wherein d=g^{Abh mod p} mod q, and providing said envelope decryption key (d) to the receiver-client; and
at the receiver-client, decrypting said envelope with said envelope decryption key (d) into said message key, and decrypting said secure message with said message key into the message.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for communicating a message securely between a sender and a receiver. The sender provides a key server with a string specifying the receiver. The key server obtains a message key and a particular envelope encryption key corresponding with a particular envelope decryption key, encrypts the message key with the envelope encryption key (creating the envelope), and provides the envelope to the sender-client. The sender-client encrypts the message with the message key and provides it and the envelope to the receiver. The receiver-client receives these and asks an authentication server for the envelope decryption key. The authentication server obtains the envelope decryption key and provides it to the receiver. The receiver then decrypts the envelope with the envelope decryption key, to get the message key, and decrypts the message.
22 Citations
31 Claims
-
1. A process for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
at the sender-client, providing a key server with a receiver string specifying one or more attributes of the receiver-client; at said key server, obtaining a first private value (a) corresponding with a first public value (A), obtaining a second public value (B) of an authentication server corresponding with a second private value (b) of said authentication server, obtaining a message key, calculating a hash (h) of said receiver string, calculating an envelope decryption key (d), wherein d=g^{Bah mod p} mod q in which g is a generator of and p and q are prime numbers in a group in which calculation is performed, calculating an envelope encryption key (e), wherein e=gd mod p, encrypting said message key with said envelope encryption key (e), thereby creating an envelope, and providing said envelope to the sender-client; at the sender-client, encrypting the message into a secure message with said message key, and providing said secure message and said envelope to the receiver-client; at the receiver-client, accepting said secure message and said envelope, and asking said authentication server for said envelope decryption key (d); at said authentication server, obtaining said first public value (A) of said key server, calculating said envelope decryption key (d), wherein d=g^{Abh mod p} mod q, and providing said envelope decryption key (d) to the receiver-client; and at the receiver-client, decrypting said envelope with said envelope decryption key (d) into said message key, and decrypting said secure message with said message key into the message.
-
-
2. A process for a key server to make an envelope encryption key (e) that corresponds with an envelope decryption key (d), for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
at the key server; obtaining a hash (h) of a receiver string specifying one or more attributes of the receiver-client; calculating d=g^{Bah mod p} mod q, wherein; g is a generator of a group in which calculation is performed and p and q are prime numbers in said group, a is private value of the key server, and B is a public value of a first authentication server; calculating e=gd mod p; and providing the envelope encryption key (e) to the sender-client. - View Dependent Claims (24, 25)
-
-
3. A process for an authentication server to make an envelope decryption key (d) that corresponds with an envelope encryption key (e), for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
at the authentication server; obtaining a hash (h) of a receiver string specifying one or more attributes of the computerized receiver-client system; obtaining a public value (A) of a party that created the envelope encryption key (e); and calculating d=g^{Abh mod p} mod q, wherein g is a generator of a group in which calculation is performed and p and g are prime numbers in said group and b is a private value of the authentication server; and providing the envelope encryption key (e) to the sender-client. - View Dependent Claims (4, 26, 27)
-
-
5. A process for a key server to make an envelope for communicating a message securely between a sender-client and a receiver-client, the process comprising:
-
at the key server; obtaining a message key; obtaining an envelope encryption key (e) corresponding with an envelope decryption key (d), wherein e=gd mod p in which g is a generator of a group in which calculation is performed and p is a prime number in said group; and encrypting said message key with said envelope encryption key (e), thereby creating the envelope; and providing the envelope from the key server to the computerized sender-client system. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A process for a sender-client to encrypt a message to a receiver-client, the process comprising:
-
at the sender-client; obtaining a message key; obtaining an envelope containing said message key encrypted with an envelope encryption key (e) corresponding with an envelope decryption key (d), wherein e=gd mod p in which g is a generator of a group in which calculation is performed and p is a prime number in said group; and encrypting the message into a secure message with said message key; and providing said secure message from the sender-client to the receiver-client; and providing said message key from the sender-client to the receiver-client. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A process for a receiver-client to decrypt a message, the process comprising:
-
at the receiver-client; obtaining a secure message including the message in encrypted form; obtaining an envelope including a message key to decrypt said secure message, wherein said envelope has been encrypted with an envelope encryption key (e) corresponding with an envelope decryption key (d); obtaining said envelope decryption key (d), wherein d=g^{A mod p} mod q in which A is a public value of a key server that created e, b is a private value of an authentication server that is providing d, h is a hash of a receiver string specifying one or more attributes of the receiver-client, and g is a generator of a group in which calculation is performed and p and g are prime numbers in said group; decrypting said envelope with said envelope decryption key (d) into said message key; and decrypting said secure message with said message key into the message. - View Dependent Claims (18, 19, 20)
-
-
21. A computer program, embodied on a tangible computer readable storage medium, for an authentication server to make an envelope decryption key (d) that corresponds with an envelope encryption key (e), for communicating a message securely between a sender-client and a receiver-client, the computer program comprising:
-
a code segment to run at the authentication server that obtains a hash (h) of a receiver string specifying one or more attributes of the receiver-client; a code segment to run at the authentication server that obtains a public value (A) of a party that created the envelope encryption key (e); a code segment to run at the authentication server that calculates d=g^{Abh mod p} mod q, wherein g is a generator of a group in which calculation is performed and p and g are prime numbers in said group and b is a private value of the authentication server; and a code segment that provides the envelope encryption key (e) to the sender-client. - View Dependent Claims (30, 31)
-
-
22. A computer program, embodied on a tangible computer readable storage medium, for a key server to make an envelope for communicating a message securely between a sender-client and a receiver-client, the computer program comprising:
-
a code segment to run at the key server that obtains a message key; a code segment to run at the key server that obtains an envelope encryption key (e) corresponding with an envelope decryption key (d), wherein e=gd mod p in which g is a generator of a group in which calculation is performed and p is a prime number in said group; and a code segment to run at the key server that encrypts said message key with said envelope encryption key (e), thereby creating the envelope; and a code segment that provides the envelope from the key server to the computerized sender-client system. - View Dependent Claims (23)
-
-
28. A computer program, embodied on a tangible computer readable storage medium, for a key server to make an envelope encryption key (e) that corresponds with an envelope decryption key (d), for communicating a message securely between a sender-client and a receiver-client, the computer program comprising:
-
a code segment to run at the key server that obtains a hash (h) of a receiver string specifying one or more attributes of the receiver-client; a code segment to run at the key server that calculates d=g^{Bah mod p} mod q, wherein; g is a generator of a group in which calculation is performed and p and q are prime numbers in said group; a is private value of the key server; and B is a public value of a first authentication server; a code segment to run at the key server that calculates e=gd mod p; and a code segment that provides the envelope encryption key (e) to the sender-client. - View Dependent Claims (29)
-
Specification