System and method for secure three-party communications

US 7,869,591 B1
Filed: 02/16/2007
Issued: 01/11/2011
Est. Priority Date: 03/23/2001
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system for securing information, comprising:

(a) a first port configured to receive encrypted information associated with a first set of cryptographic keys;

(b) a second port configured to receive a portion of a set of transcryption keys from a key management system, derived at least in part from a first portion of the first set of cryptographic keys and a first portion of a set of session keys, adapted to transcrypt the encrypted information from a form associated with the first set of cryptographic keys to a form associated with a second set of cryptographic keys and the set of session keys, the received first portion of the set of transcryption keys conveying insufficient information to decrypt the encrypted information and to comprehend the transcrypted information, a second portion of the second set of cryptographic keys and a second portion of the set of session keys being required to comprehend the transcrypted information; and

(c) a processor configured to transcrypt the received encrypted information from the first port into the transcrypted information dependent on the portion of the set of transcryption keys received from the second port, without either requiring or employing information sufficient to decrypt the encrypted information or to comprehend the transcrypted information.

View all claims

7 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system and method for communicating information between a first party and a second party, comprising the steps of receiving, by an intermediary, an identifier of desired information and accounting information for a transaction involving the information from the first party, transmitting an identifier of the first party to the second party, and negotiating, by the intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first party and the second party. The data transmission may be made secure with respect to the intermediary by providing an asymmetric key or direct key exchange for encryption of the communication between the first and second party. The data transmission may be made secure with respect to the second party by maintaining the information in encrypted format at the second party, with the decryption key held only by the intermediary, and transmitting a secure composite of the decryption key and a new encryption key to the second party for transcoding of the data record, and providing the new decryption key to the first party, so that the information transmitted to the first party can be comprehended by it.

169 Citations

21 Claims

1. A system for securing information, comprising:
- (a) a first port configured to receive encrypted information associated with a first set of cryptographic keys;
  
  (b) a second port configured to receive a portion of a set of transcryption keys from a key management system, derived at least in part from a first portion of the first set of cryptographic keys and a first portion of a set of session keys, adapted to transcrypt the encrypted information from a form associated with the first set of cryptographic keys to a form associated with a second set of cryptographic keys and the set of session keys, the received first portion of the set of transcryption keys conveying insufficient information to decrypt the encrypted information and to comprehend the transcrypted information, a second portion of the second set of cryptographic keys and a second portion of the set of session keys being required to comprehend the transcrypted information; and
  
  (c) a processor configured to transcrypt the received encrypted information from the first port into the transcrypted information dependent on the portion of the set of transcryption keys received from the second port, without either requiring or employing information sufficient to decrypt the encrypted information or to comprehend the transcrypted information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system according to claim 1, wherein the set of transcryption keys is a composite key representing a function of portions of two or more sets of cryptographic keys and at least one set of session keys, wherein the at least one set of session keys varies dynamically.
  - 3. The system according to claim 1, wherein the first port is further configured to transmit transcrypted information, to a party in possession of the second portion of the second set of cryptographic keys.
  - 4. The system according to claim 1, wherein the first set of cryptographic keys and the second set of cryptographic keys each comprise a public key and a private key related through a cryptographic algorithm.
  - 5. The system according to claim 1, wherein at least one of the first set of cryptographic keys, the second set of cryptographic keys and the set of session keys comprise key pairs which are related through an elliptic curve cryptographic algorithm.
  - 6. The system according to claim 1, wherein at least one of the first set of cryptographic keys, the second set of cryptographic keys and the set of session keys are key pairs which related through an El Gamal cryptographic algorithm.
  - 7. The system according to claim 1, wherein at least one of the first set of cryptographic keys, the second set of cryptographic keys and the set of session keys are key pairs which related through a Rivest-Shamir-Adleman cryptographic algorithm.
  - 8. The system according to claim 1, wherein at least one of the first set of cryptographic keys, the second set of cryptographic keys and the set of session keys are key pairs which related through a Diffie-Hellman cryptographic algorithm.
  - 9. The system according to claim 1, wherein a server hosting the key management system is configured to generate the set of transcryption keys based on at least a portion of the first set of cryptographic keys, a portion of the second set of cryptographic keys, and a portion of the set of session keys, the server being further configured to negotiate the set of session keys, wherein the server is restricted from possession of a portion of the first set of cryptographic keys and a portion of the second set of cryptographic keys sufficient to comprehend the information.

10. A server for managing transcryption comprising:
- (a) a memory configured to store information representing at least a portion of a first set of cryptographic keys, and to store information representing at least a portion of a second set of cryptographic keys;
  
  (b) a processor configured to produce at least a transcryption key in dependence on a portion of the second set of cryptographic keys and at least a secret portion of the first set of cryptographic keys, the transcryption key being adapted to convert information encrypted based on the first set of cryptographic keys in which a secret portion of the first set of keys is required for decryption, to transcrypted information associated with the second set of cryptographic keys, employing a transcryption algorithm which does not either require or employ sufficient information to decrypt the encrypted information or to comprehend the transcrypted information; and
  
  (c) a port, configured to transmit the information representing at least a portion of the second set of cryptographic keys to a remote system, the information representing the portion of the second set of cryptographic keys being obscured from the processor with obscuration data.
- View Dependent Claims (11, 12)
- - 11. The server in accordance with claim 10, further comprising at least one remote system, wherein the remote system receives at least the transmitted information representing at least a portion of the second set cryptographic keys, de-obscuration data, and the transcrypted information, and thereby possesses sufficient information to comprehend the transcrypted information.
  - 12. The server according to claim 10, wherein the first and second sets of cryptographic keys each comprise an asymmetric cryptographic key pair, wherein the encrypted information is encrypted using one key of the first set of cryptographic keys, and the processor is configured to perform an algorithm based on at least the other of the first set of cryptographic keys maintained in secrecy, and one of the second set of cryptographic keys to produce a transcryption key,wherein after the encrypted message is processed with the transcryption key to produce transcrypted information, information dependent on the other of the second set of cryptographic keys is effective to comprehend the transcrypted information.

13. A method for transcrypting information, comprising:
- (a) receiving and storing in a first memory information encrypted based on a first set of cryptographic keys, a first portion of the first set of cryptographic keys having been employed to produce the encrypted information and a second portion of the first set of cryptographic keys being required to decrypt the information encrypted with the first portion of the first set of cryptographic information;
  
  (b) receiving and storing in a second memory a first portion of a second set of cryptographic keys, having a corresponding second portion of the second set of cryptographic keys being required for decryption of a message encrypted using the first portion of the second set of cryptographic keys;
  
  (c) negotiating a set of session keys through a communication port,(d) generating a transcryption key for transforming the received encrypted information to transcrypted information, in dependence on at least;
  
  (i) information representing the second portion of the first set of cryptographic keys,(ii) information representing the first portion of the second set of cryptographic keys; and
  
  (iii) a first portion of the set of session keys, and(e) transcrypting the stored encrypted information into transcrypted information using the transcryption key,wherein the generating a transcryption key step and the transcrypting the encrypted information step are performed without either requiring or employing sufficient information either to decrypt the encrypted information or to comprehend the transcrypted information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method according to claim 13, wherein at least one of:
    - (i) the first set of cryptographic keys, (ii) the second set of cryptographic keys and (iii) the set of session keys, are key pairs which related through at least one cryptographic algorithm, selected from the group consisting of one or more of (i) an elliptic curve cryptographic algorithm, (ii) a Rivest-Shamir-Adleman cryptographic algorithm, (iii) an El Gamal cryptographic algorithm, and (iv) a Diffie-Hellman cryptographic algorithm.
  - 15. The method according to claim 13, further comprising the steps of:
    - authenticating a remote system; and
      
      communicating the transcryption key to the authenticated remote system.
  - 16. The method according to claim 15, further comprising communicating the transcrypted information from the authenticated remote system.
  - 17. The method according to claim 13, further comprising the step of comprehending the transcrypted information using at least the information dependent on the second portion of the second set of cryptographic keys and information dependent on the set of transcryption keys.
  - 18. The method according to claim 13, wherein the first set of cryptographic keys is associated with a first party, the second set of cryptographic keys is associated with a second party, and the method is conducted without exchanging cryptographic information between the first party and second party sufficient for decrypting the encrypted information or comprehending the transcrypted information.
  - 19. The method according to claim 13, wherein generating a transcryption key and transcrypting the encrypted information are performed by separate entities at separate locations.
  - 20. The method according to claim 13, wherein the set of session keys is dynamically generated for use in conjunction with a communication session, and the transcryption key and the second set of cryptographic keys together provide insufficient information to determine key components of the first set of cryptographic keys.
  - 21. The method according to claim 13, wherein the set of session keys is negotiated through the communication port with an intended recipient of the transcrypted information.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
RPX Corporation
Original Assignee
David P. Felsher
Inventors
Nagel, Robert H., Felsher, David P., Hoffberg, Steven M.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Le, David

Application Number

US11/676,244
Time in Patent Office

1,425 Days
Field of Search

380/44, 380/277, 380/282, 380/28, 726/2, 726/27
US Class Current

380/28
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/608   Watermarking

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/88   Medical equipments

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/302   involving the integer facto...

H04L 9/321   involving a third party or ...

H04L 9/3249   using RSA or related signat...

System and method for secure three-party communications

First Claim

7 Assignments

Litigations

0 Petitions

Accused Products

Abstract

169 Citations

21 Claims

Specification

5 Family Members

Thank you for your feedback