Peer-to-peer contact exchange
First Claim
Patent Images
1. A method of using a publicly available index store for a secure publication system, the method comprising:
- configuring a first computing device to be a publisher of contact information corresponding to the publisher, wherein;
the contact information is required to be known by both the publisher and another node to enable an initial establishment of a secure connection between the another node and the publisher, and the contact information targeted for retrieval by only a user of the contact information;
the first computing device includes a first memory, a first processing unit, and first computer-executable instructions stored in the first memory and executable by the first processing unit to publish the contact information;
at the publisher;
providing a first cryptographically unique identifier that is statistically unique to a public key of the publisher;
obtaining a second cryptographically unique identifier that is statistically unique to a public key of the user of the contact information;
appending the second cryptographically unique identifier to the first cryptographically unique identifier to form a combination key;
creating a publisher signature by signing the contact information with a publisher private key;
creating a single record corresponding to the contact information, wherein the single record includes and is indexed by the combination key, and wherein the single record includes the publisher public key, the publisher signature, and all of the contact information corresponding to the publisher; and
inserting the record into a publicly available index store;
configuring a second computing device to be the user of the contact information, the second computing device including a second memory, a second processing unit, and second computer-executable instructions stored in the second memory and executable by the second processing unit to use the contact information to establish a secure connection with the publisher; and
at the user;
obtaining the first cryptographically unique identifier;
retrieving the single record from the publicly available index store based on the combination key;
determining whether the first cryptographically unique identifier relates to the publisher public key included in the single record;
determining whether the contact information is signed by a private key corresponding to the publisher public key included in the single record;
establishing the secure connection with the publisher using at least a portion of the single record upon determining the first cryptographically unique identifier relates to the publisher public key included in the single record and the contact information is signed by the private key corresponding to the publisher public key included in the single record; and
refusing to establish the secure connection with the publisher upon determining the first cryptographically unique identifier does not relate to the publisher public key included in the single record or the contact information is not signed by the private key corresponding to the publisher public key included in the single record,wherein the publisher and the user are different nodes in a peer-to-peer network.
2 Assignments
0 Petitions
Accused Products
Abstract
A system may publish authenticated contact information in a publicly available index store, retrieve the contact information, and validate it. The claimed method and system may provide a client-based, server optional approach to publishing. The publicly available index store may be a distributed hash table used in a peer-to-peer network. The system may be used in other secure directory service applications where a server may not be available or where server trust may be minimal.
225 Citations
19 Claims
-
1. A method of using a publicly available index store for a secure publication system, the method comprising:
-
configuring a first computing device to be a publisher of contact information corresponding to the publisher, wherein; the contact information is required to be known by both the publisher and another node to enable an initial establishment of a secure connection between the another node and the publisher, and the contact information targeted for retrieval by only a user of the contact information; the first computing device includes a first memory, a first processing unit, and first computer-executable instructions stored in the first memory and executable by the first processing unit to publish the contact information;
at the publisher;providing a first cryptographically unique identifier that is statistically unique to a public key of the publisher; obtaining a second cryptographically unique identifier that is statistically unique to a public key of the user of the contact information; appending the second cryptographically unique identifier to the first cryptographically unique identifier to form a combination key; creating a publisher signature by signing the contact information with a publisher private key; creating a single record corresponding to the contact information, wherein the single record includes and is indexed by the combination key, and wherein the single record includes the publisher public key, the publisher signature, and all of the contact information corresponding to the publisher; and inserting the record into a publicly available index store; configuring a second computing device to be the user of the contact information, the second computing device including a second memory, a second processing unit, and second computer-executable instructions stored in the second memory and executable by the second processing unit to use the contact information to establish a secure connection with the publisher; and at the user; obtaining the first cryptographically unique identifier; retrieving the single record from the publicly available index store based on the combination key; determining whether the first cryptographically unique identifier relates to the publisher public key included in the single record; determining whether the contact information is signed by a private key corresponding to the publisher public key included in the single record; establishing the secure connection with the publisher using at least a portion of the single record upon determining the first cryptographically unique identifier relates to the publisher public key included in the single record and the contact information is signed by the private key corresponding to the publisher public key included in the single record; and refusing to establish the secure connection with the publisher upon determining the first cryptographically unique identifier does not relate to the publisher public key included in the single record or the contact information is not signed by the private key corresponding to the publisher public key included in the single record, wherein the publisher and the user are different nodes in a peer-to-peer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 17, 19)
-
-
8. A computer system comprising:
-
a plurality of peer nodes forming a peer-to-peer network; a distributed hash table of the peer-to-peer network; a first peer node from the plurality of peer nodes, the first peer node configured to; publish contact information corresponding to the first peer node wherein the contact information is required to be known by both the first peer node and a second peer node from the plurality of peer nodes to enable an initial establishment of a secure connection between the first peer node and the second peer node, and the contact information targeted for retrieval by only the second peer node, create a first cryptographically unique identifier that is statistically unique to a public key of the first peer node, create a signature by signing the contact information with a private key of the first peer node, obtain a second cryptographically unique identifier that is statistically unique to a public key of the second peer node, append the second cryptographically unique identifier to the first cryptographically unique identifier to form a combination key, create a single record corresponding to the contact information, wherein the single record includes and is indexed by the combination key, and wherein the single record includes the public key of the first peer node, the signature, and all of the contact information corresponding to the first peer node; and insert the single record into the distributed hash table; and the second peer node from the plurality of peer nodes, the second peer node configured to; obtain the first cryptographically unique identifier; retrieve the single record from the distributed hash table based on the combination key, determine whether the first cryptographically unique identifier relates to the public key of the first peer node included in the single record, determine whether the contact information is signed by a private key corresponding to the public key of the first peer node included in the single record, determine whether the contact information has an expected format and syntax, establish a secure connection with the first peer node using at least a portion of the single record upon determining; the first cryptographically unique identifier relates to the public key of the first peer node included in the single record, the contact information is signed by the private key corresponding to the public key of the first peer node included in the single record, and the contact information has the expected format and syntax; and refuse to establish the secure connection with the first peer node upon determining; the first cryptographically unique identifier does not relate to the public key of the first peer node included in the single record, the contact information is not signed by the private key corresponding to the public key of the first peer node included in the single record, or the contact information has an unexpected format or syntax. - View Dependent Claims (9, 10, 11, 18)
-
-
12. A memory storage device on a first node having computer-executable instructions for performing operations comprising:
-
receiving a second cryptographically unique identifier corresponding to a second node; retrieving an entry from an index store based on a combination key, the combination key including a first cryptographically unique identifier corresponding to the first node appended to the second cryptographically unique identifier corresponding to the second node, wherein; the entry contains a complete set of contact information corresponding to the second node and a public key corresponding to the second node; the entry further contains the combination key and is indexed by the combination key; the complete set of contact information is required to be known by both the first node and the second node to enable an initial establishment of a secure connection between the first node and the second node; the complete set of contact information and the public key corresponding to the second node are together signed by a private key corresponding to the public key corresponding to the second node; and the entry was previously entered into the index store by the second node; determining whether the second cryptographically unique identifier relates to the public key corresponding to the second node; determining whether the complete set of contact information and the public key corresponding to the second node are signed by the private key corresponding to the second node; establishing the secure connection between the first node and the second node using at least a portion of the entry upon determining the second cryptographically unique identifier relates to the public key corresponding to the second node included in the entry and the contact information is signed by the private key corresponding to the public key corresponding to the second node included in the entry; and refusing to establish the secure connection between the first and the second node upon determining the second cryptographically unique identifier does not relate to the public key corresponding to the second node included in the entry or the contact information is not signed by the private key corresponding to the public key corresponding to the second node included in the entry, wherein the first node and the second node are different nodes in a peer-to-peer network. - View Dependent Claims (13, 14, 15, 16)
-
Specification