Public key encryption algorithms for hard lock file encryption

US 9,178,699 B2
Filed: 11/06/2013
Issued: 11/03/2015
Est. Priority Date: 11/06/2013
Status: Active Grant

First Claim

Patent Images

1. A public key encryption method comprising:

generating a shared secret based on a public key of an entity and an ephemeral private key;

using a key derivation function to generate a first secret key from the shared secret;

encrypting, by operation of a computing device, a first portion of a message using the first secret key;

using the key derivation function to generate a second secret key from the first secret key;

discarding the first secret key;

encrypting, by operation of the computing device, a second portion of the message using the second secret key;

providing an ephemeral public key associated with the ephemeral private key to the entity; and

providing the encrypted first portion of the message and the encrypted second portion of the message to the entity.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

27 Citations

View as Search Results

14 Claims

1. A public key encryption method comprising:
- generating a shared secret based on a public key of an entity and an ephemeral private key;
  
  using a key derivation function to generate a first secret key from the shared secret;
  
  encrypting, by operation of a computing device, a first portion of a message using the first secret key;
  
  using the key derivation function to generate a second secret key from the first secret key;
  
  discarding the first secret key;
  
  encrypting, by operation of the computing device, a second portion of the message using the second secret key;
  
  providing an ephemeral public key associated with the ephemeral private key to the entity; and
  
  providing the encrypted first portion of the message and the encrypted second portion of the message to the entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the key derivation function produces one or more outputs comprising the second secret key, and the key derivation function operates on one or more inputs comprising the first secret key.
  - 3. The method of claim 2, wherein the one or more outputs further comprise at least one of an initialization vector or a key to be used in a message authentication code.
  - 4. The method of claim 1, comprising using an iterative algorithm to encrypt the message, wherein the iterative algorithm comprises, on each respective iteration:
    - accessing a current portion of the message to be encrypted by the current iteration of the iterative algorithm;
      
      encrypting the current portion of the message using a current secret key generated for the current iteration;
      
      using the key derivation function and the current secret key to generate a subsequent secret key for a subsequent iteration of the iterative algorithm; and
      
      discarding the current secret key before the subsequent iteration.
  - 5. The method of claim 4, wherein the iterative algorithm comprises, on each respective iteration:
    - incrementing a counter to a new value for the current iteration; and
      
      using the new value of the counter as an input to the key derivation function.
  - 6. The method of claim 1, comprising:
    - generating multiple distinct secret keys from the ephemeral private key; and
      
      using each distinct secret key to encrypt respective, distinct portions of the message.
  - 7. The method of claim 1, wherein generating the first secret key based on the public key of the entity consumes more computational resources than using the key derivation function to generate the second secret key from the first secret key.

8. A non-transitory computer-readable medium comprising instructions that are operable when executed by data processing apparatus to perform public key encryption operations comprising:
- generating a shared secret based on a public key of an entity and an ephemeral private key;
  
  using a key derivation function to generate a first secret key from the shared secret;
  
  encrypting a first portion of a message using the first secret key;
  
  using the key derivation function to generate a second secret key from the first secret key;
  
  discarding the first secret key;
  
  encrypting a second portion of the message using the second secret key;
  
  providing the encrypted first and second portions of the message to the entity; and
  
  providing an ephemeral public key associated with the ephemeral private key to the entity.
- View Dependent Claims (9, 10)
- - 9. The computer-readable medium of claim 8, wherein the key derivation function produces one or more outputs comprising the second secret key, and the key derivation function operates on one or more inputs comprising the first secret key.
  - 10. The computer-readable medium of claim 8, the operations comprising using an iterative algorithm to encrypt the message, wherein the iterative algorithm comprises, on each respective iteration:
    - accessing a current portion of the message to be encrypted by the current iteration of the iterative algorithm;
      
      encrypting the current portion of the message using a current secret key generated for the current iteration;
      
      using the key derivation function and the current secret key to generate a subsequent secret key for a subsequent iteration of the iterative algorithm; and
      
      discarding the current secret key before the subsequent iteration.

11. A device comprising:
- one or more processors operable to decrypt a public-key encrypted message by performing operations comprising;
  
  accessing an encrypted message, the encrypted message having been encrypted using multiple secret keys based on a public key of an entity;
  
  generating a shared secret based on an ephemeral public key and a private key of the entity;
  
  using a key derivation function to generate a first secret key based on the shared secret;
  
  decrypting a first portion of the message using the first secret key;
  
  using the key derivation function to generate a second secret key from the first secret key; and
  
  decrypting a second portion of the message using the second secret key.
- View Dependent Claims (12, 13, 14)
- - 12. The device of claim 11, wherein the key derivation function produces one or more outputs comprising the second secret key, and the key derivation function operates on one or more inputs comprising the first secret key.
  - 13. The device of claim 11, the operations comprising using an iterative algorithm to decrypt the message, wherein the iterative algorithm comprises, on each respective iteration:
    - accessing a current portion of the message to be decrypted by the current iteration of the iterative algorithm;
      
      decrypting the current portion of the message using a current secret key generated for the current iteration of the iterative algorithm;
      
      using the key derivation function and the current secret key to generate a subsequent secret key for a subsequent iteration; and
      
      discarding the current secret key before the subsequent iteration.
  - 14. The device of claim 11, the operations comprising:
    - generating multiple distinct secret keys from the ephemeral public key; and
      
      using each distinct secret key to decrypt respective, distinct portions of the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited, Certicom Corporation (Blackberry Limited)
Inventors
Lambert, Robert John, Brown, Daniel Richard L., Yamada, Atsushi
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US14/073,379
Publication Number

US 20150124961A1
Time in Patent Office

727 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/3066   involving algebraic varieti...

H04L 9/3242   involving keyed hash functi...

Public key encryption algorithms for hard lock file encryption

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Public key encryption algorithms for hard lock file encryption

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links