Secure Escrow Service
US-2017048066-A1 · Feb 16, 2017 · US
Securely transferring user information between applications
US10230524B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10230524-B2 |
| Application number | US-201715447741-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 2, 2017 |
| Priority date | Jan 26, 2017 |
| Publication date | Mar 12, 2019 |
| Grant date | Mar 12, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure describes a system, method, and non-transitory computer readable medium for provisioning multiple instances of a secure communication application on multiple devices. A secure communication application on a first device generates a first set of private keys that are associated with the user and a second set of keys that are associated with the secure communication application executing on the first device. The first set of private keys establishes a set of root identifying keys for the user that are identical for all installations of the secure communication application, while the second set of keys will vary from device to device. In this regard, the first set of root identifying keys must be securely transferred from the first device to any subsequent installations of the secure communication application on one or more second devices. This establishes a high degree of trust since each installation of the secure communication application is linked to the first set of root identifying keys and allows the user to send and receive encrypted communications on multiple devices from the same trusted root keys.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising: a processor configured to: derive a root private key, a remote storage root key, a node storage root key, and an escrow key during an enrollment process; encrypt the root private key, the remote storage root key, and the node storage root key with the escrow key; derive a password-based key; encrypt the escrow key with the password based key; create a key escrow bundle, wherein the key escrow bundle includes the encrypted root private key, the encrypted remote storage root key, and the encrypted node storage root key; and transmit the key escrow bundle to a first server; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system of claim 1 , wherein the encrypted escrow key is included in the key escrow bundle transmitted to the server. 3. The system of claim 1 , wherein the enrollment process is a user enrollment process. 4. The system of claim 1 , wherein the processor is configured to: derive the password-based key using a password-based key derivation function. 5. The system of claim 1 , wherein the processor is configured to: derive a root user identifier and a root identity key pair. 6. The system of claim 5 , wherein the processor is configured to: transmit the root user identifier and a root public key from the root identity key pair to the first server. 7. A method comprising: deriving, on a first device, a root private key, a remote storage root key, a node storage root key, and an escrow key during an enrollment process; encrypting, by the first device, the root private key, the remote storage root key, and the node storage root key with the escrow key; deriving, on the first device, a password-based key; encrypting, by the first device, the escrow key with the password based key; creating, on the first device, a key escrow bundle, wherein the key escrow bundle includes the encrypted root private key, the encrypted remote storage root key, and the encrypted node storage root key; and transmitting, by the first device, the key escrow bundle to a first server. 8. The method of claim 7 , wherein the encrypted escrow key is included in the key escrow bundle transmitted to the server. 9. The method of claim 7 , wherein the enrollment process is a user enrollment process. 10. The method of claim 7 , further comprising: deriving the password-based key using a password-based key derivation function. 11. The method of claim 7 , further comprising: deriving, by the first device, a root user identifier and a root identity key pair. 12. The method of claim 11 , further comprising: transmitting, by the first device, the root user identifier and a root public key from the root identity key pair to the first server. 13. A non-transitory computer-readable medium comprising instructions that when, executed by at least one processor, perform the steps of: deriving a root private key, a remote storage root key, a node storage root key, and an escrow key during an enrollment process; encrypting the root private key, the remote storage root key, and the node storage root key with the escrow key; deriving a password-based key; encrypting the escrow key with the password based key; creating a key escrow bundle, wherein the key escrow bundle includes the encrypted root private key, the encrypted remote storage root key, and the encrypted node storage root key; and transmitting the key escrow bundle to a first server. 14. The non-transitory computer-readable medium of claim 13 , wherein the encrypted escrow key is included in the key escrow bundle transmitted to the server. 15. The non-transitory computer-readable medium of claim 13 , wherein the enrollment process is a user enrollment process. 16. The non-transitory computer-readable medium of claim 13 , comprising instructions for: deriving the password-based key using a password-based key derivation function. 17. The non-transitory computer-readable medium of claim 13 , comprising instructions for: deriving a root user identifier and a root identity key pair. 18. The non-transitory computer-readable medium of claim 17 , comprising instructions for: transmitting the root user identifier and a root public key from the root identity key pair to the first server.
Assignees
Inventors
Classifications
involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] · CPC title
involving random numbers or seeds · CPC title
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
involving digital signatures · CPC title
involving passwords or one-time passwords (network architectures or network communication protocols for using one-time keys in a packet data network H04L63/067) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10230524B2 cover?
- The present disclosure describes a system, method, and non-transitory computer readable medium for provisioning multiple instances of a secure communication application on multiple devices. A secure communication application on a first device generates a first set of private keys that are associated with the user and a second set of keys that are associated with the secure communication applica…
- Who is the assignee on this patent?
- Wickr Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0894. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 12 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).