Decentralized authoritative messaging
US-9590956-B1 · Mar 7, 2017 · US
Receiving an encrypted communication from a user in a second secure communication network
US11368442B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11368442-B2 |
| Application number | US-201715689253-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 29, 2017 |
| Priority date | Aug 29, 2017 |
| Publication date | Jun 21, 2022 |
| Grant date | Jun 21, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for receiving an encrypted communication from a user in a second secure communication network, the method comprising: generating, by a first device, a plurality of ephemeral asymmetric key pairs; assigning, by the first device, a unique identifier to each of the plurality of ephemeral asymmetric key pairs; transmitting, by the first device and to a first server, the plurality of ephemeral public keys and their unique identifiers; receiving, at the first device, a first encrypted communication from a second device, wherein: the second device belongs to a different secure communication network than the first device; and the first encrypted communication includes a first unique identifier of a first public ephemeral key of the plurality of ephemeral keys transmitted to the first server; retrieving, by the first device and using an application identifier associated with the first device, the first unique identifier from the first encrypted communication; deriving, by the first device, a key-encrypting key using a private ephemeral key associated with the first unique identifier and the application identifier; decrypting, by the first device, a first encrypted communication encryption key using the derived key-encrypting key; decrypting the first encrypted communication using the first decrypted communication encryption key; and providing, by the first device, the first decrypted communication to a first user of the first device. 2. The method of claim 1 , wherein the first encrypted communication includes a time-to-live value. 3. The method of claim 2 , comprising: determining, by the first device, an expiry time of the first encrypted communication based in part on the time-to-live. 4. The method of claim 3 , comprising: determining, by the first device, whether a current time is greater than the expiry time. 5. The method of claim 4 , wherein determining the current time further comprises: requesting, by the first device, a master clock time from a first server; receiving, at the first device, the master clock time from the first server; and comparing, at the first device, the received master clock time to a local device time. 6. The method of claim 5 , further comprising: revoking, by the first device, access to the first communication when the current time is greater than the expiry time. 7. The method of claim 6 , wherein revoking access to the first communication includes at least one of deleting the first communication from the first device and revoking one or more keys required to access the first communication. 8. A system for receiving an encrypted communication from a user in a second secure communication network, the system comprising: an interface configured to receive a first encrypted communication from a second device and transmit a plurality of ephemeral public keys and their unique identifiers, wherein the second device belongs to a different secure communication network than a first device; a processor configured to generate a plurality of ephemeral asymmetric key pairs, assign a unique identifier to each of the plurality of ephemeral asymmetric key pairs, retrieve a first unique identifier from the first encrypted communication using an application identifier associated with the first device, derive a key-encrypting key using a private ephemeral key associated with the first unique identifier and the application identifier, decrypt a first encrypted communication encryption key using the derived key-encrypting key, decrypt the first encrypted communication using the first decrypted communication encryption key, and provide the first decrypted communication to a first user of the first device; and a memory coupled to the processor and configured to provide the processor with instructions for decrypting and providing the first communication to the first user. 9. The system of claim 8 , wherein the processor is configured to determine whether a time-to-live value associated with the first encrypted communication has expired. 10. The system of claim 8 , wherein the first encrypted communication includes a time-to-live value. 11. The system of claim 10 , wherein the processor is configured to determine an expiry time of the first encrypted communication based in part on the time-to-live value. 12. The system of claim 11 , wherein the processor is configured to determine whether a current time is greater than the expiry time. 13. The system of claim 12 , wherein the interface is configured to request a master clock time from a first server and receive a response that includes the master clock time; and wherein the processor is configured to compare the master clock time to a local device time. 14. The system of claim 13 , wherein the processor is configured to revoke access to the first communication when the current time is greater than the expiry time. 15. The system of claim 14 , wherein revoking access to the first communication includes at least one of deleting the first communication from the first device and revoking one or more keys required to access the first communication. 16. A non-transitory computer-readable medium comprising instructions that when, executed by at least one processor, perform the steps of: generating, by a first device, a plurality of ephemeral asymmetric key pairs; assigning, by the first device, a unique identifier to each of the plurality of ephemeral asymmetric key pairs; transmitting, by the first device and to a first server, the plurality of ephemeral public keys and their unique identifiers; receiving, at the first device, a first encrypted communication from a second device, wherein: the second device belongs to a different secure communication network than the first device; and the first encrypted communication includes a first unique identifier of a first public ephemeral key of the plurality of ephemeral keys transmitted to the first server; retrieving, by the first device and using an application identifier associated with the first device, the first unique identifier from the first encrypted communication; deriving, by the first device, a key-encrypting key using a private ephemeral key associated with the first unique identifier and the application identifier; decrypting, by the first device, a first encrypted communication encryption key using the derived key-encrypting key; decrypting the first encrypted communication received from the second device using the first decrypted communication encryption key; and providing, by the first device, the first decrypted communication to a first user of the first device. 17. The non-transitory computer-readable medium of claim 16 , comprising instructions for: determining whether a time-to-live value associated with the first encrypted communication has expired. 18. The non-transitory computer-readable medium of claim 16 , wherein the first encrypted communication includes a time-to-live value. 19. The non-transitory computer-readable medium of claim 18 , comprising instructions for: determining an expiry time of the first encrypted communication based in part on the time-to-live. 20. The non-transitory computer-readable medium of claim 19 , comprising instructions for: determining whether a current time is greater than the expiry time. 21. The non-transitory computer-readable medium of claim 20 , comprising instructions for: requesting a master clock time from a first server; receiving the master clock time from
Assignees
Inventors
Classifications
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
involving conference or group key (network architectures or network communication protocols for key management in group communication in a packet data network H04L63/065) · CPC title
applying encryption of the keys · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11368442B2 cover?
- The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Add…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/068. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 21 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).