Technologies for secure mediated reality content publishing
US-10581815-B2 · Mar 3, 2020 · US
Systems and methods for secure multi-party communications using a proxy
US12047362B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12047362-B2 |
| Application number | US-202117395413-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 5, 2021 |
| Priority date | Dec 16, 2015 |
| Publication date | Jul 23, 2024 |
| Grant date | Jul 23, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments extend protocols for secure communication between two parties to allow a party to securely communicate with multiple parties using a single message. For example, the sending party can determine a unique shared secret for each recipient and encrypt data for a recipient using a session key generated from the corresponding shared secret. The encrypted data can be combined into a single message, and each recipient can decrypt only the subset of the message that it is authorized to.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of performing secure communications involving a proxy, the method comprising: obtaining a first encrypted message portion generated by a source computer by encrypting a first message portion with a recipient session key; obtaining a second encrypted message portion generated by the source computer by encrypting a second message portion with the recipient session key; identifying a proxy computer; generating a proxy session key from a shared secret that is shared with the proxy computer; incorporating address information for each of a plurality of recipient computers into a message body; using the proxy session key to encrypt the message body to obtain an encrypted message body that includes the address information for each of the plurality of recipient computers; aggregating the encrypted message body, the first encrypted message portion and the second encrypted message portion into an encrypted message; and sending the encrypted message to the proxy computer, the encrypted message including the encrypted message body and the first and second encrypted message portions. 2. The method of claim 1 , wherein, for each of the plurality of recipient computers: the recipient session key that is used to encrypt the first or second message portion is derived from a shared secret that is established using an ephemeral private key, the ephemeral private key forming a key pair with an ephemeral public key; and wherein the message body includes the ephemeral public key for establishing the shared secret for deriving the recipient session key. 3. The method of claim 1 , wherein, for each of the plurality of recipient computers: the recipient session key that is used to encrypt the first or second message portion is derived from a shared secret that is established using a blinding factor and a private key, the private key forming a key pair with an ephemeral public key; the first or second encrypted message portion includes the blinding factor; and the message body includes the ephemeral public key for establishing the shared secret for deriving the recipient session key. 4. The method of claim 1 , wherein the proxy session key is also used to encrypt the first or second encrypted message portions to obtain the encrypted message. 5. The method of claim 1 , wherein the first or second encrypted message portions are sent to the proxy computer in a clear text part of the encrypted message. 6. The method of claim 1 , wherein at least one of the plurality of recipient computers corresponds to a secure element of a computer system that includes the proxy computer. 7. The method of claim 1 , wherein obtaining an encrypted message portion includes: determining a recipient session key for each of the plurality of recipient computers; and encrypting a message portion using the recipient session key to obtain an encrypted message portion. 8. The method of claim 1 , further comprising: identifying the plurality of recipient computers; for each of the plurality of recipient computers, obtaining the first encrypted message portion and the second encrypted message portion. 9. The method of claim 1 , wherein the first message portion is in response to a first request message from a first one of the plurality of recipient computers, and the second message portion is in response to a second request message from a second one of the plurality of recipient computers. 10. The method of claim 1 , further comprising: for each of the plurality of recipient computers: determining address information for the recipient computer. 11. The method of claim 1 , wherein the plurality of recipient computers are service providers that each provide different services to the source computer, the source computer is asynchronously connected to the proxy computer via wireless communication, the source computer providing message portions to the proxy computer, the message portions being encrypted to create at least the first or second encrypted message portions. 12. The method of claim 1 , wherein the plurality of recipient computers are devices that are asynchronously connected to the proxy computer via wireless communications, and wherein the first or second encrypted message portions are obtained from the source computer that provides different services to the plurality of recipient computers. 13. A hub computer comprising: a processor; and a memory element comprising code, executable by the processor, for implementing a method comprising: obtaining a first encrypted message portion generated by a source computer by encrypting a first message portion with a recipient session key; obtaining a second encrypted message portion generated by the source computer by encrypting a second message portion with the recipient session key; identifying a proxy computer; generating a proxy session key from a shared secret that is shared with the proxy computer; incorporating address information for each of a plurality of recipient computers into a message body; using the proxy session key to encrypt the message body to obtain an encrypted message body that includes the address information for each of the plurality of recipient computers; aggregating the encrypted message body, the first encrypted message portion and the second encrypted message portion into an encrypted message; and sending the encrypted message to the proxy computer, the encrypted message including the encrypted message body and the first and second encrypted message portions. 14. The hub computer of claim 13 , wherein the recipient session key that is used to encrypt the first or second message portion is derived from a shared secret that is established using an ephemeral private key, the ephemeral private key forming a key pair with an ephemeral public key; and the message body includes the ephemeral public key for establishing the shared secret for deriving the recipient session key. 15. The hub computer of claim 13 , wherein the recipient session key that is used to encrypt the first or second message portion is derived from a shared secret that is established using a blinding factor and a private key, the private key forming a key pair with an ephemeral public key; the first or second encrypted message portion includes the blinding factor; and the message body includes the ephemeral public key for establishing the shared secret for deriving the recipient session key. 16. The hub computer of claim 13 , wherein the first message portion is in response to a first request message from a first one of the plurality of recipient computers, and the second message portion is in response to a second request message from a second one of the plurality of recipient computers, wherein the proxy session key is also used to encrypt the first or second encrypted message portions to obtain the encrypted message. 17. The hub computer of claim 13 , wherein at least one of the plurality of recipient computers corresponds to a secure element of a computer system that includes the proxy computer. 18. The hub computer of claim 13 , the method further comprising: identifying the plurality of recipient computers; determining a recipient session key and address information for each of the plurality of recipient computers; and encrypting a message portion using the recipient session key to obtain an encrypted message portion for each of the plurality of recipient computers including the first encrypted message portion and the second encrypted message portion. 19. The hub computer
Assignees
Inventors
Classifications
using one-time keys (cryptographic mechanisms or cryptographic arrangements for generation of one-time passwords H04L9/0863) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Proxies · CPC title
- H04L9/0841Primary
involving Diffie-Hellman or related key agreement protocols · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12047362B2 cover?
- Embodiments extend protocols for secure communication between two parties to allow a party to securely communicate with multiple parties using a single message. For example, the sending party can determine a unique shared secret for each recipient and encrypt data for a recipient using a session key generated from the corresponding shared secret. The encrypted data can be combined into a single…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0841. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 23 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).