Data migration of storage system
US-2021303170-A1 · Sep 30, 2021 · US
End to end file-sharing schema using signed Merkle tree randomly originated keys
US12225113B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12225113-B2 |
| Application number | US-202217932904-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 16, 2022 |
| Priority date | Sep 16, 2022 |
| Publication date | Feb 11, 2025 |
| Grant date | Feb 11, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A process for transmitting a file from a sender device to a receiver device includes generating a random symmetric session key for the sender device, and randomly selecting a private ephemeral key for the sender device. The private ephemeral key is associated with a corresponding first public key. A public ephemeral key is randomly selected for the receiving device. The public ephemeral key is associated with a corresponding first private key. A random value is generated, an encrypted session key is calculated, and the file is encrypted using symmetric encryption. The sender device includes a first public X509 certificate comprising a second public key and a corresponding second private key that is signed by a service provider, and the receiver device includes a second public X509 certificate comprising a third public key and a corresponding third private key.
First claim
Opening claim text (preview).
The invention claimed is: 1. A process for transmitting a file from a sender device to a receiver device comprising: generating a random symmetric session key for the sender device; randomly selecting a private ephemeral key for the sender device, the private ephemeral key associated with a corresponding first public key; wherein the receiver device comprises a randomly selected public ephemeral key, the public ephemeral key associated with a corresponding first private key; generating a random value within a range; calculating an encrypted session key; encrypting the file using symmetric encryption; and transmitting from the sender device to the receiver device a group ID, the encrypted session key, the random value, a sender device ID, a receiver device ID, a hashed file ID, a sender key ID, and a receiver key ID, wherein the receiver device includes a record comprising the random value, the sender device ID, the hashed file ID, and the group ID; wherein the sender device comprises a first public X509 certificate comprising a second public key and a corresponding second private key that is signed by a service provider; wherein the receiver device comprises a second public X509 certificate comprising a third public key and a corresponding third private key; and wherein the encrypted session key is calculated as follows: encrypted session key=(the random symmetric session key+the random value*the first public key*the first private key+the random value*the second public key*the third public key)/(mod(the range)). 2. The process of claim 1 , comprising receiving the file at the receiver device, and decrypting the file using the random symmetric session key. 3. The process of claim 2 , wherein the random symmetric session key is calculated as follows: random symmetric session key=the encrypted session key−(the random value*the first public key*the public ephemeral key+the random value*the second public key*the third private key)/(mod(the range)). 4. The process of claim 1 , comprising storing metadata from the file in a signed Merkle Tree structure. 5. The process of claim 1 , wherein the random symmetric session key comprises an Advanced Encryption Standard (AES) key comprising 256 bits. 6. The process of claim 1 , wherein the symmetric encryption comprises AES-GSM with a key derived from the random symmetric session key. 7. The process of claim 6 , comprising: initializing a first chainkey with the random symmetric session key as chainkey=HMAC_SHA256 (the random symmetric session key, the sender device ID); creating a file encryption key by concatenating the first chainkey with a name of the file; and encrypting the file with the AES-GSM and a second chainkey=HMAC_SHA256 (the encrypted session key, the sender device ID). 8. The process of claim 1 , wherein the process comprises a plurality of sending devices, and a different private ephemeral key is selected for each sending device. 9. The process of claim 1 , wherein the process comprises a plurality of receiver devices, and a different public ephemeral key is selected for each receiver device. 10. A non-transitory machine-readable medium comprising instructions that when executed by a processor execute a process for transmitting a file from a sender device to a receiver device comprising: generating a random symmetric session key for the sender device; randomly selecting a private ephemeral key for the sender device, the private ephemeral key associated with a corresponding first public key; wherein the receiver device comprises a randomly selected public ephemeral key, the public ephemeral key associated with a corresponding first private key; generating a random value within a range; calculating an encrypted session key; encrypting the file using symmetric encryption; and transmitting from the sender device to the receiver device a group ID, the encrypted session key, the random value, a sender device ID, a receiver device ID, a hashed file ID, a sender key ID, and a receiver key ID, wherein the receiver device includes a record comprising the random value, the sender device ID, the hashed file ID, and the group ID; wherein the sender device comprises a first public X509 certificate comprising a second public key and a corresponding second private key that is signed by a service provider; wherein the receiver device comprises a second public X509 certificate comprising a third public key and a corresponding third private key, wherein the symmetric encryption comprises AES-GSM with a key derived from the random symmetric session key; and comprising instructions for: initializing a first chainkey with the random symmetric session key as chainkey=HMAC_SHA256 (the random symmetric session key, the sender device ID); creating a file encryption key by concatenating the first chainkey with a name of the file; and encrypting the file with the AES-GSM and a second chainkey=HMAC_SHA256 (the encrypted session key, the sender device ID). 11. The non-transitory machine-readable medium of claim 10 , comprising instructions for receiving the file at the receiver device, and decrypting the file using the random symmetric session key. 12. The non-transitory machine-readable medium of claim 11 , wherein the random symmetric session key is calculated as follows: random symmetric session key=the encrypted session key−(the random value*the first public key*the public ephemeral key+the random value*the second public key*the third private key)/(mod(the range)). 13. The non-transitory machine-readable medium of claim 10 , wherein the encrypted session key is calculated as follows: the encrypted session key=(the random symmetric session key+the random value*the first public key*the first private key+the random value*the second public key*the third public key)/(mod(the range)). 14. The non-transitory machine-readable medium of claim 13 , comprising instructions for storing metadata from the file in a signed Merkle Tree structure. 15. The non-transitory machine-readable medium of claim 10 , wherein the random symmetric session key comprises an Advanced Encryption Standard (AES) key comprising 256 bits. 16. The non-transitory machine-readable medium of claim 10 , wherein the process comprises a plurality of sending devices, and a different private ephemeral key is selected for each sending device; and wherein the process comprises a plurality of receiver devices, and a different public ephemeral key is selected for each receiver device. 17. A system comprising: a computer processor; and a computer memory coupled to the computer processor; wherein the computer processor and the computer memory are operable for: generating a random symmetric session key for the sender device; randomly selecting a private ephemeral key for the sender device, the private ephemeral key associated with a corresponding first public key; wherein the receiver device comprises a randomly selected public ephemeral key, the public ephemeral key associated with a corresponding first private key; generating a random value within a range; calculating an encrypted session key; encrypting the file using symmetric encryption; and transmitting from the sender device to the receiver device a group ID, the encrypted session key, the random value, a sender device ID, a receiver device ID, a hashed file ID, a sender key ID, and a receiver key ID, wherein the receiver device includes a record comprising the random value, the sender device ID, the hashed file ID, and the group ID; wherein the sender device comprises a first public
Assignees
Inventors
Classifications
involving random numbers or seeds · CPC title
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
involving conference or group key (network architectures or network communication protocols for key management in group communication in a packet data network H04L63/065) · CPC title
Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12225113B2 cover?
- A process for transmitting a file from a sender device to a receiver device includes generating a random symmetric session key for the sender device, and randomly selecting a private ephemeral key for the sender device. The private ephemeral key is associated with a corresponding first public key. A public ephemeral key is randomly selected for the receiving device. The public ephemeral key is …
- Who is the assignee on this patent?
- Lenovo Singapore Pte Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0825. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).