Self-contained encrypted data and decryption application for third party data storage and data dissemination
US-2024273221-A1 · Aug 15, 2024 · US
Controlling access to content
US2018367540A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018367540-A1 |
| Application number | US-201615331728-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 21, 2016 |
| Priority date | Oct 21, 2016 |
| Publication date | Dec 20, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure describes a system, method, and non-transitory computer readable medium that secures communications based upon a permission level associated with the content of the communication, a receiver's device, and a receiver's instantiation of a secure collaboration app. This approach effectively binds the communication to a permission level and a combination of the receiver's device and application, thereby ensuring only authorized users are able to decrypt and access the content of the communication.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: composing, at a sending device, a first communication addressed to one or more receivers; generating, at the sending device, a first communication key; encrypting, at the sending device, the first communication using the first communication key; generating, at the sending device, at least one key-encrypting key for each of the at least one receivers, wherein the at least one key-encrypting key is derived according to a key agreement protocol using ephemeral information from the sender and a third party server; encrypting, at the sending device, the first communication key with the at least one key-encrypting key; encrypting, at the sending device, the encrypted first communication key with a device key associated with a first receiver to produce a twice-encrypted communication key; encapsulating, at the sending device, the encrypted first communication and the twice-encrypted first communication key in a secure communication container; and transmitting, by the sending device, the secure communication container to the one or more receivers. 2 . The method of claim 1 , wherein the ephemeral information received from the third party server is based on a permission level assigned to the first communication. 3 . The method of claim 2 , wherein the permission level is assigned to the first communication by the sending device. 4 . The method of claim 3 , wherein the permission level is assigned to the first communication by the third party server. 5 . The method of claim 4 , wherein the third party server assigns a permission level based on content of the first communication. 6 . The method of claim 1 , wherein the third party server is selected from the group consisting of: an access control server, a data loss prevention system, and a document management system. 7 . A non-transitory computer-readable medium comprising instructions that when, executed by at least one processor, perform the steps of: composing a first communication addressed to one or more receivers; generating a first communication key; encrypting the first communication using the first communication key; generating at least one key-encrypting key for each of the at least one receivers, wherein the at least one key-encrypting key is derived according to a key agreement protocol using ephemeral information from the sender and a third party server; encrypting the first communication key with the at least one key-encrypting key; encrypting the encrypted first communication key with a device key associated with a first receiver to produce a twice-encrypted communication key; encapsulating the encrypted first communication and the twice-encrypted first communication key in a secure communication container; and transmitting the secure communication container to the one or more receivers. 8 . The non-transitory computer-readable medium of claim 7 , wherein the ephemeral information received from the third party server is based on a permission level assigned to the first communication. 9 . The non-transitory computer-readable medium of claim 8 , wherein the permission level is assigned to the first communication by the sending device. 10 . The non-transitory computer-readable medium of claim 9 , wherein the permission level is assigned to the first communication by the third party server. 11 . The non-transitory computer-readable medium of claim 10 , wherein the third party server assigns a permission level based on content of the first communication. 12 . The non-transitory computer-readable medium of claim 7 , wherein the third party server is selected from the group consisting of: an access control server, a data loss prevention system, and a document management system. 13 . A system, comprising: a processor configured to: compose a first communication addressed to one or more receivers; generate a first communication key; encrypt the first communication using the first communication key; generate at least one key-encrypting key for each of the at least one receivers, wherein the at least one key-encrypting key is derived according to a key agreement protocol using ephemeral information from the sender and a third party server; encrypt the first communication key with the at least one key-encrypting key; encrypt the encrypted first communication key with a device key associated with a first receiver to produce a twice-encrypted communication key; encapsulate the encrypted first communication and the twice-encrypted first communication key in a secure communication container; and transmit the secure communication container to the one or more receivers; and a memory coupled to the processor and configured to provide the processor with instructions. 14 . A method comprising: receiving, at a receiving device, a secure communication container from a sender, wherein the secure communication includes at least a first encrypted communication and a twice-encrypted first communication key; decrypting, at the receiving device, the twice-encrypted first communication key with a first device key; deriving, by the receiving device, a first key-encrypting key, wherein the first key-encrypting key is derived according to a key agreement protocol using ephemeral information from the sender and a third party server; determining whether the receiving device is capable of decrypting the encrypted first communication key with the derived first key-encrypting key; in response to determining that the receiving device is capable of decrypting the encrypted first communication key, decrypting the encrypted first communication key with the derived first key-encrypting key; decrypting, at the receiving device, the first encrypted communication using the decrypted first communication key; and providing the decrypted first communication to the receiver. 15 . The method of 14 , wherein the further comprising: discarding the first encrypted communication when the receiving device determines that it is unable to decrypt the encrypted first communication key with the derived first key-encrypting key. 16 . The method of claim 14 , wherein the third party server is selected from the group consisting of: an access control server, a data loss prevention system, and a document management system. 17 . The method of claim 14 , wherein the first communication is selected from the group consisting of: a text message, a multimedia message, a telecommunication, a secure file transfer, and an audio recording. 18 . The method of claim 14 , wherein the ephemeral information from the third party server is based on a permission level associated with the receiving device.
Assignees
Inventors
Classifications
- H04L9/0822Primary
using key encryption key · CPC title
- H04L63/101Primary
Access control lists [ACL] · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
applying further key derivation, e.g. deriving traffic keys from a pair-wise master key · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018367540A1 cover?
- The present disclosure describes a system, method, and non-transitory computer readable medium that secures communications based upon a permission level associated with the content of the communication, a receiver's device, and a receiver's instantiation of a secure collaboration app. This approach effectively binds the communication to a permission level and a combination of the receiver's dev…
- Who is the assignee on this patent?
- Wickr Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0822. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).