[go: up one dir, main page]

WO2016126151A1 - System for establishing secure communication between multiple electronic communication devices - Google Patents

System for establishing secure communication between multiple electronic communication devices Download PDF

Info

Publication number
WO2016126151A1
WO2016126151A1 PCT/MY2016/000006 MY2016000006W WO2016126151A1 WO 2016126151 A1 WO2016126151 A1 WO 2016126151A1 MY 2016000006 W MY2016000006 W MY 2016000006W WO 2016126151 A1 WO2016126151 A1 WO 2016126151A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic communication
communication device
encrypted
decrypted
server
Prior art date
Application number
PCT/MY2016/000006
Other languages
French (fr)
Inventor
Kong Seh Kiang Kenneth
Ng Dz Yun Janice
Yee Ling Leong
Zhuo Yang
Low Randall
Tan Hong Keat Melvyn
Original Assignee
Mtouche Technology Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mtouche Technology Berhad filed Critical Mtouche Technology Berhad
Publication of WO2016126151A1 publication Critical patent/WO2016126151A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Definitions

  • the present invention relates to a system for secure multimode communication. More particularly, the present invention relates to a software messaging system for secure multimode communication between multiple electronic communication devices. BACKGROUND
  • the communication means for communicating with two or multiple users includes text messaging, instant chat, etc.
  • the present systems and methods uses different applications installed on the electronic communication devices for handling one or more communication methods such as text messaging, instant chat, etc.
  • Unfortunately there is no single application that can handle all forms of communication over an encrypted channel for securing communications.
  • the existing systems have difficulties when a sender of a communication intends for the communication to be received by multiple entities over an encrypted channel.
  • Electronic mail (email), short message service (SMS, or text), instant chats, email, voice communication by voice over IP means, video calling, group video chat and so forth (collectively, "electronic communication" are now common and perhaps indispensable methods of communication. These tools are used for both personal communication and business communication.
  • Many applications exists that offer secured mode of communication between two or more devices. It is commonly believed that the content of such communications through these applications are relatively secure and private. However, in many circumstances, an expectation of security and privacy is not well founded.
  • the applications for such communications offer a limited number of communication methods such as text messaging or instant chat and are relatively easy to intercept.
  • the communication service providers often provide archiving of messages and instant chats that may be accessed, easily or with varying degrees of effort and authority. Communications are often retained, at least temporarily, on a user's hardware device, such as a cellular telephone, tablet computer, and so on. Therefore, a misplaced or stolen device may give others access to communications retained thereon.
  • the sender encrypts a message using a key.
  • the receiver has a corresponding key, which is used to decrypt the message when received.
  • this encryption-decryption scheme such as private keys, public key exchange, and so on.
  • Problems with the encryption-decryption approach include the need for processing resources to perform the encryption-decryption on the sending and receiving devices, and the risk of loss of security of the key or the device that performs the encryption-decryption.
  • encryption usually converts a human-readable message into a jumble of numbers and letters that is not readable other than after decoding. However, the jumble of letters and numbers then appears to be just what it is an encrypted message. An unauthorized user can therefore quickly identify the message as being encrypted, and hence a target for efforts at decryption, coerced or otherwise.
  • Another technique for lending security to electronic communication is to permit communication only between pre-authorized devices.
  • a message contains code that prevents it from being delivered to, opened by or read on a machine other than one identified in that code.
  • limiting access to a network carrying the electronic communications only to approved devices ensures security.
  • problems with these approaches in general include the potential inability or difficulty to include new users in a communication, the need to expose a user's device id when sending or receiving a message, and since the message may in fact be encoded until the authenticity of the receiving device is confirmed, the presence of an encoded message may be apparent, identifying it as a target for decryption efforts.
  • the present disclosure is directed to systems and methods for providing secure electronic communications from one device to another that is both secure, in the sense of encryption, and protected, in the sense that third parties cannot access the contents of the secure message.
  • the present invention is a system for establishing secure communication between multiple electronic communication devices.
  • the system comprises a first electronic communication device installed with an application capable of performing an encrypted or decrypted data transfer, at least one second electronic communication device installed with the application capable of performing an encrypted or decrypted data transfer, at least one server capable of establishing a secure connection between the first electronic communication device and the second electronic communication device for transferring at least one encrypted or decrypted data.
  • the application installed in the first electronic communication device and the second electronic communication device is capable of transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data through the at least one server.
  • a communication network transfers the encrypted or decrypted text, multimedia, email and VoIP data from the application running in the first electronic communication device to the at least one second electronic communication device through the at least one server.
  • the system offers multiple modes of security layers by introducing AES256 military-grade encryption algorithm, RSA (1024bit) for key exchange, Hash (SHA256) for unique message signature and transferring the encrypted or decrypted data via Secure Socket Layer (SSL).
  • AES256 military-grade encryption algorithm RSA (1024bit) for key exchange
  • Hash SHA256
  • SSL Secure Socket Layer
  • the system and the method associated with the application running in the electronic communication device forms an all-in communication application that allows the user to send and receive encrypted or decrypted messages with self-destruct function.
  • the application running in the electronic communication devices allows the users to send and receive chats with encryption, email with encryption, encrypted or decrypted VoIP, encrypted or decrypted video calls, etc.
  • VoIP Voice over IP
  • FIG 1 illustrates the system for establishing a secure communication for transferring data including text, multimedia, email, video calls and Voice over IP (VoIP) data between a first electronic communication device and at least one second electronic communication device, according to a preferred embodiment of the present invention.
  • VoIP Voice over IP
  • FIG 2 illustrates a block diagram of the electronic communication device for sending and receiving data including text, multimedia, email, video calls and Voice over IP (VoIP) data, according to a preferred embodiment of the present invention.
  • VoIP Voice over IP
  • FIG 3 illustrates a block diagram of an authentication server of the system for establishing a secure communication for transferring data, according to a preferred embodiment of the present invention.
  • FIG 4 illustrates a diagram showing a general process of authorizing a user for establishing secure communication between a pair of electronic communication devices.
  • FIG 5A illustrates a diagram showing a one-time process of secure key registration for authorizing at least one user to establish secure communication using the application installed in his/her electronic communication device.
  • FIG 5B to 5C illustrates a diagram showing a process of secure key exchange for authorizing at least one user to establish secure communication between a pair of electronic communication devices, according to a preferred embodiment of the present invention.
  • FIG 6 illustrates a diagram showing a process of establishing secure chat communication with encryption between a pair of electronic communication devices of a first user and second user alone.
  • FIG 7 is a flowchart describing the complete message generation when the first user sends a message to the second user.
  • FIG 8 is a flowchart describing the complete message decryption when the second user receives a message from the first user.
  • FIG 9A to 9C illustrates a diagram showing a process of secure key exchange for authorizing multiple users to establish secure communication between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices, according to a preferred embodiment of the present invention.
  • FIG 10A illustrates a diagram showing a process of sending a message between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices, according to a preferred embodiment of the present invention.
  • FIG 10B illustrates a diagram showing a process of receiving and decrypting a message using an electronic communication device in a group chat using the present application installed in the electronic device according to a preferred embodiment of the present invention.
  • FIG 11A illustrates a diagram showing a process of sending an email using the present application installed in the electronic device according to a preferred embodiment of the present invention.
  • FIG 11B illustrates a diagram showing a process of receiving an email using the present application installed in the electronic communication device, according to a preferred embodiment of the present invention.
  • FIG 12 illustrates an architecture diagram for electronic communication device installed with the mobile application capable of transferring data including text, multimedia, email, video calls and Voice over IP (VoEP) data between the first electronic communication device and the second electronic communication device, according to a preferred embodiment of the present invention.
  • VoIP Voice over IP
  • FIG 13 illustrates an architecture diagram for the server capable of establishing a secure connection for transferring data including text, multimedia, email, video calls and Voice over EP (VoIP) data between mobile applications installed in the first electronic communication device and the second electronic communication device, according to a preferred embodiment of the present invention.
  • VoIP Voice over EP
  • One embodiment of this system for establishing secure communication between multiple electronic communication devices may employ a server running an operating system such as Windows, Linux, web-server software such as Apache, and database such as MySQL, with methods implemented through a software development language such as PHP or Java.
  • an operating system such as Windows, Linux, web-server software such as Apache, and database such as MySQL
  • MySQL database
  • the invention should not be limited to these types of software operating system, web-server software, database software, software development language, server or client hardware.
  • the present invention provides a system for transferring data by enabling efficient secure authentication between various portable communication devices.
  • the present invention overcomes inadequacies of the prior art by creating a novel architecture for secured transfer of multiple forms of data including, but not limited to, text, instant chat, multimedia, email, video calls and Voice over EP (VoIP) data using a single messaging facility in form of messages.
  • the present invention sends the plurality of information including, but not limited to, text, instant chat, multimedia, email, video calls and Voice over ⁇ (VoIP) data in form of encrypted formats, thereby improving the security of the information transferred between multiple portable electronic communication devices.
  • the methods and system provided herein are also capable of transferring data in decrypted format.
  • the present invention is a system (100) for establishing secure communication between multiple electronic communication devices.
  • the system (100) disclosed in the present inventions is used for establishing a secure communication for transferring data including text, multimedia, email, video calls and Voice over ⁇ (VoIP) data between applications running in the multiple electronic communication devices over a wireless communication network.
  • the data to be transferred may be in encrypted or decrypted format.
  • FIG 1 illustrates the system (100) for establishing a secure communication for transferring encrypted data including text, multimedia, email, video calls and Voice over ⁇ (VoEP) data between a first electronic communication device (102) and at least one second communication device (106), according to a preferred embodiment of the present invention.
  • the system (100) transfers decrypted data between the first communication device (102) and the second (106) communication device.
  • the system (100) includes the first electronic communication device (102) installed with an application capable of performing an encrypted or decrypted data transfer, at least one second electronic communication device (106) installed with the application capable of performing an encrypted or decrypted data transfer and at least one server (104) capable of establishing a secure connection between the first electronic communication device (102) and the at least one second electronic communication device (106) for transferring at least one encrypted or decrypted data over a communication network (108).
  • the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) is capable of performing encrypted or decrypted data transfer of information such as, but not limited to, text, multimedia, email, video calls and Voice over IP (VoIP) data through the server (104).
  • the communication network (108) for transferring encrypted or decrypted text, multimedia, email and VoEP data from the application running in the first electronic communication device (102) to the at least one second electronic communication device (106) can be a wireless communication network such as but not limited to, cellular communication, Wi-Fi etc.
  • the electronic communication device such as, but not limited to, a Smartphone, tablet, ultrabook, laptop, smart wearable device including Google Glass, Smartwatch etc., runs a number of applications including the mobile application for transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over ⁇ (VoIP) data.
  • VoIP Voice over ⁇
  • the electronic communication device (102, 106) comprises the at least one processing unit (200) that is equipped with a control unit (206) and an Arithmetic Logic Unit (ALU) (208), a memory unit (210), a storage unit (212), a plurality of networking devices (214) and a plurality input/output (I/O) devices (204).
  • the electronic communication device (102, 106) can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators.
  • the processing unit (200) may also include a memory that stores data.
  • the processing unit (200) might include only one of a type of component e.g. one microprocessor, or may contain multiple components of that type e.g. multiple microprocessors.
  • the processing unit (200) could be composed of a plurality of separate circuits and discrete circuit elements.
  • the processing unit (200) will essentially comprise solid-state electronic components such as a microprocessor e.g. microcontroller.
  • the processing unit (200) may be mounted on a single board in a single location or may be spread throughout multiple locations, which cooperate to act as processing unit (200).
  • the processing unit (200) may be located in a single location e.g. in proximity and/or on a common circuit carrying element such as a circuit board and/or all the components of the processing unit (200) will be closely connected.
  • the mobile application has an encryption module and an algorithm for encrypting the input data including text, multimedia, email, video calls and Voice over IP (VoIP) data.
  • the processing unit (200) is responsible for processing the instructions of the algorithm.
  • the processing unit (200) receives commands from the control unit (206) in order to perform its processing.
  • the plurality of processing units (200) may be located on a single chip or over multiple chips.
  • any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU (208).
  • the electronic communication device (102, 106) includes a variety of hardware and associated software components, where the variety of hardware components include the at least one processing unit (200) designed to control various other circuits such as information displayed on a display (202).
  • the display (202) can display the user interface of the mobile application with options for selecting a desired service such as instant chat, text messaging, multimedia, email, video calls and Voice over IP (VoIP).
  • the display (202) may be a touch screen display allowing the plurality of users to control the user interface of the mobile application using at least one gesture or touch.
  • the processing unit (200) may control the information based on inputs received from various input/output (I/O) devices (204) of the electronic communication device (102, 106) e.g. hard keys, a touch screen, voice commands from a microphone or a microphone connected to headset jack, camera and or from some other user input device.
  • the mobile application has the capability to launch the at least one camera module of the device for sending encrypted or decrypted data including multimedia messages, images or video through instant chat and for making video calls and Voice over IP (VoIP) call.
  • the mobile application installed in the electronic communication device (102, 106) allows the plurality of users to login to send or receive an encrypted or decrypted data including instant chat text, multimedia, email, video calls and Voice over IP (VoIP) data through a user interface.
  • the processing unit (200) processes the text, multimedia, email, video calls and Voice over IP (VoIP) data inputs received from the first electronic communication device (102), encrypts the information and transfers the information to the server (104).
  • the server (104) authenticates the receiver device and the encrypted or decrypted data is forwarded the second electronic communication device (106).
  • the at least one processing unit (200) is configured to process a plurality of instructions received from the server (104).
  • the server (104) can act as a central repository for receiving and storing the encrypted or decrypted data.
  • the mobile application allows the users to submit a plurality of information in form of text, instant chat, multimedia, email, video calls and Voice over EP (VoIP) data through the user interface and the data is encrypted or decrypted by the application before sending to the at least one second electronic communication device (106) through the server (104).
  • VoIP Voice over EP
  • FIG. 3 illustrates a block diagram of an authentication server (104) of the system (100) for user authentication and for establishing a secure communication for transferring encrypted or decrypted data including text, instant chat, multimedia, email, video calls and Voice over IP (VoIP) data, according to a preferred embodiment of the present invention.
  • the server (104) runs an application for user authentication and for transferring the encrypted or decrypted data to the second user or users, in case of a group chat, group messaging, group call and video call.
  • the electronic communication devices (102), (106) used to access the server (104) provides the network-based and other features discussed below, uses one or multiple applications. Such access may be by way of a computer network or communication networks (108), such as the network of networks commonly known as the Internet.
  • the communication network (108) includes a local and/or wide area network or mobile communication network.
  • the communication network (108) may be a local area network (LAN) of an enterprise and/or a virtual LAN, which is instantiated over the Internet or other networks of networks.
  • the server (104) is communicatively coupled to a database, which may store records concerning user credentials.
  • the server (104) includes similar hardware as in a computer system, which includes the processing unit (306), a network communication unit (314), at least one memory unit (304), a storage unit (308) and a plurality of I/O devices (320) for connecting to a plurality of peripheral devices including a display unit.
  • the server (104) is run by operating system software, Firmware and includes an application for user authentication (310) and transferring of encrypted or decrypted data including text, instant chat, multimedia, email, video calls and Voice over DP (VoIP) data from the mobile application running in the electronic communication devices (102, 106).
  • the processing unit (306) processes the instructions (312) of the application for user authentication (310) for establishing secure communication between the first electronic device (102) and one or more second electronic devices (106).
  • the system (100) and the method associated with the application running in the electronic communication device (102, 106) can be employed to send encrypted or decrypted messages, instant chats, email, video and voice over D? calls from the devices through the server (104).
  • the application forms an all-in communication application that allows the user to send and receive encrypted or decrypted messages with self-destruct function.
  • the application running in the electronic communication devices (102, 106) allows the users to send and receive chats with encryption, email with encryption, encrypted or decrypted VoIP, encrypted or decrypted video calls, etc.
  • the system (100) offers multiple modes of security layers by introducing AES256 military- grade encryption algorithm, RSA (1024bit) for key exchange, Hash (SHA256) for unique message signature and transferring the encrypted or decrypted data via Secure Socket Layer (SSL).
  • the encryption offered by the system (100) includes the process of encoding a message including text, instant chat, multimedia, email, video calls and Voice over ⁇ (VoIP) data that can only be decrypted by the authorized receiving device (106).
  • FIG 4 illustrates a diagram showing a general process of authorizing a user for establishing secure communication between a pair of electronic communication devices (102, 106).
  • a first user sends a request for establishing a connection with a second user.
  • the request is send from the mobile application running in the first electronic communication device (102) of the first user.
  • the server (104) receives the request and forwards the request to the second user as a notification.
  • the second user launches the secure communication application installed in the device (106) and accepts the request.
  • the secure communication application running the device (106) instructs to submit the device's (106) public key to the server (104) and a private key corresponding to the generated public key will be stored in the device (106).
  • the server (104) now receives the public key send from the device (106) of the second user.
  • the server (104) keeps the second user's device (106) public key and push forward the public key to the first user's device (102).
  • the first electronic communication device (106) automatically generates its own public key and pushes it to the server (104).
  • a private key corresponding to the generated public key will be stored in the first electronic communication device (106).
  • the server (104) keeps the first user's device (102) public key and pushes the same public key to the second electronic communication device (106). This completes a key exchange for establishing secure communication connection between the electronic communication device (102) of the first user and the electronic communication device (106) of the second user.
  • FIG 5A illustrates a diagram showing a one-time process of secure key registration for authorizing at least one user to establish secure communication using the application installed in his/her electronic communication device.
  • the electronic communication device (102) of the first user generates three sets of RSA keys, and only the public key is send to the server (104).
  • the server (104) receives and acknowledges back to the first electronic communication device (102) that the RSA public key has received.
  • This secure key registration process is performed only one time i.e. when the application is launched for the first time from the electronic communication devices (102) or (106) and register the user to the server (104).
  • FIG 5B to 5C illustrates a diagram showing a process of secure key exchange for authorizing users to establish secure communication between a pair of electronic communication devices (102, 106).
  • FIG 5B illustrates a diagram showing a process of first part of secure key exchange for authorizing at least one user to establish secure communication.
  • the first user sends a friend request to a second user from the mobile application running in the first electronic communication device (102)
  • the following process is performed in the background for a secure key exchange.
  • First the first user sends an http request of "addldentity" to the server (104).
  • the server (104) Upon receiving the http request, the server (104) generates and returns RSA encrypted data.
  • the server (104) generates and returns decrypted data.
  • the first user device (102) decrypts the first layer of encryption using first user's RSA Private key and then the first user sends over the decrypted content via Extensible Messaging and Presence Protocol (XMPP) to the second user.
  • XMPP Extensible Messaging and Presence Protocol
  • the second user receives the content and approves the request by selecting "Approved” and the second user sends an "Identity check” http request back to the server (104) as shown in FIG 5C.
  • the server (104) then generates the Hash of first user's Public key 2 and second user's Public Key 2 and returns the result to the second user. Then the second user verifies that both the hash value from the server (104) and that from the first user are identical. Then the second user stores the first user's RSA public key 3 (Pub3A).
  • the second user decrypts the content obtained in the last step of FIG 5B using the second user's RSA Private Key 2 and compares the Hash value.
  • the second user Upon successful verification, the second user will send http request "Identity Approve" to the server (104). After the server (104) is verified, it generates and returns the RSA encrypted data to the second user. In an embodiment, the server (104) generates and returns decrypted data to the second user. In case, the encrypted data is generated and returned to the second user, the second user decrypts the first layer of encryption using second user's RSA Private key 2. Then the second user sends over the decrypted content via xmpp to the first user followed by the second user will send an http request "Identity Approve". Upon successful verification, the server (104) will respond acknowledgement.
  • the first user will store the second user's RSA public key 3 (Pub3B) and thereby establishes a secure connection between the devices (102, 106) of first user and second user.
  • FIG 6 describes the message component and the breakdown.
  • the first user sends the information using the application installed in his device (102).
  • the format of encrypted message includes CipherMessage and Cipherlnfo ensuring a completely encrypted message.
  • CipherMessage includes PublicKey of second user (AesKey) + Aes(PlainMessage), which forms the encrypted content of the message.
  • the format of Cipherlnfo includes Cipher Identity and version, which forms the info of the message. The info is used for message verification and also for versioning.
  • the format of Cipher Identity includes PrivateKey of first user (Hash of (PlainMessage) + OwnJid), which is the identity of the message and is used for message verification.
  • FIG 7 describes the complete message generation when the first user sends a message to the second user.
  • the first user launches the application from his or her device then inputs plain message and sends to the second user.
  • a random Aes - 256bits Key is now generated.
  • the generated Aes Key is used to encrypt the plain message.
  • the second user's Public 1 Key (Pub IB) and the key version are obtained via http request or from local storage.
  • the Aes Key generated in step 2 i.e. while sending the plain message, is encrypted using PublB.
  • PublB PublB
  • the plain message is hashed using SHA-256.
  • the hash result is combined with the first user's Jid and the resulting output is encrypted with the first user's Public Key 3.
  • the results comprising the hash result with the first user's Jid that then encrypted with the first user's Public Key 3, encrypted Aes Key using PublB, and key version from second user's Public 1 Key (PublB) obtaining step is combined to get the encrypted message.
  • FIG 8 describes the complete message decryption process when the second user receives a message from the first user.
  • the process starts when the second user receive message from the first user.
  • step 1 the second user receives the complete encrypted message from the first user.
  • step 2 the second user decrypt the PublB (Aes Key) using the second user's RS A Private key 1.
  • step 3 the second user decrypt Aes (Plain Message) using key obtained from step 2. Now the second user will get the plain message in step 4. But the second user still has other steps to verify the received message.
  • the second user will generate the Hash of Plain Message using SHA-256.
  • the second user verifies the Pub IBs Key version with key stored locally. Then in step 7, the second user decrypt Pri3A( SHA(PlainMessage) + first user's Jid) using the first user's Public Key 3 obtained during key exchange. From the decrypted data in step 7, the second user verifies the first user's JID. From the decrypted data in step 7, the second user verifies the SHA(Plain Message) with the Hash generated in step 5. Successful completion of the above steps allows the second user to accept the plain message send by the first user.
  • FIGL 9A to 9C illustrates a diagram showing a process of secure key exchange for authorizing multiple users to establish secure communication between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices (102, 106) according to a preferred embodiment of the present invention.
  • FIG 9A illustrates a diagram showing a process of secure key generation while creating the group.
  • FIGL 9B illustrates a diagram showing a process of secure key generation while the group admin adding new member into the existing group.
  • the first user who being the admin of the group, sends request to the server (104) to get the new user's latest Public key 1.
  • the server (104) returns the new user's latest Public Key 1 (PublC).
  • the first user generate a new random aesKey and encrypts the key with the first user's Public Key 1, and the second user's Public Key 1 and the new user's Public Key 1 separately.
  • the entire keys will be uploaded to the server (104).
  • the server (104) Upon receiving all the keys, the server (104) responses with acknowledgement and the new group key version.
  • FIGL 9C illustrates a diagram showing a process of secure key generation while the group admin removes a member from the existing group.
  • the first user who being the admin of the group, can remove a member whenever desired.
  • the first user generates a new random aesKey and encrypts the key with the first user's Public Key 1 and the second user's Public Key 1 separately.
  • the entire keys will be uploaded to the server (104).
  • the server (104) responds with acknowledgement and the new group key version.
  • FIGL 10A illustrates a diagram showing a process of sending a message between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices (102, 106) according to a preferred embodiment of the present invention.
  • the following steps are performed when the first user sends a message to the group.
  • the first user inputs the plain message and select send from the application installed in the electronic device (102).
  • the group Aes key will be obtained either from local DB or from the server (104).
  • the group Key version is obtained from the local DB.
  • the plain message is encrypted with Aes Key obtained in the second step and combined with group key version from the third step.
  • the Aes encryption is performed and the encrypted message includes the Plain message, Aes Key provided with the group key version.
  • FIG 10B illustrates a diagram showing a process of receiving and decrypting a message using an electronic communication device in a group chat using the present application installed in the electronic device (102, 106) according to a preferred embodiment of the present invention.
  • the process with the following steps is preformed when the second user receives the group message.
  • the second user obtains the encrypted message.
  • the second user verified the Group key version with the key stored in local DB. If the key is different then the second user detects a different Group Key version and sends request to the server (104), which is step 3.
  • the second user decrypt PublB(AesKey) to get the group Key.
  • step 2 if the Group key version with the key stored in local DB is same, then the second user obtain the group key either from step 3 or direct from local DB, which is step 4. The second user will now decrypt the encrypted message in step 1 and decrypt using the Aes Key from step 3 or 4.
  • FIG 11A illustrates a diagram showing a process of sending an email using the present application installed in the electronic communication device (102) according to a preferred embodiment of the present invention.
  • the below example explains the process of sending an email by the first user to the second user using the present application installed in the electronic communication device (102).
  • the first user inputs the plain message and select send from the application installed in the first electronic communication device (102).
  • a random Aes key is generated.
  • the second user's Public Key 1 is obtained from the server (104) or local storage.
  • the generated Aes Key is encrypted with the first user's Public Key 1 and second user's Public Key 1 separately.
  • the Plain Message is now encrypted with Aes Key and combined with content generated in the above step.
  • FIG 11B illustrates a diagram showing a process of receiving an email using the present application installed in the electronic communication device (104) according to a preferred embodiment of the present invention.
  • the second user receives the email send in steps of FIG 11A through the application installed in the first electronic communication device (102).
  • the second user receives the encrypted email content, then the second user decrypt PublB(AesKey) with the second user's Private Key 1 in a second step.
  • the plain message is obtained by decrypting Aes(Plain Message, Aes Key) with Aes key using Aes Key from the second step.
  • FIG 12 illustrates an architecture diagram for electronic communication devices (102, 106) installed with the mobile application capable of transferring encrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data between the first electronic communication device (102) and the at least one second electronic communication device (106), according to a preferred embodiment of the present invention.
  • the mobile applications installed in the electronic communication devices (102, 106) are associated with a database repository for storing user information and for storing the generated public and private keys.
  • the information send through the mobile application is stored in the local storage such as a solid-state memory.
  • the mobile application includes different modules associated with the key management process and the user management processes.
  • the mobile application further includes an encryption module providing encryption levels such as AES256 military-grade encryption algorithm, RSA (1024bit) for key exchange and Hash (SHA256) for unique message signature.
  • the encrypted text, multimedia, email, video calls and Voice over ⁇ (VoIP) data are transferred via SSL (Secure Socket Layer).
  • FIG 13 illustrates an architecture diagram for the server (104) capable of establishing a secure connection for transferring encrypted data including text, multimedia, email, video calls and Voice over IP (VoEP) data between mobile applications installed in the first electronic communication device (102) and the at least one second electronic communication device (106), according to a preferred embodiment of the present invention.
  • the server (104) is installed with an application for allowing the communication between users through the mobile applications installed in their individual electronic communication devices (102).
  • the application installed in the server (104) is associated with a database repository for storing user information and for storing the generated public and private keys.
  • the information send through the mobile application is stored in the local file storage such as a solid-state memory or hard disk of the server (104) in an encrypted form.
  • the server application includes different business logic modules associated with the key management process, the user management, group management, account payment management processes.
  • the server application further includes a module for transferring the encrypted text, multimedia, email, video calls and Voice over IP (VoIP) data via SSL (Secure Socket Layer) between the multiple electronic communication devices (102, 106).
  • VoIP Voice over IP
  • the application running in the first electronic communication device (102) allows to send the encrypted text, multimedia, email and VoIP data to the at least one second electronic communication device (106) even when the second device (106) is kept in an offline mode.
  • the at least one server (104) forms a central repository to store the encrypted text, multimedia, email and VoIP data and at least one contact information.
  • the server (104) synchronizes the encrypted text, multimedia, email and VoIP data stored in the central repository with the application running in the at least one second electronic communication device (106) comes online.
  • the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) provides an all-in encrypted communication over the communication network (108).
  • the application is capable of transferring the encrypted text chats, encrypted multimedia, encrypted email, encrypted video calls and encrypted VoIP data between the first electronic communication device (102) and the at least one second electronic communication device (106) through the at least one server (104).
  • the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a self-destruct function to destroy the transferred encrypted messages including the encrypted text chats and the encrypted multimedia.
  • the user can opt in the option from the mobile application user interface to destroy the messages after a certain period of time automatically.
  • the mobile application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a stealth mode to avoid detection by unauthorized users.
  • the stealth mode is available for Android OS only.
  • the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a payment system, which allows the users to pay for receiving individual services including encrypted text, multimedia, instant chat, email and VoIP data, video call over ⁇ etc. The users can select one or more desired service and can pay for that.
  • the server (104) includes a user management module for managing the users, account information of the users and the payment information associated with each user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Disclosed system (100) for establishing secure communication between multiple electronic communication devices comprises at least one electronic communication device (102, 106) installed with an application capable of performing an encrypted or decrypted data transfer and a server (104) for establishing a secure connection between the electronic communication devices (102, 106) over a communication network (108). The application allows transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data through the server (104). The system (100) and the method associated with the application running in the electronic communication devices (102, 106) forms an all-in encrypted or decrypted communication means for text, instant chat, multimedia, email, video calls and VoIP data and allows the user to send and receive encrypted or decrypted messages with self-destruct function. The application prevents hackers and intruders to decrypt the contents of the data send through the application, even if they gain access to the server (104).

Description

SYSTEM FOR ESTABLISHING SECURE COMMUNICATION BETWEEN
MULTIPLE ELECTRONIC COMMUNICATION DEVICES
FIELD OF INVENTION
The present invention relates to a system for secure multimode communication. More particularly, the present invention relates to a software messaging system for secure multimode communication between multiple electronic communication devices. BACKGROUND
Users of electronic communication devices increasingly desire to communicate privately and securely with one another. The communication means for communicating with two or multiple users includes text messaging, instant chat, etc. The present systems and methods uses different applications installed on the electronic communication devices for handling one or more communication methods such as text messaging, instant chat, etc. Unfortunately, there is no single application that can handle all forms of communication over an encrypted channel for securing communications. Also the existing systems have difficulties when a sender of a communication intends for the communication to be received by multiple entities over an encrypted channel.
Electronic mail (email), short message service (SMS, or text), instant chats, email, voice communication by voice over IP means, video calling, group video chat and so forth (collectively, "electronic communication") are now common and perhaps indispensable methods of communication. These tools are used for both personal communication and business communication. Many applications exists that offer secured mode of communication between two or more devices. It is commonly believed that the content of such communications through these applications are relatively secure and private. However, in many circumstances, an expectation of security and privacy is not well founded. The applications for such communications offer a limited number of communication methods such as text messaging or instant chat and are relatively easy to intercept. The communication service providers often provide archiving of messages and instant chats that may be accessed, easily or with varying degrees of effort and authority. Communications are often retained, at least temporarily, on a user's hardware device, such as a cellular telephone, tablet computer, and so on. Therefore, a misplaced or stolen device may give others access to communications retained thereon.
In another approach, the sender encrypts a message using a key. The receiver has a corresponding key, which is used to decrypt the message when received. There are many variations of this encryption-decryption scheme, such as private keys, public key exchange, and so on. Problems with the encryption-decryption approach include the need for processing resources to perform the encryption-decryption on the sending and receiving devices, and the risk of loss of security of the key or the device that performs the encryption-decryption. Furthermore, encryption usually converts a human-readable message into a jumble of numbers and letters that is not readable other than after decoding. However, the jumble of letters and numbers then appears to be just what it is an encrypted message. An unauthorized user can therefore quickly identify the message as being encrypted, and hence a target for efforts at decryption, coerced or otherwise.
Another technique for lending security to electronic communication is to permit communication only between pre-authorized devices. In certain versions of such schemes, a message contains code that prevents it from being delivered to, opened by or read on a machine other than one identified in that code. In other versions, limiting access to a network carrying the electronic communications only to approved devices ensures security. There are many other access-limiting schemes for enabling secure communication. However, problems with these approaches in general include the potential inability or difficulty to include new users in a communication, the need to expose a user's device id when sending or receiving a message, and since the message may in fact be encoded until the authenticity of the receiving device is confirmed, the presence of an encoded message may be apparent, identifying it as a target for decryption efforts. There exist separate applications for sending email, video chat and instant text chat over a communication channel using many techniques for improving the level of security and privacy in electronic communication. One method employs encrypting the messages send through an application. Encryption offers fair level of security to the contents. These communications may be difficult to be intercepted in transit. However, the existing applications only allow one or two communication methods such as instant text chat and multimedia messaging for sending in an encrypted format.
Users sometimes use the user's electronic communication device to place voice calls, place video calls, VoIP calls, group video chat, instant chats, emails or to send messages to other user devices. There exists a need for a system and method for communicating a user device with devices owned by one more users for transferring voice calls, video calls, VoIP calls, group video chat, instant chats, emails and messages. The needed system and method would send and receive the information over a secured communication channel. In addition, the information would be encrypted before transferring. Further, the needed system and method would employ a single application to transfer place voice calls, place video calls, VoIP calls, group video chat, instant chats, emails and to send messages to other user devices. In addition, the needed system would allow the data to be encrypted for preventing hacking, thereby protecting potentially sensitive and private information. The present invention addresses such a need. SUMMARY
The present disclosure is directed to systems and methods for providing secure electronic communications from one device to another that is both secure, in the sense of encryption, and protected, in the sense that third parties cannot access the contents of the secure message. The present invention is a system for establishing secure communication between multiple electronic communication devices. The system comprises a first electronic communication device installed with an application capable of performing an encrypted or decrypted data transfer, at least one second electronic communication device installed with the application capable of performing an encrypted or decrypted data transfer, at least one server capable of establishing a secure connection between the first electronic communication device and the second electronic communication device for transferring at least one encrypted or decrypted data. The application installed in the first electronic communication device and the second electronic communication device is capable of transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data through the at least one server. A communication network transfers the encrypted or decrypted text, multimedia, email and VoIP data from the application running in the first electronic communication device to the at least one second electronic communication device through the at least one server.
The system offers multiple modes of security layers by introducing AES256 military-grade encryption algorithm, RSA (1024bit) for key exchange, Hash (SHA256) for unique message signature and transferring the encrypted or decrypted data via Secure Socket Layer (SSL). The system and the method associated with the application running in the electronic communication device forms an all-in communication application that allows the user to send and receive encrypted or decrypted messages with self-destruct function. The application running in the electronic communication devices allows the users to send and receive chats with encryption, email with encryption, encrypted or decrypted VoIP, encrypted or decrypted video calls, etc. Thereby the text, multimedia, email, video calls and Voice over IP (VoIP) information can be securely transferred between the two or more electronic communication devices using a single application and it would be difficult for the hackers and intruders to decrypt the contents of the messages, even if they gain access to the server. The user can send the data even if the second electronic communication device kept in an offline mode. In that case the server forms a central repository to store the data and synchronizes the data stored in the central repository with the application running in the at least one second electronic communication device when the device comes online. Other objects and advantages of the embodiments herein will become readily apparent from the following detailed description taken in conjunction with the accompanying drawings.
BRIEF DESCRIPTIONS OF THE DRAWINGS FIG 1 illustrates the system for establishing a secure communication for transferring data including text, multimedia, email, video calls and Voice over IP (VoIP) data between a first electronic communication device and at least one second electronic communication device, according to a preferred embodiment of the present invention.
FIG 2 illustrates a block diagram of the electronic communication device for sending and receiving data including text, multimedia, email, video calls and Voice over IP (VoIP) data, according to a preferred embodiment of the present invention.
FIG 3 illustrates a block diagram of an authentication server of the system for establishing a secure communication for transferring data, according to a preferred embodiment of the present invention.
FIG 4 illustrates a diagram showing a general process of authorizing a user for establishing secure communication between a pair of electronic communication devices. FIG 5A illustrates a diagram showing a one-time process of secure key registration for authorizing at least one user to establish secure communication using the application installed in his/her electronic communication device.
FIG 5B to 5C illustrates a diagram showing a process of secure key exchange for authorizing at least one user to establish secure communication between a pair of electronic communication devices, according to a preferred embodiment of the present invention.
FIG 6 illustrates a diagram showing a process of establishing secure chat communication with encryption between a pair of electronic communication devices of a first user and second user alone.
FIG 7 is a flowchart describing the complete message generation when the first user sends a message to the second user. FIG 8 is a flowchart describing the complete message decryption when the second user receives a message from the first user. FIG 9A to 9C illustrates a diagram showing a process of secure key exchange for authorizing multiple users to establish secure communication between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices, according to a preferred embodiment of the present invention.
FIG 10A illustrates a diagram showing a process of sending a message between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices, according to a preferred embodiment of the present invention.
FIG 10B illustrates a diagram showing a process of receiving and decrypting a message using an electronic communication device in a group chat using the present application installed in the electronic device according to a preferred embodiment of the present invention. FIG 11A illustrates a diagram showing a process of sending an email using the present application installed in the electronic device according to a preferred embodiment of the present invention.
FIG 11B illustrates a diagram showing a process of receiving an email using the present application installed in the electronic communication device, according to a preferred embodiment of the present invention.
FIG 12 illustrates an architecture diagram for electronic communication device installed with the mobile application capable of transferring data including text, multimedia, email, video calls and Voice over IP (VoEP) data between the first electronic communication device and the second electronic communication device, according to a preferred embodiment of the present invention.
FIG 13 illustrates an architecture diagram for the server capable of establishing a secure connection for transferring data including text, multimedia, email, video calls and Voice over EP (VoIP) data between mobile applications installed in the first electronic communication device and the second electronic communication device, according to a preferred embodiment of the present invention.
DETAILED DESCRIPTION
In the following detailed description, a reference is made to the accompanying drawings that form a part hereof, and in which the specific embodiments that may be practiced is shown by way of illustration. These embodiments are described in sufficient detail to enable those skilled in the art to practice the embodiments and it is to be understood that the logical, architectural and other changes may be made without departing from the scope of the embodiments. The following detailed description is therefore not to be taken in a limiting sense.
In this document, the terms "a" or "an" are used, as is common in patent documents, to include one or more than one. In this document, the term "or" is used to refer to a nonexclusive "or," such that "A or B" includes "A but not B," "B but not A," and "A and B," unless otherwise indicated. Furthermore, all publications, patents, and patent documents referred to in this document are incorporated by reference herein in their entirety, as though individually incorporated by reference. In the event of inconsistent usages between this document and those documents so incorporated by reference, the usage in the incorporated reference(s) should be considered supplementary to that of this document; for irreconcilable inconsistencies, the usage in this document controls.
The description provided herein is complete and sufficient for those skilled in the arts of computer systems, software application development, mobile application development and web development to implement the methods as described. One embodiment of this system for establishing secure communication between multiple electronic communication devices may employ a server running an operating system such as Windows, Linux, web-server software such as Apache, and database such as MySQL, with methods implemented through a software development language such as PHP or Java. However, the invention should not be limited to these types of software operating system, web-server software, database software, software development language, server or client hardware.
The present invention provides a system for transferring data by enabling efficient secure authentication between various portable communication devices. The present invention overcomes inadequacies of the prior art by creating a novel architecture for secured transfer of multiple forms of data including, but not limited to, text, instant chat, multimedia, email, video calls and Voice over EP (VoIP) data using a single messaging facility in form of messages. The present invention sends the plurality of information including, but not limited to, text, instant chat, multimedia, email, video calls and Voice over ΓΡ (VoIP) data in form of encrypted formats, thereby improving the security of the information transferred between multiple portable electronic communication devices. However, the methods and system provided herein are also capable of transferring data in decrypted format. The present invention is a system (100) for establishing secure communication between multiple electronic communication devices. According to a preferred embodiment, the system (100) disclosed in the present inventions is used for establishing a secure communication for transferring data including text, multimedia, email, video calls and Voice over ΓΡ (VoIP) data between applications running in the multiple electronic communication devices over a wireless communication network. The data to be transferred may be in encrypted or decrypted format. FIG 1 illustrates the system (100) for establishing a secure communication for transferring encrypted data including text, multimedia, email, video calls and Voice over ΓΡ (VoEP) data between a first electronic communication device (102) and at least one second communication device (106), according to a preferred embodiment of the present invention. In one embodiment, the system (100) transfers decrypted data between the first communication device (102) and the second (106) communication device. The system (100) includes the first electronic communication device (102) installed with an application capable of performing an encrypted or decrypted data transfer, at least one second electronic communication device (106) installed with the application capable of performing an encrypted or decrypted data transfer and at least one server (104) capable of establishing a secure connection between the first electronic communication device (102) and the at least one second electronic communication device (106) for transferring at least one encrypted or decrypted data over a communication network (108). The application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) is capable of performing encrypted or decrypted data transfer of information such as, but not limited to, text, multimedia, email, video calls and Voice over IP (VoIP) data through the server (104). The communication network (108) for transferring encrypted or decrypted text, multimedia, email and VoEP data from the application running in the first electronic communication device (102) to the at least one second electronic communication device (106) can be a wireless communication network such as but not limited to, cellular communication, Wi-Fi etc.
Before describing aspects of the present invention in detail, it is helpful to first discuss the environment in which embodiments of the invention operate. Referring now to FIG 2, the electronic communication device (102, 106) such as, but not limited to, a Smartphone, tablet, ultrabook, laptop, smart wearable device including Google Glass, Smartwatch etc., runs a number of applications including the mobile application for transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over ΓΡ (VoIP) data. The electronic communication device (102, 106) comprises the at least one processing unit (200) that is equipped with a control unit (206) and an Arithmetic Logic Unit (ALU) (208), a memory unit (210), a storage unit (212), a plurality of networking devices (214) and a plurality input/output (I/O) devices (204). The electronic communication device (102, 106) can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators. The processing unit (200) may also include a memory that stores data. The processing unit (200) might include only one of a type of component e.g. one microprocessor, or may contain multiple components of that type e.g. multiple microprocessors. The processing unit (200) could be composed of a plurality of separate circuits and discrete circuit elements. In some embodiments, the processing unit (200) will essentially comprise solid-state electronic components such as a microprocessor e.g. microcontroller. The processing unit (200) may be mounted on a single board in a single location or may be spread throughout multiple locations, which cooperate to act as processing unit (200). In some embodiments, the processing unit (200) may be located in a single location e.g. in proximity and/or on a common circuit carrying element such as a circuit board and/or all the components of the processing unit (200) will be closely connected. The mobile application has an encryption module and an algorithm for encrypting the input data including text, multimedia, email, video calls and Voice over IP (VoIP) data. The processing unit (200) is responsible for processing the instructions of the algorithm. The processing unit (200) receives commands from the control unit (206) in order to perform its processing. Further, the plurality of processing units (200) may be located on a single chip or over multiple chips. In addition, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU (208). Further, the electronic communication device (102, 106) includes a variety of hardware and associated software components, where the variety of hardware components include the at least one processing unit (200) designed to control various other circuits such as information displayed on a display (202). The display (202) can display the user interface of the mobile application with options for selecting a desired service such as instant chat, text messaging, multimedia, email, video calls and Voice over IP (VoIP). The display (202) may be a touch screen display allowing the plurality of users to control the user interface of the mobile application using at least one gesture or touch. The processing unit (200) may control the information based on inputs received from various input/output (I/O) devices (204) of the electronic communication device (102, 106) e.g. hard keys, a touch screen, voice commands from a microphone or a microphone connected to headset jack, camera and or from some other user input device. The mobile application has the capability to launch the at least one camera module of the device for sending encrypted or decrypted data including multimedia messages, images or video through instant chat and for making video calls and Voice over IP (VoIP) call.
The mobile application installed in the electronic communication device (102, 106) allows the plurality of users to login to send or receive an encrypted or decrypted data including instant chat text, multimedia, email, video calls and Voice over IP (VoIP) data through a user interface. The processing unit (200) processes the text, multimedia, email, video calls and Voice over IP (VoIP) data inputs received from the first electronic communication device (102), encrypts the information and transfers the information to the server (104). The server (104) authenticates the receiver device and the encrypted or decrypted data is forwarded the second electronic communication device (106). In an embodiment of the present invention, the at least one processing unit (200) is configured to process a plurality of instructions received from the server (104). The server (104) can act as a central repository for receiving and storing the encrypted or decrypted data. The mobile application allows the users to submit a plurality of information in form of text, instant chat, multimedia, email, video calls and Voice over EP (VoIP) data through the user interface and the data is encrypted or decrypted by the application before sending to the at least one second electronic communication device (106) through the server (104).
FIG. 3 illustrates a block diagram of an authentication server (104) of the system (100) for user authentication and for establishing a secure communication for transferring encrypted or decrypted data including text, instant chat, multimedia, email, video calls and Voice over IP (VoIP) data, according to a preferred embodiment of the present invention. The server (104) runs an application for user authentication and for transferring the encrypted or decrypted data to the second user or users, in case of a group chat, group messaging, group call and video call. The electronic communication devices (102), (106) used to access the server (104) provides the network-based and other features discussed below, uses one or multiple applications. Such access may be by way of a computer network or communication networks (108), such as the network of networks commonly known as the Internet. In some cases, the communication network (108) includes a local and/or wide area network or mobile communication network. In other instances, the communication network (108) may be a local area network (LAN) of an enterprise and/or a virtual LAN, which is instantiated over the Internet or other networks of networks. The server (104) is communicatively coupled to a database, which may store records concerning user credentials.
The server (104) includes similar hardware as in a computer system, which includes the processing unit (306), a network communication unit (314), at least one memory unit (304), a storage unit (308) and a plurality of I/O devices (320) for connecting to a plurality of peripheral devices including a display unit. The server (104) is run by operating system software, Firmware and includes an application for user authentication (310) and transferring of encrypted or decrypted data including text, instant chat, multimedia, email, video calls and Voice over DP (VoIP) data from the mobile application running in the electronic communication devices (102, 106). The processing unit (306) processes the instructions (312) of the application for user authentication (310) for establishing secure communication between the first electronic device (102) and one or more second electronic devices (106).
The system (100) and the method associated with the application running in the electronic communication device (102, 106) can be employed to send encrypted or decrypted messages, instant chats, email, video and voice over D? calls from the devices through the server (104). In addition, the application forms an all-in communication application that allows the user to send and receive encrypted or decrypted messages with self-destruct function. The application running in the electronic communication devices (102, 106) allows the users to send and receive chats with encryption, email with encryption, encrypted or decrypted VoIP, encrypted or decrypted video calls, etc. Thus the information can be securely transferred between the two or more electronic communication devices (102), (106) and it would be difficult for the hackers and intruders to decrypt the contents of the messages, even if he or she gains access to the server (104) or the sending and receiving electronic communication devices (102, 106). The system (100) offers multiple modes of security layers by introducing AES256 military- grade encryption algorithm, RSA (1024bit) for key exchange, Hash (SHA256) for unique message signature and transferring the encrypted or decrypted data via Secure Socket Layer (SSL). The encryption offered by the system (100) includes the process of encoding a message including text, instant chat, multimedia, email, video calls and Voice over ΓΡ (VoIP) data that can only be decrypted by the authorized receiving device (106). FIG 4 illustrates a diagram showing a general process of authorizing a user for establishing secure communication between a pair of electronic communication devices (102, 106). A first user sends a request for establishing a connection with a second user. The request is send from the mobile application running in the first electronic communication device (102) of the first user. The server (104) receives the request and forwards the request to the second user as a notification. Upon receiving the notification, the second user launches the secure communication application installed in the device (106) and accepts the request. When the second user accepts the request, the secure communication application running the device (106) instructs to submit the device's (106) public key to the server (104) and a private key corresponding to the generated public key will be stored in the device (106). The server (104) now receives the public key send from the device (106) of the second user. The server (104) keeps the second user's device (106) public key and push forward the public key to the first user's device (102). After receiving the public key of the second electronic communication device (106), the first electronic communication device (106) automatically generates its own public key and pushes it to the server (104). At the same time a private key corresponding to the generated public key will be stored in the first electronic communication device (106). The server (104) keeps the first user's device (102) public key and pushes the same public key to the second electronic communication device (106). This completes a key exchange for establishing secure communication connection between the electronic communication device (102) of the first user and the electronic communication device (106) of the second user.
FIG 5A illustrates a diagram showing a one-time process of secure key registration for authorizing at least one user to establish secure communication using the application installed in his/her electronic communication device. The electronic communication device (102) of the first user generates three sets of RSA keys, and only the public key is send to the server (104). The server (104) receives and acknowledges back to the first electronic communication device (102) that the RSA public key has received. This secure key registration process is performed only one time i.e. when the application is launched for the first time from the electronic communication devices (102) or (106) and register the user to the server (104). FIG 5B to 5C illustrates a diagram showing a process of secure key exchange for authorizing users to establish secure communication between a pair of electronic communication devices (102, 106). FIG 5B illustrates a diagram showing a process of first part of secure key exchange for authorizing at least one user to establish secure communication. When the first user sends a friend request to a second user from the mobile application running in the first electronic communication device (102), the following process is performed in the background for a secure key exchange. First the first user sends an http request of "addldentity" to the server (104). Upon receiving the http request, the server (104) generates and returns RSA encrypted data. In an embodiment, the server (104) generates and returns decrypted data. Then the first user device (102) decrypts the first layer of encryption using first user's RSA Private key and then the first user sends over the decrypted content via Extensible Messaging and Presence Protocol (XMPP) to the second user.
The second user receives the content and approves the request by selecting "Approved" and the second user sends an "Identity check" http request back to the server (104) as shown in FIG 5C. The server (104) then generates the Hash of first user's Public key 2 and second user's Public Key 2 and returns the result to the second user. Then the second user verifies that both the hash value from the server (104) and that from the first user are identical. Then the second user stores the first user's RSA public key 3 (Pub3A). The second user decrypts the content obtained in the last step of FIG 5B using the second user's RSA Private Key 2 and compares the Hash value. Upon successful verification, the second user will send http request "Identity Approve" to the server (104). After the server (104) is verified, it generates and returns the RSA encrypted data to the second user. In an embodiment, the server (104) generates and returns decrypted data to the second user. In case, the encrypted data is generated and returned to the second user, the second user decrypts the first layer of encryption using second user's RSA Private key 2. Then the second user sends over the decrypted content via xmpp to the first user followed by the second user will send an http request "Identity Approve". Upon successful verification, the server (104) will respond acknowledgement. Now the first user will store the second user's RSA public key 3 (Pub3B) and thereby establishes a secure connection between the devices (102, 106) of first user and second user. FIG 6 describes the message component and the breakdown. The first user sends the information using the application installed in his device (102). The format of encrypted message includes CipherMessage and Cipherlnfo ensuring a completely encrypted message. Here the format of CipherMessage includes PublicKey of second user (AesKey) + Aes(PlainMessage), which forms the encrypted content of the message. The format of Cipherlnfo includes Cipher Identity and version, which forms the info of the message. The info is used for message verification and also for versioning. The format of Cipher Identity includes PrivateKey of first user (Hash of (PlainMessage) + OwnJid), which is the identity of the message and is used for message verification.
FIG 7 describes the complete message generation when the first user sends a message to the second user. The first user launches the application from his or her device then inputs plain message and sends to the second user. A random Aes - 256bits Key is now generated. The generated Aes Key is used to encrypt the plain message. Now, the second user's Public 1 Key (Pub IB) and the key version are obtained via http request or from local storage. The Aes Key generated in step 2, i.e. while sending the plain message, is encrypted using PublB. Then the plain message is hashed using SHA-256. The hash result is combined with the first user's Jid and the resulting output is encrypted with the first user's Public Key 3. The results comprising the hash result with the first user's Jid that then encrypted with the first user's Public Key 3, encrypted Aes Key using PublB, and key version from second user's Public 1 Key (PublB) obtaining step is combined to get the encrypted message.
FIG 8 describes the complete message decryption process when the second user receives a message from the first user. The process starts when the second user receive message from the first user. In step 1 the second user receives the complete encrypted message from the first user. Then in step 2, the second user decrypt the PublB (Aes Key) using the second user's RS A Private key 1. In a 3rd step, the second user decrypt Aes (Plain Message) using key obtained from step 2. Now the second user will get the plain message in step 4. But the second user still has other steps to verify the received message. In a 5th step, the second user will generate the Hash of Plain Message using SHA-256. In a following 6th step, the second user verifies the Pub IBs Key version with key stored locally. Then in step 7, the second user decrypt Pri3A( SHA(PlainMessage) + first user's Jid) using the first user's Public Key 3 obtained during key exchange. From the decrypted data in step 7, the second user verifies the first user's JID. From the decrypted data in step 7, the second user verifies the SHA(Plain Message) with the Hash generated in step 5. Successful completion of the above steps allows the second user to accept the plain message send by the first user. FIGL 9A to 9C illustrates a diagram showing a process of secure key exchange for authorizing multiple users to establish secure communication between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices (102, 106) according to a preferred embodiment of the present invention. FIG 9A illustrates a diagram showing a process of secure key generation while creating the group. When the first user create a group with the second user, the first user sends a request to server (104) to get the second user's latest Public key 1. The server (104) returns the second user's latest Public Key 1 (Pub IB). Now the first user generates a random AesKey and encrypts the key with the first user's Public Key 1 and second user's Public Key 1 separately. Both the key will be uploaded to server (104). The server (104) responds by acknowledgement and the group key version.
FIGL 9B illustrates a diagram showing a process of secure key generation while the group admin adding new member into the existing group. The first user, who being the admin of the group, sends request to the server (104) to get the new user's latest Public key 1. The server (104) returns the new user's latest Public Key 1 (PublC). Now the first user generate a new random aesKey and encrypts the key with the first user's Public Key 1, and the second user's Public Key 1 and the new user's Public Key 1 separately. The entire keys will be uploaded to the server (104). Upon receiving all the keys, the server (104) responses with acknowledgement and the new group key version.
FIGL 9C illustrates a diagram showing a process of secure key generation while the group admin removes a member from the existing group. The first user, who being the admin of the group, can remove a member whenever desired. The first user generates a new random aesKey and encrypts the key with the first user's Public Key 1 and the second user's Public Key 1 separately. The entire keys will be uploaded to the server (104). The server (104) responds with acknowledgement and the new group key version.
FIGL 10A illustrates a diagram showing a process of sending a message between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices (102, 106) according to a preferred embodiment of the present invention. The following steps are performed when the first user sends a message to the group. The first user inputs the plain message and select send from the application installed in the electronic device (102). The group Aes key will be obtained either from local DB or from the server (104). The group Key version is obtained from the local DB. The plain message is encrypted with Aes Key obtained in the second step and combined with group key version from the third step. Thus the Aes encryption is performed and the encrypted message includes the Plain message, Aes Key provided with the group key version.
FIG 10B illustrates a diagram showing a process of receiving and decrypting a message using an electronic communication device in a group chat using the present application installed in the electronic device (102, 106) according to a preferred embodiment of the present invention. The process with the following steps is preformed when the second user receives the group message. In a first step the second user obtains the encrypted message. Now in a second step, the second user verified the Group key version with the key stored in local DB. If the key is different then the second user detects a different Group Key version and sends request to the server (104), which is step 3. The second user decrypt PublB(AesKey) to get the group Key. In step 2, if the Group key version with the key stored in local DB is same, then the second user obtain the group key either from step 3 or direct from local DB, which is step 4. The second user will now decrypt the encrypted message in step 1 and decrypt using the Aes Key from step 3 or 4.
FIG 11A illustrates a diagram showing a process of sending an email using the present application installed in the electronic communication device (102) according to a preferred embodiment of the present invention. The below example explains the process of sending an email by the first user to the second user using the present application installed in the electronic communication device (102). The first user inputs the plain message and select send from the application installed in the first electronic communication device (102). Then a random Aes key is generated. The second user's Public Key 1 is obtained from the server (104) or local storage. The generated Aes Key is encrypted with the first user's Public Key 1 and second user's Public Key 1 separately. The Plain Message is now encrypted with Aes Key and combined with content generated in the above step. FIG 11B illustrates a diagram showing a process of receiving an email using the present application installed in the electronic communication device (104) according to a preferred embodiment of the present invention. The second user receives the email send in steps of FIG 11A through the application installed in the first electronic communication device (102). The second user receives the encrypted email content, then the second user decrypt PublB(AesKey) with the second user's Private Key 1 in a second step. The plain message is obtained by decrypting Aes(Plain Message, Aes Key) with Aes key using Aes Key from the second step.
FIG 12 illustrates an architecture diagram for electronic communication devices (102, 106) installed with the mobile application capable of transferring encrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data between the first electronic communication device (102) and the at least one second electronic communication device (106), according to a preferred embodiment of the present invention. The mobile applications installed in the electronic communication devices (102, 106) are associated with a database repository for storing user information and for storing the generated public and private keys. The information send through the mobile application is stored in the local storage such as a solid-state memory. The mobile application includes different modules associated with the key management process and the user management processes. The mobile application further includes an encryption module providing encryption levels such as AES256 military-grade encryption algorithm, RSA (1024bit) for key exchange and Hash (SHA256) for unique message signature. The encrypted text, multimedia, email, video calls and Voice over ΓΡ (VoIP) data are transferred via SSL (Secure Socket Layer). FIG 13 illustrates an architecture diagram for the server (104) capable of establishing a secure connection for transferring encrypted data including text, multimedia, email, video calls and Voice over IP (VoEP) data between mobile applications installed in the first electronic communication device (102) and the at least one second electronic communication device (106), according to a preferred embodiment of the present invention. The server (104) is installed with an application for allowing the communication between users through the mobile applications installed in their individual electronic communication devices (102). The application installed in the server (104) is associated with a database repository for storing user information and for storing the generated public and private keys. The information send through the mobile application is stored in the local file storage such as a solid-state memory or hard disk of the server (104) in an encrypted form. The server application includes different business logic modules associated with the key management process, the user management, group management, account payment management processes. The server application further includes a module for transferring the encrypted text, multimedia, email, video calls and Voice over IP (VoIP) data via SSL (Secure Socket Layer) between the multiple electronic communication devices (102, 106). The application running in the first electronic communication device (102) allows to send the encrypted text, multimedia, email and VoIP data to the at least one second electronic communication device (106) even when the second device (106) is kept in an offline mode. In that case the at least one server (104) forms a central repository to store the encrypted text, multimedia, email and VoIP data and at least one contact information. The server (104) synchronizes the encrypted text, multimedia, email and VoIP data stored in the central repository with the application running in the at least one second electronic communication device (106) comes online. The application running in the first electronic communication device (102) and the at least one second electronic communication device (106) provides an all-in encrypted communication over the communication network (108). The application is capable of transferring the encrypted text chats, encrypted multimedia, encrypted email, encrypted video calls and encrypted VoIP data between the first electronic communication device (102) and the at least one second electronic communication device (106) through the at least one server (104). In an embodiment of the system (100), the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a self-destruct function to destroy the transferred encrypted messages including the encrypted text chats and the encrypted multimedia. The user can opt in the option from the mobile application user interface to destroy the messages after a certain period of time automatically. Further, in some other embodiments of the system (100), the mobile application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a stealth mode to avoid detection by unauthorized users. In an embodiment, the stealth mode is available for Android OS only. In certain embodiments the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a payment system, which allows the users to pay for receiving individual services including encrypted text, multimedia, instant chat, email and VoIP data, video call over ΓΡ etc. The users can select one or more desired service and can pay for that. For managing the users the server (104) includes a user management module for managing the users, account information of the users and the payment information associated with each user.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the scope of the appended claims. Although the embodiments herein are described with various specific embodiments, it will be obvious for a person skilled in the art to practice the invention with modifications. However, all such modifications are deemed to be within the scope of the claims.

Claims

CLAIMS:
1. A system (100) for establishing secure communication between a plurality of electronic communication devices comprises:
a first electronic communication device (102) installed with an application capable of performing an encrypted or decrypted data transfer;
at least one second electronic communication device (106) installed with the application capable of performing the encrypted or decrypted data transfer;
at least one server (104) capable of establishing a secure connection between the first electronic communication device (102) and the at least one second electronic communication device (106) for transferring at least one encrypted or decrypted data,
wherein the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) being capable of performing encrypted or decrypted data transfer including text, multimedia, instant chat, email, video calls and Voice over IP (VoIP) data through the at least one server (104); and a communication network (108) for transferring encrypted or decrypted text, multimedia, email and VoIP data from the application running in the first electronic communication device (102) to the at least one second electronic communication device (106) through the at least one server (104).
2. The system (100) of claim 1 wherein the first electronic communication device (102) and the at least one second electronic communication device (106) is installed with the application capable of performing encrypted or decrypted text, multimedia, instant chat, email, video calls, video group chat and Voice over IP (VoIP) data transfer over the communication network (108).
3. The system (100) of claim 1 wherein the at least one server (104) authenticates first electronic communication device (102) and the at least one second electronic communication device (106) for establishing an encrypted or decrypted connection to transfer encrypted or decrypted text, multimedia, instant chat, email, video calls, video group chat and Voice over IP (VoIP) data using the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) over the communication network (108).
4. The system (100) of claim 1 wherein the application running in the first electronic communication device (102) allows to send the encrypted or decrypted text, multimedia, instant chat, email, video calls, video group chat and Voice over IP (VoIP) data to the at least one second electronic communication device (106) kept in an offline mode.
5. The system (100) of claim 4 wherein the at least one server (104) forms a central repository to store the encrypted or decrypted text, multimedia, instant chat, email, video calls, video group chat and Voice over IP (VoIP) data and at least one contact information.
6. The system (100) of claim 5 wherein the at least one server (104) is capable of synchronizing the encrypted or decrypted text, multimedia, instant chat, email, video calls, video group chat and Voice over IP (VoIP) data stored in the central repository with the application running in the at least one second electronic communication device (106) when the device (106) comes online.
7. The system (100) of claim 1 wherein the application running in the first electronic communication device (102) and the at least one second electronic communication device
(106) provides an all-in encrypted communication over the communication network (108), wherein the application capable of all-in encrypted communication transfers the encrypted text chats, encrypted instant chat, encrypted multimedia, encrypted email, encrypted video calls and encrypted VoIP data between the first electronic communication device (102) and the at least one second electronic communication device (106) through the at least one server (104).
8. The system (100) of claim 1 wherein the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a self-destruct function to destroy the transferred encrypted or decrypted messages including the encrypted or decrypted text chats and the encrypted or decrypted multimedia.
9. The system (100) of claim 1 wherein the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a stealth mode to avoid detection by unauthorized users.
10. A method for establishing secure communication between a plurality of electronic communication devices, the method comprises the steps of:
providing a first electronic communication device (102) and at least one second electronic communication device (106) installed with an application capable of performing an encrypted or decrypted data transfer,
wherein the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) being capable of performing encrypted or decrypted data transfer including text, multimedia, instant chat, email, video calls, video chat and Voice over IP (VoIP) data through the at least one server (104);
authorizing the at least one second electronic communication device (106) by the first electronic communication device (102) for establishing secure communication using the application,
wherein a process of authorizing the at least one second electronic communication device (106) by the first electronic communication device (102) comprises the steps of:
registration of the first electronic communication device (102) with a central server (104);
approval of the at least one second electronic communication device (106) by the first electronic communication device (102); and
exchange of public parameters between the first electronic communication device (102) with the central server (104) and the at least one second electronic communication device (106);
sending at least one information from the first electronic communication device (102) to the at least one second electronic communication device (106) via the server (104),
wherein the at least one information includes text, multimedia, instant chat, email, video calls, video chat and Voice over IP (VoIP) data in an encrypted or decrypted message format; and
receiving, verifying and decrypting the at least one information from the first electronic communication device (102) by the at least one second electronic communication device (106).
11. The method of claim 10 wherein the application is capable of transferring encrypted or decrypted text chats, encrypted or decrypted instant chat, encrypted or decrypted multimedia, encrypted or decrypted email, encrypted or decrypted video calls and encrypted or decrypted VoIP data between the first electronic communication device (102) and the at least one second electronic communication device (106) through the server (104).
12. The method of claim 10 wherein the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a self-destruct function to destroy the transferred encrypted or decrypted messages including the encrypted or decrypted text chats and the encrypted or decrypted multimedia.
13. The method of claim 10 wherein the application running in the first electronic communication device (102) and the at least one second electronic communication device
(106) includes a stealth mode to avoid detection by unauthorized users.
PCT/MY2016/000006 2015-02-05 2016-02-05 System for establishing secure communication between multiple electronic communication devices WO2016126151A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2015700366 2015-02-05
MYPI2015700366 2015-02-05

Publications (1)

Publication Number Publication Date
WO2016126151A1 true WO2016126151A1 (en) 2016-08-11

Family

ID=56564392

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2016/000006 WO2016126151A1 (en) 2015-02-05 2016-02-05 System for establishing secure communication between multiple electronic communication devices

Country Status (1)

Country Link
WO (1) WO2016126151A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10944562B2 (en) 2018-06-03 2021-03-09 Apple Inc. Authenticating a messaging program session
CN112889302A (en) * 2018-10-19 2021-06-01 苹果公司 Media intercom over secure device-to-device communication channel
CN114640510A (en) * 2022-03-02 2022-06-17 宁波三星医疗电气股份有限公司 Method for communication by adopting separated encryption servers
US20220294613A1 (en) * 2018-11-30 2022-09-15 Siemens Aktiengesellschaft Method and apparatus for transferring data in a publish-subscribe system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711608B1 (en) * 1998-09-23 2004-03-23 John W. L. Ogilvie Method for including a self-removing code in a self-removing message
US20100138660A1 (en) * 2008-12-03 2010-06-03 Verizon Corporate Resources Group Llc Secure communication session setup
US20130159877A1 (en) * 2011-12-19 2013-06-20 Microsoft Corporation Stealth mode for interacting with electronic messages
US20130268582A1 (en) * 2012-04-05 2013-10-10 Nokia Corporation Method And Apparatus for Distributing Content Among Multiple Devices While In An Offline Mode
US20140136208A1 (en) * 2012-11-14 2014-05-15 Intermec Ip Corp. Secure multi-mode communication between agents

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711608B1 (en) * 1998-09-23 2004-03-23 John W. L. Ogilvie Method for including a self-removing code in a self-removing message
US20100138660A1 (en) * 2008-12-03 2010-06-03 Verizon Corporate Resources Group Llc Secure communication session setup
US20130159877A1 (en) * 2011-12-19 2013-06-20 Microsoft Corporation Stealth mode for interacting with electronic messages
US20130268582A1 (en) * 2012-04-05 2013-10-10 Nokia Corporation Method And Apparatus for Distributing Content Among Multiple Devices While In An Offline Mode
US20140136208A1 (en) * 2012-11-14 2014-05-15 Intermec Ip Corp. Secure multi-mode communication between agents

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10944562B2 (en) 2018-06-03 2021-03-09 Apple Inc. Authenticating a messaging program session
US11870902B2 (en) 2018-06-03 2024-01-09 Apple Inc. Authenticating a messaging program session
CN112889302A (en) * 2018-10-19 2021-06-01 苹果公司 Media intercom over secure device-to-device communication channel
US12418517B2 (en) 2018-10-19 2025-09-16 Apple Inc. Media intercom over a secure device to device communication channel
US20220294613A1 (en) * 2018-11-30 2022-09-15 Siemens Aktiengesellschaft Method and apparatus for transferring data in a publish-subscribe system
US11838409B2 (en) * 2018-11-30 2023-12-05 Siemens Aktiengesellschaft Method and apparatus for transferring data in a publish-subscribe system
CN114640510A (en) * 2022-03-02 2022-06-17 宁波三星医疗电气股份有限公司 Method for communication by adopting separated encryption servers

Similar Documents

Publication Publication Date Title
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US10129240B2 (en) Distributing security codes through a restricted communications channel
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
EP3219049B1 (en) Account recovery protocol
US9756021B2 (en) Secure messaging
US9654448B2 (en) Secure communication system for mobile devices
US10154018B2 (en) Method and system for facilitating network joining
US9118662B2 (en) Method and system for distributed off-line logon using one-time passwords
US8447970B2 (en) Securing out-of-band messages
CN116097615B (en) Authentication using key negotiation
JP2018121334A (en) Secure transfer of user information between applications
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
US20080141352A1 (en) Secure password distribution to a client device of a network
US10129229B1 (en) Peer validation
US12273328B2 (en) Message transmitting system with hardware security module
WO2016126151A1 (en) System for establishing secure communication between multiple electronic communication devices
WO2016003310A1 (en) Bootstrapping a device to a wireless network
JP5660454B2 (en) Device-to-device connection method that ensures privacy
JP2017055274A (en) Mail system, electronic mail transfer method, and program
US20240195630A1 (en) System and method of privacy-aware inter-channel communication between a business entity and a person
JP4958014B2 (en) File data transfer method, file data transfer program, file data transfer system, and communication terminal
CN118158673A (en) Application login authentication method, system, device and storage medium
WO2013044310A1 (en) A system and method for distributing secured data
JP2007251511A (en) Mail system and mail transmission reception method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16746891

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16746891

Country of ref document: EP

Kind code of ref document: A1