WO2016126151A1 - Système pour établir une communication sécurisée entre plusieurs dispositifs de communication électroniques - Google Patents

Système pour établir une communication sécurisée entre plusieurs dispositifs de communication électroniques Download PDF

Info

Publication number
WO2016126151A1
WO2016126151A1 PCT/MY2016/000006 MY2016000006W WO2016126151A1 WO 2016126151 A1 WO2016126151 A1 WO 2016126151A1 MY 2016000006 W MY2016000006 W MY 2016000006W WO 2016126151 A1 WO2016126151 A1 WO 2016126151A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic communication
communication device
encrypted
decrypted
server
Prior art date
Application number
PCT/MY2016/000006
Other languages
English (en)
Inventor
Kong Seh Kiang Kenneth
Ng Dz Yun Janice
Yee Ling Leong
Zhuo Yang
Low Randall
Tan Hong Keat Melvyn
Original Assignee
Mtouche Technology Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mtouche Technology Berhad filed Critical Mtouche Technology Berhad
Publication of WO2016126151A1 publication Critical patent/WO2016126151A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Definitions

  • the present invention relates to a system for secure multimode communication. More particularly, the present invention relates to a software messaging system for secure multimode communication between multiple electronic communication devices. BACKGROUND
  • the communication means for communicating with two or multiple users includes text messaging, instant chat, etc.
  • the present systems and methods uses different applications installed on the electronic communication devices for handling one or more communication methods such as text messaging, instant chat, etc.
  • Unfortunately there is no single application that can handle all forms of communication over an encrypted channel for securing communications.
  • the existing systems have difficulties when a sender of a communication intends for the communication to be received by multiple entities over an encrypted channel.
  • Electronic mail (email), short message service (SMS, or text), instant chats, email, voice communication by voice over IP means, video calling, group video chat and so forth (collectively, "electronic communication" are now common and perhaps indispensable methods of communication. These tools are used for both personal communication and business communication.
  • Many applications exists that offer secured mode of communication between two or more devices. It is commonly believed that the content of such communications through these applications are relatively secure and private. However, in many circumstances, an expectation of security and privacy is not well founded.
  • the applications for such communications offer a limited number of communication methods such as text messaging or instant chat and are relatively easy to intercept.
  • the communication service providers often provide archiving of messages and instant chats that may be accessed, easily or with varying degrees of effort and authority. Communications are often retained, at least temporarily, on a user's hardware device, such as a cellular telephone, tablet computer, and so on. Therefore, a misplaced or stolen device may give others access to communications retained thereon.
  • the sender encrypts a message using a key.
  • the receiver has a corresponding key, which is used to decrypt the message when received.
  • this encryption-decryption scheme such as private keys, public key exchange, and so on.
  • Problems with the encryption-decryption approach include the need for processing resources to perform the encryption-decryption on the sending and receiving devices, and the risk of loss of security of the key or the device that performs the encryption-decryption.
  • encryption usually converts a human-readable message into a jumble of numbers and letters that is not readable other than after decoding. However, the jumble of letters and numbers then appears to be just what it is an encrypted message. An unauthorized user can therefore quickly identify the message as being encrypted, and hence a target for efforts at decryption, coerced or otherwise.
  • Another technique for lending security to electronic communication is to permit communication only between pre-authorized devices.
  • a message contains code that prevents it from being delivered to, opened by or read on a machine other than one identified in that code.
  • limiting access to a network carrying the electronic communications only to approved devices ensures security.
  • problems with these approaches in general include the potential inability or difficulty to include new users in a communication, the need to expose a user's device id when sending or receiving a message, and since the message may in fact be encoded until the authenticity of the receiving device is confirmed, the presence of an encoded message may be apparent, identifying it as a target for decryption efforts.
  • the present disclosure is directed to systems and methods for providing secure electronic communications from one device to another that is both secure, in the sense of encryption, and protected, in the sense that third parties cannot access the contents of the secure message.
  • the present invention is a system for establishing secure communication between multiple electronic communication devices.
  • the system comprises a first electronic communication device installed with an application capable of performing an encrypted or decrypted data transfer, at least one second electronic communication device installed with the application capable of performing an encrypted or decrypted data transfer, at least one server capable of establishing a secure connection between the first electronic communication device and the second electronic communication device for transferring at least one encrypted or decrypted data.
  • the application installed in the first electronic communication device and the second electronic communication device is capable of transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data through the at least one server.
  • a communication network transfers the encrypted or decrypted text, multimedia, email and VoIP data from the application running in the first electronic communication device to the at least one second electronic communication device through the at least one server.
  • the system offers multiple modes of security layers by introducing AES256 military-grade encryption algorithm, RSA (1024bit) for key exchange, Hash (SHA256) for unique message signature and transferring the encrypted or decrypted data via Secure Socket Layer (SSL).
  • AES256 military-grade encryption algorithm RSA (1024bit) for key exchange
  • Hash SHA256
  • SSL Secure Socket Layer
  • the system and the method associated with the application running in the electronic communication device forms an all-in communication application that allows the user to send and receive encrypted or decrypted messages with self-destruct function.
  • the application running in the electronic communication devices allows the users to send and receive chats with encryption, email with encryption, encrypted or decrypted VoIP, encrypted or decrypted video calls, etc.
  • VoIP Voice over IP
  • FIG 1 illustrates the system for establishing a secure communication for transferring data including text, multimedia, email, video calls and Voice over IP (VoIP) data between a first electronic communication device and at least one second electronic communication device, according to a preferred embodiment of the present invention.
  • VoIP Voice over IP
  • FIG 2 illustrates a block diagram of the electronic communication device for sending and receiving data including text, multimedia, email, video calls and Voice over IP (VoIP) data, according to a preferred embodiment of the present invention.
  • VoIP Voice over IP
  • FIG 3 illustrates a block diagram of an authentication server of the system for establishing a secure communication for transferring data, according to a preferred embodiment of the present invention.
  • FIG 4 illustrates a diagram showing a general process of authorizing a user for establishing secure communication between a pair of electronic communication devices.
  • FIG 5A illustrates a diagram showing a one-time process of secure key registration for authorizing at least one user to establish secure communication using the application installed in his/her electronic communication device.
  • FIG 5B to 5C illustrates a diagram showing a process of secure key exchange for authorizing at least one user to establish secure communication between a pair of electronic communication devices, according to a preferred embodiment of the present invention.
  • FIG 6 illustrates a diagram showing a process of establishing secure chat communication with encryption between a pair of electronic communication devices of a first user and second user alone.
  • FIG 7 is a flowchart describing the complete message generation when the first user sends a message to the second user.
  • FIG 8 is a flowchart describing the complete message decryption when the second user receives a message from the first user.
  • FIG 9A to 9C illustrates a diagram showing a process of secure key exchange for authorizing multiple users to establish secure communication between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices, according to a preferred embodiment of the present invention.
  • FIG 10A illustrates a diagram showing a process of sending a message between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices, according to a preferred embodiment of the present invention.
  • FIG 10B illustrates a diagram showing a process of receiving and decrypting a message using an electronic communication device in a group chat using the present application installed in the electronic device according to a preferred embodiment of the present invention.
  • FIG 11A illustrates a diagram showing a process of sending an email using the present application installed in the electronic device according to a preferred embodiment of the present invention.
  • FIG 11B illustrates a diagram showing a process of receiving an email using the present application installed in the electronic communication device, according to a preferred embodiment of the present invention.
  • FIG 12 illustrates an architecture diagram for electronic communication device installed with the mobile application capable of transferring data including text, multimedia, email, video calls and Voice over IP (VoEP) data between the first electronic communication device and the second electronic communication device, according to a preferred embodiment of the present invention.
  • VoIP Voice over IP
  • FIG 13 illustrates an architecture diagram for the server capable of establishing a secure connection for transferring data including text, multimedia, email, video calls and Voice over EP (VoIP) data between mobile applications installed in the first electronic communication device and the second electronic communication device, according to a preferred embodiment of the present invention.
  • VoIP Voice over EP
  • One embodiment of this system for establishing secure communication between multiple electronic communication devices may employ a server running an operating system such as Windows, Linux, web-server software such as Apache, and database such as MySQL, with methods implemented through a software development language such as PHP or Java.
  • an operating system such as Windows, Linux, web-server software such as Apache, and database such as MySQL
  • MySQL database
  • the invention should not be limited to these types of software operating system, web-server software, database software, software development language, server or client hardware.
  • the present invention provides a system for transferring data by enabling efficient secure authentication between various portable communication devices.
  • the present invention overcomes inadequacies of the prior art by creating a novel architecture for secured transfer of multiple forms of data including, but not limited to, text, instant chat, multimedia, email, video calls and Voice over EP (VoIP) data using a single messaging facility in form of messages.
  • the present invention sends the plurality of information including, but not limited to, text, instant chat, multimedia, email, video calls and Voice over ⁇ (VoIP) data in form of encrypted formats, thereby improving the security of the information transferred between multiple portable electronic communication devices.
  • the methods and system provided herein are also capable of transferring data in decrypted format.
  • the present invention is a system (100) for establishing secure communication between multiple electronic communication devices.
  • the system (100) disclosed in the present inventions is used for establishing a secure communication for transferring data including text, multimedia, email, video calls and Voice over ⁇ (VoIP) data between applications running in the multiple electronic communication devices over a wireless communication network.
  • the data to be transferred may be in encrypted or decrypted format.
  • FIG 1 illustrates the system (100) for establishing a secure communication for transferring encrypted data including text, multimedia, email, video calls and Voice over ⁇ (VoEP) data between a first electronic communication device (102) and at least one second communication device (106), according to a preferred embodiment of the present invention.
  • the system (100) transfers decrypted data between the first communication device (102) and the second (106) communication device.
  • the system (100) includes the first electronic communication device (102) installed with an application capable of performing an encrypted or decrypted data transfer, at least one second electronic communication device (106) installed with the application capable of performing an encrypted or decrypted data transfer and at least one server (104) capable of establishing a secure connection between the first electronic communication device (102) and the at least one second electronic communication device (106) for transferring at least one encrypted or decrypted data over a communication network (108).
  • the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) is capable of performing encrypted or decrypted data transfer of information such as, but not limited to, text, multimedia, email, video calls and Voice over IP (VoIP) data through the server (104).
  • the communication network (108) for transferring encrypted or decrypted text, multimedia, email and VoEP data from the application running in the first electronic communication device (102) to the at least one second electronic communication device (106) can be a wireless communication network such as but not limited to, cellular communication, Wi-Fi etc.
  • the electronic communication device such as, but not limited to, a Smartphone, tablet, ultrabook, laptop, smart wearable device including Google Glass, Smartwatch etc., runs a number of applications including the mobile application for transferring encrypted or decrypted data including text, multimedia, email, video calls and Voice over ⁇ (VoIP) data.
  • VoIP Voice over ⁇
  • the electronic communication device (102, 106) comprises the at least one processing unit (200) that is equipped with a control unit (206) and an Arithmetic Logic Unit (ALU) (208), a memory unit (210), a storage unit (212), a plurality of networking devices (214) and a plurality input/output (I/O) devices (204).
  • the electronic communication device (102, 106) can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators.
  • the processing unit (200) may also include a memory that stores data.
  • the processing unit (200) might include only one of a type of component e.g. one microprocessor, or may contain multiple components of that type e.g. multiple microprocessors.
  • the processing unit (200) could be composed of a plurality of separate circuits and discrete circuit elements.
  • the processing unit (200) will essentially comprise solid-state electronic components such as a microprocessor e.g. microcontroller.
  • the processing unit (200) may be mounted on a single board in a single location or may be spread throughout multiple locations, which cooperate to act as processing unit (200).
  • the processing unit (200) may be located in a single location e.g. in proximity and/or on a common circuit carrying element such as a circuit board and/or all the components of the processing unit (200) will be closely connected.
  • the mobile application has an encryption module and an algorithm for encrypting the input data including text, multimedia, email, video calls and Voice over IP (VoIP) data.
  • the processing unit (200) is responsible for processing the instructions of the algorithm.
  • the processing unit (200) receives commands from the control unit (206) in order to perform its processing.
  • the plurality of processing units (200) may be located on a single chip or over multiple chips.
  • any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU (208).
  • the electronic communication device (102, 106) includes a variety of hardware and associated software components, where the variety of hardware components include the at least one processing unit (200) designed to control various other circuits such as information displayed on a display (202).
  • the display (202) can display the user interface of the mobile application with options for selecting a desired service such as instant chat, text messaging, multimedia, email, video calls and Voice over IP (VoIP).
  • the display (202) may be a touch screen display allowing the plurality of users to control the user interface of the mobile application using at least one gesture or touch.
  • the processing unit (200) may control the information based on inputs received from various input/output (I/O) devices (204) of the electronic communication device (102, 106) e.g. hard keys, a touch screen, voice commands from a microphone or a microphone connected to headset jack, camera and or from some other user input device.
  • the mobile application has the capability to launch the at least one camera module of the device for sending encrypted or decrypted data including multimedia messages, images or video through instant chat and for making video calls and Voice over IP (VoIP) call.
  • the mobile application installed in the electronic communication device (102, 106) allows the plurality of users to login to send or receive an encrypted or decrypted data including instant chat text, multimedia, email, video calls and Voice over IP (VoIP) data through a user interface.
  • the processing unit (200) processes the text, multimedia, email, video calls and Voice over IP (VoIP) data inputs received from the first electronic communication device (102), encrypts the information and transfers the information to the server (104).
  • the server (104) authenticates the receiver device and the encrypted or decrypted data is forwarded the second electronic communication device (106).
  • the at least one processing unit (200) is configured to process a plurality of instructions received from the server (104).
  • the server (104) can act as a central repository for receiving and storing the encrypted or decrypted data.
  • the mobile application allows the users to submit a plurality of information in form of text, instant chat, multimedia, email, video calls and Voice over EP (VoIP) data through the user interface and the data is encrypted or decrypted by the application before sending to the at least one second electronic communication device (106) through the server (104).
  • VoIP Voice over EP
  • FIG. 3 illustrates a block diagram of an authentication server (104) of the system (100) for user authentication and for establishing a secure communication for transferring encrypted or decrypted data including text, instant chat, multimedia, email, video calls and Voice over IP (VoIP) data, according to a preferred embodiment of the present invention.
  • the server (104) runs an application for user authentication and for transferring the encrypted or decrypted data to the second user or users, in case of a group chat, group messaging, group call and video call.
  • the electronic communication devices (102), (106) used to access the server (104) provides the network-based and other features discussed below, uses one or multiple applications. Such access may be by way of a computer network or communication networks (108), such as the network of networks commonly known as the Internet.
  • the communication network (108) includes a local and/or wide area network or mobile communication network.
  • the communication network (108) may be a local area network (LAN) of an enterprise and/or a virtual LAN, which is instantiated over the Internet or other networks of networks.
  • the server (104) is communicatively coupled to a database, which may store records concerning user credentials.
  • the server (104) includes similar hardware as in a computer system, which includes the processing unit (306), a network communication unit (314), at least one memory unit (304), a storage unit (308) and a plurality of I/O devices (320) for connecting to a plurality of peripheral devices including a display unit.
  • the server (104) is run by operating system software, Firmware and includes an application for user authentication (310) and transferring of encrypted or decrypted data including text, instant chat, multimedia, email, video calls and Voice over DP (VoIP) data from the mobile application running in the electronic communication devices (102, 106).
  • the processing unit (306) processes the instructions (312) of the application for user authentication (310) for establishing secure communication between the first electronic device (102) and one or more second electronic devices (106).
  • the system (100) and the method associated with the application running in the electronic communication device (102, 106) can be employed to send encrypted or decrypted messages, instant chats, email, video and voice over D? calls from the devices through the server (104).
  • the application forms an all-in communication application that allows the user to send and receive encrypted or decrypted messages with self-destruct function.
  • the application running in the electronic communication devices (102, 106) allows the users to send and receive chats with encryption, email with encryption, encrypted or decrypted VoIP, encrypted or decrypted video calls, etc.
  • the system (100) offers multiple modes of security layers by introducing AES256 military- grade encryption algorithm, RSA (1024bit) for key exchange, Hash (SHA256) for unique message signature and transferring the encrypted or decrypted data via Secure Socket Layer (SSL).
  • the encryption offered by the system (100) includes the process of encoding a message including text, instant chat, multimedia, email, video calls and Voice over ⁇ (VoIP) data that can only be decrypted by the authorized receiving device (106).
  • FIG 4 illustrates a diagram showing a general process of authorizing a user for establishing secure communication between a pair of electronic communication devices (102, 106).
  • a first user sends a request for establishing a connection with a second user.
  • the request is send from the mobile application running in the first electronic communication device (102) of the first user.
  • the server (104) receives the request and forwards the request to the second user as a notification.
  • the second user launches the secure communication application installed in the device (106) and accepts the request.
  • the secure communication application running the device (106) instructs to submit the device's (106) public key to the server (104) and a private key corresponding to the generated public key will be stored in the device (106).
  • the server (104) now receives the public key send from the device (106) of the second user.
  • the server (104) keeps the second user's device (106) public key and push forward the public key to the first user's device (102).
  • the first electronic communication device (106) automatically generates its own public key and pushes it to the server (104).
  • a private key corresponding to the generated public key will be stored in the first electronic communication device (106).
  • the server (104) keeps the first user's device (102) public key and pushes the same public key to the second electronic communication device (106). This completes a key exchange for establishing secure communication connection between the electronic communication device (102) of the first user and the electronic communication device (106) of the second user.
  • FIG 5A illustrates a diagram showing a one-time process of secure key registration for authorizing at least one user to establish secure communication using the application installed in his/her electronic communication device.
  • the electronic communication device (102) of the first user generates three sets of RSA keys, and only the public key is send to the server (104).
  • the server (104) receives and acknowledges back to the first electronic communication device (102) that the RSA public key has received.
  • This secure key registration process is performed only one time i.e. when the application is launched for the first time from the electronic communication devices (102) or (106) and register the user to the server (104).
  • FIG 5B to 5C illustrates a diagram showing a process of secure key exchange for authorizing users to establish secure communication between a pair of electronic communication devices (102, 106).
  • FIG 5B illustrates a diagram showing a process of first part of secure key exchange for authorizing at least one user to establish secure communication.
  • the first user sends a friend request to a second user from the mobile application running in the first electronic communication device (102)
  • the following process is performed in the background for a secure key exchange.
  • First the first user sends an http request of "addldentity" to the server (104).
  • the server (104) Upon receiving the http request, the server (104) generates and returns RSA encrypted data.
  • the server (104) generates and returns decrypted data.
  • the first user device (102) decrypts the first layer of encryption using first user's RSA Private key and then the first user sends over the decrypted content via Extensible Messaging and Presence Protocol (XMPP) to the second user.
  • XMPP Extensible Messaging and Presence Protocol
  • the second user receives the content and approves the request by selecting "Approved” and the second user sends an "Identity check” http request back to the server (104) as shown in FIG 5C.
  • the server (104) then generates the Hash of first user's Public key 2 and second user's Public Key 2 and returns the result to the second user. Then the second user verifies that both the hash value from the server (104) and that from the first user are identical. Then the second user stores the first user's RSA public key 3 (Pub3A).
  • the second user decrypts the content obtained in the last step of FIG 5B using the second user's RSA Private Key 2 and compares the Hash value.
  • the second user Upon successful verification, the second user will send http request "Identity Approve" to the server (104). After the server (104) is verified, it generates and returns the RSA encrypted data to the second user. In an embodiment, the server (104) generates and returns decrypted data to the second user. In case, the encrypted data is generated and returned to the second user, the second user decrypts the first layer of encryption using second user's RSA Private key 2. Then the second user sends over the decrypted content via xmpp to the first user followed by the second user will send an http request "Identity Approve". Upon successful verification, the server (104) will respond acknowledgement.
  • the first user will store the second user's RSA public key 3 (Pub3B) and thereby establishes a secure connection between the devices (102, 106) of first user and second user.
  • FIG 6 describes the message component and the breakdown.
  • the first user sends the information using the application installed in his device (102).
  • the format of encrypted message includes CipherMessage and Cipherlnfo ensuring a completely encrypted message.
  • CipherMessage includes PublicKey of second user (AesKey) + Aes(PlainMessage), which forms the encrypted content of the message.
  • the format of Cipherlnfo includes Cipher Identity and version, which forms the info of the message. The info is used for message verification and also for versioning.
  • the format of Cipher Identity includes PrivateKey of first user (Hash of (PlainMessage) + OwnJid), which is the identity of the message and is used for message verification.
  • FIG 7 describes the complete message generation when the first user sends a message to the second user.
  • the first user launches the application from his or her device then inputs plain message and sends to the second user.
  • a random Aes - 256bits Key is now generated.
  • the generated Aes Key is used to encrypt the plain message.
  • the second user's Public 1 Key (Pub IB) and the key version are obtained via http request or from local storage.
  • the Aes Key generated in step 2 i.e. while sending the plain message, is encrypted using PublB.
  • PublB PublB
  • the plain message is hashed using SHA-256.
  • the hash result is combined with the first user's Jid and the resulting output is encrypted with the first user's Public Key 3.
  • the results comprising the hash result with the first user's Jid that then encrypted with the first user's Public Key 3, encrypted Aes Key using PublB, and key version from second user's Public 1 Key (PublB) obtaining step is combined to get the encrypted message.
  • FIG 8 describes the complete message decryption process when the second user receives a message from the first user.
  • the process starts when the second user receive message from the first user.
  • step 1 the second user receives the complete encrypted message from the first user.
  • step 2 the second user decrypt the PublB (Aes Key) using the second user's RS A Private key 1.
  • step 3 the second user decrypt Aes (Plain Message) using key obtained from step 2. Now the second user will get the plain message in step 4. But the second user still has other steps to verify the received message.
  • the second user will generate the Hash of Plain Message using SHA-256.
  • the second user verifies the Pub IBs Key version with key stored locally. Then in step 7, the second user decrypt Pri3A( SHA(PlainMessage) + first user's Jid) using the first user's Public Key 3 obtained during key exchange. From the decrypted data in step 7, the second user verifies the first user's JID. From the decrypted data in step 7, the second user verifies the SHA(Plain Message) with the Hash generated in step 5. Successful completion of the above steps allows the second user to accept the plain message send by the first user.
  • FIGL 9A to 9C illustrates a diagram showing a process of secure key exchange for authorizing multiple users to establish secure communication between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices (102, 106) according to a preferred embodiment of the present invention.
  • FIG 9A illustrates a diagram showing a process of secure key generation while creating the group.
  • FIGL 9B illustrates a diagram showing a process of secure key generation while the group admin adding new member into the existing group.
  • the first user who being the admin of the group, sends request to the server (104) to get the new user's latest Public key 1.
  • the server (104) returns the new user's latest Public Key 1 (PublC).
  • the first user generate a new random aesKey and encrypts the key with the first user's Public Key 1, and the second user's Public Key 1 and the new user's Public Key 1 separately.
  • the entire keys will be uploaded to the server (104).
  • the server (104) Upon receiving all the keys, the server (104) responses with acknowledgement and the new group key version.
  • FIGL 9C illustrates a diagram showing a process of secure key generation while the group admin removes a member from the existing group.
  • the first user who being the admin of the group, can remove a member whenever desired.
  • the first user generates a new random aesKey and encrypts the key with the first user's Public Key 1 and the second user's Public Key 1 separately.
  • the entire keys will be uploaded to the server (104).
  • the server (104) responds with acknowledgement and the new group key version.
  • FIGL 10A illustrates a diagram showing a process of sending a message between a pair of electronic communication devices in a group chat using the present application installed in the electronic devices (102, 106) according to a preferred embodiment of the present invention.
  • the following steps are performed when the first user sends a message to the group.
  • the first user inputs the plain message and select send from the application installed in the electronic device (102).
  • the group Aes key will be obtained either from local DB or from the server (104).
  • the group Key version is obtained from the local DB.
  • the plain message is encrypted with Aes Key obtained in the second step and combined with group key version from the third step.
  • the Aes encryption is performed and the encrypted message includes the Plain message, Aes Key provided with the group key version.
  • FIG 10B illustrates a diagram showing a process of receiving and decrypting a message using an electronic communication device in a group chat using the present application installed in the electronic device (102, 106) according to a preferred embodiment of the present invention.
  • the process with the following steps is preformed when the second user receives the group message.
  • the second user obtains the encrypted message.
  • the second user verified the Group key version with the key stored in local DB. If the key is different then the second user detects a different Group Key version and sends request to the server (104), which is step 3.
  • the second user decrypt PublB(AesKey) to get the group Key.
  • step 2 if the Group key version with the key stored in local DB is same, then the second user obtain the group key either from step 3 or direct from local DB, which is step 4. The second user will now decrypt the encrypted message in step 1 and decrypt using the Aes Key from step 3 or 4.
  • FIG 11A illustrates a diagram showing a process of sending an email using the present application installed in the electronic communication device (102) according to a preferred embodiment of the present invention.
  • the below example explains the process of sending an email by the first user to the second user using the present application installed in the electronic communication device (102).
  • the first user inputs the plain message and select send from the application installed in the first electronic communication device (102).
  • a random Aes key is generated.
  • the second user's Public Key 1 is obtained from the server (104) or local storage.
  • the generated Aes Key is encrypted with the first user's Public Key 1 and second user's Public Key 1 separately.
  • the Plain Message is now encrypted with Aes Key and combined with content generated in the above step.
  • FIG 11B illustrates a diagram showing a process of receiving an email using the present application installed in the electronic communication device (104) according to a preferred embodiment of the present invention.
  • the second user receives the email send in steps of FIG 11A through the application installed in the first electronic communication device (102).
  • the second user receives the encrypted email content, then the second user decrypt PublB(AesKey) with the second user's Private Key 1 in a second step.
  • the plain message is obtained by decrypting Aes(Plain Message, Aes Key) with Aes key using Aes Key from the second step.
  • FIG 12 illustrates an architecture diagram for electronic communication devices (102, 106) installed with the mobile application capable of transferring encrypted data including text, multimedia, email, video calls and Voice over IP (VoIP) data between the first electronic communication device (102) and the at least one second electronic communication device (106), according to a preferred embodiment of the present invention.
  • the mobile applications installed in the electronic communication devices (102, 106) are associated with a database repository for storing user information and for storing the generated public and private keys.
  • the information send through the mobile application is stored in the local storage such as a solid-state memory.
  • the mobile application includes different modules associated with the key management process and the user management processes.
  • the mobile application further includes an encryption module providing encryption levels such as AES256 military-grade encryption algorithm, RSA (1024bit) for key exchange and Hash (SHA256) for unique message signature.
  • the encrypted text, multimedia, email, video calls and Voice over ⁇ (VoIP) data are transferred via SSL (Secure Socket Layer).
  • FIG 13 illustrates an architecture diagram for the server (104) capable of establishing a secure connection for transferring encrypted data including text, multimedia, email, video calls and Voice over IP (VoEP) data between mobile applications installed in the first electronic communication device (102) and the at least one second electronic communication device (106), according to a preferred embodiment of the present invention.
  • the server (104) is installed with an application for allowing the communication between users through the mobile applications installed in their individual electronic communication devices (102).
  • the application installed in the server (104) is associated with a database repository for storing user information and for storing the generated public and private keys.
  • the information send through the mobile application is stored in the local file storage such as a solid-state memory or hard disk of the server (104) in an encrypted form.
  • the server application includes different business logic modules associated with the key management process, the user management, group management, account payment management processes.
  • the server application further includes a module for transferring the encrypted text, multimedia, email, video calls and Voice over IP (VoIP) data via SSL (Secure Socket Layer) between the multiple electronic communication devices (102, 106).
  • VoIP Voice over IP
  • the application running in the first electronic communication device (102) allows to send the encrypted text, multimedia, email and VoIP data to the at least one second electronic communication device (106) even when the second device (106) is kept in an offline mode.
  • the at least one server (104) forms a central repository to store the encrypted text, multimedia, email and VoIP data and at least one contact information.
  • the server (104) synchronizes the encrypted text, multimedia, email and VoIP data stored in the central repository with the application running in the at least one second electronic communication device (106) comes online.
  • the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) provides an all-in encrypted communication over the communication network (108).
  • the application is capable of transferring the encrypted text chats, encrypted multimedia, encrypted email, encrypted video calls and encrypted VoIP data between the first electronic communication device (102) and the at least one second electronic communication device (106) through the at least one server (104).
  • the application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a self-destruct function to destroy the transferred encrypted messages including the encrypted text chats and the encrypted multimedia.
  • the user can opt in the option from the mobile application user interface to destroy the messages after a certain period of time automatically.
  • the mobile application running in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a stealth mode to avoid detection by unauthorized users.
  • the stealth mode is available for Android OS only.
  • the application installed in the first electronic communication device (102) and the at least one second electronic communication device (106) includes a payment system, which allows the users to pay for receiving individual services including encrypted text, multimedia, instant chat, email and VoIP data, video call over ⁇ etc. The users can select one or more desired service and can pay for that.
  • the server (104) includes a user management module for managing the users, account information of the users and the payment information associated with each user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un système (100) pour établir une communication sécurisée entre plusieurs dispositifs de communication électronique, comprenant au moins un dispositif de communication électronique (102, 106) installé avec une application capable d'effectuer un transfert de données cryptées ou décryptées et un serveur (104) destiné à établir une connexion sécurisée entre les dispositifs de communication électroniques (102, 106) par le biais d'un réseau de communication (108). L'application permet de transférer des données cryptées ou décryptées, y compris du texte, des données multimédia, du courrier électronique, des appels vidéo et des données de voix sur IP (VoIP) à travers le serveur (104). Le système (100) et le procédé associé à l'application en cours d'exécution dans les dispositifs de communication électroniques (102, 106) forme un moyen intégré de communication cryptée ou décryptée pour du texte, une discussion instantanée, des donnés multimédia, du courrier électronique, des appels vidéo et des données VoIP et permet à l'utilisateur d'envoyer et de recevoir des messages cryptés ou décryptés avec fonction d'auto-destruction. L'application empêche les pirates et les intrus de décrypter le contenu des données envoyées par l'intermédiaire de l'application, même s'ils obtiennent l'accès au serveur (104).
PCT/MY2016/000006 2015-02-05 2016-02-05 Système pour établir une communication sécurisée entre plusieurs dispositifs de communication électroniques WO2016126151A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2015700366 2015-02-05
MYPI2015700366 2015-02-05

Publications (1)

Publication Number Publication Date
WO2016126151A1 true WO2016126151A1 (fr) 2016-08-11

Family

ID=56564392

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2016/000006 WO2016126151A1 (fr) 2015-02-05 2016-02-05 Système pour établir une communication sécurisée entre plusieurs dispositifs de communication électroniques

Country Status (1)

Country Link
WO (1) WO2016126151A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10944562B2 (en) 2018-06-03 2021-03-09 Apple Inc. Authenticating a messaging program session
CN114640510A (zh) * 2022-03-02 2022-06-17 宁波三星医疗电气股份有限公司 一种采用分离的加密服务器进行通信的方法
US20220294613A1 (en) * 2018-11-30 2022-09-15 Siemens Aktiengesellschaft Method and apparatus for transferring data in a publish-subscribe system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711608B1 (en) * 1998-09-23 2004-03-23 John W. L. Ogilvie Method for including a self-removing code in a self-removing message
US20100138660A1 (en) * 2008-12-03 2010-06-03 Verizon Corporate Resources Group Llc Secure communication session setup
US20130159877A1 (en) * 2011-12-19 2013-06-20 Microsoft Corporation Stealth mode for interacting with electronic messages
US20130268582A1 (en) * 2012-04-05 2013-10-10 Nokia Corporation Method And Apparatus for Distributing Content Among Multiple Devices While In An Offline Mode
US20140136208A1 (en) * 2012-11-14 2014-05-15 Intermec Ip Corp. Secure multi-mode communication between agents

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711608B1 (en) * 1998-09-23 2004-03-23 John W. L. Ogilvie Method for including a self-removing code in a self-removing message
US20100138660A1 (en) * 2008-12-03 2010-06-03 Verizon Corporate Resources Group Llc Secure communication session setup
US20130159877A1 (en) * 2011-12-19 2013-06-20 Microsoft Corporation Stealth mode for interacting with electronic messages
US20130268582A1 (en) * 2012-04-05 2013-10-10 Nokia Corporation Method And Apparatus for Distributing Content Among Multiple Devices While In An Offline Mode
US20140136208A1 (en) * 2012-11-14 2014-05-15 Intermec Ip Corp. Secure multi-mode communication between agents

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10944562B2 (en) 2018-06-03 2021-03-09 Apple Inc. Authenticating a messaging program session
US11870902B2 (en) 2018-06-03 2024-01-09 Apple Inc. Authenticating a messaging program session
US20220294613A1 (en) * 2018-11-30 2022-09-15 Siemens Aktiengesellschaft Method and apparatus for transferring data in a publish-subscribe system
US11838409B2 (en) * 2018-11-30 2023-12-05 Siemens Aktiengesellschaft Method and apparatus for transferring data in a publish-subscribe system
CN114640510A (zh) * 2022-03-02 2022-06-17 宁波三星医疗电气股份有限公司 一种采用分离的加密服务器进行通信的方法

Similar Documents

Publication Publication Date Title
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US10129240B2 (en) Distributing security codes through a restricted communications channel
EP3219049B1 (fr) Protocole de récupération de compte
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
US9654448B2 (en) Secure communication system for mobile devices
US9756021B2 (en) Secure messaging
US9118662B2 (en) Method and system for distributed off-line logon using one-time passwords
US8447970B2 (en) Securing out-of-band messages
CN106576043B (zh) 病毒式可分配可信消息传送
US20170033925A1 (en) Methods and apparatus for implementing a communications system secured using one-time pads
JP2018121334A (ja) アプリケーション間でユーザ情報を安全に転送すること
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
US20180288617A1 (en) Transferable ownership tokens for discrete, identifiable devices
US20080141352A1 (en) Secure password distribution to a client device of a network
US10129229B1 (en) Peer validation
US11626980B2 (en) Authentication using key agreement
WO2016126151A1 (fr) Système pour établir une communication sécurisée entre plusieurs dispositifs de communication électroniques
KR20210049421A (ko) 블록체인 키를 이용한 사용자 인증 기반의 요청 처리 방법, 그 방법이 적용된 시스템
WO2016003310A1 (fr) Amorçage d'un dispositif à un réseau sans fil
JP2017055274A (ja) メールシステム、電子メールの転送方法及びプログラム
JP4958014B2 (ja) ファイルデータ転送方法、ファイルデータ転送プログラム、ファイルデータ転送システム、及び通信端末
JP2007251511A (ja) メールシステム及びメール送受信方法
WO2013044310A1 (fr) Système et procédé de distribution de données sécurisées

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16746891

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16746891

Country of ref document: EP

Kind code of ref document: A1