公开(公告)号：US11082412B2

公开(公告)日：2021-08-03

申请号：US15647569

申请日：2017-07-12

Applicant: Wickr Inc.

Inventor： Thomas Michael Leavy ,  Christopher Howell ,  Joël Alwen

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/14 ,  G06F21/60

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

公开(公告)号：US10944713B1

公开(公告)日：2021-03-09

申请号：US15988228

申请日：2018-05-24

Applicant: Wickr Inc.

Inventor： Christopher Howell ,  Robert Statica ,  Kara Lynn Coppa

IPC: H04L12/58 ,  H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  H04L9/06

Abstract: Secure directory services are disclosed. A cryptographic hash of a foreign identifier associated with a potential user is received. A determination is made that the received cryptographic hash of the foreign identifier matches a representation of a stored entry. In response to the determination, a transmission of a representation of a native identifier associated with the stored entry is transmitted to the sender of the cryptographic hash of the foreign identifier.

公开(公告)号：US10911431B2

公开(公告)日：2021-02-02

申请号：US16106862

申请日：2018-08-21

Applicant: Wickr Inc.

Inventor： Thomas Michael Leavy ,  Joël Alwen ,  Christopher Howell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F21/60

Abstract: The present disclosure describes techniques that allow for a client-side application, located on a first client device, to generate a random encryption key and encrypt locally-stored application data with the random encryption key. In order to ensure that the client-device application is unable to decrypt the locally-stored encrypted application data prior to authenticating with an external authentication source (i.e., SSO, IdP), the client-side application divides the random encryption key into at least a first share and a second share according to a secret sharing algorithm. The first share is transmitted to a trusted third party, while the second share is encrypted locally and stored in a secure location on the client device. Upon successful authentication, the trusted third party returns the second share to the first client device. The client-side application derives the random encryption key and decrypts the locally-stored encrypted application data to be used by the client-side application. By dividing the key used to encrypt the client-side application data and storing one of the secret shares necessary to deriving the key at a trusted third party, the present disclosure solves the problem of how to encrypt local application data when the login credentials for the application are managed by a trusted third party, such as an SSO system.

公开(公告)号：US10581817B1

公开(公告)日：2020-03-03

申请号：US15905242

申请日：2018-02-26

Applicant: Wickr Inc.

Inventor： Christopher Howell ,  Robert Statica ,  Kara Lynn Coppa

IPC: H04L9/32 ,  H04L29/06

Abstract: A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

公开(公告)号：US10242217B1

公开(公告)日：2019-03-26

申请号：US15715774

申请日：2017-09-26

Applicant: Wickr Inc.

Inventor： Thomas Michael Leavy ,  Christopher Howell ,  David A. Sugar ,  Dipakkumar R. Kasabwala ,  Ernest W. Grzybowski

IPC: G06F21/62 ,  H04L9/32 ,  H04L29/06

Abstract: The present disclosure describes techniques for storing encrypted files in a secure file repository and transferring those encrypted files to one or more recipients. A user selects a file to upload to a secure file repository. A secure collaboration app on the user's device generates a first encryption key that is used to encrypt the file. The encrypted file is then uploaded to the secure file repository, which provides the secure collaboration app with a random file name and a location of the encrypted file. The secure collaboration app updates locally stored metadata of the first encrypted file. To securely transfer the file, the user generates a second encryption key, encrypts the metadata with the second encryption key, and transmits the encrypted metadata to one or more receivers. The one or more receivers decrypt the encrypted metadata and use the decrypted metadata to retrieve the file and decrypt it.

公开(公告)号：US10038677B1

公开(公告)日：2018-07-31

申请号：US15496187

申请日：2017-04-25

Applicant: Wickr Inc.

Inventor： Christopher Howell ,  Robert Statica ,  Kara Lynn Coppa

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0421 ,  G06F3/0416 ,  G06F3/0488 ,  G06F21/62 ,  G06F2203/04104 ,  G06K9/00201 ,  H04L9/08 ,  H04L9/0816 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/30 ,  H04L9/3066 ,  H04L9/3236 ,  H04L63/04 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0853 ,  H04L2209/24

Abstract: A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

公开(公告)号：US20180212771A1

公开(公告)日：2018-07-26

申请号：US15447741

申请日：2017-03-02

Applicant: Wickr Inc.

Inventor： Christopher Howell ,  Thomas Michael Leavy

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/32

CPC classification number: H04L9/0894 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/085 ,  H04L9/0863 ,  H04L9/0869 ,  H04L9/14 ,  H04L9/3066 ,  H04L9/3247 ,  H04L2209/38

Abstract: The present disclosure describes a system, method, and non-transitory computer readable medium for provisioning multiple instances of a secure communication application on multiple devices. A secure communication application on a first device generates a first set of private keys that are associated with the user and a second set of keys that are associated with the secure communication application executing on the first device. The first set of private keys establishes a set of root identifying keys for the user that are identical for all installations of the secure communication application, while the second set of keys will vary from device to device. In this regard, the first set of root identifying keys must be securely transferred from the first device to any subsequent installations of the secure communication application on one or more second devices. This establishes a high degree of trust since each installation of the secure communication application is linked to the first set of root identifying keys and allows the user to send and receive encrypted communications on multiple devices from the same trusted root keys.

公开(公告)号：US11330003B1

公开(公告)日：2022-05-10

申请号：US15812244

申请日：2017-11-14

Applicant: Wickr Inc.

Inventor： Christopher Howell ,  Robert Statica ,  Kara Lynn Coppa

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/55 ,  H04L12/58 ,  H04L9/08 ,  G06F21/31 ,  H04L51/18 ,  H04L51/046

Abstract: A secure messaging platform for an enterprise environment is disclosed. The secure messaging platform enables users to exchange encrypted communications. Further, the secure messaging platform allows enterprise platforms to review the encrypted communications to ensure that they comply with company policies. Messages that comply with company policies may be provided to their intended recipients, while messages that fail to comply with company policies are not provided to their intended recipients. Additionally, the encrypted communications may be retained for a predetermined time.

公开(公告)号：US10791196B2

公开(公告)日：2020-09-29

申请号：US15689247

申请日：2017-08-29

Applicant: Wickr Inc.

Inventor： Arjun Bhatnagar ,  Christopher Howell

IPC: H04L29/08 ,  H04L12/58 ,  G06F16/182 ,  H04L29/06 ,  H04L12/18

Abstract: A secure communication platform includes a user database that allows users from different secure communication networks to perform directory look-ups to access keys, and other information, for recipients outside of their network. Users from different secure communication networks may request, from the database, user information of users outside their secure communication. The user information may allow the users of different secure communication networks to exchange secure communications. The secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender, and allowing the secure communications to flow across different secure communication networks.

公开(公告)号：US20190356650A1

公开(公告)日：2019-11-21

申请号：US16106862

申请日：2018-08-21

Applicant: Wickr Inc.

Inventor： Thomas Michael Leavy ,  Joël Alwen ,  Christopher Howell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F21/60

Abstract: The present disclosure describes techniques that allow for a client-side application, located on a first client device, to generate a random encryption key and encrypt locally-stored application data with the random encryption key. In order to ensure that the client-device application is unable to decrypt the locally-stored encrypted application data prior to authenticating with an external authentication source (i.e., SSO, IdP), the client-side application divides the random encryption key into at least a first share and a second share according to a secret sharing algorithm. The first share is transmitted to a trusted third party, while the second share is encrypted locally and stored in a secure location on the client device. Upon successful authentication, the trusted third party returns the second share to the first client device. The client-side application derives the random encryption key and decrypts the locally-stored encrypted application data to be used by the client-side application. By dividing the key used to encrypt the client-side application data and storing one of the secret shares necessary to deriving the key at a trusted third party, the present disclosure solves the problem of how to encrypt local application data when the login credentials for the application are managed by a trusted third party, such as an SSO system.