Search

EP-3659294-B1 - SECURE MESSAGING

EP3659294B1EP 3659294 B1EP3659294 B1EP 3659294B1EP-3659294-B1

Inventors

  • KOYUN, ISMET
  • SARIHAN, TAN

Dates

Publication Date
20260513
Application Date
20170728

Claims (12)

  1. A method performed by an apparatus (100), said method comprising: - obtaining (401) a payload information item that is to be communicated to at least one recipient, - obtaining (402)an encrypted payload information item (700) by encrypting said payload information item such that it is decryptable by use of a first decryption key, - obtaining (403)an encrypted first decryption key (800) by encrypting said first decryption key such that it is decryptable by use of a second decryption key which is not known by said at least one recipient, - sending or triggering sending (404) a message (900) containing said encrypted payload information item (700) and said encrypted first decryption key (800) to said at least one recipient, - receiving (405) a request for said second decryption key from said at least one recipient, - determining (406) whether said at least one recipient is allowed to access said encrypted payload information item, - sending or triggering sending (407) said second decryption key to said at least one recipient in response to said request, wherein said second decryption key is only sent or triggered to be sent to said at least one recipient in response to said request, if it is determined that said at least one recipient is allowed to access said encrypted payload information item
  2. The method according to claim 1, wherein said encrypted payload information item (700) and/or said encrypted first decryption key (800) are decryptable by use of at least one asymmetric cryptography algorithm, at least one symmetric cryptography algorithm or a combination thereof.
  3. The method according to any of claims 1 and 2, said method further comprising: - generating or triggering generating said first decryption key and/or said second decryption key.
  4. The method according to any of claims 1 to 3, wherein said first decryption key and/or said second decryption key are generated at least partially based on a random number generator or a pseudo random number generator such that said first decryption key and/or said second decryption key are not known by said at least one recipient.
  5. The method according to any of claims 1 to 4, wherein said first decryption key and/or said second decryption key are only to be used by the at least one recipient.
  6. The method according to any of claims 1 to 4, wherein said first decryption key and/or said second decryption key are to be used by a plurality of recipients, wherein said at least one recipient is one of the plurality of recipients, and wherein said payload information item is to be communicated to said plurality of recipients.
  7. The method according to any of claims 1 to 6, wherein said determining whether said at least one recipient is allowed to access said payload information item is at least partially based on an authentication information item contained in said request for authenticating said at least one recipient, an identification information item contained in said request for identifying said at least one recipient, a validity time of said payload information item, a validity time of said first decryption key and/or said second decryption key, a geographical validity of said first decryption key and/or said second decryption key or a combination thereof.
  8. The method according to any of claims 1 to 7, wherein said message (900) containing said encrypted payload information item further contains at least one of: - a signature information item, - a recipient information item, - a key information item, - an encryption information item, and - a message policy information item.
  9. An apparatus, said apparatus comprising means(101-105, 201-204) for performing the method according to any of claims 1 to 8.
  10. A computer program code, said computer program code when executed by a processor causing an apparatus to perform the actions of the method according to any of claims 1 to 8.
  11. A system, said system comprising: - at least one apparatus (100) comprising means for performing the method according to any of claims 1 to 8, and - at least one further apparatus (200-1, 200-2) comprising means for performing a method comprising: - receiving (501) a message (900) containing an encrypted payload information item (700) that is decryptable by use of a first decryption key, said message (900) further containing an encrypted first decryption key (800) that is decryptable by use of a second decryption key, wherein access to said second decryption key is controlled by a sender of said message, - obtaining (502) said second decryption key, - obtaining (503) said first decryption key by decrypting said encrypted first decryption key by use of said second decryption key, and - decrypting (504) said encrypted payload information item (700) by use of said first decryption key.
  12. The system according to claim 11, wherein said second decryption key is obtained by: - sending or triggering sending (5021) a request for said second decryption key to a sender of said message (900) containing said encrypted payload information item, and - receiving (5022) said second decryption key from said sender in response to said request.

Description

FIELD The invention relates to the field of secure messaging and more specifically for sending and/or receiving a secure message. BACKGROUND For secure messaging, messages may be encrypted in an asymmetric cryptography system today by use of a public key of an asymmetric key pair of the recipient. Since only the recipient knows the private key of his asymmetric key pair, only the recipient can decrypt and, thus, access the message. US7961879B1 discloses an example of secure messaging. SUMMARY OF SOME EMBODIMENTS OF THE INVENTION According to a first aspect of the invention, a method performed by an apparatus is presented, which comprises: obtaining a payload information item that is to be communicated to at least one recipient,obtaining an encrypted payload information item by encrypting the payload information item such that it is decryptable by use of a first decryption key,obtaining an encrypted first decryption key by encrypting the first decryption key such that it is decryptable by use of a second decryption key which is not known by the at least one recipient, andsending or triggering sending a message containing the encrypted payload information item and the encrypted first decryption key to the at least one recipient. According to the first aspect of the invention, an apparatus is presented, which comprises means for performing the method according to the first aspect of the invention. For example, the method according to the first aspect of the invention may be a method performed by the apparatus according to the first aspect of the invention. The apparatus and the method according to the first aspect of the invention may be for secure messaging, for example for sending a secure message. The apparatus according to the first aspect of the invention may be or may be part of a device such as a sender device or a server device (e.g. a key server device), for example a sender device or a server device for a messaging system (e.g. the system according to the third aspect of the invention). Alternatively, the apparatus according to the first aspect of the invention may comprise or may be formed by one or more devices such as a sender device and/or a server device (e.g. a key server device), for example a sender device and/or a server device for a messaging system (e.g. the system according to the third aspect of the invention). According to the first aspect of the invention, a computer program code is presented, the computer program code when executed by a processor causing an apparatus to perform the actions of the method according to first aspect of the invention. According to the first aspect of the invention, a computer readable storage medium (e.g. a tangible and/or non-transitory computer readable storage medium) is presented, in which the computer program code according to the first aspect of the invention is stored. According to a second aspect of the invention, a method performed by an apparatus is presented, which comprises: receiving a message containing an encrypted payload information item that is decryptable by use of a first decryption key, the message further containing an encrypted first decryption key that is decryptable by use of a second decryption key,obtaining the second decryption key,obtaining the first decryption key by decrypting the encrypted first decryption key by use of the second decryption key, anddecrypting the encrypted payload information item by use of the first decryption key. According to the second aspect of the invention, an apparatus is presented, which comprises means for performing the method according to the second aspect of the invention. For example, the method according to the second aspect of the invention may be a method performed by the apparatus according to the second aspect of the invention. The apparatus and the method according to the second aspect of the invention may be for secure messaging, for example for receiving a secure message. The apparatus according to the second aspect of the invention may be or may be part of a device such as a recipient device or a client device, for example a recipient device or a client device for a messaging system (e.g. the system according to the third aspect of the invention). Alternatively, the apparatus according to the second aspect of the invention may comprise or may be formed by one or more devices such as a recipient device (e.g. a user device) and/or a client device, for example a recipient device (e.g. a user device) and/or a client device for a messaging system (e.g. the system according to the third aspect of the invention). According to the second aspect of the invention, a computer program code is presented, the computer program code when executed by a processor causing an apparatus to perform the actions of the method according to second aspect of the invention. According to the second aspect of the invention, a computer readable storage medium (e.g. a tangible and/or non-transitory computer readable