Patent Application Titled “Secure Communication Tool For Use Alongside Non-Secure Communications” Published Online (USPTO 20240015018): Rhinogram Inc.

2024 JAN 26 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventors Ferger, Bo (Lakesite, TN, US); Whelan, Rob (Daniel Island, SC, US), filed on September 21, 2023, was made available online on January 11, 2024.

The assignee for this patent application is Rhinogram Inc. (Chattanooga, Tennessee, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “The Apple Corporation recently released a product called Business Chat which allows businesses to chat with consumers through Messages. A different text bubble pallet, such as black and gray and instead of blue, is provided with that product which can indicate the consumer is messaging with a business rather than with an individual. The product hopes to expose advantages of a richer chat experience to businesses without forcing a user to install a different messaging application. The level of security provided by this new product is not known to the applicant.

“Traditionally, if an individual has a Smartphone operating on the iOS platform and leaves that phone unlocked, anyone can pick up that phone and open Messages to then read any of the messages contained therein. Some of those messages may contain personal information such as Protect Health Information (PHI), which is protected under HIPAA, the Health Insurance Portability and Accountability Act, or other private data desired particularly by businesses and others not to become public. Short Message Service (SMS), also known as text messages, are typically unencrypted at some point during the delivery process, thus rendering an SMS channel insecure.

“There are no access controls once Messages or Messenger is opened. Accordingly, there is a need in the marketplace for making traditionally less secure communication systems more secure, particularly both Facebook and Apple are each believed to have over two billion users.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “It is a present object of many embodiments of the present invention to provide an improved communications tool for use with less secure messaging systems to make at least some messages or communications more secure.

“It is another object of many embodiments of the present invention to provide an improved messaging tool for use with at least one of Messages and Facebook Messenger.

“It is a present object of many embodiments of the present invention to provide an improved messaging tool.

“Within traditionally unsecure environments such as Apple Messages, the applicant has discovered a way to provide for more secure communication preferably achieving at least one if not two if not three of the objectives: (a) providing encryption of data from one user to another, (b) encryption of the data at rest for at least one party, if not both, and/or © access controls as well, preferably while still permitting unsecure communications at the option of the user through the same communication tool.

“Accordingly, in accordance with many embodiments of the present invention, a tool is provided for use such as with the Apple Messages application whereby the tool cooperates with that with system to provide a method of sending and/or receiving encrypted messages from one device to another for encryption. Continued possible encryption on at least one if not both ends can be provided so that stored information at rest is encrypted. Additionally, access controls and/or session rules are preferably provided within the messaging system itself so as to be able to positively identify a particular user and/or to permit access to at least certain messages.

“Furthermore, some embodiments may provide a mechanism using traditional communication technology such as Apple Messages and/or Facebook Messenger to provide a secure messaging option so as to facilitate communications such as HIPAA regulated information for the medical industry, sufficient security to enable the financial industries to communicate with their customers as well, and/or other purpose, preferably while simultaneously permitting unsecured communication within the same channel. There may be additional markets which can benefit from this technology as well.

“Messaging applications and tools have been around for many years. In more recent years Apple has allowed developers to insert apps within the Messages platform such as Open Table (which permits users to make restaurant reservations through the Messages platform) and can allow for the transmission of video, audio, images and/or other data. While many improvements are available through the app store for the Messages experience, the applicant is unaware of any capability of being able to provide security for at least some transmitted message through the Messages platform. Accordingly, at least one embodiment of the applicant’s tool provides for encrypted messaging within this environment.

“Such a capability provides not only for an ability for the users to maintain information confidential but can also comply with HIPAA and/or various financials security regulations for privacy and/or other privacy concerns that users and/or businesses might have.

“Data received by the end user could be encrypted at rest in a cloud database server.

“Some embodiments of the applicant’s method and application envision data being sent from a user to the applicant where it is stored on the applicant’s server in an encrypted form while also being sent to an intended recipient which could also have the app used thereon (and the message possibly be stored in an encrypted manner as well until access controls are sufficiently provided). At the applicant’s server as well as on both of the sending (second party) and receiving (first party) devices, the data could be stored in a secured format so that it could be safe at rest.

“Additionally, session rules could be provided in many different ways, possibly to specific messages. Specifically, when using the messaging service with a “secure” message which might otherwise appear, if the messaging service has not been used for a period of time such as ten minutes, then the secure message may be masked such as by having an overlay provided thereon where the message becomes unreadable and/or made at least partially unreadable to the point of not being able to discern the information contained therein until the user re-enters the authorization control such as a PIN, password and/or other authorization. The “secure message” could also be removed (so that it does not appear at all and there might not even been any indication that it does exist) until authorization is provided.

“Other session rules could include logging out, placing the messaging tool in a background mode, allowing a period of time to elapse after entering the program, turning the screen off or some other action or inaction.

“Not only can encryption be provided, but data may be protected specifically by the session rules to permit the timing out and/or other session rules being applied. At rest the data (for at least selected messages, while possibly still permitting access to less secure communications) could be stored in an encrypted form. The applicant believes this technology could be applied not only to Apple Messages but also to Facebook Messenger and possibly other messaging applications which are less secure than desired by the applicant for at least some messages.

“What is particularly attractive about this technology is that a less secure messaging service can be utilized to provide a more secure environment for at least some messages possibly while still permitting communications of a non-sensitive nature in the traditional manner. Specifically, the less secure environments account for over two billion users across the world. These users are unlikely to change their messaging service to a different messaging service but could greatly benefit from an ability to utilize secure communications within the communication programs they currently utilize. Additionally, unsecured messages could still be sent and received utilizing the exact same system for at least some embodiments.

“Many texts could contain some data which might be PHI such as a first name or last name, social security number and/or any of eighteen possible identifiers currently recognized as PHI. Others may be utilized.

“Accordingly, once someone opens up their Messages or less secure communications portal, in order to read secure messages, at that time they may be able to provide a login or other authorization to read all or at least a plurality of secure messages. A separate authorization would not likely be needed to read unsecure messages. If they were to send a secure message, they may only need to touch an icon which may provide for security of that message not only when it is sent but also as it is stored on the device. As it relates to the Messages system, it may recognize that something is being sent but doesn’t necessarily know what it is. It might be treated no different from the Messages program as SMS data and/or some type of audio or image or video file (except that it is encrypted).

“After a period of time (or other session rules are applied) secure message(s) can then be masked such as by making it temporarily disappear, blurring the text, imposing a logo or other layer over it, imposing confidential over it while making it unreadable or doing something so that the text is not readable possibly while indicating that there is a secure message at that location which might be accessed. In order to access the message, it is likely that the user can click on the message to then possibly then provide a PIN, an authorization code, a passcode, or some other authorization which, once properly entered, can then allow the user to view the content of the secure message(s).

“This way the data at rest may be maintained in an encrypted format. Thus, the data, even if someone improperly accessed someone’s phone such as by picking it up and viewing it, they would be unable to view any of the secure messages as they would lack the access controls to access the data.

“Accordingly, what this tool provides is a messaging tool within a less secure messaging environment to provide at least one of access controls to at least certain messages, encryption of data from one user to another and preferably the ability to maintain encryption of data at rest at least at one of the two of the sending and/or receiver. Text bubble may be color coded to reflect the encrypted nature of the message/communication when viewed.

“Possible uses of this technology may include fitness, health, medical, finance and/or other industries.

“While the applicant has investigated a need for this tool as it relates to the Apple Messages product and Facebook Messenger, it may be possible that other Android, Google or other messaging systems may also benefit from such technology.

“In addition to time related session rules, such as a pure clock which ends the ability to view ten minutes later, an activity clock which starts on the counting down at the end of the last contact, a switch program which could then lock information if the Messages is put in a background mode or a lock screen mode. Other session rules could be applied as well.

“The proposed tool provides a way to provide compliance with not only the financial industry and HIPAA but possibly other environments which also could benefit from securely communicating data from one party and another.”

The claims supplied by the inventors are:

“1. A secure communication tool for use in exchanging secure messages between an electronic device of a first party and an electronic device of a second party within a less secure messaging system, the less secure messaging system comprising a messaging application configured to exchange unsecured messages, wherein the secure communication tool is configured to cooperate with the messaging application to enable communications of the secure messages over the less secure messaging system, the secure communication tool comprising: a user interface element configured to display a user-selectable send option on the electronic device of the second party, wherein the user-selectable send option, when selected by the second party, is configured to enable the electronic device of the second party to send a secure message over the less secure messaging system using the messaging application; and one or more access controls configured, in response to the second party selecting the user-selectable send option, to create the secure message, wherein the secure message contains at least one portion that is masked to be unreadable on the electronic device of the first party until after the first party has provided an authorization to enable the at least one masked portion to be displayed as a readable message on the electronic device of the first party.

“2. The secure communication tool of claim 1 wherein the user interface element is one of a button or an icon displayed on the electronic device of the second party.

“3. The secure communication tool of claim 1 wherein the one or more access controls are configured to create the at least one masked portion of the secure message so it is not visible on the electronic device of the first party until after the first party has provided the authorization.

“4. The secure communication tool of claim 1 wherein the one or more access controls are configured to create at least one encrypted portion in the at least one masked portion of the secure message.

“5. The secure communication tool of claim 1 wherein the one or more access controls are configured to create the at least one masked portion of the secure message to be visible on a screen of the electronic device of the first party but not readable by the first party before the authorization is provided by the first party.

“6. The secure communication tool of claim 5 wherein the one or more access controls are configured to create the at least one masked portion of the secure message including an overlay preventing the first party from reading the at least one masked portion of the secure message until after the authorization is provided by the first party and the overlay is removed.

“7. The secure communication tool of claim 1 wherein the one or more access controls are configured to create the at least one masked portion of the secure message to be displayed on a screen of the electronic device of the first party using a different background color than the unsecure messages.

“8. The secure communication tool of claim 1 wherein the authorization is one of a PIN or a password.

“9. The secure communication tool of claim 1 wherein the secure communication tool is further configured to store the at least one masked portion of the secure message on a server that is remote from both the electronic device of the first party and the electronic device of the second party.

“10. The secure communication tool of claim 1 wherein the secure communication tool is configured to cause the at least one masked portion of the secure message to be in an unreadable configuration at the electronic device of the first party if at least one rule is satisfied.

“11. The secure communication tool of claim 10 wherein the at least one rule corresponds to at least one of the first party’s electronic device logging out, the first party’s electronic device placing a messaging program in a background mode, a set period of time elapsing after the first party’s electronic device receives the authorization from the first party, a set period of time elapsing after a last key entry at the first party’s electronic device, the first party’s electronic device turning off a screen, or the first party’s electronic device ending the messaging program.

“12. The method of claim 1 wherein the less secure messaging system comprises one of Facebook Messenger or Apple Messages.

“13. A secure communication tool for use in exchanging secure messages between an electronic device of a first party and an electronic device of a second party within a less secure messaging system, the less secure messaging system comprising a messaging application configured to exchange unsecured messages, wherein the secure communication tool is configured to cooperate with the messaging application to enable communications of the secure messages over the less secure messaging system, the secure communication tool comprising: a user interface element configured to receive an authorization from the first party on the electronic device of the first party, wherein the authorization is associated with at least one masked portion of a secure message that has been received by the electronic device of the first party; and one or more access controls configured, in response to the first party providing the authorization, to convert the at least one masked portion of the secure message into a readable message for display on a screen of the electronic device of the first party.

“14. The secure communication tool of claim 13 further comprising: one or more session rules configured to return the readable message displayed on the screen of the electronic device of the first party back into an unreadable configuration of the at least one masked portion of the secure message if at least one session rule is satisfied.

“15. The secure communication tool of claim 14 wherein the at least one session rule corresponds to at least one of the first party’s electronic device logging out, the first party’s electronic device placing a messaging program in a background mode, a set period of time elapsing after the first party’s electronic device receives the authorization from the first party, a set period of time elapsing after a last key entry at the first party’s electronic device, the first party’s electronic device turning off a screen, or the first party’s electronic device ending the messaging program.

“16. The secure communication tool of claim 13 wherein the at least one masked portion of the secure message is configured so it is not visible on the electronic device of the first party until after the first party has provided the authorization.

“17. The secure communication tool of claim 13 wherein the at least one masked portion of the secure message comprises at least one encrypted portion.

“18. The secure communication tool of claim 13 wherein the secure communication tool is configured to make the at least one masked portion of the secure message visible on the screen of the electronic device of the first party but not readable by the first party before the authorization is provided by the first party.

“19. The secure communication tool of claim 18 wherein the at least one masked portion of the secure message has an overlay preventing the first party from reading the at least one masked portion of the secure message until after the authorization is provided by the first party and the overlay removed.

“20. The secure communication tool of claim 13 wherein the secure communication tool is configured to display the at least one masked portion of the secure message on the screen of the electronic device of the first party using a different background color than the unsecure messages.

“21. The secure communication tool of claim 1 wherein the authorization is one of a PIN or a password.

“22. The method of claim 1 wherein the less secure messaging system comprises one of Facebook Messenger or Apple Messages.”

For more information, see this patent application: Ferger, Bo; Whelan, Rob. Secure Communication Tool For Use Alongside Non-Secure Communications. U.S. Patent Application Number 20240015018, filed September 21, 2023 and posted January 11, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20240015018)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)