Message handling with format translation and key management

US 20030065941A1
Filed: 09/05/2001
Published: 04/03/2003
Est. Priority Date: 09/05/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for message handling over a wide area network, the wide area network including a first computer, a second computer and a key server computer, wherein there is a first address associated with the first computer and a second address associated with the second computer, the method comprising the steps of:

maintaining a key repository of public keys for a plurality of users on the key server computer;

generating a message by a first user for a second user addressed to the second computer;

accessing with the first computer the key repository on the key server computer to determine whether there is a public key associated with the second computer address stored in the key repository;

when there is a public key associated with the second computer address stored in the key repository, downloading said associated public key to the first computer;

encrypting the generated message using the downloaded public key; and

transmitting the encrypted message from the first computer to the second computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A subscribing user generates a private key and a corresponding public key stored locally in a “key-ring.” The public key is uploaded to a key repository on a communications server, where public keys of subscribers are maintained. When sending a secure message, the sender'"'"'s key-ring is checked to determine whether the public key for the recipient is present. If yes, then the public key is used to encrypt the message. If no, then a lookup request is sent to the server to determine whether a public key is available for the recipient. If there is, then the public key is downloaded from the repository to the sender. When the recipient receives the secure message, the recipient'"'"'s private key is used to decrypt the message. The sender'"'"'s most recent public key also is transmitted with the message and stored in the recipient'"'"'s key-ring for future messages sent back to the key owner. Automated key management features are included.

Citations

25 Claims

1. A method for message handling over a wide area network, the wide area network including a first computer, a second computer and a key server computer, wherein there is a first address associated with the first computer and a second address associated with the second computer, the method comprising the steps of:
- maintaining a key repository of public keys for a plurality of users on the key server computer;
  
  generating a message by a first user for a second user addressed to the second computer;
  
  accessing with the first computer the key repository on the key server computer to determine whether there is a public key associated with the second computer address stored in the key repository;
  
  when there is a public key associated with the second computer address stored in the key repository, downloading said associated public key to the first computer;
  
  encrypting the generated message using the downloaded public key; and
  
  transmitting the encrypted message from the first computer to the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the generated message is a first message, and further comprising the steps of:
    - storing the dowloaded public key on the first computer, along with a timestamp and the associated second computer address;
      
      generating a second message by the first user for the second user addressed to the second computer;
      
      encrypting the generated second message using the public key associated with the second computer address stored on the first computer; and
      
      transmitting the encrypted second message from the first computer to the second computer.
  - 3. The method of claim 1, further comprising the steps of:
    - generating a private key and a corresponding public key for the second user on the second computer;
      
      uploading the corresponding public key into the key repository of the key server computer, wherein the steps of generating the private key and uploading the corresponding public key are performed prior to the step of downloading;
      
      receiving at the second computer the encrypted message transmitted from the first computer;
      
      decrypting the encrypted message using the private key.
  - 4. The method of claim 3, further comprising the steps of:
    - reading a public key associated with a first user which is included with the encrypted first message;
      
      storing the public key associated with the first user on the second computer;
      
      encrypting a second message using the public key associated with the first user; and
      
      transmitting the encrypted second message from the second computer to the first computer.
  - 5. The method of claim 3, further comprising the steps of:
    - transmitting from the second computer to the key server computer a request that a token be sent back to the second computer at a second user address;
      
      generating and storing the token on the key server computer, wherein the token is associated with the second user address;
      
      sending the token to the second user address;
      
      receiving the token at the second computer; and
      
      wherein the step of uploading comprises the steps of;
      
      transmitting from the second computer to the key server computer a request to add the public key of the second user into the key repository, wherein included with the request to add the second user'"'"'s public key is the token;
      
      verifying that the token received at the key server computer is the same as the token stored for the second user address; and
      
      when the token is successfully verified as being the token stored for the second user address, storing the requested public key into the key repository.
  - 6. The method of claim 1, further comprising the steps of:
    - determining whether there is a private key and corresponding public key for the first user stored locally on the first computer;
      
      when either one or both of the private key and corresponding public key are not stored locally on the first computer, determining whether the first user has a first user address in use on another computer;
      
      when the first user does not have the first user address in use on another computer, generating a private key and a corresponding public key associated with the first user address.
  - 7. The method of claim 6, further comprising the steps of:
    - when the first user does have the first user address in use on another computer, instructing the first user to download the private key and corresponding public key from said other computer to the first computer.
  - 8. The method of claim 3, further comprising the steps of:
    - receiving at the second computer the encrypted message transmitted from the first computer;
      
      unsuccessfully decrypting the encrypted message at the second computer;
      
      determining whether there is a valid key pair of a private key and a corresponding public on the second machine for the second user address, wherein the step of determining comprises;
      
      transmitting key data from the second computer to the key server; and
      
      evaluating the key data at the key server to determine whether there is a valid key pair.
  - 9. The method of claim 8, further comprising the steps of:
    - when there is not a valid key pair on the second computer, downloading the valid key pair for the second user from another computer onto the second computer.
  - 10. The method of claim 8, further comprising the steps of:
    - when there is not a valid key pair on the second computer, generating a new key pair including a private key and a corresponding public key for the second user;
      
      uploading the corresponding public key of the second user into the key repository of the key server computer;
      
      sending a message to the first user at the first computer, including the public key of the second user generated as part of the new key pair;
      
      re-encrypting the generated message using the new public key of the second user;
      
      transmitting the re-encrypted message from the first computer to the second computer. receiving at the second computer the re-encrypted message transmitted from the first computer;
      
      decrypting the re-encrypted message using the private key from the new key pair.

11. A method for message handling over a wide area network, the wide are network including a first computer, a second computer and a key server computer, wherein there is a first address associated with the first computer and a second address associated with the second computer, the method comprising the steps of:
- generating a private key and a corresponding public key for a first user on the first computer, wherein said corresponding public key is used for encrypting messages intended to be received by the first user, and wherein the private key is used for decrypting messages which have been encrypted using the corresponding public key;
  
  transmitting from the first computer to the key server computer a request that a token be sent back to the first computer at a first user address;
  
  generating and storing the token on the key server computer, wherein the token is associated with the first user address;
  
  sending the token to the first user address;
  
  receiving the token at the first computer;
  
  transmitting from the first computer to the key server computer a request to add the public key of the first user into a key repository maintained by the key server computer, wherein included with the request to add the public key is the token;
  
  verifying that the token received at the key server computer is the same as the token stored for the first user address; and
  
  when the token is successfully verified as being the token stored for the first user address, storing the requested public key into the key repository.

12. A message handling system, comprising:
- a message services server, comprising a key repository database and a subscriber request processor, wherein the key repository comprises public keys for a plurality of users having corresponding user addresses;
  
  a plurality of computers wherein each one computer of the plurality of computers has access to other computers of the plurality of computers and to the message services server, each one computer of the plurality of computers comprising;
  
  a key database and a message processor for handling secure messages;
  
  wherein the subscriber request processor responds to requests from the plurality of computers, the requests comprising a lookup request, an upload request and a token request;
  
  the lookup request being to find a public key in the key repository associated with a specific user address;
  
  an upload request being to upload a public key associated with a user address from the requesting computer of the plurality of computers into the key repository; and
  
  a token request being to have the message services server transmit a token to a requesting computer of the plurality of computers, the token used by the requesting computer during a subsequent upload request to validate sad subsequent request.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The message handling system of claim 12, wherein the message processor for a receiving computer of the plurality of computers, generates a private key and a corresponding public key for a recipient user on the receiving computer;
    - uploads the corresponding public key into the key repository;
      
      receives an encrypted message transmitted from a sending computer;
      
      decrypting the encrypted message using the private key.
  - 14. The system of claim 13, wherein the message processor for the receiving computer of the plurality of computers, reads a public key associated with a sender user which is included with the encrypted message;
    - stores the public key associated with the first user in the key database of the receiving computer; and
      
      encrypts a second message using the public key associated with the first user.
  - 15. The message handling system of claim 12, wherein the message processor for a sending computer of the plurality of computers, accesses the key repository to determine whether there is a public key associated with a recipient address stored in the key repository;
    - when there is a public key associated with the recipient address stored in the key repository, downloading said associated public key to the sending computer;
      
      storing the downloaded public key in the key database of the sending computer; and
      
      encrypting the generated message using the downloaded public key.
  - 16. The system of claim 13, wherein each one computer of the plurality of computers comprises:
    - means for determining whether there is a valid key pair of a private key and a corresponding public on said one computer for a specific user address.

17. A method for sending messages from a client computer onto a wide area network, comprising the steps of:
- formatting a message into at least a header portion and a body portion to achieve a prepared message;
  
  receiving a user command to send the prepared message;
  
  intercepting at a client computer the prepared message prior to transmitting the prepared message over a wide area network;
  
  performing an operation on the prepared message to achieve a transformed message; and
  
  transmitting the transformed message over the wide area network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, in which the step of performing comprises:
    - implementing a prescribed viewing format onto the prepared message.
  - 19. The method of claim 17, in which the step of performing comprises:
    - encrypting the prepared message.
  - 20. The method of claim 17, in which the step of performing comprises:
    - testing whether the prepared message has been generated by an authorized program of the client computer; and
      
      preventing transmission when the prepared message is generated by an unauthorized program.
  - 21. The method of claim 17, in which the step of performing comprises transforming a message handling protocol of the prepared message.

22. A method for handling incoming messages to a client computer from a wide area network, comprising the steps of:
- intercepting an incoming message;
  
  directing the incoming message into a common in-box for messages of varying protocols;
  
  processing messages in the in-box prior to viewing by a user, wherein specific access points are available during the step of processing to perform specific operations on the message being processed;
  
  accessing the incoming message in the in-box being processed and transforming the incoming message from a first protocol used for sending the message into a different protocol.
- View Dependent Claims (23)
- - 23. The method of claim 22, wherein the first protocol is a first e-mail protocol and the different protocol is one protocol from the group of protocols including:
    - voice mail protocol and a second e-mail protocol.

24. A method for handling incoming messages to a client computer from a wide area network, comprising the steps of:
- intercepting an incoming message prior to being fully received;
  
  testing the incoming message for presence of a virus;
  
  determining handling of the incoming message according to a result of the testing step;
  
  when a virus is not detected, directing the incoming message into a common in box for messages of varying protocols;
  
  processing messages in the in box prior to viewing by a user, wherein specific access points are available during the step of processing to perform specific operations on the message being processed.
- View Dependent Claims (25)
- - 25. The method of claim 24 in which a hierarchy of access points and corresponding operations are performed, including an access point for a decryption operation, and access point for a viewer design operation and an access point for organizing incoming messages into a log.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eAcceleration Corporation
Original Assignee
eAcceleration Corporation
Inventors
Smith, Timothy W., Ayers, Christopher D., Horn, Daniel K., Delmendo, Jon G., Sines, Joseph P., Olsen, Andrew E., Spates, Ricardo L., Lizon, Joshua N., Ballard, Clinton L.

Application Number

US09/946,773
Publication Number

US 20030065941A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/04 for providing a confidentia...

Message handling with format translation and key management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Message handling with format translation and key management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links