Secure communication apparatus and method

US 20030172262A1
Filed: 03/06/2002
Published: 09/11/2003
Est. Priority Date: 03/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securing information comprising:

receiving encrypted information from a sender for transmission to at least one intended recipient and an encrypted secret key encrypted using a public key associated with a secure distribution server;

decrypting the encrypted secret key to produce a decrypted secret key;

obtaining a corresponding public key of the at least one intended recipient;

encrypting the decrypted secret key for the at least one intended recipient using a corresponding public key to produce at least one recipient specific secure secret key; and

forwarding the encrypted information sent by the sender and at least one recipient specific secure secret key for the at least one corresponding intended recipient.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus, such as a secure distribution server, receives encrypted information from a sender, wherein the encrypted information is for transmission to a plurality of intended recipients. In addition to the encrypted information, the method includes receiving an encrypted secret key that is encrypted using a public key associated with the secure distribution server. The method and apparatus decrypts the encrypted secret key to produce a decrypted secret key. The method and apparatus then encrypts the decrypted secret key with the corresponding public key of at least one (or each of a plurality of) intended recipient(s) to produce at least one (or plurality of) recipient-specific secure secret keys. The method and apparatus then forwards the received encrypted information sent by the sender and also sends at least one recipient-specific secure secret key to a corresponding intended recipient.

Citations

27 Claims

1. A method for securing information comprising:
- receiving encrypted information from a sender for transmission to at least one intended recipient and an encrypted secret key encrypted using a public key associated with a secure distribution server;
  
  decrypting the encrypted secret key to produce a decrypted secret key;
  
  obtaining a corresponding public key of the at least one intended recipient;
  
  encrypting the decrypted secret key for the at least one intended recipient using a corresponding public key to produce at least one recipient specific secure secret key; and
  
  forwarding the encrypted information sent by the sender and at least one recipient specific secure secret key for the at least one corresponding intended recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 including determining a plurality of intended recipients and retrieving corresponding public keys of the plurality of intended recipients for encrypting the secret key.
  - 3. The method of claim 1 wherein the step of encrypting the decrypted secret key with a corresponding public key of the at least one intended recipient includes encrypting a copy of the decrypted secret key for each intended recipient with a corresponding recipient public key.
  - 4. The method of claim 1 including the steps of:
    - encrypting information with the secret key to produce the encrypted information, encrypting the secret key with a public key associated with the secure distribution server to produce the encrypted secret key, and sending the encrypted information and the encrypted secret key to the secure distribution server.
  - 5. The method of claim 4 wherein encrypting the secret key includes encrypting the secret key using a public key for each of a plurality of secure distribution servers to produce a plurality of secure distribution server specific encrypted secret keys.
  - 6. The method of claim 4 including storing the encrypted information in an encrypted form locally on the device that performed the step of encrypting information with the secret key.
  - 7. The method of claim 4 further including the step of encrypting the secret key, by a sending device, with a public key associated with at least one of a user of the sender and the sender sending device.
  - 8. The method of claim 1 including the step of digitally signing the information using a private signing key associated with at least one of a user of the sending device and the sender.
  - 9. The method of claim 1 further including the step of receiving the encrypted information and the encrypted secret key and forwarding the encrypted information and the encrypted secret key to the secure distribution server without decrypting the encrypted secret key.
  - 10. The method of claim 1 including the step of determining, by the secure distribution server, if the encrypted information needs to be sent to other entities, if so, encrypting the decrypted secret key using a public key associated with each of the additional entities.
  - 11. The method of claim 1 including the steps of:
    - encrypting the decrypted secret key using a public key associated with a content scanning device;
      
      sending the encrypted information and the encrypted secret key to the content scanning device;
      
      receiving a result back from the content scanning device, forwarding the encrypted information based on the result sent by the content scanning device, and at least one recipient specific secure secret key for at least one corresponding intended recipient.
  - 12. The method of claim 2 wherein retrieving the corresponding public keys of the plurality of intended recipients for encrypting the decrypted secret key includes obtaining the corresponding public keys from at least one of:
    - a certificate retrieval and validation service, an LDAP lookup and a certificate directory lookup.
  - 13. The method of claim 1 including the steps of:
    - encrypting information with the secret key to produce the encrypted information offline, encrypting the secret key with a public key associated with the secure distribution server to produce the encrypted secret key offline, and during an online session, sending the encrypted information and the encrypted secret key to the secure distribution server.
  - 14. The method of claim 1 including sending the encrypted information to a time stamper and receiving a time stamped result prior to forwarding the encrypted information and the at least one recipient specific secure secret key for the at least one corresponding intended recipient.

15. A method for securing information comprising:
- receiving, by a secure distribution server, encrypted information for transmission to a plurality of intended recipients and an encrypted secret key encrypted using a public key associated with the secure distribution server;
  
  decrypting, by the secure distribution server, the encrypted secret key to produce the secret key;
  
  obtaining, by the secure distribution server, a corresponding public key of at least one intended recipient;
  
  encrypting, by the secure distribution server, the decrypted secret key for the at least one intended recipient using a corresponding public key to produce a recipient specific secure secret key; and
  
  forwarding, by the secure distribution server, the encrypted information and the recipient specific secure secret key for a corresponding intended recipient.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 including determining the plurality of intended recipients and retrieving the corresponding public keys of the plurality of intended recipients for encrypting the secret key.
  - 17. The method of claim 16 wherein the step of encrypting includes encrypting a copy of the decrypted secret key for each intended recipient with a corresponding recipient public key.

18. A network element comprising:
- means for decrypting a received encrypted secret key encrypted using a public key associated with the network element to produce a decrypted secret key;
  
  means, operatively coupled to the means for decrypting, for obtaining a corresponding public key of at least one intended recipient;
  
  means, operatively coupled to the means for obtaining, for encrypting the decrypted secret key for the at least one intended recipient using a corresponding public key to produce a recipient specific secure secret key; and
  
  means for forwarding the encrypted information sent by the sender and at least one recipient specific secure secret key for at least one corresponding intended recipient.
- View Dependent Claims (19)
- - 19. The network element of claim 18 wherein the means for obtaining retrieves corresponding public keys of a plurality of intended recipients for encrypting the decrypted secret key from at least one of:
    - a certificate retrieval and validation service an LDAP lookup and a certificate directory lookup.

20. A storage medium comprising:
- memory containing executable instructions that when read by one or more processing devices, causes the one or more processing devices to;
  
  receive encrypted information from a sender for transmission to at least one intended recipient and an encrypted secret key encrypted using a public key associated with a secure distribution server;
  
  decrypt the encrypted secret key to produce a decrypted secret key;
  
  obtain a corresponding public key of the at least one intended recipient;
  
  encrypting the decrypted secret key for the at least one intended recipients using a corresponding public key to produce a recipient specific secure secret key; and
  
  forward the encrypted information sent by the sender and at least one recipient specific secure secret key for the at least one corresponding intended recipient.
- View Dependent Claims (21, 22, 23)
- - 21. The storage medium of claim 20 including memory containing executable instructions that when read by the one or more processing devices causes the one or more processing devices to:
    - determine a plurality of intended recipients and retrieve corresponding public keys of the plurality of intended recipients for encrypting the secret key.
  - 22. The storage medium of claim 20 including memory containing executable instructions that when read by the one or more processing devices causes the one or more processing devices to encrypt a copy of the decrypted secret key for each intended recipient with a corresponding recipient public key.
  - 23. The storage medium of claim 20 including memory containing executable instructions that when read by the one or more processing devices causes the one or more processing devices to determine if the encrypted information needs to be sent to other entities, if so, encrypting the decrypted secret key using a public key associated with each of the additional entities.

24. A secure communication system comprising:
- at least one sender that encrypts information with a secret key to produce encrypted information, encrypts the secret key with a public key associated with a network element to produce an encrypted secret key, and during an online session, sends the encrypted information and the encrypted secret key to the network element;
  
  at least one intended recipient;
  
  at least one network element, operatively coupled to the sender and to the at least one intended recipient, including;
  
  means for decrypting the received encrypted secret key encrypted using a public key associated with the network element to produce a decrypted secret key;
  
  means, operatively coupled to the means for decrypting, for obtaining a corresponding public key of the at least one intended recipient;
  
  means, operatively coupled to the means for obtaining, for encrypting the decrypted secret key for the at least one intended recipient using a corresponding public key to produce at least one recipient specific secure secret key; and
  
  means for forwarding the encrypted information sent by the sender and at least one recipient specific secure secret key for at least one corresponding intended recipient.
- View Dependent Claims (25, 26, 27)
- - 25. The system of claim 24 where in the sender encrypts information with the secret key to produce the encrypted information offline, encrypts the secret key with a public key associated with the network element to produce the encrypted secret key offline, and during an online session, sends the encrypted information and the encrypted secret key to the network element.
  - 26. The system of claim 24 wherein the means for obtaining retrieves the corresponding public keys of a plurality of intended recipients for encrypting the decrypted secret key from at least one of:
    - a certificate retrieval and validation service, an LDAP lookup and a certificate directory lookup.
  - 27. The system of claim 24 wherein the network element encrypts the decrypted secret key using a public key associated with a content scanning device;
    - sends the encrypted information and the encrypted secret key to the content scanning device;
      
      receives a result back from the content scanning device, and forwards the encrypted information based on the result sent by the content scanning device, and at least one recipient specific secure secret key for at least one corresponding intended recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Original Assignee
Entrust Incorporated (Entrust Corp.)
Inventors
Curry, Ian

Granted Patent

US 7,693,285 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/0464   using hop-by-hop encryption...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

Secure communication apparatus and method

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communication apparatus and method

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links