Secure PKI proxy and method for instant messaging clients

US 20030204741A1
Filed: 04/26/2002
Published: 10/30/2003
Est. Priority Date: 04/26/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for facilitating instant messaging comprising:

intercepting instant messages to or from an instant messaging client; and

applying a public key based cryptographic operation on the intercepted instant messages using at least one of a private key associated with an instant message originator and a public key associated with an instant message recipient, to produce at least one end to end PKI secured instant message packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Briefly, an instant messaging secure PKI proxy provides public key-based secure instant messaging by intercepting messages to or from an instant messaging client, such as an instant messaging client running on a client device, and applies a public key-based cryptographic operation on the intercepted instant messages using at least a private key associated with an instant message originator or a public key associated with an instant message originator to produce an end-to-end public key infrastructure secured instant message. As such, the device and methods provide non-services repudiation and public key-based encryption services for content of instant messages during an instant message session helping to insure that the information will not be disclosed to unauthorized parties and assuring that the identities of all the participants are known and trusted without impairing local messaging clients.

Citations

25 Claims

1. A method for facilitating instant messaging comprising:
- intercepting instant messages to or from an instant messaging client; and
  
  applying a public key based cryptographic operation on the intercepted instant messages using at least one of a private key associated with an instant message originator and a public key associated with an instant message recipient, to produce at least one end to end PKI secured instant message packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 including the step of digitally signing, using a private signing key of at least one of:
    - the instant messaging originator and a trusted authority, an instant messaging log containing data representing PKI secured instant message packets sent or received by the instant messaging originator.
  - 3. The method of claim 1 wherein the step of intercepting instant messages to/from an instant messaging client includes using a first instant messaging secure PKI proxy associated with an instant messaging originator to intercept instant messages to/from the instant messaging client.
  - 4. The method of claim 1 including the step of determining a type of public key based cryptographic operation to perform on intercepted instant messages in response to evaluation of at least one of:
    - a secure buddy list, instant message type data, instant message direction data and data within an instant message packet payload.
  - 5. The method of claim 3 including the steps of:
    - using a second instant messaging secure PKI proxy executing on an instant messaging recipient to intercept instant messages sent by the first instant messaging secure PKI proxy; and
      
      performing reverse public key cryptographic operations on intercepted traffic from the first instant messaging secure PKI proxy sent to an instant messaging client associated with [executing on] the instant messaging recipient.
  - 6. The method of claim 5 wherein the step of performing reverse public key cryptographic operations includes at least one of:
    - decrypting an intercepted PKI secured instant message using a private decryption key associated with the instant message recipient and verifying a digital signature associated with the intercepted PKI secured instant message using a public verification key associated with the instant message originator.
  - 7. The method of claim 1 including generating a secure buddy list that identifies instant message buddies that are designated as parties for which end to end PKI cryptographic operations are to be applied to associated instant messages.
  - 8. The method of claim 7 including digitally signing the secure buddy list by the instant messaging originator.
  - 9. The method of claim 7 wherein the secure buddy list includes data representing at least one of:
    - mandatory secure buddies, mandatory unsecure buddies, allowance of security override by a user and allowance of user to configure the buddy list.

10. A method for facilitating instant messaging comprising:
- receiving PKI encrypted instant message traffic;
  
  decrypting the PKI encrypted instant message traffic, by a first centralized instant messaging secure proxy using a corresponding private decryption key of the centralized instant messaging proxy;
  
  re-encrypting, by the first centralized instant messaging secure proxy, the instant message traffic using a public encryption key associated with a second centralized instant messaging secure proxy to produce PKI re-encrypted instant message traffic; and
  
  sending, by the second centralized instant messaging secure proxy, the PKI re-encrypted instant message traffic to the instant message recipient.

11. The method of claim 11 including the steps of:
- intercepting instant messages to or from an instant messaging client; and
  
  applying a public key based cryptographic operation on the intercepted instant messages using at least a public encryption key associated with a centralized instant messaging proxy to produce a PKI encrypted instant message.
- View Dependent Claims (12)
- - 12. The method of claim 11 including the steps of:
    - intercepting the PKI re-encrypted instant messages prior to receipt by an instant messaging client;
      
      applying a public key based decryption operation on the PKI re-encrypted instant messages to produce plain text instant messages; and
      
      passing the plain text instant messages to the instant messaging client for rendering.

13. An instant messaging device comprising:
- an instant messaging secure PKI proxy including;
  
  a secure instant messaging payload analyzer operative to at least determine a type of public key based cryptographic operation to perform on intercepted instant messages in response to evaluation of at least one of;
  
  a secure buddy list, instant messaging type data, instant messaging direction data and an instant messaging packet payload; and
  
  a public key based cryptographic engine, operatively coupled to the secure instant messaging payload analyzer, to perform a selected typed of public key based cryptographic operation on the intercepted instant messages.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The instant messaging device of claim 13 including a secure buddy list generator operative to generate a secure buddy list that identifies instant message buddyies that are designated as parties for which end to end PKI cryptographic operations are to be applied to associated instant messages.
  - 15. The instant messaging device of claim 14 wherein the public key based cryptographic engine digitally signs the secure buddy list.
  - 16. The instant messaging device of claim 14 wherein the public key based cryptographic engine digitally signs, using a private signing key of at least one of an instant messaging originator and a trusted authority, an instant messaging log containing data representing PKI secured instant message packets sent or received by the instant messaging originator.
  - 17. The instant messaging device of claim 14 wherein the secure instant messaging payload analyzer determines whether to decrypt or verify an intercepted instant message by analyzing instant message type data, instant message direction data and the instant message payload.
  - 18. The instant messaging device of claim 14 wherein the instant messaging secure PKI proxy generates a user interface to at least one of:
    - provide selection of desired buddies for designation on a secure buddy list and indicate to a user that a received or outgoing instant message has been undergone a public key cryptographic operation.

19. A storage medium containing executable instructions that when executed by one of more processing devices, causes the one or more processing devices to:
- intercept instant messages to or from an instant messaging client; and
  
  apply a public key based cryptographic operation on the intercepted instant messages using at least one of a private key associated with an instant message originator and a public key associated with an instant message recipient, to produce at least one end to end PKI secured instant message packet.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The storage medium of claim 19 including executable instructions that when executed by one of more processing devices, causes the one or more processing devices to digitally sign, using a private signing key of at least one of:
    - the instant messaging originator and a trusted authority, an instant messaging log containing data representing PKI secured instant message packets sent or received by the instant messaging originator.
  - 21. The storage medium of claim 19 including executable instructions that when executed by one of more processing devices, causes the one or more processing devices to:
    - determine a type of public key based cryptographic operation to perform on intercepted instant messages in response to evaluation of at least one of;
      
      a secure buddy list, instant message type data, instant message direction data and data within an instant message packet payload.
  - 22. The storage medium of claim 19 including executable instructions that when executed by one of more processing devices, causes the one or more processing devices to:
    - perform reverse public key cryptographic operations on intercepted traffic sent from a an instant messaging secure PKI proxy for an instant messaging client associated with an instant messaging recipient.
  - 23. The storage medium of claim 22 including executable instructions that when executed by one of more processing devices, causes the one or more processing devices to:
    - decrypt an intercepted PKI secured instant message packet using a private decryption key associated with the instant message recipient and verifying a digital signature associated with the intercepted PKI secured instant message packet using a public verification key associated with the instant message originator.
  - 24. The storage medium of claim 19 including executable instructions that when executed by one of more processing devices, causes the one or more processing devices to:
    - generate a secure buddy list that identifies instant message buddyies that are designated as parties for which end to end PKI cryptographic operations are to be applied to associated instant messages.
  - 25. The storage medium of claim 24 including executable instructions that when executed by one of more processing devices, causes the one or more processing devices to digitally sign the secure buddy list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cygnacom Solutions, Inc. (Entrust Corp.)
Original Assignee
Cygnacom Solutions, Inc. (Entrust Corp.)
Inventors
Schoen, Isadore, Boberski, Michael

Application Number

US10/133,202
Publication Number

US 20030204741A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/1408   by monitoring network traff...

Secure PKI proxy and method for instant messaging clients

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure PKI proxy and method for instant messaging clients

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links