Non-centralized secure communication services

US 20040003247A1
Filed: 03/10/2003
Published: 01/01/2004
Est. Priority Date: 03/11/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

requesting a secure communication flow between devices;

authenticating an identity of each of the devices using peer-to-peer authentication; and

establishing a secure communication flow between the devices upon authenticating the identity of each of the devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, peer-to-peer techniques are described for providing secure communications using digital certificates assigned to secure communication servers (SCSs). The secure communication techniques allows enterprise users to communicate data securely between on another without requiring a centralized system. The SCS provides the secure communication services, such as certification authentication, usually provided by the centralized system. The non-centralized secure communication services provide high fault-tolerance, so that the failure of any system, communication link or other infrastructure will only affect the communication sessions directly associated with the infrastructure experiencing failure.

Citations

28 Claims

1. A method comprising:
- requesting a secure communication flow between devices;
  
  authenticating an identity of each of the devices using peer-to-peer authentication; and
  
  establishing a secure communication flow between the devices upon authenticating the identity of each of the devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein authenticating the identity of each of the devices using peer-to-peer authentication includes:
    - exchanging digital certificates issued to the devices;
      
      exchanging data encrypted with a private encryption key; and
      
      authenticating of the device when the encrypted data is successfully decrypted with a public key from the digital certificates.
  - 3. The method of claim 1, further comprising issuing a public/private encryption key pair to each of the devices.
  - 4. The method of claim 3, wherein a central authority authorizes the use of the public/private encryption key pair for each of the devices for use in the peer-to-peer authentication.
  - 5. The method of claim 1, further comprising transferring files between devices using the established secure communication flow.
  - 6. The method of claim 1, further comprising:
    - managing a cryptographically protected file system with one of the devices; and
      
      providing access to cryptographically protected file system upon authenticating the identity of another requesting device; and
      
      sending the file to the requesting device via the established secure communication flow.
  - 7. The method of claim 1, wherein the secure communication flow is between a server and a client device.
  - 8. The method of claim 1, wherein the secure communication flow is between a server and a server.

9. A system comprising:
- a first device; and
  
  a second device, wherein the first and second devices authenticate identities of one another using peer-to-peer authentication, and establish a secure communication flow between the devices upon authenticating the identity of each of the devices.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein first and second device exchange digital certificates issued to the devices, exchange an encrypted piece of data as a token to prove the identity of the device, and validate the authentication of the device when the encrypted data is successfully decrypted with a public key from the digital certificate.
  - 11. The system of claim 9, further comprising a centralized authority to issue digital certificates to devices for use in the peer-to-peer authentication.
  - 12. The system of claim 9, wherein the first device is a secure communication server and the second device is a secure communication server.
  - 13. The system of claim 9, wherein the first and second devices are secure communication servers.

14. A secure communication device comprising:
- an authentication manager to authenticate an identity of another device using peer-to-peer authentication; and
  
  a security manager to establish a secure communication flow to communicate with the device upon authentication.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The device of claim 14, wherein the authentication manager receives a digital certificate and an encrypted piece of data as a token to prove the identity of the device, and validates the authentication of the device when the encrypted data is successfully decrypted with a public key from the digital certificate.
  - 16. The device of claim 14, wherein the security manager encrypts data using a public key of a public/private encryption key pair associated with the device and sends the encrypted data to the device via the secure communication flow.
  - 17. The device of claim 14, further comprising a logging and reporting manager that tracks data flows across the secure tunnel.
  - 18. The device of claim 14, further comprising a bridge service manager to confirm the validity of digital certificates issued by enterprises using different authentication environments.
  - 19. The device of claim 18, wherein the bridge service manager verifies the identity of individuals accessing a secure message center.
  - 20. The device of claim 19, wherein the secure message center securely exchanges electronic mail (e-mail) between a first set of users and a second set of users.
  - 21. The device of claim 20, wherein the secure message center exchanges e-mail with the first set of users via an e-mail protocol, and wherein the secure message center presents a web-based interface for exchanging e-mails with the second set of users, and wherein the SMC provides secure communications with the first and second set of users using a digital certificate assigned to the secure message center.
  - 22. The device of claim 14, further comprising an XML/SOAP interface to enable secure remote access to objects on the secure communication device.
  - 23. The device of claim 14, wherein the security manager provides secure file transfers with the device.
  - 24. The device of claim 14, wherein the security manager provides access to a cryptographically protected file system upon authenticating the identity of the device.
  - 25. The device of claim 14, wherein the security manager provides secure transfer of data in real-time with the device.

26. A system comprising:
- a server hosting a web-accessible, cryptographically protected file system; and
  
  a client device to remotely access the file system, wherein the server requires a digital certificate and a private key to grant the client access to the file system.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, wherein to control access the folder, the server and client device establish a secure communication tunnel based on a public key associated with the private key.
  - 28. The system of claim 26, wherein the server controls access to the folder based on additional specified criteria including one of a time-of-day, an IP source address, a domain source address, a company name, an organizational unit, and a cipher size.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ABILITY Network, Inc.
Original Assignee
ABILITY Network, Inc.
Inventors
Fraser, John D., Palmer, Peter L., Hallgren, Jeffry H.

Application Number

US10/386,380
Publication Number

US 20040003247A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/166   at the transport layer

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1068   Discovery involving direct ...

H04L 67/1078   Resource delivery mechanisms

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Non-centralized secure communication services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Non-centralized secure communication services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links