System and method for transmitting reduced information from a certificate to perform encryption operations
First Claim
1. In a network environment that includes a source client and a plurality of destination clients, the source client being capable of sending electronic messages to the plurality of destination clients, the network environment including one or more certificate servers that are capable of validating and providing certificates for at least some of the one or more destination clients to the source client, each certificate including encryption information needed to encrypt to the corresponding destination client, and including self-verification information to allow for a determination that the certificate does indeed correspond to the corresponding destination client and has not been revoked, a method for the source client encrypting a message to be sent to at least one of the destination clients, the method comprising the following:
- an act of the source client accessing an electronic message to be transmitted to a destination client of the plurality of destination clients;
an act of determining that the electronic message is to be encrypted before transmission to the destination client;
an act of generating a request to access only a portion of a certificate corresponding to the destination client, the portion including encryption information needed to encrypt the electronic message so as to be decryptable by the destination client;
an act of transmitting the request to the certificate server;
an act of receiving only the requested portion of the certificate from the certificate server; and
an act of using the encryption information to encrypt the electronic message.
3 Assignments
0 Petitions
Accused Products
Abstract
A certificate-based encryption mechanism in which a source client does not access the entire certificate corresponding to a destination client when encrypting an electronic message to be sent to the destination client. Instead, the source client only requests a portion of the certificate from a certificate server. That portion includes encryption information, but may lack some or even all of the self-verification information in the certificate. The certificate server preferably performs any validation of the certificate prior to sending the encryption information to the source client. The certificate need not be separately validated by the source client, especially if the certificate server is trusted by the source client.
54 Citations
36 Claims
-
1. In a network environment that includes a source client and a plurality of destination clients, the source client being capable of sending electronic messages to the plurality of destination clients, the network environment including one or more certificate servers that are capable of validating and providing certificates for at least some of the one or more destination clients to the source client, each certificate including encryption information needed to encrypt to the corresponding destination client, and including self-verification information to allow for a determination that the certificate does indeed correspond to the corresponding destination client and has not been revoked, a method for the source client encrypting a message to be sent to at least one of the destination clients, the method comprising the following:
-
an act of the source client accessing an electronic message to be transmitted to a destination client of the plurality of destination clients;
an act of determining that the electronic message is to be encrypted before transmission to the destination client;
an act of generating a request to access only a portion of a certificate corresponding to the destination client, the portion including encryption information needed to encrypt the electronic message so as to be decryptable by the destination client;
an act of transmitting the request to the certificate server;
an act of receiving only the requested portion of the certificate from the certificate server; and
an act of using the encryption information to encrypt the electronic message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for use in a network environment that includes a source client and a plurality of destination clients, the source client being capable of sending electronic messages to the plurality of destination clients, the network environment including a certificate server that is capable of providing certificates for at least some of the one or more destination clients to the source client, each certificate including encryption information needed to encrypt to the corresponding destination client, and including self-verification information to allow for a determination that the certificate does indeed correspond to the corresponding destination client and has not been revoked, the computer program product comprising one or more computer-readable media having thereon computer-executable instructions that, when executed by one or more processors at the source client, cause the source client to do the following:
-
an act of the source client accessing an electronic message to be transmitted a destination client of the plurality of destination clients;
an act of determining that the electronic message is to be encrypted before transmission to the destination client;
an act of generating a request to access only a portion of a certificate corresponding to the destination client, the portion including encryption information needed to encrypt the electronic message so as to be decryptable by the destination client;
an act of transmitting the request to the certificate server;
an act of receiving only the requested portion of the certificate from the certificate server; and
an act of using the encryption information to encrypt the electronic message. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. In a network environment that includes a source client and a plurality of destination clients, the source client being capable of sending electronic messages to the plurality of destination clients, the network environment including a certificate server that is capable of providing certificates for at least some of the one or more destination clients to the source client, each certificate including encryption information needed to encrypt to the corresponding destination client, and including self-verification information to allow for a determination that the certificate does indeed correspond to the corresponding destination client and has not been revoked, a method for the source client encrypting a message to be sent to at least one of the destination clients, the method comprising the following:
-
an act of the source client accessing an electronic message to be transmitted a destination client of the plurality of destination clients;
an act of determining that the electronic message is to be encrypted before transmission to the destination client;
a step for performing certificate-based encryption encrypting to the destination client without having local access to the entire certificate corresponding to the destination client. - View Dependent Claims (26)
-
-
27. In a network environment that includes a source client and a plurality of destination clients, the source client being capable of sending electronic messages to the plurality of destination clients, the network environment including a certificate server that is capable of providing certificates for at least some of the one or more destination clients to the source client, each certificate including encryption information needed to encrypt to the corresponding destination client, and including self-verification information to allow for a determination that the certificate does indeed correspond to the corresponding destination client and has not been revoked, a method for the certificate server helping the source client to encrypt a message to be sent to at least one of the destination clients, the method comprising the following:
-
an act of receiving a request from the source client;
an act of determining that the request is to access only a portion of a certificate corresponding to the destination client, the portion including encryption information needed to encrypt the electronic message so as to be decryptable by the destination client; and
an act of responding to the request from the source client by returning the requested portion of the certificate to the source client. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A computer program product for use in a network environment that includes a source client and a plurality of destination clients, the source client being capable of sending electronic messages to the plurality of destination clients, the network environment including a certificate server that is capable of providing certificates for at least some of the one or more destination clients to the source client, each certificate including encryption information needed to encrypt to the corresponding destination client, and including self-verification information to allow for a determination that the certificate does indeed correspond to the corresponding destination client and has not been revoked, the computer program product for implementing a method for the certificate server helping the source client to encrypt a message to be sent to at least one of the destination clients, the computer program product comprising one or more computer-readable media having thereon computer-executable that, when executed by one or more processors at the certificate server, cause the certificate server to perform the following:
-
an act of receiving a request from the source client;
an act of determining that the request is to access only a portion of a certificate corresponding to the destination client, the portion including encryption information needed to encrypt the electronic message so as to be decryptable by the destination client; and
an act of responding to the request from the source client by returning the requested portion of the certificate to the source client. - View Dependent Claims (33, 34, 35, 36)
-
Specification