Secure instant messaging system

US 20040168055A1
Filed: 02/20/2003
Published: 08/26/2004
Est. Priority Date: 02/20/2003
Status: Active Grant

First Claim

Patent Images

1. A process for the secure transmission and reception of data files and text messages via an instant messaging system across a computer network, comprising the steps of:

providing an instant messaging server;

providing at least one certificate authority;

wherein said at least one certificate authority issues a certificate to a user that links a user'"'"'s screen name with a public key value;

providing a first instant messaging client;

wherein said first instant messaging client is associated with a first user;

wherein the first user has an associated screen name; and

wherein the first user obtains a certificate from said at least one certificate authority.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure instant messaging system integrates secure text instant messaging and secure file transfers into existing instant messaging systems. At least one certificate authority (CA) is provided that issues a security certificate to a user that binds the user'"'"'s instant messaging screen name to a public key which is used by other users to encrypt messages and files sent to the user and by the user to decrypt the received messages and files. A subscriber database is used by the CA to keep track of valid users and their associated information, such as: user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to the invention'"'"'s instant messaging server which publishes the user'"'"'s certificate to other users by creating a hash value of the user'"'"'s certificate and sending it to the other users which allows the recipients to decide if they need to update their caches with a new copy of the user'"'"'s certificate. Instant messages and files are encrypted by a sending user using an encryption algorithm and the recipient'"'"'s certificate. The sending user can sign instant messages using his private signing key. The security status of each received instant message is displayed to the user.

Citations

48 Claims

1. A process for the secure transmission and reception of data files and text messages via an instant messaging system across a computer network, comprising the steps of:
- providing an instant messaging server;
  
  providing at least one certificate authority;
  
  wherein said at least one certificate authority issues a certificate to a user that links a user'"'"'s screen name with a public key value;
  
  providing a first instant messaging client;
  
  wherein said first instant messaging client is associated with a first user;
  
  wherein the first user has an associated screen name; and
  
  wherein the first user obtains a certificate from said at least one certificate authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The process of claim 1, further comprising the step of:
    - providing a subscriber database; and
      
      wherein said subscriber database includes, but is not limited to;
      
      user screen names, user subscription expiration dates, and enrollment agent information for users.
  - 3. The process of claim 1, wherein said first instant messaging client sends the first user'"'"'s certificate to said instant messaging server for publishing, and wherein said instant messaging server makes the first user'"'"'s certificate available to any of:
    - the first user'"'"'s list of preferred users and users that have the first user on their list of preferred users.
  - 4. The process of claim 3, wherein said first instant messaging client sends the first user'"'"'s status information for his certificate along with his certificate to said instant messaging server, and wherein said instant messaging server makes the first user'"'"'s status information available to any of:
    - the first user'"'"'s list of preferred users and users that have the first user on their list of preferred users.
  - 5. The process of claim 3, further comprising the step of:
    - providing a second instant messaging client;
      
      wherein said second instant messaging client is associated with a second user; and
      
      wherein the second user has an associated screen name.
  - 6. The process of claim 5, further comprising the steps of:
    - providing publishing means on said instant messaging server for calculating a hash value for the first user'"'"'s certificate and sending said hash value to any of;
      
      the users in the first user'"'"'s list of preferred users and users that have the first user on their list of preferred users;
      
      wherein the second user is on the first user'"'"'s list of preferred users and/or has the first user on his list of preferred users;
      
      wherein said second instant messaging client receives said hash value;
      
      providing hash comparison means on said second instant messaging client for comparing said hash value with a hash value for the first user'"'"'s certificate stored in a cache; and
      
      wherein if said hash comparison means finds that said hash value does not match said cached hash value or said cached hash value does not exist, then said second instant messaging client requests the first user'"'"'s certificate from said instant messaging server.
  - 7. The process of claim 6, wherein said instant messenger server sends the first user'"'"'s certificate and said hash value in response to said second instant messaging client'"'"'s request, and wherein said second instant messaging client stores the first user'"'"'s certificate and said hash value in said cache.
  - 8. The process of claim 6, wherein said second instant messaging client uses the first user'"'"'s certificate to encrypt an instant text message to the first user;
    - wherein said second instant messaging client sends said encrypted instant text message to said instant messaging server, and wherein said instant messaging server forwards said encrypted instant text message to said first instant messaging client if the first user is logged on.
  - 9. The process of claim 8, wherein said first instant messaging client receives said encrypted instant text message from said instant messaging server and decrypts said encrypted instant text message using the first user'"'"'s certificate.
  - 10. The process of claim 9, wherein said first instant messaging client reuses an encryption key value obtained from decrypting said encrypted instant text message in subsequent messages during an instant message conversation with said second instant messaging client.
  - 11. The process of claim 1, wherein said first instant messaging client displays instant messages received and their security status.
  - 12. The process of claim 9, wherein said second instant messaging client attaches an encryption algorithm that was used to encrypt said encrypted instant text message to said encrypted instant text message, and wherein said first instant messaging client uses said encryption algorithm to decrypt said encrypted instant text message.
  - 13. The process of claim 9, wherein said second instant messaging client wraps said encrypted instant text message using a wrapping algorithm and wrapping key, wherein said second instant messaging client attaches said wrapping algorithm and said wrapping key to said encrypted instant text message, and wherein said first instant messaging client extracts said wrapping key from said encrypted instant text message and uses said wrapping algorithm and said wrapping key to unwrap said encrypted instant text message.
  - 14. The process of claim 6, wherein said second instant messaging client uses the first user'"'"'s certificate to encrypt a data file to the first user;
    - wherein said second instant messaging client sends said encrypted file to said instant messaging server, and wherein said instant messaging server forwards said encrypted file to said first instant messaging client if the first user is logged on.
  - 15. The process of claim 14, wherein said first instant messaging client receives said encrypted file from said instant messaging server and decrypts said encrypted file using the first user'"'"'s certificate.
  - 16. The process of claim 14, wherein if a file transfer to said first instant messaging client has been terminated before an encrypted file has been fully transferred, then said first instant messaging client requests any remaining portions of an encrypted file from said second instant messaging client, wherein said second instant messaging client sends remaining portions of said encrypted file to said instant messaging server, and wherein said instant messaging server forwards said encrypted file portions to said first instant messaging client.
  - 17. The process of claim 14, wherein said second instant messaging client attaches an encryption algorithm that was used to encrypt said encrypted file to said encrypted file, and wherein said first instant messaging client uses said encryption algorithm to decrypt said encrypted file.
  - 18. The process of claim 14, wherein said second instant messaging client wraps said encrypted file using a wrapping algorithm and wrapping key, wherein said second instant messaging client attaches said wrapping algorithm and said wrapping key to said encrypted file, and wherein said first instant messaging client extracts said wrapping key from said encrypted file and uses said wrapping algorithm and said wrapping key to unwrap said encrypted file.
  - 19. The process of claim 6, wherein said first instant messaging client uses the first user'"'"'s certificate to sign an instant text message to the second user;
    - wherein said first instant messaging client sends said signed instant text message to said instant messaging server, and wherein said instant messaging server forwards said signed instant text message to said second instant messaging client if the first user is logged on.
  - 20. The process of claim 19, wherein said second instant messaging client receives said signed instant text message from said instant messaging server and verifies said signed instant text message using the first user'"'"'s certificate.
  - 21. The process of claim 20, wherein said first instant messaging client reuses a signature value in subsequent messages during an instant message conversation with said second instant messaging client.
  - 22. The process of claim 5, further comprising the step of:
    - escrowing a set of encryption keys;
      
      wherein instant messaging clients belonging to a company encrypt instant messages to the escrowed keys to enable recovery; and
      
      wherein said escrowed encryption keys allows said company'"'"'s officials to recover the contents of messages when required.
  - 23. The process of claim 22, further comprising the step of:
    - providing an audit log proxy; and
      
      wherein said audit log proxy records messages sent in and out of said company.
  - 24. The process of claim 22, wherein said audit log proxy enforces an audit/escrow policy by blocking messages that are not encrypted using an escrowed key.

25. An apparatus for the secure transmission and reception of data files and text messages via an instant messaging system across a computer network, comprising:
- an instant messaging server;
  
  at least one certificate authority;
  
  wherein said at least one certificate authority issues a certificate to a user that links a user'"'"'s screen name with a public key value;
  
  a first instant messaging client;
  
  wherein said first instant messaging client is associated with a first user;
  
  wherein the first user has an associated screen name; and
  
  wherein the first user obtains a certificate from said at least one certificate authority.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 26. The apparatus of claim 25, further comprising:
    - a subscriber database; and
      
      wherein said subscriber database includes, but is not limited to;
      
      user screen names, user subscription expiration dates, and enrollment agent information for users.
  - 27. The apparatus of claim 25, wherein said first instant messaging client sends the first user'"'"'s certificate to said instant messaging server for publishing, and wherein said instant messaging server makes the first user'"'"'s certificate available to any of:
    - the first user'"'"'s list of preferred users and users that have the first user on their list of preferred users.
  - 28. The apparatus of claim 27, wherein said first instant messaging client sends the first user'"'"'s status information for his certificate along with his certificate to said instant messaging server, and wherein said instant messaging server makes the first user'"'"'s status information available to any of:
    - the first user'"'"'s list of preferred users and users that have the first user on their list of preferred users.
  - 29. The apparatus of claim 27, further comprising:
    - a second instant messaging client;
      
      wherein said second instant messaging client is associated with a second user; and
      
      wherein the second user has an associated screen name.
  - 30. The apparatus of claim 29, further comprising:
    - publishing means on said instant messaging server for calculating a hash value for the first user'"'"'s certificate and sending said hash value to any of;
      
      the users in the first user'"'"'s list of preferred users and users that have the first user on their list of preferred users;
      
      wherein the second user is on the first user'"'"'s list of preferred users and/or has the first user on his list of preferred users;
      
      wherein said second instant messaging client receives said hash value;
      
      hash comparison means on said second instant messaging client for comparing said hash value with a hash value for the first user'"'"'s certificate stored in a cache; and
      
      wherein if said hash comparison means finds that said hash value does not match said cached hash value or said cached hash value does not exist, then said second instant messaging client requests the first user'"'"'s certificate from said instant messaging server.
  - 31. The apparatus of claim 30, wherein said instant messenger server sends the first user'"'"'s certificate and said hash value in response to said second instant messaging client'"'"'s request, and wherein said second instant messaging client stores the first user'"'"'s certificate and said hash value in said cache.
  - 32. The apparatus of claim 30, wherein said second instant messaging client uses the first user'"'"'s certificate to encrypt an instant text message to the first user;
    - wherein said second instant messaging client sends said encrypted instant text message to said instant messaging server, and wherein said instant messaging server forwards said encrypted instant text message to said first instant messaging client if the first user is logged on.
  - 33. The apparatus of claim 32, wherein said first instant messaging client receives said encrypted instant text message from said instant messaging server and decrypts said encrypted instant text message using the first user'"'"'s certificate.
  - 34. The apparatus of claim 33, wherein said first instant messaging client reuses an encryption key value obtained from decrypting said encrypted instant text message in subsequent messages during an instant message conversation with said second instant messaging client.
  - 35. The apparatus of claim 25, wherein said first instant messaging client displays instant messages received and their security status.
  - 36. The apparatus of claim 33, wherein said second instant messaging client attaches an encryption algorithm that was used to encrypt said encrypted instant text message to said encrypted instant text message, and wherein said first instant messaging client uses said encryption algorithm to decrypt said encrypted instant text message.
  - 37. The apparatus of claim 33, wherein said second instant messaging client wraps said encrypted instant text message using a wrapping algorithm and wrapping key, wherein said second instant messaging client attaches said wrapping algorithm and said wrapping key to said encrypted instant text message, and wherein said first instant messaging client extracts said wrapping key from said encrypted instant text message and uses said wrapping algorithm and said wrapping key to unwrap said encrypted instant text message.
  - 38. The apparatus of claim 30, wherein said second instant messaging client uses the first user'"'"'s certificate to encrypt a data file to the first user;
    - wherein said second instant messaging client sends said encrypted file to said instant messaging server, and wherein said instant messaging server forwards said encrypted file to said first instant messaging client if the first user is logged on.
  - 39. The apparatus of claim 38, wherein said first instant messaging client receives said encrypted file from said instant messaging server and decrypts said encrypted file using the first user'"'"'s certificate.
  - 40. The apparatus of claim 38, wherein if a file transfer to said first instant messaging client has been terminated before an encrypted file has been fully transferred, then said first instant messaging client requests any remaining portions of an encrypted file from said second instant messaging client, wherein said second instant messaging client sends remaining portions of said encrypted file to said instant messaging server, and wherein said instant messaging server forwards said encrypted file portions to said first instant messaging client.
  - 41. The apparatus of claim 38, wherein said second instant messaging client attaches an encryption algorithm that was used to encrypt said encrypted file to said encrypted file, and wherein said first instant messaging client uses said encryption algorithm to decrypt said encrypted file.
  - 42. The apparatus of claim 38, wherein said second instant messaging client wraps said encrypted file using a wrapping algorithm and wrapping key, wherein said second instant messaging client attaches said wrapping algorithm and said wrapping key to said encrypted file, and wherein said first instant messaging client extracts said wrapping key from said encrypted file and uses said wrapping algorithm and said wrapping key to unwrap said encrypted file.
  - 43. The apparatus of claim 30, wherein said first instant messaging client uses the first user'"'"'s certificate to sign an instant text message to the second user;
    - wherein said first instant messaging client sends said signed instant text message to said instant messaging server, and wherein said instant messaging server forwards said signed instant text message to said second instant messaging client if the first user is logged on.
  - 44. The apparatus of claim 43, wherein said second instant messaging client receives said signed instant text message from said instant messaging server and verifies said signed instant text message using the first user'"'"'s certificate.
  - 45. The apparatus of claim 44, wherein said first instant messaging client reuses a signature value in subsequent messages during an instant message conversation with said second instant messaging client.
  - 46. The apparatus of claim 27, further comprising the step of:
    - escrowing a set of encryption keys;
      
      wherein instant messaging clients belonging to a company encrypt instant messages to the escrowed keys to enable recovery; and
      
      wherein said escrowed encryption keys allows said company'"'"'s officials to recover the contents of messages when required.
  - 47. The apparatus of claim 46, further comprising the step of:
    - providing an audit log proxy; and
      
      wherein said audit log proxy records messages sent in and out of said company.
  - 48. The apparatus of claim 46, wherein said audit log proxy enforces an audit/escrow policy by blocking messages that are not encrypted using an escrowed key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Hayes, Terry N., Lord, Robert B., Uberti, Justin

Granted Patent

US 7,131,003 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/33   using certificates

H04L 51/04   Real-time or near real-time...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 67/10   in which an application is ...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Secure instant messaging system

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Secure instant messaging system

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links