System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient
First Claim
1. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender is associated with a sender computer and each of the one or more recipients is associated with a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
- (a) Activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility being operable to perform one or more cryptographic operations consisting of encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
(b) Sender sending the encrypted message to the non-credentialed recipient;
(c) The Public Key Cryptography utility in response to (b);
(i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
(ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
(d) The non-credentialed recipient using the shared secret to either;
(i) Obtain the encrypted message in a decrypted form in a secure session with a trusted intermediary;
or (ii) Activate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient or on a server computer, so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for encrypting and decrypting messages using a browser in either a web or wireless device or secure message client software for transmission to or from a web server on the Internet connected to an email server or message server for the situation where the sender does not possess the credentials and public key of the recipients. The encryption and decryption is conducted using a standard web browser on a personal computer or a mini browser on a wireless device, or message client software on either a personal computer or wireless devices such that messages transmitted to the web or wireless browser or message client software can be completed and encrypted and signed by the user such that encrypted and signed data does not require credentials and public key of the recipients. A method for delivering and using private keys to ensure that such keys are destroyed after use is also provided. A method of transmitting encrypted messages to a web or wireless browser or message client and decrypting and verifying such messages by recipients who do not possess or who are not enrolled in a PKI and do not have private keys. A method for authenticating the sender/user of the browser, and a method for accessing or generating public and private keys for encrypting and decrypting messages for recipients who are not enrolled in a public key infrastructure.
-
Citations
20 Claims
-
1. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender is associated with a sender computer and each of the one or more recipients is associated with a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
-
(a) Activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility being operable to perform one or more cryptographic operations consisting of encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
(b) Sender sending the encrypted message to the non-credentialed recipient;
(c) The Public Key Cryptography utility in response to (b);
(i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
(ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
(d) The non-credentialed recipient using the shared secret to either;
(i) Obtain the encrypted message in a decrypted form in a secure session with a trusted intermediary;
or(ii) Activate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient or on a server computer, so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11, 12)
-
-
8. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender is associated with a sender computer and each of the one or more recipients is associated with a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
-
(a) Activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility being operable to perform one or more cryptographic operations consisting of encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
(b) Sender sending the encrypted message to the non-credentialed recipient;
(c) The Public Key Cryptography utility in response to (b);
(i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
(ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
(d) The non-credentialed recipient using the secret to activate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message. - View Dependent Claims (9)
-
-
13. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender is associated with a sender computer and each of the one or more recipients is associated with a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
-
(a) Activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility being operable to perform one or more cryptographic operations consisting of encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
(b) Sender sending the encrypted message to a server computer for delivery to the non-credentialed recipient;
(c) The Public Key Cryptography utility in response to (b);
(i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
(ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
(d) The non-credentialed recipient using the secret to obtain the encrypted message in a decrypted form in a secure session with the server computer. - View Dependent Claims (14)
-
-
15. A system for exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the system comprising:
-
(a) A first network-connected device associated with the sender, and a second network-connected device associated with the recipient, the first and second network-connected devices being operable to communicate with remote devices via a communication network; and
(b) The first network-connected device including a Public Key Cryptographic utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility being operable to perform one or more cryptographic operations consisting of encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility being operable to;
(i) Perform one or more of such cryptographic operations so as to create an encrypted message for communication to the recipient; and
(ii) Identify that the sender does not have access to the PKI credentials of the non-credential recipient, and thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
Wherein the Public Key Cryptographic utility cooperates with a server to invite the recipient to provide the shared secret so as to;
(i) obtain the encrypted message in a decrypted form in a secure session with the server;
or (ii) activate a Public Key Cryptography utility linked to the second network-connected device or to the server so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message. - View Dependent Claims (16, 17)
-
-
18. A computer program product operable on a network-connected device for exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the system comprising:
(a) A Public Key Cryptographic utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility being operable to perform one or more cryptographic operations consisting of encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility being operable on a computer of the sender to;
(i) Perform one or more of such cryptographic operations so as to create an encrypted message for communication to the recipient; and
(ii) Identify that the sender does not have access to the PKI credentials of the non-credentialed recipient, and thereby initiate the creation of a secret shared between the sender and the non-credentialed recipient; and
Wherein the Public Key Cryptographic utility cooperates with a server to invite the recipient to provide the shared secret so as to;
(i) obtain the encrypted message in a decrypted form in a secure session with the server;
or (ii) activate a Public Key Cryptography utility linked to the second network-connected device or to the server so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message.- View Dependent Claims (19, 20)
Specification