System and method for warranting electronic mail using a hybrid public key encryption scheme
First Claim
1. A system for authenticating an email from a sender station to a recipient station via a mail server, comprising:
- a database separate from the sender station, for storage of sender-related data, the sender-related data comprising a public key and a private key for each sender, the private key being kept inaccessible to each sender;
a signing module separate from the sender station and connectable to the database, for producing a signature for an email in response to an email signing request, the signature being produced as a function of the private key found in the database in association with a sender;
a combining module connectable to the signing module, for sending a signed email to the recipient station via the mail server, the signed email resulting from a combining of the signature with the email;
a public key module connectable to the recipient station and the database, for returning the public key found in the database in association with a sender in response to a public key request;
a sender module integrated in the sender station and connectable to the signing module, for generating the email signing request prior to transmission of the email to the recipient station; and
a recipient module associated with the recipient station and connectable to the public key module, for generating the public key request triggered at reception of the signed email, and validating the signature of the signed email with the public key returned by the public key module.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for warranting electronic mail using a hybrid public key encryption scheme. In one embodiment, the sender contacts an authentication server which first identifies the sender as being allowed to send through the server, and secondly signs his email using a private key in order to send to the recipient. Upon receipt, the recipient can then verify that the sender is indeed authenticated by the authentication server by contacting the authentication server, requesting the sender'"'"'s public key and using this public key to validate the signature contained in the email. It is possible that the authentication server may itself send the email to the existing mail servers, or it may simply return the signature to the sender for sending to the recipient along with the original email using the sender'"'"'s existing outgoing email server.
97 Citations
26 Claims
-
1. A system for authenticating an email from a sender station to a recipient station via a mail server, comprising:
-
a database separate from the sender station, for storage of sender-related data, the sender-related data comprising a public key and a private key for each sender, the private key being kept inaccessible to each sender;
a signing module separate from the sender station and connectable to the database, for producing a signature for an email in response to an email signing request, the signature being produced as a function of the private key found in the database in association with a sender;
a combining module connectable to the signing module, for sending a signed email to the recipient station via the mail server, the signed email resulting from a combining of the signature with the email;
a public key module connectable to the recipient station and the database, for returning the public key found in the database in association with a sender in response to a public key request;
a sender module integrated in the sender station and connectable to the signing module, for generating the email signing request prior to transmission of the email to the recipient station; and
a recipient module associated with the recipient station and connectable to the public key module, for generating the public key request triggered at reception of the signed email, and validating the signature of the signed email with the public key returned by the public key module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for authenticating an email from a sender station to a recipient station via a mail server, comprising the steps of:
-
a) storing sender-related data separately from the sender station, the sender-related data comprising a public key and a private key for each sender, the private key being kept inaccessible to each sender;
b) generating an email signing request from the sender station and prior to transmission of an email to the recipient station;
c) producing a signature separately from the sender station, for the email in response to the email signing request, the signature being produced as a function of the private key found in the sender-related data in association with the sender;
d) sending a signed email to the recipient station via the mail server, the signed email resulting from a combining of the signature with the email;
e) generating a public key request triggered at reception of the signed email;
f) returning the public key found in the sender-related data in association with the sender, in response to the public key request; and
g) validating the signature of the signed email with the returned public key. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification