System and method for warranting electronic mail using a hybrid public key encryption scheme

US 20060123476A1
Filed: 02/11/2005
Published: 06/08/2006
Est. Priority Date: 02/12/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system for authenticating an email from a sender station to a recipient station via a mail server, comprising:

a database separate from the sender station, for storage of sender-related data, the sender-related data comprising a public key and a private key for each sender, the private key being kept inaccessible to each sender;

a signing module separate from the sender station and connectable to the database, for producing a signature for an email in response to an email signing request, the signature being produced as a function of the private key found in the database in association with a sender;

a combining module connectable to the signing module, for sending a signed email to the recipient station via the mail server, the signed email resulting from a combining of the signature with the email;

a public key module connectable to the recipient station and the database, for returning the public key found in the database in association with a sender in response to a public key request;

a sender module integrated in the sender station and connectable to the signing module, for generating the email signing request prior to transmission of the email to the recipient station; and

a recipient module associated with the recipient station and connectable to the public key module, for generating the public key request triggered at reception of the signed email, and validating the signature of the signed email with the public key returned by the public key module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system for warranting electronic mail using a hybrid public key encryption scheme. In one embodiment, the sender contacts an authentication server which first identifies the sender as being allowed to send through the server, and secondly signs his email using a private key in order to send to the recipient. Upon receipt, the recipient can then verify that the sender is indeed authenticated by the authentication server by contacting the authentication server, requesting the sender'"'"'s public key and using this public key to validate the signature contained in the email. It is possible that the authentication server may itself send the email to the existing mail servers, or it may simply return the signature to the sender for sending to the recipient along with the original email using the sender'"'"'s existing outgoing email server.

97 Citations

View as Search Results

26 Claims

1. A system for authenticating an email from a sender station to a recipient station via a mail server, comprising:
- a database separate from the sender station, for storage of sender-related data, the sender-related data comprising a public key and a private key for each sender, the private key being kept inaccessible to each sender;
  
  a signing module separate from the sender station and connectable to the database, for producing a signature for an email in response to an email signing request, the signature being produced as a function of the private key found in the database in association with a sender;
  
  a combining module connectable to the signing module, for sending a signed email to the recipient station via the mail server, the signed email resulting from a combining of the signature with the email;
  
  a public key module connectable to the recipient station and the database, for returning the public key found in the database in association with a sender in response to a public key request;
  
  a sender module integrated in the sender station and connectable to the signing module, for generating the email signing request prior to transmission of the email to the recipient station; and
  
  a recipient module associated with the recipient station and connectable to the public key module, for generating the public key request triggered at reception of the signed email, and validating the signature of the signed email with the public key returned by the public key module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system according to claim 1, further comprising an authentication server separate from the mail server, and wherein the signing module and the combining module are integrated in the authentication server.
  - 3. The system according to claim 1, further comprising an authentication server separate from the mail server, and wherein the combining module is integrated in the sender station and the signing module is integrated in the authentication server.
  - 4. The system according to claim 1, further comprising:
    - an additional mail server, one of the mail servers being associated with the sender station and forming a sender mail server, the other one of the mail servers being associated with the recipient station and forming a recipient mail server; and
      
      an authentication server separate from the sender mail server and the recipient mail server, the signing module being integrated in the authentication server.
  - 5. The system according to claim 4, wherein the combining module is integrated in the sender station, the combining module having a function for sending the signed email to the recipient station via the sender mail server.
  - 6. The system according to claim 4, wherein the combining module is integrated in the authentication server, the combining module having a function for sending the signed email to the sender mail server.
  - 7. The system according to claim 4, wherein the combining module is integrated in the authentication server, the combining module having a function for sending the signed email to the recipient mail server.
  - 8. The system according to claim 4, wherein the public key module is integrated in the authentication server.
  - 9. The system according to claim 1, further comprising an authentication server separate from the mail server, the signing module being integrated in the authentication server, the email signing request comprising sender-related login data for login of the sender into the authentication server, the authentication server comprising a login module associated to the database, for validating the sender-related login data found in the database and granting the sender access to the signing module.
  - 10. The system according to claim 1, wherein the email signing request comprises a text body of the email and a hash checksum of an attachment to the email, the signing module having a function for producing a signature for the text body of the email and a signature for the hash checksum of the attachment.
  - 11. The system according to claim 4, wherein the recipient module is integrated in the recipient station.
  - 12. The system according to claim 4, wherein the recipient module is integrated in the recipient mail server.
  - 13. The system according to claim 1, further comprising a public key database integrated to the recipient module, for storing the public key returned by the public key module.
  - 14. The system according to claim 1, further comprising a registration module connectable to the database, for registering an additional sender in the database, based on information provided by the sender following a sender registration process under control of the registration module.
  - 15. The system according to claim 14, further comprising a key generator module connectable to the registration module, for generating a public key and a private key in association with the additional sender, the public key and the private key in association with the additional sender being stored in the database.

16. A method for authenticating an email from a sender station to a recipient station via a mail server, comprising the steps of:
- a) storing sender-related data separately from the sender station, the sender-related data comprising a public key and a private key for each sender, the private key being kept inaccessible to each sender;
  
  b) generating an email signing request from the sender station and prior to transmission of an email to the recipient station;
  
  c) producing a signature separately from the sender station, for the email in response to the email signing request, the signature being produced as a function of the private key found in the sender-related data in association with the sender;
  
  d) sending a signed email to the recipient station via the mail server, the signed email resulting from a combining of the signature with the email;
  
  e) generating a public key request triggered at reception of the signed email;
  
  f) returning the public key found in the sender-related data in association with the sender, in response to the public key request; and
  
  g) validating the signature of the signed email with the returned public key.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The method according to claim 16, wherein step d) is performed at the sender station.
  - 18. The method according to claim 16, wherein step c) and step d) are performed at an authentication server separate from the mail server.
  - 19. The method according to claim 16, further comprising an additional mail server, one of the mail servers being associated with the sender station and forming a sender mail server, the other one of the mail servers being associated with the recipient station and forming a recipient mail server, and wherein step c) is performed at an authentication server separate from the sender mail server and the recipient mail server.
  - 20. The method according to claim 19, wherein step d) is performed at the sender station, the mail server of step d) being the sender mail server.
  - 21. The method according to claim 19, wherein step d) is performed at the authentication server, the mail server of step d) being the sender mail server.
  - 22. The method according to claim 19, wherein step d) is performed at the authentication server, the mail server of step d) being the recipient mail server.
  - 23. The method according to claim 19, comprising an additional step, before step c), of login of the sender into the authentication server.
  - 24. The method according to claim 19, wherein step c) comprises signing a text body of the email and signing a hash checksum of an attachment to the email.
  - 25. The method according to claim 19, wherein step e) is performed at the recipient station.
  - 26. The method according to claim 19, wherein step e) is performed at the recipient mail server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kryptiva Incorporated
Original Assignee
Kryptiva Incorporated
Inventors
Yaghmour, Karim

Application Number

US10/547,418
Publication Number

US 20060123476A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/0442   wherein the sending and rec...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

System and method for warranting electronic mail using a hybrid public key encryption scheme

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for warranting electronic mail using a hybrid public key encryption scheme

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links