System and method for secure electronic communication services
First Claim
1. A system for public-key management for secure electronic communication services for a plurality of users, comprising,means for registering (1;
-
501) to a user a unique identifier (24,28) and attaching to the unique identifier a public-key (25,29) of a private-public key pair (20,29;
30,25) of the user,means for storing (6,6a;
401) unique identifiers and attached public-keys for lookup and retrieval of a public key based on a unique identifier,means for responding (6;
600;
401) to key requests for a public-key for a unique identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and software module for secure electronic communication services, wherein a public key (25) of private-public-key pair (30,25) is associated with an email address (24), internet name or other registered unique identifier; the registered user of the unique identifier holds the private-key (30) securely, and the respective public-key (25) is made accessible on a key server (6) for look-up and retrieval by other users, for encryption of communications to be sent to the holder of the private-key, and optionally for message confidentiality, message integrity and authentication of sender and recipient, without requiring certificates. A distributed and scalable system is provided by a server network (600; 401, 501) for registration, key distribution and management preferably using a kDNS server hierarchy (601,602,603) or a key-DNS server hierarchy (701,702,) and associated protocols so that public-keys of recipients can be searched and retrieved over the internet based on the recipients email address or other unique identifier, thus facilitating secure communication between users in different network domains and organizations.
-
Citations
87 Claims
-
1. A system for public-key management for secure electronic communication services for a plurality of users, comprising,
means for registering (1; -
501) to a user a unique identifier (24,28) and attaching to the unique identifier a public-key (25,29) of a private-public key pair (20,29;
30,25) of the user,means for storing (6,6a;
401) unique identifiers and attached public-keys for lookup and retrieval of a public key based on a unique identifier,means for responding (6;
600;
401) to key requests for a public-key for a unique identifier.
-
501) to a user a unique identifier (24,28) and attaching to the unique identifier a public-key (25,29) of a private-public key pair (20,29;
-
2. A method for public-key management for secure electronic communication services for a plurality of users, comprising:
-
registering (110) to a user a unique identifier and attaching a public-key of a private-public key pair of the user; storing (130,150,170,190) die unique identifier and the attached public-key for lookup and retrieval of a public-key based on a unique identifier; responding to key requests (320,340) for a public-key for a respective unique identifier. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
3. A method for providing secure electronic communication services between a plurality of users, comprising:
-
registering (110) to a user a unique identifier for electronic communications; associating (130,150,170) with the unique identifier a private-public key pair of the registered user; making the respective public-key accessible (320,340) to other users for encryption of communications to be sent to the registered user; and providing the registered user with secure access to the private-key (33) for decryption of encrypted communications received from other users. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for public-key management for secure communications services between a plurality of users, comprising:
-
a key server (6) storing, for each of a plurality of registered users, a unique identifier (24,28) and a respective public key (25,29) of a public-private key pair (30,25;
20,29) of a registered user associated with the unique identifier,the key server (6) operable to respond to key requests for storing for a registered user a unique identifier and a respective public key associated with the unique identifier, and the key server operable to respond to key requests for look-up and retrieval of a public key associated with a unique identifier. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A system for providing secure electronic communication services for a plurality of users, comprising:
-
a registration server (1;
501) for performing steps of;receiving a registration request for registration to a user of a unique identifier, registering the unique identifier, and triggering generation of a public-private-key pair associated with the unique identifier, and providing the registered user with secure access to the private-key, sending a key request to a key server for storage of the registered unique identifier and the associated public-key, and a key server means (6;
401) for performing the steps of;storing, for each of a plurality of registered users, a unique identifier and a respective public key of a public-private key pair of a registered user associated with the unique identifier, responding to key requests for storing for a registered user a unique identifier and a respective public key associated with the unique identifier, and responding to key requests for look-up and retrieval of a public key associated with a unique identifier. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
67. A method for secure email communication between a plurality of users, comprising:
-
receiving a registration request for registration to a user of a unique email address; registering the unique email address, and triggering generation of a public-private-key pair associated with the unique email address; providing the registered user with secure access to the private-key for use by an email client for encrypting and decrypting communications; making available on a key server the registered unique email address and the associated public-key for look-up and retrieval by other users for encryption of mail to be sent the registered user. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
-
-
68. A system for secure email communication, comprising a registration server and a key server,
the registration server performing steps of: -
receiving from a user a registration request for a unique email address, registering the unique identifier, and triggering generation of a public-private-key pair associated with the unique email address, sending a key request to a key server for storing the registered unique email address and the associated public-key for look-up and retrieval by other users for encryption of mail to be sent the registered user, and the key server for storing for each registered user a registered unique email address and an associated public-key for lookup and retrieval by other users, and responding to key requests for lookup and retrieval of a public-key associated with a unique identifier. - View Dependent Claims (69, 70, 71, 72, 73, 74, 75)
-
-
87. A program module created by a registration server for an email client for a registered user for secure email communication, providing functionality based on a public-key/private-key pair registered to the user, the program module providing instructions for
automatic look-up and retrieval of recipient'"'"'s public-keys from a server based on the recipients email address, and encryption of emails to recipients having an email address associated with a public-key; -
automatic decryption of incoming mail; and one or more of; signing of email content, sender and recipient email identities using sender'"'"'s private-key to provide message confidentiality and integrity, providing a digital signature, authentication of the sender'"'"'s email identity using sender'"'"'s public-key automatically retrieved from key server, and verification of message integrity, and providing user feedback on the security status of an email for one or more recipients before sending of the email.
-
Specification