ELECTRONIC DATA COMMUNICATION SYSTEM
First Claim
1. A system for communicating electronic messages to a recipient, the system comprising a communications network having network devices connected thereto, the network devices including a mail server and an encryption key server, wherein the mail server is operable to store electronic messages for access by the recipient using any of a plurality of said network devices,wherein at least one network device is operable to generate an encrypted electronic message for communication to the recipient, the encrypted electronic message comprising:
- encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key; and
encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient,wherein in response to a request to access an encrypted message stored by the mail server, the mail server is operable to extract said encrypted session key data from said encrypted electronic message for forwarding to the encryption key server, and in response to receipt of said encrypted session key data, the encryption key server is operable to recover the session key, by decrypting the encrypted session key data using a private key associated with the recipient, for forwarding to a network device remote from the encryption key server, whereby the remote network device is operable to recover said message from the encrypted message data using the session key recovered by the encryption key server.
3 Assignments
0 Petitions
Accused Products
Abstract
There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message. In this way, although the trusted third party has access to the private key of the user, the trusted third party does not have access to any decrypted message. In another aspect, in order to digitally sign a message, the sender applies a hash function to the message to generate a hash value, and then sends the hash value to the trusted third party server where it is encrypted using the private key associated with the sender in order to generate the digital signature, which is then returned to the sender.
-
Citations
30 Claims
-
1. A system for communicating electronic messages to a recipient, the system comprising a communications network having network devices connected thereto, the network devices including a mail server and an encryption key server, wherein the mail server is operable to store electronic messages for access by the recipient using any of a plurality of said network devices,
wherein at least one network device is operable to generate an encrypted electronic message for communication to the recipient, the encrypted electronic message comprising: -
encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key; and encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient, wherein in response to a request to access an encrypted message stored by the mail server, the mail server is operable to extract said encrypted session key data from said encrypted electronic message for forwarding to the encryption key server, and in response to receipt of said encrypted session key data, the encryption key server is operable to recover the session key, by decrypting the encrypted session key data using a private key associated with the recipient, for forwarding to a network device remote from the encryption key server, whereby the remote network device is operable to recover said message from the encrypted message data using the session key recovered by the encryption key server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for communicating electronic messages to a recipient, the system comprising a communications network having network devices connected thereto, the network devices including an encryption key server,
wherein in response to a request from a remote network device, the encryption key server is operable to encrypt data provided by the remote network device using a cryptographic key associated with the user of said remote network device and return the resultant encrypted data to the remote network device, and wherein at least one network device is operable to i) apply a one-way encryption algorithm to a message for communication to the recipient in order to generate a hash value, ii) transmit the hash value to the encryption key server for encryption using the cryptographic key associated with the sender in order to generate a digital signature, and iii) in response to receiving the digital signature from the encryption key server, to append the digital signature to the original message to form a signed message.
-
13. A network server comprising:
-
a data store operable to store encrypted electronic messages for a recipient comprising i) encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key and ii) encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient; a network interface operable to receive data from and transmit data to remote network devices; and a processor operable, following receipt of a request to access an encrypted messages to extract said encrypted session key data from the requested electronic message and forward the extracted encrypted session key data to a remote network device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 29, 30)
-
-
20. A network server comprising:
-
means for recovering a private key associated with one of a plurality of clients; means for decrypting received encrypted session key data using the recovered private key to recover a session key; and means for forwarding the recovered session key to a remote network device. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A network server comprising:
-
means for recovering a private key associated with one of a plurality of clients; means for encrypting a received hash value using the recovered private key to generate a digital signature; and means for forwarding the generated digital signature to a remote network device. - View Dependent Claims (26, 27, 28)
-
Specification