ELECTRONIC DATA COMMUNICATION SYSTEM

US 20090307490A1
Filed: 01/30/2007
Published: 12/10/2009
Est. Priority Date: 02/02/2006
Status: Active Grant

First Claim

Patent Images

1. A system for communicating electronic messages to a recipient, the system comprising a communications network having network devices connected thereto, the network devices including a mail server and an encryption key server, wherein the mail server is operable to store electronic messages for access by the recipient using any of a plurality of said network devices,wherein at least one network device is operable to generate an encrypted electronic message for communication to the recipient, the encrypted electronic message comprising:

encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key; and

encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient,wherein in response to a request to access an encrypted message stored by the mail server, the mail server is operable to extract said encrypted session key data from said encrypted electronic message for forwarding to the encryption key server, and in response to receipt of said encrypted session key data, the encryption key server is operable to recover the session key, by decrypting the encrypted session key data using a private key associated with the recipient, for forwarding to a network device remote from the encryption key server, whereby the remote network device is operable to recover said message from the encrypted message data using the session key recovered by the encryption key server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message. In this way, although the trusted third party has access to the private key of the user, the trusted third party does not have access to any decrypted message. In another aspect, in order to digitally sign a message, the sender applies a hash function to the message to generate a hash value, and then sends the hash value to the trusted third party server where it is encrypted using the private key associated with the sender in order to generate the digital signature, which is then returned to the sender.

Citations

30 Claims

1. A system for communicating electronic messages to a recipient, the system comprising a communications network having network devices connected thereto, the network devices including a mail server and an encryption key server, wherein the mail server is operable to store electronic messages for access by the recipient using any of a plurality of said network devices,wherein at least one network device is operable to generate an encrypted electronic message for communication to the recipient, the encrypted electronic message comprising:
- encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key; and
  
  encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient,wherein in response to a request to access an encrypted message stored by the mail server, the mail server is operable to extract said encrypted session key data from said encrypted electronic message for forwarding to the encryption key server, and in response to receipt of said encrypted session key data, the encryption key server is operable to recover the session key, by decrypting the encrypted session key data using a private key associated with the recipient, for forwarding to a network device remote from the encryption key server, whereby the remote network device is operable to recover said message from the encrypted message data using the session key recovered by the encryption key server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1, wherein the mail server is operable to generate link data comprising the network address of the encryption key server and the encrypted session key data.
  - 3. The system according to claim 2, wherein the link data further comprises a redirect network address, and wherein the encryption key server is operable to forward the recovered session key to the redirect network address.
  - 4. The system according to claim 3, wherein the link data further comprises identification data for the recipient.
  - 5. The system according to claim 2, wherein the link data further comprises time data identifying a time period during which said encrypted electronic message was sent.
  - 6. The system according to claim 2, wherein the link data comprises a uniform resource locator.
  - 7. The system according to claim 6, wherein the mail server is operable to incorporate the generated uniform resource locator in web page data.
  - 8. The system according to claim 1, wherein said remote device to which the recovered session key is forwarded is said mail server, and the mail server is operable to decrypt the encrypted message data using the recovered session key.
  - 9. The system according to claim 1, wherein the public key associated with the recipient is derived using identification information for the recipient.
  - 10. The system according to claim 9, wherein the identification information is the electronic mail address for the recipient.
  - 11. The system according to claim 1, wherein at least one network device is operable to generate an encrypted electronic message data for a plurality of recipients, said encrypted electronic message having a first part comprising the encrypted message data and a second part comprising plural sequences of encrypted session key data, each of the sequences corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with a respective different one of the recipients.

12. A system for communicating electronic messages to a recipient, the system comprising a communications network having network devices connected thereto, the network devices including an encryption key server,wherein in response to a request from a remote network device, the encryption key server is operable to encrypt data provided by the remote network device using a cryptographic key associated with the user of said remote network device and return the resultant encrypted data to the remote network device, andwherein at least one network device is operable to i) apply a one-way encryption algorithm to a message for communication to the recipient in order to generate a hash value, ii) transmit the hash value to the encryption key server for encryption using the cryptographic key associated with the sender in order to generate a digital signature, and iii) in response to receiving the digital signature from the encryption key server, to append the digital signature to the original message to form a signed message.

13. A network server comprising:
- a data store operable to store encrypted electronic messages for a recipient comprising i) encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key and ii) encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient;
  
  a network interface operable to receive data from and transmit data to remote network devices; and
  
  a processor operable, following receipt of a request to access an encrypted messages to extract said encrypted session key data from the requested electronic message and forward the extracted encrypted session key data to a remote network device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 29, 30)
- - 14. The network server according to claim 13, wherein the processor is operable to generate link data comprising the encrypted session key data and a network address for an encryption key server.
  - 15. The network server according to claim 14, wherein the processor is operable to generate link data further comprising a redirect network address.
  - 16. The network server according to claim 14, wherein the processor is operable to generate link data further comprising identification data for the recipient.
  - 17. The network server according to claim 14, wherein the processor is operable to generate link data further comprising time data identifying a time period during which the encrypted electronic message was sent.
  - 18. The network server according to claim 14, wherein the link data comprises a uniform resource locater.
  - 19. The network server according to claim 18, wherein the processor is operable to incorporate the generated uniform resource locater in web page data.
  - 29. A storage device storing instructions including instructions for programming a programmable processing apparatus to operate as a network server as claimed in claim 13.
  - 30. A signal conveying instructions including instructions for programming a programmable processing apparatus to operate as a network server as claimed in claim 13.

20. A network server comprising:
- means for recovering a private key associated with one of a plurality of clients;
  
  means for decrypting received encrypted session key data using the recovered private key to recover a session key; and
  
  means for forwarding the recovered session key to a remote network device.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The network server according to claim 20, wherein said recovering means comprises a database storing the private keys for said plurality of clients.
  - 22. The network server according to claim 20, wherein said recovering means is operable to generate the private key using a root private key and identification information for the client.
  - 23. The network server according to claim 22, wherein the identification information is the electronic mail address for the client.
  - 24. The network server according to claim 20, wherein the encrypted session key is received with a network address, and said forwarding means is operable to forward the recovered session key to the network address.

25. A network server comprising:
- means for recovering a private key associated with one of a plurality of clients;
  
  means for encrypting a received hash value using the recovered private key to generate a digital signature; and
  
  means for forwarding the generated digital signature to a remote network device.
- View Dependent Claims (26, 27, 28)
- - 26. The network server according to claim 25, wherein said recovering means comprises a database storing the private keys for said plurality of clients.
  - 27. The network server according to claim 25, wherein said recovering means is operable to generate the private key using a root private key and identification information for the client.
  - 28. The network server according to claim 27, wherein the identification information is the electronic mail address for the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Identum Ltd. (Trend Micro Inc.)
Inventors
Dancer, Andrew

Granted Patent

US 8,321,669 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 51/00   User-to-user messaging in p...

H04L 63/045   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/126   the source of the received ...

H04L 9/0825   using asymmetric-key encryp...

ELECTRONIC DATA COMMUNICATION SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

ELECTRONIC DATA COMMUNICATION SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links