ELECTRONIC DATA COMMUNICATION SYSTEM

US 20100228973A1
Filed: 03/22/2007
Published: 09/09/2010
Est. Priority Date: 03/28/2006
Status: Active Grant

First Claim

Patent Images

1. A network apparatus operable to communicate with one or more remote network devices which are associated with a group of users, the network apparatus comprising:

a request transmitter operable to transmit over the network to a remote server a request for cryptographic keys for the group of users; and

a key receiver operable to receive cryptographic keys for the group of users and to store the received cryptographic keys in a cryptographic keys data store.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is described a key server which is connected to a local area network, and an encryption authority transfers private keys for clients of the local area network to the key server. In an embodiment, the key server encrypts outgoing emails using public keys for the recipients and decrypts internal emails using private keys for the recipients. In another embodiment, the clients of the local area network download their respective private keys from the key server so that encryption operations may be performed by client software.

Citations

30 Claims

1. A network apparatus operable to communicate with one or more remote network devices which are associated with a group of users, the network apparatus comprising:
- a request transmitter operable to transmit over the network to a remote server a request for cryptographic keys for the group of users; and
  
  a key receiver operable to receive cryptographic keys for the group of users and to store the received cryptographic keys in a cryptographic keys data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 27)
- - 2. A network apparatus according to claim 1, further comprising a registration controller operable to control a registration procedure for registering the network apparatus with the remote server.
  - 3. A network apparatus according to claim 2, wherein the registration controller is operable to retrieve one or more transfer keys from the registration server and to store the transfer keys in a transfer key data store, andwherein the key receiver is operable, in response to receiving an encrypted cryptographic key, to retrieve at least one transfer key for decrypting the encrypted cryptographic key from the transfer key data store, and to decrypt the encrypted cryptographic key using the retrieved transfer key to recover the cryptographic key.
  - 4. A network apparatus according to claim 3, wherein the decryption using the transfer key employs a symmetric encryption algorithm.
  - 5. A network apparatus according to claim 3 or claim 4, wherein the registration controller is operable to retrieve a master transfer key associated with the network apparatus and plural user transfer keys, each user transfer key being associated with a different user within the group of users.
  - 6. A network apparatus according to claim 5, wherein the network apparatus has a network address and an associated electronic mail address,wherein the registration server is operable to receive i) a signal sent to the network address for the network apparatus conveying a first part of the master transfer key, and ii) an electronic mail message sent to the associated electronic mail address for the network apparatus conveying a second part of the master transfer key, and the registration controller is further operable to recover the master transfer key using said first and second parts.
  - 7. A network apparatus according to claim 6, wherein subsequent to the retrieval of the master transfer key, the registration controller is operable to receive encrypted user transfer keys, to decrypt the encrypted user transfer keys using the master transfer key to recover the user transfer keys, and to store the recovered user transfer keys in the transfer key data store.
  - 8. A network apparatus according to claim 7, wherein the encrypted user transfer keys are received by the network apparatus in the form of a network signal sent to the network address for the network apparatus.
  - 9. A network apparatus according to any of claims 6 to 8, wherein subsequent to the retrieval of the user transfer keys, the registration controller is further operable i) to receive encrypted cryptographic keys, each encrypted cryptographic key being associated with a respective one of the group of users, ii) to decrypt each encrypted cryptographic keys using the user transfer key for the associated one of the group of users to recover the cryptographic keys, and iii) to store the recovered cryptographic keys in the cryptographic keys data store.
  - 10. A network apparatus according to any of claims 2 to 9, wherein the registration controller is operable to obtain identification information for the group of users from a lightweight directory access protocol server associated with said one or more remote network devices, andwherein in response to receiving the identification information for the group of users from the lightweight directory access protocol server, the registration controller is operable to forward said identification information to the remote server.
  - 11. A network apparatus according to claim 10, wherein the identification information comprises electronic mail address information.
  - 12. A network apparatus according to any preceding claim, further comprising a key request processor operable, in response to a request from one of the group of users for a cryptographic key associated with said one of the group of users, to retrieve one or more cryptographic keys associated with said one of the group of users from the data store and to transmit the one or more retrieved cryptographic keys to said one of the group of users.
  - 13. A network apparatus according to claim 12 when dependent on claim 3, wherein the request processor is operable to encrypt the cryptographic key associated with said one of the group of users using a user transfer key associated with said one of the group of users.
  - 14. A network apparatus according to any preceding claim, further comprising a user registration controller operable to control a registration procedure to add a new user to the group of users.
  - 15. A network apparatus according to claim 14, wherein the network apparatus comprises a transfer key data store, and wherein the user registration controller is operable to retrieve a user transfer key from the remote server, to store the user transfer key in a transfer key data store, and to forward the retrieved user transfer key to said new user.
  - 16. A network apparatus according to claim 15, wherein the user registration controller initiates registration of a new user in response to signal from a user network address conveying a new user request including an electronic mail address for the user and a token identifying the user,wherein the request processor is operable to request verification of the token from a lightweight directory access protocol server,wherein in response to verification of the token by the lightweight directory access protocol server, the request processor is operable to transmit a signal to said user network address conveying the user transfer key for the new user, andwherein in the absence of verification of the token by the lightweight directory access protocol server, the request processor is operable to split the user transfer key for the user into two or more parts and to send a signal to the user network address conveying a first part of the user transfer key and to transmit an electronic message to the electronic mail address for the user conveying a second part of the user transfer key.
  - 17. A network apparatus according to any preceding claim, further comprising a decryption controller operable to control decryption of a received encrypted electronic mail message.
  - 18. A network apparatus according to claim 17, wherein the received encrypted electronic mail message is addressed to the electronic mail address for one of the group of users, andwherein the decryption controller is operable to retrieve a cryptographic key associated with said addressed user and to decrypt the encrypted electronic mail message using the retrieved cryptographic key.
  - 19. A network apparatus according to claim 17, wherein the received encrypted electronic mail message is sent from the electronic mail address for one of the group of users, andwherein the decryption controller is operable to retrieve a cryptographic key associated with said electronic mail address for the sender and to decrypt the encrypted electronic mail message using the retrieved cryptographic key.
  - 20. A network apparatus according to any preceding claim, further comprising an encryption controller operable to control encryption of a received electronic mail message sent by one of the group of users to one or more addressees
  - 21. A network apparatus according to claim 20, wherein the encryption controller is operable to calculate a cryptographic key for an addressee of the receive electronic mail message using the electronic mail address for the addressee.
  - 22. A local area network comprising a network apparatus according to any preceding claim, wherein the transmitter of the network apparatus is operable to transmit a request for cryptographic keys to a remote server external to the local area network.
  - 27. A local area network comprising a network apparatus as claimed in any of claims 1 to 21 and a computer apparatus as claimed in any of claims 23 to 26.

23. A computer apparatus operable to communicate with remote network devices over a network, the computer apparatus comprising:
- a cryptography controller operable to control at least one of encryption of an electronic message and decryption of an electronic message using a cryptographic key; and
  
  a key retriever operable to retrieve the cryptographic key from a remote network device and store the retrieved cryptographic key in a cryptographic key data store,wherein the key retriever is operable to send a request to a server at a predetermined network address requesting a network address from which the cryptographic key is available, and to send a request to the network address identified by the server for the cryptographic key.
- View Dependent Claims (24, 25, 26)
- - 24. A computer apparatus according to claim 23, further comprising a user registration controller for registering the user of the computer apparatus with an encryption authority,wherein the user registration controller is operable to send a request to a server at a predetermined network address for a network address from which a user transfer key is available, and to send a request to the network address identified by the server for the user transfer key.
  - 25. A computer apparatus according to claim 24, wherein the user registration controller is operable to recover the user transfer key from a signal sent to a network address associated with the computer apparatus.
  - 26. A computer apparatus according to any of claims 23 to 25, wherein the cryptography controller is operable to calculate a cryptographic key associated with a recipient of an electronic mail message from an electronic mail address associated with the recipient, and to encrypt the electronic mail message for the recipient using the calculated cryptographic key.

28. A network server comprising:
- a key provider operable to provide cryptographic keys;
  
  a data store operable to store data associating one or more network apparatuses with corresponding groups of users; and
  
  a request processor operable to process a request received from a network apparatus over the network for cryptographic keys associated with one or more users,wherein the network server is operable, in response to receiving a request for cryptographic keys, i) to determine using the data stored in the data store whether or not said one or more users are associated with the network apparatus sending the request, and ii) in the event that said one or more users are associated with the network apparatus sending the request, to transmit one or more cryptographic keys for said one or more users provided by the key provider to the network apparatus sending the request.
- View Dependent Claims (29, 30)
- - 29. A network server according to claim 28, wherein the key provider is operable to calculate a cryptographic key for a user using a root cryptographic key and identification information for the user.
  - 30. A network server according to claim 29, wherein the identification information is an electronic mail address for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Baldwin, Matthew, Tuaima, Adam, Chimley, Mark, Dancer, Andrew

Granted Patent

US 8,793,491 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 9/0833   involving conference or gro...

ELECTRONIC DATA COMMUNICATION SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

ELECTRONIC DATA COMMUNICATION SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links