GENERATING PKI EMAIL ACCOUNTS ON A WEB-BASED EMAIL SYSTEM
First Claim
Patent Images
1. A system comprising:
- a) a client computer communicatively coupled to a network and operated by a user, wherein neither the client computer nor a key store system is relied on to store or recall PKI keys;
b) an email server communicatively coupled to the network;
c) a PKI email account website hosted on one or more computers in the network, communicatively coupled to the email server, and configured to;
i) receive a request for a PKI email account from the user via the client computer, wherein the PKI email account is configured to access, without a key store system, one or more cryptographic functions to securely receive and transmit email;
ii) generate and send a certificate signing request, without interaction from the user or a key store system, via a network connection between the PKI email account website and a certificate authority;
iii) install the certificate upon receipt, without interaction from the user or a key store system; and
d) a desktop email client or an email website displayed on the client computer and configured to access the PKI email account and the cryptographic functions provided by the PKI email account website.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.
20 Citations
2 Claims
-
1. A system comprising:
-
a) a client computer communicatively coupled to a network and operated by a user, wherein neither the client computer nor a key store system is relied on to store or recall PKI keys; b) an email server communicatively coupled to the network; c) a PKI email account website hosted on one or more computers in the network, communicatively coupled to the email server, and configured to; i) receive a request for a PKI email account from the user via the client computer, wherein the PKI email account is configured to access, without a key store system, one or more cryptographic functions to securely receive and transmit email; ii) generate and send a certificate signing request, without interaction from the user or a key store system, via a network connection between the PKI email account website and a certificate authority; iii) install the certificate upon receipt, without interaction from the user or a key store system; and d) a desktop email client or an email website displayed on the client computer and configured to access the PKI email account and the cryptographic functions provided by the PKI email account website.
-
-
2. A method comprising the steps of:
-
a) receiving a request from a user to create a PKI email account and an auto-renewal option for the PKI email account via a PKI email account website displayed on a client computer and hosted on one or more computers in a network; b) generating and storing a key pair, without interaction from the user or a key store system, in a data storage on the one or more computers in the network; c) requesting a first certificate, without interaction from the user or a key store system, from a certificate authority; d) receiving the first certificate; e) installing the first certificate on the PKI email account website; f) creating the PKI email account for the user, wherein the PKI email account is configured to access one or more cryptographic functions provided by the PKI email account website to securely receive and transmit mail, wherein the PKI email account is accessible via a desktop email client or an email website displayed on the client computer and wherein neither the client computer nor the key store system are relied on to store or recall PKI keys; and g) requesting and receiving a second certificate from the certificate authority, without interaction from the user or a key store system, prior to the first certificate expiring
-
Specification