SECURE MESSAGE DELIVERY USING A TRUST BROKER

US 20140245000A1
Filed: 05/06/2014
Published: 08/28/2014
Est. Priority Date: 06/23/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a federation server, a request from a server of a first organization, wherein;

the federation server is configured to act as a trust broker between the first organization and a second organization, andthe request identifies the server of the first organization and requests a token for securely sending a message to a server of the second organization; and

sending, by the federation server to the server of the first organization, a response to the request, wherein;

the response includes a symmetric key and an encrypted token containing the symmetric key, andthe encrypted token is encrypted with a public key of the second organization.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An email security system is described that allows users within different organizations to securely send email to one another. The email security system provides a federation server on the Internet or other unsecured network accessible by each of the organizations. Each organization provides identity information to the federation server. When a sender in one organization sends a message to a recipient in another organization, the federation server provides the sender'"'"'s email server with a secure token for encrypting the message to provide secure delivery over the unsecured network.

Citations

20 Claims

1. A computer-implemented method comprising:
- receiving, by a federation server, a request from a server of a first organization, wherein;
  
  the federation server is configured to act as a trust broker between the first organization and a second organization, andthe request identifies the server of the first organization and requests a token for securely sending a message to a server of the second organization; and
  
  sending, by the federation server to the server of the first organization, a response to the request, wherein;
  
  the response includes a symmetric key and an encrypted token containing the symmetric key, andthe encrypted token is encrypted with a public key of the second organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein:
    - the server of the first organization is configured to secure the message by encrypting the message with the symmetric key, andthe server of the second organization is configured to obtain the symmetric key from the encrypted token and decrypt the message using the symmetric key.
  - 3. The computer-implemented method of claim 1, wherein:
    - the server of the first organization is configured to secure the message by encrypting the message with a separate encryption key and encrypting the separate encryption key with the symmetric key, andthe server of the second organization is configured to obtain the symmetric key from the encrypted token, decrypt the separate encryption key using the symmetric key, and decrypt the message using the separate encryption key.
  - 4. The computer-implemented method of claim 1, further comprising:
    - receiving, by the federation server from the server of the first organization, a request for each domain identified in the message when the message is addressed to multiple recipients at different domains.
  - 5. The computer-implemented method of claim 1, wherein the request identifies the server of the first organization using identity information that matches identity information previously provided by the first organization to the federation server.
  - 6. The computer-implemented method of claim 1, wherein the request further identifies a purpose for which the token is requested.
  - 7. The computer-implemented method of claim 1, wherein the symmetric key is a proof of possession key.

8. A computer-readable storage device that does not consist of a signal, the computer-readable storage device storing computer-executable instructions that, when executed by a processor of a federation server, cause the federation server to perform a method comprising:
- receiving a request from a server of a first organization, wherein;
  
  the federation server is configured to act as a trust broker between the first organization and a second organization, andthe request identifies the server of the first organization and requests a token for securely sending a message to a server of the second organization; and
  
  sending a response to the request to the server of the first organization, wherein;
  
  the response includes a symmetric key and an encrypted token containing the symmetric key, andthe encrypted token is encrypted with a public key of the second organization.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage device of claim 8, wherein:
    - the server of the first organization is configured to secure the message by encrypting the message with the symmetric key, andthe server of the second organization is configured to obtain the symmetric key from the encrypted token and decrypt the message using the symmetric key.
  - 10. The computer-readable storage device of claim 8, wherein:
    - the server of the first organization is configured to secure the message by encrypting the message with a separate encryption key and encrypting the separate encryption key with the symmetric key, andthe server of the second organization is configured to obtain the symmetric key from the encrypted token, decrypt the separate encryption key using the symmetric key, and decrypt the message using the separate encryption key.
  - 11. The computer-readable storage device of claim 8, wherein the federation server receives a request for each domain identified in the message when the message is addressed to multiple recipients at different domains.
  - 12. The computer-readable storage device of claim 8, wherein the request identifies the server of the first organization using identity information that matches identity information previously provided by the first organization to the federation server.
  - 13. The computer-readable storage device of claim 8, wherein the request further identifies a purpose for which the token is requested.
  - 14. The computer-readable storage device of claim 8, wherein the symmetric key is a proof of possession key.

15. A federation server comprising:
- a processor configured to execute computer-executable instructions; and
  
  memory storing computer-executable instructions that, when executed by the processor, cause the federation server to perform a method comprising;
  
  receiving a request from a server of a first organization, wherein;
  
  the federation server is configured to act as a trust broker between the first organization and a second organization, andthe request identifies the server of the first organization and requests a token for securely sending a message to a server of the second organization; and
  
  sending a response to the request to the server of the first organization, wherein;
  
  the response includes a symmetric key and an encrypted token containing the symmetric key, andthe encrypted token is encrypted with a public key of the second organization.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The federation server of claim 15, wherein:
    - the server of the first organization is configured to secure the message by encrypting the message with the symmetric key, andthe server of the second organization is configured to obtain the symmetric key from the encrypted token and decrypt the message using the symmetric key.
  - 17. The federation server of claim 15, wherein:
    - the server of the first organization is configured to secure the message by encrypting the message with a separate encryption key and encrypting the separate encryption key with the symmetric key, andthe server of the second organization is configured to obtain the symmetric key from the encrypted token, decrypt the separate encryption key using the symmetric key, and decrypt the message using the separate encryption key.
  - 18. The federation server of claim 15, wherein the federation server receives a request for each domain identified in the message when the message is addressed to multiple recipients at different domains.
  - 19. The federation server of claim 15, wherein the request identifies the server of the first organization using identity information that matches identity information previously provided by the first organization to the federation server.
  - 20. The federation server of claim 15, wherein the request further identifies a purpose for which the token is requested.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Byrum, Frank, Mehta, Mayank, Jain, Chandresh, Conceicao, Ladislau, Kress, Brian, Gourevitch, Greg, Nelte, Michael, Barnes, Chris

Granted Patent

US 9,917,828 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

SECURE MESSAGE DELIVERY USING A TRUST BROKER

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE MESSAGE DELIVERY USING A TRUST BROKER

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links