Efficient Encryption, Escrow and Digital Signatures
First Claim
1. A method of operating a network server to facilitate legal eavesdropping, comprising:
- receiving, from the first user via the network, (i) a session key (SK) encrypted with a second user'"'"'s public key, kpubU2, which is the public key of asymmetric private/public key pair kpriU/kpubU2 of the second user and (ii) the SK encrypted with an escrow server'"'"'s (ES) public key, kpubES, which is the public key of asymmetric private/public key pair kpriES/kpubES of the ES;
storing the received SK encrypted with kpubES;
transmitting, to the second user via the network, the received SK encrypted with kpubU2;
receiving, from one of the first and the second users via the network, a message encrypted with the SK;
storing the received message encrypted with SK; and
transmitting, to the other of the first and the second users via the network, the received message encrypted with the SK.
10 Assignments
0 Petitions
Accused Products
Abstract
A network server is operated so as to facilitate legal eavesdropping by receiving, from the first user via a network, a session key (SK) encrypted with a second user'"'"'s public key, kpubU2, and the SK encrypted with an escrow server'"'"'s (ES) public key, kpubES. The kpubU2 key is the public key of the second user asymmetric private/public key pair kpriU2/kpubU2. The kpubES key is the public key of the ES asymmetric private/public key pair kpriES/kpubES. The received SK encrypted with kpubES is stored. The SK encrypted with kpubU2 is transmitted to the second user via the network. A message encrypted with the SK is received from one of the first and the second users via the network, stored, and transmitted to the other of the first and the second users via the network.
16 Citations
11 Claims
-
1. A method of operating a network server to facilitate legal eavesdropping, comprising:
-
receiving, from the first user via the network, (i) a session key (SK) encrypted with a second user'"'"'s public key, kpubU2, which is the public key of asymmetric private/public key pair kpriU/kpubU2 of the second user and (ii) the SK encrypted with an escrow server'"'"'s (ES) public key, kpubES, which is the public key of asymmetric private/public key pair kpriES/kpubES of the ES; storing the received SK encrypted with kpubES; transmitting, to the second user via the network, the received SK encrypted with kpubU2; receiving, from one of the first and the second users via the network, a message encrypted with the SK; storing the received message encrypted with SK; and transmitting, to the other of the first and the second users via the network, the received message encrypted with the SK. - View Dependent Claims (2, 3)
-
-
4. An article of manufacture for facilitating legal eavesdropping, comprising:
-
non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to; receive, from the first user via the network, (i) a session key (SK) encrypted with a second user'"'"'s public key, kpubU2, which is the public key of asymmetric private/public key pair kpriU2/kpubU2 of the second user, and (ii) the SK encrypted with an escrow server'"'"'s (ES) public key, kpubES, which is the public key of asymmetric private/public key pair kpriES/kpubES of the ES; direct storage of the received SK encrypted with kpubES; direct transmission, to the second user via the network, of the received SK encrypted with kpubU2; receive, from one of the first and the second users via the network, a message encrypted with the SK; direct storage of the received message encrypted with SK; and direct transmission, to the other of the first and the second users via the network, of the received message encrypted with the SK. - View Dependent Claims (5, 6)
-
-
7. A network server for facilitating legal eavesdropping, comprising:
-
a processor configured to receive, from the first user via the network, (i) a session key (SK) encrypted with a second user'"'"'s public key, kpubU2, which is the public key of asymmetric private/public key pair kpriU2/kpubU2 of the second user and (ii) the SK encrypted with an escrow server'"'"'s (ES) public key, kpubES, which is the public key of an asymmetric private/public key pair kpriES/kpubES of the ES; and a data store configured to store the received SK encrypted with kpubES, wherein the processor is further configured to (a) direct transmission, to the second user via the network, of the received SK encrypted with kpubU2, and (b) receive, from one of the first and the second users via the network, a message encrypted with the SK; wherein the data store is further configured to stored the received message encrypted with SK; and wherein the processor is further configured to direct transmission, to the other of the first and the second users via the network, the received message encrypted with the SK. - View Dependent Claims (8, 9)
-
-
10. A method of operating a user smart communication device to securely communicate email or text messages to another user via a network, comprising:
-
retrieving, from a network server in the cloud, the other user'"'"'s certificate, where the other user'"'"'s certificate includes kpubOU, which is the public key of the other user'"'"'s private/public asymmetric key pair kpriOU/kpubOU; creating a session key (SK) for securing communications between the user and the other user; storing the SK; encrypting the SK with the other user'"'"'s public key, kpubOU; transmitting, to the other user via the network server, the encrypted SK; transmitting, to the other user via the network server, a first email or text message encrypted with the SK; receiving, from the other user via the network server, a second email or text message encrypted with the SK; and decrypting the received encrypted second message with the stored SK.
-
-
11. A method of operating a user'"'"'s smart communication device, having a touchpad, to graphically and digitally sign messages, comprising:
-
automatically generating, transparent to the user, a private/public asymmetric key pair, kpriU/kpubU, for the user, where kpriU is the private key and kpubU is the public key of the user asymmetric private/public key pair; transmitting kpubU to a Certificate Authority (CA) via a network; receiving, from the CA via the network, a certificate, including kpubU, signed with a private key, kpriCA, of the CA, where kpriCA is the private key of an asymmetric private/public key pair, i.e. kpriCA/kpubCA, of the CA; receiving, from another user via the network, a request to sign a message; receiving, via the touchpad, a user input corresponding to a graphical signature of the user; in response to receipt of the user input, automatically digitally signing the message with kpriU; and transmitting, to the other user via the network, the graphical signature, the digitally signed message and the signed certificate.
-
Specification