Public key cryptosystem with roaming user capability

US 6,154,543 A
Filed: 11/25/1998
Issued: 11/28/2000
Est. Priority Date: 11/25/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:

a client computer operable to access an Enabler computer program, said client computer comprising;

a client memory operable to store said Enabler computer program;

a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;

allow said user to enter a user identifier;

transmit said user identifier to said encryption server to verify identity of said user;

receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;

use said passphrase to decrypt said encrypted private key at said client computer;

retrieve a user recipient'"'"'s public key;

encrypt a digital message with said user recipient'"'"'s public key; and

transmit said encrypted digital message to said user recipient;

an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;

a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and

a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;

receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;

retrieve said encrypted private key from said encryption server database; and

transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and

a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and

wherein said network comprises a plurality of client computers and encryption servers, further wherein each encryption server can communicate with every other encryption server on said network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Reexamination

Accused Products

Abstract

A public key cryptosystem with roaming user capability within a network that allows secure communication between users of the system, client machines, and encryption servers. A client machine generates and stores an encrypted private key on an encryption server. A user may then access the encrypted private key from any client machine located on the network and decrypt it using a passphrase, thus giving the user roaming capability. The private key may then be used to decrypt any encrypted messages received. A user can generate a digital message, encrypt it with a client recipient'"'"'s public key, and transmit it to the encryption server from any client machine on the network.

144 Citations

59 Claims

1. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said network comprises a plurality of client computers and encryption servers, further wherein each encryption server can communicate with every other encryption server on said network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. The system of claim 1, wherein said client computer is further operable to store and access a New User computer program, said client computer processor operable to execute said New User computer program such that said client computer is directed by said New User computer program to communicate with said Server computer program to:
    - generate said public/private key pair;
      
      generate said user passphrase;
      
      generate said user identifier;
      
      hash said user passphrase;
      
      transmit said hash of said user passphrase to said encryption server to compare against a plurality of hashed English words, common nouns, and popular sayings located on said database of said encryption server;
      
      encrypt said private key with said hash of said user passphrase yielding said encrypted private key; and
      
      transmit said encrypted private key and said public key to said encryption server.
  - 3. The system of claim 1, wherein said user identifier is a user log-in ID or said user passphrase, and further wherein said user log-in ID or user passphrase is hashed and transmitted to said encryption server and compared against said database of hashed user identifiers to verify the identity of said user.
  - 4. The system of claim 2, wherein said encryption server is further operable to execute said Server computer program to communicate with said New User computer program such that said encryption server is directed by said Server computer program to:
    - receive and compare said hash of said passphrase against a plurality of hashed English words, common nouns, and popular sayings located on said database of said encryption server;
      
      compare said hash of said passphrase against said database of hashed passphrases to verify the identity of said user;
      
      receive said encrypted private key and said public key paired to said encrypted private key from said client computer; and
      
      store said encrypted private key and said public key in said database of said encryption server.
  - 5. The system of claim 1, wherein said Enabler computer program is further executable to transmit other user specific information from said client computer to said encryption server, said Server computer program is further executable to transmit other user specific information from said encryption server database to said client computer.
  - 6. The system of claim 1, wherein said user may use any client computer on said network to access said encrypted private key, thus giving said user roaming capability.
  - 7. The system of claim 1, wherein said user passphrase remains on said client computer for the duration of time said user is logged-in to said encryption server, further wherein said user passphrase is never transmitted to said encryption server and is erased from said client computer when said user logs-off said network.
  - 8. The system of claim 1, wherein said user passphrase or private key may not be erased after logging-off said network, said user passphrase or said private key remain on said computer.
  - 9. The system of claim 1, wherein said encrypted digital message resides on said encryption server and may not be accessed by anyone but an intended user recipient, further wherein said digital message may be in the form of email or real-time chat.
  - 10. The system of claim 1, wherein a secure socket layer exists between said client sender computer and said encryption server, and wherein said secure socket layer also exists between said encryption server and said client recipient computer.
  - 11. The system of claim 2, wherein said New User computer program and said Enabler computer program are downloaded from said encryption server or are directly installed on said client computer.
  - 12. The system of claim 1, wherein said private key is symmetrically encrypted with said passphrase and stored on either said encryption server or said client computer.
  - 13. The system of claim 1, wherein said encryption server allows a limited number of log-on attempts.
  - 14. The system of claim 1, wherein said digital message is encrypted using any public/private key cipher including RSA, Elliptical Curve, or Diffie-Helman.
  - 15. The system of claim 1, wherein said encrypted digital message is transmitted from said client sender computer to a server outside said network, then from said server outside said network to said client recipient computer.
  - 16. The system of claim 1, wherein each encryption server on said network contains all or a subset of every user'"'"'s encrypted private key, public key, user identifier, or other user information.
  - 17. The system of claim 16, wherein each encryption server of said network has its own public/private key pair, further wherein each encryption server has access to said public/private key pairs of every other encryption server on said network.
  - 18. The system of claim 17, wherein only an encryption server administrator has access to said private keys of each encryption server on said network.
  - 19. The system of claim 1, wherein a cyclic redundancy check (CRC) is added to the end of said digital message before encrypting it.
  - 20. The system of claim 1, wherein said encryption server includes a translator computer program to communicate with other public/private key encryption servers operating under a different standard certificate of authority.
  - 21. The system of claim 1, wherein said public keys are stored on said encryption server in plain text form.
  - 22. The system of claim 1, wherein said Server computer program and said New User computer program are divided into two or more subprograms.
  - 23. The system of claim 1, wherein said user passphrase is generated by said New User computer program.
  - 24. The system of claim 1, wherein said passphrase is actively or passively generated by true random numbers.
  - 25. The system of claim 1, wherein said encryption server is authenticated to said user by industry standard means, such as SSL, using authentication certificates.
  - 26. The system of claim 1, wherein said user may optionally sign said digital message with said private key before encrypting and transmitting said digital message to said encryption server.
  - 27. The system of claim 1, wherein said digital message contains time or bandwidth sensitive data, and wherein said digital message need not be transmitted through said encryption server, and further wherein said time or bandwidth sensitive data is encrypted and transmitted directly to said client recipient computer.
  - 28. The system of claim 1, wherein said passphrase, private key, or said user recipient'"'"'s public is not erased after logging-off said network, and said passphrase, said private key, or said user recipient public key remains on said computer.

29. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- at said client sender machine;
  
  entering a user identifier; and
  
  transmitting said user identifier to an encryption server;
  
  at said encryption server;
  
  receiving said user identifier;
  
  comparing said user identifier against a plurality of user identifiers located in a database on said encryption server to verify the identity of said user;
  
  retrieving a private key encrypted with a passphrase from said database of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair; and
  
  transmitting said encrypted private key from said encryption server to said user'"'"'s client machine;
  
  at said client sender machine;
  
  receiving said encrypted private key from said encryption server;
  
  decrypting said encrypted private key with said passphrase;
  
  generating a digital message;
  
  retrieving a user recipient'"'"'s public key from said encryption server database;
  
  encrypting said digital message with said user recipient'"'"'s public key; and
  
  transmitting said encrypted digital message to said client recipient machine; and
  
  wherein said method employs a network comprised of a plurality of client computers and encryption servers, further wherein each encryption server can communicate with every other encryption server on said network.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The method of claim 29, further comprising the following steps prior to entering said user identifier,at said client sender machine:
    - generating said public/private key pair;
      
      generating said user passphrase;
      
      generating said user identifier, wherein said identifier can be a user log-in ID;
      
      hashing said user passphrase;
      
      transmitting said hash of said user passphrase to said encryption server to compare against said database of hashed English words, common nouns, and popular sayings;
      
      encrypting said private key with said hash of said user passphrase yielding said encrypted private key; and
      
      transmitting said encrypted private key and said public key to said encryption server;
      
      at said encryption server;
      
      receiving said encrypted private key and said public key; and
      
      storing said encrypted private key and said public key in said database of said encryption server.
  - 31. The method of claim 29, wherein said user identifier is said user'"'"'s passphrase, further wherein said user'"'"'s passphrase is hashed and transmitted to said encryption server and compared against said database of hashed passphrases to verify the identity of said user.
  - 32. The method of claim 29, wherein said encrypted digital message is transmitted from said client sender machine to said encryption server, then transmitted from said encryption server to said client recipient machine.
  - 33. The method of claim 29, wherein said encrypted digital message is transmitted from said client sender machine to a server outside said network then from said server outside said network to said client recipient machine.
  - 34. The method of claim 29, wherein said passphrase is actively or passively generated by true random numbers.
  - 35. The method of claim 29, wherein said user may optionally sign said digital message with said private key before encrypting and transmitting said digital message to said encryption server.

36. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- entering a user identifier; and
  
  transmitting said user identifier to an encryption server to verify identity of said user; and
  
  downloading an Enabler computer program from said encryption server to said client sender'"'"'s machine, wherein said Enabler computer program is executable to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key from said encryption server database;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient; and
  
  wherein said method employs a network comprised of a plurality of client computers and encryption servers, further wherein each encryption server can communicate with every other encryption server on said network.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The method of claim 36, wherein a New User computer program is downloaded from said encryption server to said client seder'"'"'s machine, further wherein said New User computer program is executable to communicate with a Server computer program located on said encryption server to:
    - generate said public/private key pair;
      
      generate said user passphrase;
      
      generate said user identifier;
      
      hash said user passphrase;
      
      transmit said hash of said user passphrase to said encryption server to compare against a plurality of hashed English words, common nouns, and popular sayings located on said database of said encryption server;
      
      encrypt said private key with said hash of said user passphrase yielding said encrypted private key; and
      
      transmit said encrypted private key and public key to said encryption server.
  - 38. The method of claim 36, wherein said user identifier is said user'"'"'s passphrase, further wherein said user'"'"'s passphrase is hashed and transmitted to said encryption server and compared against said database of hashed passphrases to verify the identity of said user.
  - 39. The method of claim 36, wherein said New User computer program and said Enabler computer program are directly loaded onto said client sender'"'"'s machine.
  - 40. The method of claim 36, wherein logging into said encryption server comprises the steps of finding a log-in web page for said encryption server on the Internet and typing in a user'"'"'s identifier.
  - 41. The method of claim 36, wherein said encrypted digital message is transmitted from said client sender machine to said encryption server, then transmitted from said encryption server to said client recipient machine.

42. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer,said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said user passphrase remains on said client server computer for the duration of time said user is logged-in to said encryption server,further wherein said user passphrase is never transmitted to said encryption server and is erased from said client computer when said user logs-off said network.

43. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said user passphrase or private key may not be erased after logging-off said network.

44. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said encrypted digital message resides on said encryption server and may not be accessed by anyone but an intended user recipient.

45. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein a secure socket layer exists between said client sender computer and said encryption server, andwherein said secure socket layer also exists between said encryption server and said client recipient computer.

46. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said encryption server allows a limited number of log-on attempts.

47. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said encrypted digital message is transmitted from said client sender computer to a server outside said network, then from said server outside said network to said client recipient computer.

48. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein a cyclic redundancy check (CRC) is added to the end of said digital message before encrypting it.

49. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said encryption server is authenticated to said user by industry standard means, such as SSL, using authentication certificates.

50. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said user may optionally sign said digital message with said private key before encrypting and transmitting said digital message to said encryption server.

51. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said digital message contains time or bandwidth sensitive data, and wherein said digital message need not be transmitted through said encryption server, and further wherein said time or bandwidth sensitive data is encrypted and transmitted directly to said client recipient computer.

52. A system for sending an encrypted digital message from a user at a client sender computer to a client recipient computer over a network, comprising:
- a client computer operable to access an Enabler computer program, said client computer comprising;
  
  a client memory operable to store said Enabler computer program;
  
  a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient;
  
  an encryption server, said encryption server operable to process requests from said client computer, said encryption server comprising;
  
  a server memory operable to store said Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
  
  a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
  
  receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify identity of said user;
  
  retrieve said encrypted private key from said encryption server database; and
  
  transmit said encrypted private key from said encryption server to said user'"'"'s client computer; and
  
  a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender computer and said encryption server and further between said encryption server and said client recipient computer; and
  
  wherein said passphrase, private key, or said user recipient'"'"'s public key is not erased after logging-off said network, and said passphrase, said private key, or said user recipient public key remains on said computer.

53. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- at said client sender machine;
  
  entering a user identifier; and
  
  transmitting said user identifier to an encryption server;
  
  at said encryption server;
  
  receiving said user identifier;
  
  comparing said user identifier against a plurality of user identifiers located in a database on said encryption server to verify the identity of said user;
  
  retrieving a private key encrypted with a passphrase from said database of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair; and
  
  transmitting said encrypted private key from said encryption server to said user'"'"'s client machine;
  
  at said client sender machine;
  
  receiving said encrypted private key from said encryption server;
  
  decrypting said encrypted private key with said passphrase;
  
  generating a digital message;
  
  retrieving a user recipient'"'"'s public key from said encryption server database;
  
  encrypting said digital message with said user recipient'"'"'s public key; and
  
  transmitting said encrypted digital message to said client recipient machine; and
  
  wherein said user identifier is said user'"'"'s passphrase, further wherein said user'"'"'s passphrase is hashed and transmitted to said encryption server and compared against said database of hashed passphrases to verify the identity of said user.

54. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- at said client sender machine;
  
  entering a user identifier; and
  
  transmitting said user identifier to an encryption server;
  
  at said encryption server;
  
  receiving said user identifier;
  
  comparing said user identifier against a plurality of user identifiers located in a database on said encryption server to verify the identity of said user;
  
  retrieving a private key encrypted with a passphrase from said database of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair; and
  
  transmitting said encrypted private key from said encryption server to said user'"'"'s client machine;
  
  at said client sender machine;
  
  receiving said encrypted private key from said encryption server;
  
  decrypting said encrypted private key with said passphrase;
  
  generating a digital message;
  
  retrieving a user recipient'"'"'s public key from said encryption server database;
  
  encrypting said digital message with said user recipient'"'"'s public key; and
  
  transmitting said encrypted digital message to said client recipient machine; and
  
  wherein said user encrypted digital message is transmitted from said client sender machine to said encryption server, then transmitted from said encryption server to said client recipient machine.

55. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- at said client sender machine;
  
  entering a user identifier; and
  
  transmitting said user identifier to an encryption server;
  
  at said encryption server;
  
  receiving said user identifier;
  
  comparing said user identifier against a plurality of user identifiers located in a database on said encryption server to verify the identity of said user;
  
  retrieving a private key encrypted with a passphrase from said database of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair; and
  
  transmitting said encrypted private key from said encryption server to said user'"'"'s client machine;
  
  at said client sender machine;
  
  receiving said encrypted private key from said encryption server;
  
  decrypting said encrypted private key with said passphrase;
  
  generating a digital message;
  
  retrieving a user recipient'"'"'s public key from said encryption server database;
  
  encrypting said digital message with said user recipient'"'"'s public key; and
  
  transmitting said encrypted digital message to said client recipient machine; and
  
  wherein said encrypted digital message is transmitted from said client sender machine to a server outside said network then from said server outside said network to said client recipient machine.

56. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- at said client sender machine;
  
  entering a user identifier; and
  
  transmitting said user identifier to an encryption server;
  
  at said encryption server;
  
  receiving said user identifier;
  
  comparing said user identifier against a plurality of user identifiers located in a database on said encryption server to verify the identity of said user;
  
  retrieving a private key encrypted with a passphrase from said database of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair; and
  
  transmitting said encrypted private key from said encryption server to said user'"'"'s client machine;
  
  at said client sender machine;
  
  receiving said encrypted private key from said encryption server;
  
  decrypting said encrypted private key with said passphrase;
  
  generating a digital message;
  
  retrieving a user recipient'"'"'s public key from said encryption server database;
  
  encrypting said digital message with said user recipient'"'"'s public key; and
  
  transmitting said encrypted digital message to said client recipient machine; and
  
  wherein said user may optionally sign said digital message with said private key before encrypting and transmitting said digital message to said encryption server.

57. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- entering a user identifier; and
  
  transmitting said user identifier to an encryption server to verify identity of said user; and
  
  downloading an Enabler computer program from said encryption server to said client sender'"'"'s machine, wherein said Enabler computer program is executable to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key from said encryption server database;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient; and
  
  wherein a New User computer program is downloaded from said encryption server to said client sender'"'"'s machine, further wherein said New User computer program is executable to communicate with a Server computer program located on said encryption server to;
  
  generate said public/private key pair;
  
  generate said user passphrase;
  
  generate said user identifier;
  
  hash said user passphrase;
  
  transmit said hash of said user passphrase to said encryption server to compare against a plurality of hashed English words, common nouns, and popular sayings located on said database of said encryption server;
  
  encrypt said private key with said hash of said user passphrase yielding said encrypted private key; and
  
  transmit said encrypted private key and public key to said encryption server.

58. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- entering a user identifier; and
  
  transmitting said user identifier to an encryption server to verify identity of said user; and
  
  downloading an Enabler computer program from said encryption server to said client sender'"'"'s machine, wherein said Enabler computer program is executable to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key from said encryption server database;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient; and
  
  wherein said New User computer program and said Enabler computer program are directly loaded onto said client sender'"'"'s machine.

59. A method for sending an encrypted digital message from a client sender machine to a client recipient machine comprising the steps of:
- entering a user identifier; and
  
  transmitting said user identifier to an encryption server to verify identity of said user; and
  
  downloading an Enabler computer program from said encryption server to said client sender'"'"'s machine, wherein said Enabler computer program is executable to communicate with a Server computer program located on said encryption server to;
  
  allow said user to enter a user identifier;
  
  transmit said user identifier to said encryption server to verify identity of said user;
  
  receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair;
  
  use said passphrase to decrypt said encrypted private key at said client computer;
  
  retrieve a user recipient'"'"'s public key from said encryption server database;
  
  encrypt a digital message with said user recipient'"'"'s public key; and
  
  transmit said encrypted digital message to said user recipient; and
  
  wherein said encrypted digital message is transmitted from said client sender machine to said encryption server, then transmitted from said encryption server to said client recipient machine.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
HUSH Communication Corporation
Original Assignee
HUSH Communications Anguilla Incorporated
Inventors
Baltzley, Cliff A.
Primary Examiner(s)
Peeso, Thomas R.
Assistant Examiner(s)
JACK, TODD M

Application Number

US09/200,640
Time in Patent Office

734 Days
Field of Search

380/255, 380/259, 705/64, 705/74, 705/75, 713/150
US Class Current

380/255
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 2211/008   Public Key, Asymmetric Key,...

G06Q 20/382   insuring higher security of...

G06Q 20/383   Anonymous user system

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

Public key cryptosystem with roaming user capability

First Claim

1 Assignment

0 Petitions

Reexamination

Accused Products

Abstract

144 Citations

59 Claims

Specification

Use Cases

Quick Links

Others

Public key cryptosystem with roaming user capability

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

144 Citations

59 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others