Method and apparatus for providing off-line secure communications

US 6,247,127 B1
Filed: 12/19/1997
Issued: 06/12/2001
Est. Priority Date: 12/19/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing off-line secure communications, the method comprises the steps of:

a) while on-line with a security information repository, and in response to a determination that an entity is going off-line, transmitting, to the security information repository, a request for security information relating to at least one targeted communication entity;

b) receiving the security information relating to the at least one targeted communication entity;

c) updating a local security information repository with the security information relating to the at least one targeted communication entity;

d) while off-line from the security information repository, processing a communication with the at least one targeted communication entity based on the security information.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing off-line secure communications is accomplished when an end-user is on-line with a security information repository and transmits a request for security information relating to at least one targeted communication entity. The targeted communication entity may be another end-user that has sent the present end-user an encrypted message or another end-user that will receive an encrypted message from the present end-user. In response to the request, the present end-user subsequently receives the security information and updates a local security information repository (e.g., cache memory) with the security information related to the at least one targeted communication entity. Having updated the local security information repository, the current end-user goes off-line from the security information repository. While off-line, the current end-user confidently processes a secure communication with the at least one targeted communication entity based on the security information that is stored in the local security information repository.

Citations

29 Claims

1. A method for providing off-line secure communications, the method comprises the steps of:
- a) while on-line with a security information repository, and in response to a determination that an entity is going off-line, transmitting, to the security information repository, a request for security information relating to at least one targeted communication entity;
  
  b) receiving the security information relating to the at least one targeted communication entity;
  
  c) updating a local security information repository with the security information relating to the at least one targeted communication entity;
  
  d) while off-line from the security information repository, processing a communication with the at least one targeted communication entity based on the security information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprises, within step (a), requesting the security information from at least one of:
    - a communication system directory, a certification authority, and a communication system server.
  - 3. The method of claim 1 further comprises, within step (a), requesting the security information for at least one of:
    - each entity in a pre-established group, a specified end-user, a plurality of specified end-users, a certification authority, and a server.
  - 4. The method of claim 1 further comprises, within step (a), requesting as the security information at least one of:
    - a certificate of the at least one targeted communication entity, a certificate revocation list, an authority revocation list, a cross certificate, and a trusted public key of the at least one targeted communication entity.
  - 5. The method of claim 1 further comprises, within step (d), verifying validity of the security information, the verifying includes at least one of:
6. The method of claim 1 further comprises, within step (d), processing the communication by at least one of:
- verifying signature of data, decrypting data, signing data, and encrypting data.

7. A method for providing off-line secure communications, the method comprises the steps of:
- a) while on-line with a security information repository, receiving the security information relating to the at least one targeted communication entity from the security information repository in response to determining that an entity is going off-line;
  
  b) storing the security information relating to the at least one targeted communication entity; and
  
  c) while off-line from the security information repository, processing a communication with the at least one targeted communication entity based on the security information.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 further comprises, within step (a), receiving the security information as at least one of:
    - a response to a request, a periodic update provided by the security information repository, and an automated detection of off-line activation.
  - 9. The method of claim 7 further comprises, within step (a), receiving the security information for at least one of:
    - each entity in a pre-established group, a specified end-user, a plurality of specified end-users, a certification authority, and a server.
  - 10. The method of claim 7 further comprises, within step (a), receiving as the security information at least one of:
    - a certificate of the at least one targeted communication entity, a certificate revocation list, an authority revocation list, a cross certificate, and a trusted public key of the at least one targeted communication entity.
  - 11. The method of claim 7 further comprises, within step (c), processing the communication by at least one of:
    - verifying signature of data, decrypting data, signing data, and encrypting data.

12. A method for providing off-line secure communications, the method comprises the steps of:
- a) determining that an entity is going off-line;
  
  b) determining, by the security information repository, security information of at least one targeted communication entity when the entity is going off-line, wherein the at least one targeted communication entity is a participant in a communication with the entity;
  
  c) transmitting, by the security information repository, the security information to the entity prior to the entity going off-line;
  
  d) updating, by the entity, a local security information repository with the security information; and
  
  e) while off-line from the security information repository, processing, by the entity, the communication with the at least one targeted communication entity based on the security information.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12 further comprises, within step (a), determining that the entity is going off-line by receiving a request for the security information based on a determination that the entity is going off-line.
  - 14. The method of claim 12 further comprises, within step (b), determining the security information to be for at least one of:
    - each entity in a pre-established group, a specified end-user, a plurality of specified end-users, a certification authority, and a server.
  - 15. The method of claim 12 further comprises, within step (b), determining the security information to be at least one of:
    - a certificate of the at least one targeted communication entity, a certificate revocation list, an authority revocation list, a cross certificate, and a trusted public key of the at least one targeted communication entity.
  - 16. The method of claim 12 further comprises, within step (e), processing the communication by at least one of:
    - verifying signature of data, decrypting data, signing data, and encrypting data.

17. A digital information storage device that stores programming instructions that, when read by a processing unit, causes the processing unit to process off-line secure communication services, the digital information storage device comprises:
- first means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive the security information relating to the at least one targeted communication entity from the security information repository while on-line with a security information repository in response to determining that an entity is going off-line;
  
  second means for storing programming instructions that, when read by the processing unit, causes the processing unit to store the security information relating to the at least one targeted communication entity; and
  
  third means for storing programming instructions that, when read by the processing unit, causes the processing unit to process a communication with the at least one targeted communication entity based on the security information while off-line from the security information repository.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The digital information storage device of claim 17 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to request the security information from at least one of:
    - a communication system directory, a certification authority, and a communication system server.
  - 19. The digital information storage device of claim 17 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive the security information as at least one of:
    - a response to a request, a periodic update provided by the security information repository, and an automated detection of off-line activation.
  - 20. The digital information storage device of claim 17 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive the security information for at least one of:
    - each entity in a pre-established group, a specified end-user, a plurality of specified end-users, a certification authority, and a server.
  - 21. The digital information storage device of claim 17 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive as the security information at least one of:
    - a certificate of the at least one targeted communication entity, a certificate revocation list, an authority revocation list, a cross certificate, and a trusted public key of the at least one targeted communication entity.
  - 22. The digital information storage device of claim 17 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to process the communication by at least one of:
    - verifying signature of data, decrypting data, signing data, and encrypting data.
  - 23. The digital information storage device of claim 17 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to verify validity of the security information, the verifying includes at least one of:

24. A digital information storage device that stores programming instructions that, when read by at least one processing unit, causes the at least one processing unit to process off-line secure communication services, the digital information storage device comprises:
- first means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to function as a security information repository to determine that an entity is going off-line;
  
  second means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to function as the security information repository to determine security information of at least one targeted communication entity when the entity is going off-line, wherein the at least one targeted communication entity is a participant in a communication with the entity; and
  
  third means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to function as the security information repository to transmit the security information to the entity prior to the entity going off-line.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The digital information storage device of claim 24 further comprises means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to function as the entity to update a local security information repository with the security information and to function as the entity to process the communication with the at least one targeted communication entity based on the security information while off-line from the security information repository.
  - 26. The digital information storage device of claim 24 further comprises means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to determine that the entity is going off-line by at least one of:
    - receiving a request for the security information, providing a periodic update of the security information, and detecting off-line activation by the entity.
  - 27. The digital information storage device of claim 24 further comprises means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to determine the security information to be for at least one of:
    - each entity in a pre-established group, a specified end-user, a plurality of specified end-users, a certification authority, and a server.
  - 28. The digital information storage device of claim 24 further comprises means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to determine the security information to be at least one of:
    - a certificate of the at least one targeted communication entity, a certificate revocation list, an authority revocation list, a cross certificate, and a trusted public key of the at least one targeted communication entity.
  - 29. The digital information storage device of claim 24 further comprises means for storing programming instructions that, when read by the at least one processing unit, causes the at least one processing unit to process the communication by at least one of:
    - verifying signature of data, decrypting data, signing data, and encrypting data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Vandergeest, Ron J.
Primary Examiner(s)
Powell, Mark R.
Assistant Examiner(s)
Pender, Michael

Application Number

US08/994,832
Time in Patent Office

1,271 Days
Field of Search

713/100
US Class Current

713/100
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/123 received data contents, e.g...

Method and apparatus for providing off-line secure communications

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing off-line secure communications

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links