Method and apparatus for sending encrypted electronic mail through a distribution list exploder

US 6,912,656 B1
Filed: 11/30/1999
Issued: 06/28/2005
Est. Priority Date: 11/30/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for sending a message that is encrypted through a distribution list exploder that forwards the message to recipients on a distribution list, comprising:

encrypting the message at a sender using a message key to form an encrypted message, the message key being randomly selected for the message;

encrypting the message key with a group public key to form an encrypted message key, the group public key being associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message, wherein neither the sender nor the recipients on the distribution list need to know the group private-key to decrypt the encrypted message-key;

sending the encrypted message and the encrypted message key to the distribution list exploder, the distribution list exploder being configured to forward the encrypted message to a plurality of recipients specified in the distribution list;

forwarding the encrypted message and the encrypted message key from the distribution list exploder to the plurality of recipients;

receiving the encrypted message and the encrypted message key at a recipient from the plurality of recipients;

sending the encrypted message key from the recipient to a group server, the group server possessing the group private key;

decrypting the encrypted message key at the group server using the group private key to restore the message key;

communicating the message key to the recipient in a secure manner;

decrypting the encrypted message at the recipient using the message key to restore the message;

wherein the distribution list exploder forwards the encrypted message and the encrypted message key without communicating with the group server;

whereby causing the recipient to contact the group server directly to decrypt the encrypted message key relieves the distribution list exploder of the burden of communicating with the group server to decrypt the encrypted message key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system for sending an encrypted message through a distribution list exploder in order to forward the encrypted message to recipients on a distribution list. The system operates by encrypting the message at a sender using a message key to form an encrypted message. The system also encrypts the message key with a group public key to form an encrypted message key. The group public key is associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message. Next, the system sends the encrypted message and the encrypted message key to the distribution list exploder, and the distribution list exploder forwards the encrypted message to a plurality of recipients specified in the distribution list. After receiving the encrypted message and the encrypted message key, the recipient decrypts the encrypted message key to restore the message key. Next, the recipient decrypts the encrypted message using the message key to restore the message. In a variation on the above embodiment, the recipient decrypts the encrypted message key by sending the encrypted message key from the recipient to a group server, which holds the group private key. The group server decrypts the encrypted message key using the group private key to restore the message key, and returns the message key to the recipient in a secure manner.

103 Citations

View as Search Results

14 Claims

1. A method for sending a message that is encrypted through a distribution list exploder that forwards the message to recipients on a distribution list, comprising:
- encrypting the message at a sender using a message key to form an encrypted message, the message key being randomly selected for the message;
  
  encrypting the message key with a group public key to form an encrypted message key, the group public key being associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message, wherein neither the sender nor the recipients on the distribution list need to know the group private-key to decrypt the encrypted message-key;
  
  sending the encrypted message and the encrypted message key to the distribution list exploder, the distribution list exploder being configured to forward the encrypted message to a plurality of recipients specified in the distribution list;
  
  forwarding the encrypted message and the encrypted message key from the distribution list exploder to the plurality of recipients;
  
  receiving the encrypted message and the encrypted message key at a recipient from the plurality of recipients;
  
  sending the encrypted message key from the recipient to a group server, the group server possessing the group private key;
  
  decrypting the encrypted message key at the group server using the group private key to restore the message key;
  
  communicating the message key to the recipient in a secure manner;
  
  decrypting the encrypted message at the recipient using the message key to restore the message;
  
  wherein the distribution list exploder forwards the encrypted message and the encrypted message key without communicating with the group server;
  
  whereby causing the recipient to contact the group server directly to decrypt the encrypted message key relieves the distribution list exploder of the burden of communicating with the group server to decrypt the encrypted message key.

2. A method for sending a message that is encrypted through a distribution list exploder that forwards the message to recipients on a distribution list, comprising:
- encrypting the message at a sender using a message key to form an encrypted message;
  
  encrypting the message key with a group public key to form an encrypted message key, the group public key being associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message, wherein neither the sender nor the recipients on the distribution list need to know the group private-key to decrypt the encrypted message-key; and
  
  sending the encrypted message and the encrypted message key to the distribution list exploder, the distribution list exploder being configured to forward the encrypted message to a plurality of recipients specified in the distribution list;
  
  wherein the distribution list exploder forwards the encrypted message and the encrypted message key without communicating with a group server;
  
  whereby causing the recipient to contact a group server directly to decrypt the encrypted message key relieves the distribution list exploder of the burden of communicating with the group server to decrypt the encrypted message key.
- View Dependent Claims (3, 4, 5)
- - 3. The method of claim 2, further comprising:
    - sending the encrypted message key from the distribution list exploder to a group server, the group server possessing the group private key;
      
      decrypting the encrypted message key at the group server using the group private key to restore the message key;
      
      encrypting the message key with a secret key to form a second encrypted message key, the secret key being known to the group of valid recipients for the message;
      
      wherein encrypting the message key with the secret key involves using a symmetric encryption mechanism so that the second encrypted message key can be decrypted using the secret key;
      
      sending the second encrypted message key from the group server to the distribution list exploder; and
      
      forwarding the encrypted message and the second encrypted message key from the distribution list exploder to the plurality of recipients.
  - 4. The method claim 3, further comprising:
    - decrypting the encrypted message key at a recipient from the plurality of recipients using the secret key to restore the message key; and
      
      decrypting the encrypted message with the message key to restore the message at the recipient.
  - 5. The method of claim 2, further comprising:
    - decrypting the encrypted message key at the distribution list exploder using the group private key to restore the message key;
      
      encrypting the message key with a secret key to form a second encrypted message key, the secret key being known to the group of valid recipients for the message;
      
      wherein encrypting the message key with the secret key involves using a symmetric encryption mechanism so that the second encrypted message key can be decrypted using the secret key; and
      
      sending the encrypted message and the second encrypted message key from the distribution list exploder to the plurality of recipients.

6. A computer readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for sending a message that is encrypted through a distribution list exploder that forwards the message to recipients on a distribution list, comprising:
- encrypting the message at a sender using a message key to form an encrypted message;
  
  encrypting the message key with a group public key to form an encrypted message key, the group public key being associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message, wherein neither the sender nor the recipients on the distribution list need to know the group private-key to decrypt the encrypted message-key; and
  
  sending the encrypted message and the encrypted message key to the distribution list exploder, the distribution list exploder being configured to forward the encrypted message to a plurality of recipients specified in the distribution list;
  
  wherein the distribution list exploder forwards the encrypted message and the encrypted message key without communicating with a group server;
  
  whereby causing the recipient to contact a group server directly to decrypt the encrypted message key relieves the distribution list exploder of the burden of communicating with the group server to decrypt the encrypted message key.

7. An apparatus that facilitates sending a message that is encrypted through a distribution list exploder that forwards the message to recipients on a distribution list, comprising:
- an encryption mechanism, that is configured to, encrypt the message using a message key to form an encrypted message, and to encrypt the message key with a group public key to form an encrypted message key, the group public key being associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message, wherein neither the sender nor the recipients on the distribution list need to know the group private-key to decrypt the encrypted message-key; and
  
  a sending mechanism that is configured to send the encrypted message and the encrypted message key to the distribution list exploder, the distribution list exploder being configured to forward the encrypted message to a plurality of recipients specified in the distribution list;
  
  wherein the distribution list exploder forwards the encrypted message and the encrypted message key without communicating with a group server;
  
  whereby causing the recipient to contact a group server directly to decrypt the encrypted message key relieves the distribution list exploder of the burden of communicating with the group server to decrypt the encrypted message key.
- View Dependent Claims (8)
- - 8. The apparatus of claim 7, further comprising:
    - a second sending mechanism that is configured to send the encrypted message key from the distribution list exploder to a group server, the group server possessing the group private key;
      
      a decryption mechanism within the group server that is configured to decrypt the encrypted message key using the group private key to restore the message key;
      
      a second encryption mechanism within the group server that is configured to encrypt the message key with a secret key to form a second encrypted message key, the secret key being known to the group of valid recipients for the message;
      
      wherein the second encryption mechanism includes a symmetric encryption mechanism so that the second encrypted message key can be decrypted using the secret key;
      
      a third sending mechanism within the group server that is configured to send the second encrypted message key to the distribution list exploder; and
      
      a distribution mechanism within the distribution list exploder that is configured to forward the encrypted message and the second encrypted message key to the plurality of recipients.

9. A method for receiving a message that is encrypted through a distribution list exploder that forwards the message to recipients on a distribution list, comprising:
- receiving an encrypted message and an encrypted message key from the distribution list exploder at a recipient;
  
  wherein the encrypted message contains the message that is encrypted using a message key;
  
  wherein the encrypted message key contains the message key that is encrypted using a group public key, the group public key being associated with a group private key to form a public key-private key pair associated with a group of valid recipients for the message, wherein neither the sender nor the recipients on the distribution list need to know the group private-key to decrypt the encrypted message-key;
  
  sending the encrypted message key from the recipient to a group server, the group server possessing the group private key;
  
  allowing the group server to decrypt the encrypted message key using the group private key to restore the message key; and
  
  receiving the message key from the group server in a secure manner;
  
  decrypting the encrypted message key at the recipient to restore the message key; and
  
  decrypting the encrypted message at the recipient using the message key to restore the message;
  
  wherein the distribution list exploder forwards the encrypted message and the encrypted message key without communicating with a group server;
  
  whereby causing the recipient to contact the group server directly to decrypt the encrypted message key relieves the distribution list exploder of the burden of communicating with the group server to decrypt the encrypted message key.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein receiving the message key from the group server in the secure manner comprises:
    - allowing the group server to encrypt the message key using a recipient public key belonging to the recipient to form a second encrypted message key, the recipient public key being associated with a recipient private key to form a public key-private key pair associated with the recipient;
      
      receiving the second encrypted message key from the group server; and
      
      decrypting the second encrypted message key with the recipient private key to restore the message key.
  - 11. The method of claim 9, wherein receiving the message key from the group server in the secure manner comprises:
    - authenticating the recipient to the group server;
      
      allowing the group server to verify that the recipient is a member of the group of valid recipients for the message; and
      
      receiving the message key from the group server at the recipient using a secure protocol.
  - 12. The method of claim 11, wherein the secure protocol includes one of, the transport layer security (TLS) protocol and the secure sockets layer (SSL) protocol.
  - 13. The method of claim 9, wherein receiving the message key from the group server in the secure manner comprises:
    - making a request from the recipient to a certificate server for a certificate, the certificate including a certificate public key, the certificate public key being associated with a certificate private key to form a public key-private key pair;
      
      receiving the certificate from the certificate server only if the recipient is a member of the group of valid recipients for the message;
      
      sending the certificate from the recipient to the group server;
      
      allowing the group server to encrypt the message key with the certificate public key to form a second encrypted message key;
      
      receiving the second encrypted message key at the recipient; and
      
      decrypting the second encrypted message key with the certificate private key to restore the message key.
  - 14. The method of claim 9, wherein receiving the message key from the group server in the secure manner comprises:
    - allowing the group server to encrypt the message key using a group secret key to form a second encrypted message key, the group secret key being a symmetric key known to the group of valid recipients;
      
      receiving the second encrypted message key at the recipient; and
      
      decrypting the second encrypted message key with the group secret key to restore the message key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Perlman, Radia J., Hanna, Stephen R.
Primary Examiner(s)
Lamarre, Guy J.
Assistant Examiner(s)
La Forgia, Christian

Application Number

US09/451,504
Time in Patent Office

2,037 Days
Field of Search

713/170, 380/20
US Class Current

713/170
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 45/16   Multipoint routing

H04L 51/00   User-to-user messaging in p...

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/104   Grouping of entities

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

Method and apparatus for sending encrypted electronic mail through a distribution list exploder

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for sending encrypted electronic mail through a distribution list exploder

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links