Method and apparatus for periodically removing invalid public keys from a public key server

US 7,054,447 B1
Filed: 11/27/2000
Issued: 05/30/2006
Est. Priority Date: 09/01/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing public keys through a server, comprising:

receiving a client public key from a client at the server, wherein the client public key is produced by a client computer in response to user supplied information, and wherein the client public key is delivered as an email message;

storing the client public key in a database at the server, after confirming user identification;

allowing other clients to lookup the client public key in the database;

periodically sending a verification request from the server to the client asking if the client public key remains valid; and

if an affirmative response to the verification request is not received, removing the client public key from the database.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system for managing public keys through a server that stores associations between public keys and email addresses. This system operates by receiving a client public key from a client, and then storing the client public key in a database at the server. The system then allows other clients to lookup the client public key in the database. The system also periodically sends a verification request from the server to the client asking if the client public key remains valid. If an affirmative response to the verification request is not received, the system removes the client public key from the database.

Citations

21 Claims

1. A method for managing public keys through a server, comprising:
- receiving a client public key from a client at the server, wherein the client public key is produced by a client computer in response to user supplied information, and wherein the client public key is delivered as an email message;
  
  storing the client public key in a database at the server, after confirming user identification;
  
  allowing other clients to lookup the client public key in the database;
  
  periodically sending a verification request from the server to the client asking if the client public key remains valid; and
  
  if an affirmative response to the verification request is not received, removing the client public key from the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein storing the client public key in the database involves:
    - signing the client public key using a server private key; and
      
      storing the signed client public key in the database.
  - 3. The method of claim 1, further comprising:
    - receiving a request at the server to remove the client public key from the database;
      
      if the request is signed with a corresponding client private key, removing the client public key from the database.
  - 4. The method of claim 1, wherein the client public key is removed from the database only if an affirmative response is not received after sending multiple verification requests at different times.
  - 5. The method of claim 1, wherein storing the client public key in the database at the server involves:
    - attempting to validate an association between a client email address and the client public key; and
      
      if the association is successfully validated, storing the association in the database.
  - 6. The method of claim 5, wherein the database contains at most one key for each email address.
  - 7. The method of claim 5, wherein the database contains at most one email address for each key.

8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing public keys through a server, the method comprising:
- receiving a client public key from a client at the server, wherein the client public key is produced by a client computer in response to user supplied information, and wherein the client public key is delivered as an email message;
  
  storing the client public key in a database at the server, after confirming user identification;
  
  allowing other clients to lookup the client public key in the database;
  
  periodically sending a verification request from the server to the client asking if the client public key remains valid; and
  
  if an affirmative response to the verification request is not received, removing the client public key from the database.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein storing the client public key in the database involves:
    - signing the client public key using a server private key; and
      
      storing the signed client public key in the database.
  - 10. The computer-readable storage medium of claim 8, wherein the method further comprises:
    - receiving a request at the server to remove the client public key from the database;
      
      if the request is signed with a corresponding client private key, removing the client public key from the database.
  - 11. The computer-readable storage medium of claim 8, wherein the client public key is removed from the database only if an affirmative response is not received after sending multiple verification requests at different times.
  - 12. The computer-readable storage medium of claim 8, wherein storing the client public key in the database at the server involves:
    - attempting to validate an association between a client email address and the client public key; and
      
      if the association is successfully validated, storing the association in the database.
  - 13. The computer-readable storage medium of claim 12, wherein the database contains at most one key for each email address.
  - 14. The computer-readable storage medium of claim 12, wherein the database contains at most one email address for each key.

15. A data processing apparatus that facilitates managing public keys through a server, comprising:
- a storing mechanism that is configured to store a client public key in a database at the server, after confirming user identification, wherein the client public key is produced by a client computer in response to user supplied information, andwherein the client public key is delivered as an email message;
  
  a lookup mechanism that is configured to allow other clients to lookup the client public key in the database; and
  
  a key removal mechanism that is configured to,send a verification request from the server to the client asking if the client public key remains valid, and toremove the client public key from the database, if an affirmative response to the verification request is not received.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus of claim 15, wherein the storing mechanism is configured to:
    - sign the client public key using a server private key; and
      
      tostore the signed client public key in the database.
  - 17. The apparatus of claim 15, wherein the key removal mechanism is additionally configured to:
    - receive a request to remove the client public key from the database; and
      
      toremove the client public key from the database if the request is signed with a corresponding client private key.
  - 18. The apparatus of claim 15, wherein the key removal mechanism is configured to remove the client public key from the database only if an affirmative response is not received after sending multiple verification requests to the client at different times.
  - 19. The apparatus of claim 15, wherein the storing mechanism is configured to:
    - attempt to validate an association between a client email address and the client public key; and
      
      tostore the association in the database, if the association is successfully validated.
  - 20. The apparatus of claim 19, wherein the database contains at most one key for each email address.
  - 21. The apparatus of claim 19, wherein the database contains at most one email address for each key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
PGP Corporation (Gen Digital Inc.)
Inventors
Price, William F. III
Primary Examiner(s)
Peeso, Thomas R.
Assistant Examiner(s)
LEMMA, SAMSON B

Application Number

US09/724,349
Time in Patent Office

2,010 Days
Field of Search

713/158, 713/171, 713/200, 380/278, 380/282, 709/206, 709/203
US Class Current

380/278
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Method and apparatus for periodically removing invalid public keys from a public key server

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for periodically removing invalid public keys from a public key server

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links