Simplified addressing for private communications

US 7,171,000 B1
Filed: 06/10/1999
Issued: 01/30/2007
Est. Priority Date: 06/10/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for securely transmitting an information package from a sender to an addressee via a network, the method comprising the steps of:

searching at least one database to determine whether the addressee has a public key in order to determine the type of encryption to be performed on the package;

upon a determination that the addressee does have a public key, encrypting the package with the addressee'"'"'s public key and not encrypting the package with an escrow encryption key;

only upon a determination that the addressee does not have a public key, selectively encrypting the package with the escrow encryption key;

storing the escrow key encrypted package in escrow for the addressee prior to receiving a public key for the addressee;

notifying the addressee of the package stored in escrow; and

in response to receiving an acknowledgement from the addressee;

issuing new public and private keys to the addressee, where said new public key is not equal to said escrow encryption key; and

in response to subsequently verified authentication of the addressee;

transmitting the package to the addressee via the network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securely transmitting an information package (10) to an addressee via a network (108) includes a directory interface (110) adapted to check a directory (112) to determine whether the addressee has a public key; an escrow key manager (116), coupled to the directory interface (110), adapted to provide an escrow encryption key for encrypting the package (10); a encryption module (114), coupled to the escrow key manager (116), adapted to encrypt the package (10) with the escrow encryption key; a computer-readable medium (118), coupled to the encryption module (114), adapted to store the package (10) in escrow for the addressee; a notification module (120), coupled to the computer-readable medium (118), adapted to send a notification to the addressee via the network (108); a key registration module (124), coupled to the notification module (120), adapted to issue, in response to the addressee acknowledging the notification, new public and private keys to the addressee; and a transmission module (122), coupled to the key registration module (124) and to the computer-readable medium (118), adapted to transmit the package (10) to the addressee via the network (108).

Citations

25 Claims

1. A computer-implemented method for securely transmitting an information package from a sender to an addressee via a network, the method comprising the steps of:
- searching at least one database to determine whether the addressee has a public key in order to determine the type of encryption to be performed on the package;
  
  upon a determination that the addressee does have a public key, encrypting the package with the addressee'"'"'s public key and not encrypting the package with an escrow encryption key;
  
  only upon a determination that the addressee does not have a public key, selectively encrypting the package with the escrow encryption key;
  
  storing the escrow key encrypted package in escrow for the addressee prior to receiving a public key for the addressee;
  
  notifying the addressee of the package stored in escrow; and
  
  in response to receiving an acknowledgement from the addressee;
  
  issuing new public and private keys to the addressee, where said new public key is not equal to said escrow encryption key; and
  
  in response to subsequently verified authentication of the addressee;
  
  transmitting the package to the addressee via the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17, 18)
- - 2. The method of claim 1, wherein the step of determining whether the addressee has a public key comprises the sub-step of:
    - checking a public key directory for a public key of the addressee.
  - 3. The method of claim 1, further comprising the step of:
    - storing the addressee'"'"'s new public key in a public key directory.
  - 4. The method of claim 1, wherein the encrypting step comprises the sub-steps of:
    - providing an escrow encryption key and an escrow decryption key,wherein the escrow encryption and decryption keys comprise one of symmetric keys and asymmetric keys; and
      
      encrypting the package with the escrow encryption key.
  - 5. The method of claim 1, wherein the notifying step comprises the sub-step of:
    - sending a notification to the addressee via the network, wherein said notification includes an attached module for generating private and public keys at the addressee location.
  - 6. The method of claim 5, wherein the notification comprises one of an e-mail notification, a desktop notification, a voice notification, a pager notification, and a facsimile notification.
  - 7. The method of claim 1, further comprising the step of:
    - decrypting the package with an escrow decryption key corresponding to the escrow encryption key.
  - 8. The method of claim 1, wherein the escrow encryption key is different from the new public and private keys issued to the addressee.
  - 9. The method of claim 1, wherein the acknowledgement from the addressee includes an indication of the addressee'"'"'s name and e-mail address.
  - 10. The method of claim 1, further comprising the step of:
    - in response to an address having a public key;
      
      encrypting the package with the addressee'"'"'s public key;
      
      storing the package;
      
      notifying the addressee of the package;
      
      authenticating a user as the addressee by manipulating a message sent by the addressee encrypted using the addressee'"'"'s private key; and
      
      transmitting the package to the authenticated addressee in response to authenticating the user as the addressee.
  - 17. The method of claim 1, wherein said step of authentication of the addressee includes the sub-steps of:
    - the addressee encrypting a message using addressee'"'"' private key;
      
      the addressee sending said private-key encrypted message to the sender;
      
      the sender decrypting said private-key encrypted message using addressee'"'"'s public key;
      
      the sender authenticating the addressee based on the content of the decryption of said private-key encrypted message.
  - 18. The method of claim 1, wherein said step of authentication of the addressee includes the sub-steps of:
    - the addressee requesting registration with a certificate authority;
      
      the certificate authority registering the addressee subsequent to verifying at least one of the addressee'"'"'s name, address, telephone number, e-mail address;
      
      the certificate authority generating at least a public key associated with the addressee;
      
      the certificate authority making the public key available for use by the sender; and
      
      the sender authenticating the addressee based on decryption of a message using the public key.

11. A computer implemented method for securely transmitting an information package to an addressee via a network, the method comprising the steps of:
- determining whether to apply escrow encryption to a file by checking at least one electronic directory to determine whether the addressee has a public key; and
  
  only in response to a determination that the addressee has a public key, encrypting the package using the addressee'"'"'s new public key and transmitting the addressee'"'"'s new public key encrypted package to the addressee via the network without storing said package in escrow; and
  
  only in response to a determination that the addressee does not have a public key;
  
  encrypting the package with an escrow encryption key,storing the escrow key encrypted package in escrow for the addressee;
  
  notifying the addressee of the package in escrow; and
  
  in response to receiving an acknowledgement from the addressee;
  
  issuing new public and private keys to the addressee;
  
  decrypting the package with an escrow decryption key;
  
  re-encrypting the package using the addressee'"'"'s new public key; and
  
  transmitting the addressee'"'"'s new public key encrypted package to the addressee via the network, wherein said addressee'"'"'s new public key is not identical to said escrow encryption key.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the step of determining whether the addressee has a public key comprises:
    - checking a public key directory for a public key of the addressee.
  - 13. The method of claim 11, further comprising the step of:
    - storing the addressee'"'"'s new public key in a public key directory.
  - 14. The method of claim 11, wherein the step of transmitting the package comprises the sub-steps of:
    - authenticating the user as the addressee using a digital signature of addressee; and
      
      transmitting the package to the authenticated user via the network.
  - 15. The method of claim 11, further comprising the step of:
    - decrypting the package using he addressee'"'"'s new private key.

16. In a computer-readable medium, a computer program product for securely transmitting an information package to an addressee via a network, the computer-readable medium comprising program code adapted to perform the steps of:
- determining whether the addressee has a public key;
  
  only in response to a determination that the addressee does have a public key, encrypting the package with the addressee'"'"'s public key and transmitting the addressee'"'"'s public key encrypted package to the addressee;
  
  only in response to a determination that the addressee does not have a public key;
  
  encrypting the package with an escrow encryption key;
  
  transmitting the escrow key encrypted file to an escrow storage area and storing the encrypted package in escrow for the addressee;
  
  notifying the addressee of the package in escrow; and
  
  in response to receiving an acknowledgement from the addressee;
  
  transmitting a new public and private keys generation module to the addressee;
  
  issuing new public and private keys at addressee'"'"'s location, where said new public key is not identical to the escrow encryption key;
  
  contingent upon authentication of the addressee based on a message sent by addressee subsequent in time to the acknowledgement received from the addressee, transmitting the package to the addressee via the network; and
  
  wherein the package is encrypted by at least the escrow key or the addressee'"'"'s public key during each transmission of the information package across the network until the package is received by the addressee.

19. A computer-implemented method for securely transmitting an information package from a sender to an addressee via a network, the method comprising the steps of:
- a sender on a first computer addressing an information package to an addressee;
  
  checking at least one directory to determine whether the addressee has a public key;
  
  only in response to a determination that the addressee has a public key, encrypting the package with the addressee'"'"'s public key and transmitting the addressee'"'"'s public key encrypted package to said addressee without waiting for an acknowledgement from the addressee;
  
  only in response to a determination that the addressee does not have a public key;
  
  encrypting the package with an escrow encryption key;
  
  transmitting the escrow key encrypted package through the network to an escrow storage area remote from said first computer;
  
  storing the escrow encrypted package in escrow in said escrow storage area for the addressee prior to receiving a public key for the addressee;
  
  notifying the addressee of the package stored in escrow; and
  
  in response to receiving an acknowledgement from the addressee;
  
  issuing new public and private keys to the addressee; and
  
  in response to subsequently verified authentication of the addressee;
  
  transmitting the encrypted information package to the addressee via the network.

20. A computer-implemented method for securely transmitting an information package from a sender to an addressee via a network, the method comprising the steps of:
- a sender on a first computer addressing an information package to an addressee;
  
  checking at least one electronic directory to determine whether the addressee has a public key;
  
  in response to a determination that the addressee has a public key, encrypting the package with the addressee'"'"'s public key and transmitting the addressee'"'"'s public key encrypted package to said addressee;
  
  only in response to a determination that the addressee does not have a public key;
  
  encrypting the package with an escrow encryption key and subsequently transmitting the escrow key encrypted package through the network to an escrow storage area on a network computer remote from said first computer;
  
  storing the escrow encrypted package in escrow in said escrow storage area for the addressee prior to receiving a public key for the addressee;
  
  notifying the addressee of the package stored in escrow; and
  
  in response to receiving an acknowledgement from the addressee;
  
  issuing new public and private keys to the addressee; and
  
  in response to subsequently verified authentication of the addressee;
  
  transmitting the encrypted information package to the addressee via the network.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The computer-implemented method of claim 20, wherein said escrow encryption key is independent of the computer on which the escrow key encrypted document is stored.
  - 22. The computer-implemented method of claim 20, wherein said escrow encryption key is document dependent.
  - 23. The computer-implemented method of claim 20, wherein said escrow encryption key is addressee public key determination dependent.
  - 24. The computer-implemented method of claim 20, wherein said escrow encryption key is not equal to said addressee'"'"'s new public key.
  - 25. The computer-implemented method of claim 20, further comprising the step of:
    - subsequent to the step of issuing the new public encryption key, decrypting the package with an escrow decryption key;
      
      re-encrypting the package using the addressee'"'"'s new public key prior to the step of transmitting the addressee'"'"'s new public key encrypted package to the addressee via the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Perimeter Internetworking Corporation (BAE Systems Plc)
Original Assignee
Message Secure Corp. (BAE Systems Plc)
Inventors
Toh, Eng-Whatt, Sim, Peng-Toh
Primary Examiner(s)
Barrón, Jr.; Gilberto
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US09/332,358
Time in Patent Office

2,791 Days
Field of Search

713/201, 713/166, 713/170, 713/171, 713/180
US Class Current

380/278
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 9/0894   Escrow, recovery or storing...

Simplified addressing for private communications

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified addressing for private communications

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links