Secure message system with remote decryption service

US 7,266,847 B2
Filed: 12/22/2003
Issued: 09/04/2007
Est. Priority Date: 09/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for providing recipients with access to message content in a system in which a sender sends a message having encrypted message content in a form to a recipient over a communications network, comprising:

at the recipient, receiving the message that has the encrypted message content in the form;

at the recipient, using the form to upload the encrypted message content to a remote decryption service over the communications network; and

at the decryption service, decrypting the encrypted message content and providing access to the decrypted message content to the recipient over the communications network.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure messaging are provided. A sender may encrypt content and send the encrypted content to a recipient over a communications network. The encrypted content may be decrypted for the recipient using a remote decryption service. Encrypted message content may be placed into a markup language form. Encrypted content may be incorporated into the form as a hidden form element. Form elements for collecting recipient credential information such as username and password information may also be incorporated into the form. At the recipient, the recipient may use the form to provide recipient credential information to the remote decryption service. The recipient may also use the form to upload the encrypted content from the form to the decryption service. The decryption service may provide the recipient with access to a decrypted version of the uploaded content over the communications network.

73 Citations

View as Search Results

21 Claims

1. A method for providing recipients with access to message content in a system in which a sender sends a message having encrypted message content in a form to a recipient over a communications network, comprising:
- at the recipient, receiving the message that has the encrypted message content in the form;
  
  at the recipient, using the form to upload the encrypted message content to a remote decryption service over the communications network; and
  
  at the decryption service, decrypting the encrypted message content and providing access to the decrypted message content to the recipient over the communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method defined in claim 1 further comprising:
    - at the sender, placing the encrypted content into a markup language form.
  - 3. The method defined in claim 1 further comprising:
    - at the sender, placing the encrypted content into an html form.
  - 4. The method defined in claim 1 further comprising encrypting the message content at the sender using an identity-based-encryption (IBE) public key of the recipient.
  - 5. The method defined in claim 1 further comprising, at the recipient, using the form to provide recipient credential information to the remote decryption service over the communications network.
  - 6. The method defined in claim 1 further comprising, at the sender, placing the encrypted message content into a form element in the form.
  - 7. The method defined in claim 1 further comprising, at the sender, placing the encrypted message content into a hidden form element in the form.
  - 8. The method defined in claim 1 wherein uploading the encrypted message content to the remote decryption service over the communications network comprises using an http POST or GET operation to send the encrypted message content to a location specified by the form.
  - 9. The method defined in claim 1, wherein the form is an html form, the method further comprising:
    - at the recipient, opening the form and, when the form is opened, displaying form elements in the form that the recipient can use to enter username and password information.
  - 10. The method defined in claim 1 further comprising using the decryption service to authenticate the recipient.
  - 11. The method defined in claim 1, wherein private keys are provided by a private key service over the communications network, the method further comprising:
    - at the decryption service, requesting a private key for the recipient from the private key service; and
      
      at the decryption service, obtaining the private key from the private key service over the communications network.
  - 12. The method defined in claim 1 wherein private keys are provided by a private key service over the communications network, the method further comprising:
    - using the decryption service to authenticate the recipient;
      
      at the decryption service, requesting a private key for the recipient from the private key service after the recipient has been authenticated; and
      
      at the decryption service, obtaining the private key from the private key service over the communications network; and
      
      at the decryption service, using the private key to decrypt the encrypted message content.
  - 13. The method defined in claim 1 further comprising:
    - at the sender, placing the encrypted message content into a message attachment.
  - 14. The method defined in claim 1 wherein the message has a message body, the method further comprising, at the sender, placing the encrypted message content into an attachment and the message body, wherein the encrypted message content placed in the message body is a replica of the encrypted message content in the attachment.
  - 15. The method defined in claim 1 further comprising, at the sender, attaching multiple forms to the message to create multiple message attachments, each of which includes encrypted content.
  - 16. The method defined in claim 1 further comprising:
    - instructing an operating system at an additional recipient to invoke a document handler application whenever a form is opened by that additional recipient;
      
      sending the additional recipient an additional message having a form with encrypted message content as an attachment;
      
      at the additional recipient, opening the attachment of the additional message;
      
      when the attachment of the additional message is opened, using the document handler application to determine whether the form attached to the additional message includes encrypted content; and
      
      if the form is determined to include encrypted content by the document handler application, using a decryption engine at the additional recipient to decrypt the encrypted message content for the additional recipient.
  - 17. The method defined in claim 1 wherein providing access to the decrypted message content to the recipient over the communications network comprises providing the recipient with the decrypted content in a web page.
  - 18. The method defined in claim 1 wherein providing access to the decrypted message content to the recipient over the communications network comprises displaying an option on a web page that the recipient can select to initiate downloading of the decrypted message content from the decryption service to the recipient over the communications network.

19. A method for providing recipients with access to message content, comprising:
- encrypting message content at a sender;
  
  placing the encrypted message content into an html form as a hidden form element;
  
  attaching the form to a message;
  
  sending the message with the attachment containing the encrypted message content to a recipient over a communications network;
  
  at the recipient, displaying the html form for the recipient;
  
  using an http POST or GET operation at the recipient to upload the encrypted message content from the hidden form element to a decryption service over the communications network;
  
  at the decryption service, decrypting the uploaded encrypted message content to produce decrypted message content; and
  
  providing the recipient with access to the decrypted message content over the communications network.

20. A method for providing recipients with access to message content comprising:
- encrypting message content at a sender;
  
  sending a message to a recipient over the Internet from the sender that contains the encrypted message content and a URL;
  
  saving the encrypted message content locally at the recipient;
  
  displaying a web page for the recipient when the recipient clicks on the URL;
  
  using the web page at the recipient to select the saved encrypted message content for uploading;
  
  uploading the selected saved encrypted message content to a remote decryption service over the Internet;
  
  authenticating the recipient;
  
  after the recipient has been authenticated, obtaining a private key of the recipient from a private key service;
  
  decrypting the encrypted message content at the remote decryption service using the private key to produce decrypted message content; and
  
  providing the recipient with access to the decrypted message content over the Internet.

21. A method for providing recipients with access to message content comprising:
- encrypting message content;
  
  creating a message at a sender that has a message body containing a markup language form, wherein the encrypted message content is an element of the markup language form;
  
  sending the message to a recipient over the Internet from the sender;
  
  displaying the markup language form for the recipient;
  
  uploading the encrypted message content from the form element to a decryption service over the communications network;
  
  decrypting the uploaded encrypted message content at the decryption service using a private key of the recipient to produce decrypted message content; and
  
  providing the recipient with access to the decrypted message content over the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Kacker, Rishi R., Appenzeller, Guido, Pauker, Matthew J., Spies, Terence, Ryan, Lucas C.
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US10/744,851
Publication Number

US 20050071632A1
Time in Patent Office

1,352 Days
Field of Search

726/27
US Class Current

726/27
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 9/083   involving central third par...

H04L 9/3073   involving pairings, e.g. id...

Secure message system with remote decryption service

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure message system with remote decryption service

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links