Public-key encryption system
First Claim
1. A method for allowing a sender having user equipment to send a secure message to a receiver having user equipment over a communications network to which the user equipment of the sender is coupled and the user equipment of the receiver is coupled, wherein a key management service is coupled to the communications network that has an associated key-management-service public key and key-management-service private key, wherein the sender encrypts the message using a message key to produce a message-key-encrypted message, the method comprising:
- at the sender, encrypting the message key and policy information using the key-management-service public key to generate a corresponding public-key-encrypted message key and public-key-encrypted policy information, wherein the policy information includes date-based constraints that restrict access to the message to a particular time;
providing the message-key-encrypted message, the public-key-encrypted message key, and the public-key-encrypted policy information that includes date-based constraints that restrict access to the message to a particular time to the receiver;
receiving the public-key-encrypted message key and public-key-encrypted policy information including the date-based constraints that restrict access to the message at the key management service from the receiver;
decrypting the encrypted policy information including the date-based constraints at the key management service using the key management service'"'"'s private key;
determining, at the key management service, whether policy constraints imposed by the policy information including the date-based constraints that restrict access to the message have been satisfied;
decrypting the public-key-encrypted message key at the key management service using the key management service'"'"'s private key; and
providing the resulting unencrypted version of the message key to the receiver if the policy constraints including the date-based constraints that restrict access to the message have been satisfied for the receiver to use in decrypting the message-key-encrypted message.
16 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that allows users to communicate securely. A key management service may generate a single public-key/private-key pair. A sender who desires to send a secure message to a receiver may encrypt the message using a message key. The sender may use the public key to encrypt the message key and policy information that dictates how the message may be accessed. The receiver may pass the public-key-encrypted message key and policy information to the key management service. The key management service decrypts this information using the private key. After the key management service uses the policy information to verify that the receiver is authorized to access the message, the key management service may provide the decrypted message key to the receiver. The receiver may use this unencrypted version of the message key to decrypt the message-key-encrypted message from the sender.
49 Citations
22 Claims
-
1. A method for allowing a sender having user equipment to send a secure message to a receiver having user equipment over a communications network to which the user equipment of the sender is coupled and the user equipment of the receiver is coupled, wherein a key management service is coupled to the communications network that has an associated key-management-service public key and key-management-service private key, wherein the sender encrypts the message using a message key to produce a message-key-encrypted message, the method comprising:
-
at the sender, encrypting the message key and policy information using the key-management-service public key to generate a corresponding public-key-encrypted message key and public-key-encrypted policy information, wherein the policy information includes date-based constraints that restrict access to the message to a particular time; providing the message-key-encrypted message, the public-key-encrypted message key, and the public-key-encrypted policy information that includes date-based constraints that restrict access to the message to a particular time to the receiver; receiving the public-key-encrypted message key and public-key-encrypted policy information including the date-based constraints that restrict access to the message at the key management service from the receiver; decrypting the encrypted policy information including the date-based constraints at the key management service using the key management service'"'"'s private key; determining, at the key management service, whether policy constraints imposed by the policy information including the date-based constraints that restrict access to the message have been satisfied; decrypting the public-key-encrypted message key at the key management service using the key management service'"'"'s private key; and providing the resulting unencrypted version of the message key to the receiver if the policy constraints including the date-based constraints that restrict access to the message have been satisfied for the receiver to use in decrypting the message-key-encrypted message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
providing a key management service having a key-management-service public key and key-management-service private key; encrypting, at a sender, a message using a message key to produce a message-key-encrypted message; encrypting, at the sender, the message key and policy information using the key-management-service public key to generate a corresponding public-key-encrypted message key and public-key-encrypted policy information, wherein the policy information includes date-based constraints that restrict access to the message to a particular time; providing, to the receiver, the message-key-encrypted message, the public-key-encrypted message key, and the public-key-encrypted policy information that includes the date-based constraints that restrict access to the message; receiving, at the key management service, the public-key-encrypted message key and the public-key-encrypted policy information that includes the date-based constraints that restrict access to the message from the receiver; decrypting, at the key management service, the encrypted policy information that includes the date-based constraints that restrict access to the message using the key management service'"'"'s private key; decrypting, at the key management service, the public-key-encrypted message key using the key management service'"'"'s private key; and if policy constraints associated with the policy information including the date-based constraints that restrict access to the message have been satisfied, providing the resulting unencrypted version of the message key to the receiver to use in decrypting the message-key-encrypted message. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification