Method and apparatus for secure instant messaging utilizing server-supervised publication

US 7,558,955 B2
Filed: 11/19/2003
Issued: 07/07/2009
Est. Priority Date: 11/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method of managing exchange of secure online instant messages between subscriber devices, where the secure messages are signed and encrypted using subscribers'"'"' digital certificates, the method comprising steps of:

a messaging server receiving a log-in request from at least one subscriber device comprising a local instant messaging module to begin a session of exchanging synchronous online messages;

the local instant messaging module submitting a certificate publication request to the messaging server, the publication request also specifying a digital certificate corresponding to the subscriber device;

the messaging server receiving the certificate publication request from said local instant messaging module;

responsive to the certificate publication request, the messaging server temporarily storing the digital certificate in a publication record in association with the subscriber device as long as the associated instant messaging module remains logged-in to the messaging server;

responsive to prescribed events, the messaging server providing logged-in subscriber devices with selected information concerning certificates of other subscriber devices;

responsive to a particular subscriber device ending the session, the messaging server automatically removing the digital certificate from the publication record for the particular subscriber device;

receiving a particular subscriber device'"'"'s request to un-publish the digital certificate and in responsive to receiving the request to un-publish the digital certificate, the messaging server removing the digital certificate from the publication record for the particular subscriber device;

identifying other logged-in subscriber devices that previously designated the particular subscriber device for potential future secured instant messaging; and

notifying the identified other logged-in subscriber devices that the digital certificate for the particular subscriber device is withdrawn from use.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Digitally signed and encrypted synchronous online messages are conducted between prescribed online messaging service subscribers.

39 Citations

View as Search Results

23 Claims

1. A method of managing exchange of secure online instant messages between subscriber devices, where the secure messages are signed and encrypted using subscribers'"'"' digital certificates, the method comprising steps of:
- a messaging server receiving a log-in request from at least one subscriber device comprising a local instant messaging module to begin a session of exchanging synchronous online messages;
  
  the local instant messaging module submitting a certificate publication request to the messaging server, the publication request also specifying a digital certificate corresponding to the subscriber device;
  
  the messaging server receiving the certificate publication request from said local instant messaging module;
  
  responsive to the certificate publication request, the messaging server temporarily storing the digital certificate in a publication record in association with the subscriber device as long as the associated instant messaging module remains logged-in to the messaging server;
  
  responsive to prescribed events, the messaging server providing logged-in subscriber devices with selected information concerning certificates of other subscriber devices;
  
  responsive to a particular subscriber device ending the session, the messaging server automatically removing the digital certificate from the publication record for the particular subscriber device;
  
  receiving a particular subscriber device'"'"'s request to un-publish the digital certificate and in responsive to receiving the request to un-publish the digital certificate, the messaging server removing the digital certificate from the publication record for the particular subscriber device;
  
  identifying other logged-in subscriber devices that previously designated the particular subscriber device for potential future secured instant messaging; and
  
  notifying the identified other logged-in subscriber devices that the digital certificate for the particular subscriber device is withdrawn from use.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, the operation of, responsive to prescribed events, providing logged-in subscriber devices with selected information concerning certificate status of other subscriber devices comprising:
    - responsive to a request from one subscriber device to establish a dialog with another subscriber device, the messaging server providing the requesting subscriber device with a representation of a digital certificate of the other subscriber device from the publication record.
  - 3. The method of claim 1, the operation of, responsive to prescribed events, providing logged-in subscriber devices with selected information concerning certificate status of other subscriber devices comprising:
    - responsive to a particular subscriber device'"'"'s request to publish a new digital certificate, the messaging server identifying other logged-in subscriber devices that have designated the particular subscriber device for potential future secured instant messaging, and providing the identified devices with a representation of the new digital certificate.
  - 4. The method of claim 1, further comprising:
    - the particular subscriber device submitting the request to un-publish its digital certificate in response to at least one of the following events;
      
      (1) physical unavailability of the subscriber device'"'"'s digital certificate, (2) logical unavailability of the subscriber device'"'"'s corresponding digital certificate, (3) user election to un-publish the subscriber device'"'"'s digital certificate.
  - 5. The method of claim 1, the operation of, responsive to prescribed events, providing logged-in subscriber devices with selected information concerning certificate status of other subscriber devices comprising:
    - responsive to a request from a first subscriber device to establish a dialog with a second subscriber device, the messaging server denying supplication of the second subscriber'"'"'s digital certificate to the first subscriber whenever the second subscriber'"'"'s digital certificate has experienced one or more of the following actions;
      
      invalidity, revocation, un-publication.
  - 6. The method of claim 1, further comprising:
    - delaying submittal of the certificate publication request under preventive circumstances including at least one of the following;
      
      (1) physical unavailability of the digital certificate, (2) logical unavailability of the digital certificate, (3) user election to delay publication of the digital certificate.
  - 7. The method of claim 6, further comprising:
    - automatically submitting the certificate publication request when the preventive circumstances terminate.
  - 8. The method of claim 1, the operation of, responsive to prescribed events, providing logged-in subscriber devices with information concerning certificate status of other subscriber devices comprising:
    - responsive to a particular subscriber device'"'"'s published certificate becoming invalid, the messaging server identifying other logged-in subscriber devices that previously designated the particular subscriber device for potential future secured instant messaging, and notifying the identified devices of the invalid digital certificate.
  - 9. The method of claim 1, the operation of temporarily storing the submitted digital certificate additionally storing a representation of a chain record pertaining to the certificate, where storage of repetitive chain records are abbreviated to conserve storage space.
  - 10. The method of claim 1, the act of submitting the publication request is performed under one or more of the following conditions:
    - (1) automatically in response to the act of logging in to the messaging server, (2) manually in response to operator direction.
  - 11. The method of claim 1, further comprising operations of:
    - at one or more of the logged-in devices, an associated local instant messaging module submitting a certificate un-publication request to the messaging server responsive to specified conditions;
      
      responsive to each un-publication request, the messaging server removing the requesting subscriber'"'"'s digital certificate from the publication record.
  - 12. The method of claim 1, where:
    - the operations further comprise, responsive to each publication request, the messaging server receiving revocation information for the subscriber'"'"'s certificate;
      
      upon expiration of the certificate as indicated by the revocation information, removing the subscriber'"'"'s certificate from the publication record.
  - 13. The method of claim 1, further comprising:
    - at one or more of the logged-in devices, the associated local instant messaging module obtaining revocation information for the digital certificate corresponding to the subscriber device;
      
      the messaging server temporarily storing the obtained revocation information in the publication record in association with the submitting device as long as the associated instant messaging module remains logged-in to the messaging server.
  - 14. The method of claim 13, the operations further comprising:
    - the respective local instant messaging module storing the obtained revocation information and, as long as the associated digital certificate is still valid, utilizing the revocation information in future sessions to avoid having to re-obtain the revocation information.
  - 15. The method of claim 1, further comprising operations of:
    - prior to engaging in secured communications with a first subscriber device, a second subscriber device'"'"'s local instant messaging module communicating with the messaging server to determine whether the first subscriber device'"'"'s digital certificate is valid, and if not, refraining from secured synchronous communications with the first subscriber device.

16. A messaging server for use in managing an exchange of secure online instant messages between subscriber devices, where secure messages are signed and encrypted using subscribers'"'"' digital certificates, a messaging server comprising:
- a computer-readable data storage medium; and
  
  at least one digital data processor coupled to the computer-readable data storage medium, the data processor programmed to perform operations comprising;
  
  beginning a session of exchanging synchronous online messages by receiving log-in from a local instant messaging module associated with a subscriber device;
  
  receiving from the logged-in device'"'"'s associated local instant messaging module a certificate publication request specifying a digital certificate corresponding to a particular subscriber device;
  
  responsive to the certificate publication request, temporarily storing the digital certificate in a publication record in association with the particular subscriber device as long as the associated instant messaging module remains logged-in to the messaging server;
  
  responsive to prescribed events, providing other logged-in subscriber devices with selected information concerning the digital certificate for the particular subscriber device;
  
  responsive to a particular subscriber device end the session, the messaging server automatically removing the digital certificate from the publication record for the particular subscriber device;
  
  receiving a particular subscriber device'"'"'s request to un-publish the digital certificate and in responsive to receiving the request to un-publish the digital certificate, the messaging server removing the digital certificate from the publication record for the particular subscriber device;
  
  identifying other logged-in subscriber devices that previously designated the particular subscriber device for potential future secured instant messaging; and
  
  notifying the identified other logged-in subscriber devices that the digital certificate for the particular subscriber device is withdrawn from use.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The messaging server of claim 16, the processor programmed such that the operation of, responsive to prescribed events, providing logged-in subscriber devices with selected information concerning certificate status of other subscriber devices comprises:
    - responsive to a request from one subscriber device to establish a dialog with another subscriber device, the messaging server providing the requesting subscriber device with a representation of a digital certificate of the other subscriber device from the publication record.
  - 18. The messaging server of claim 16, the processor programmed such that the operation of, responsive to prescribed events, providing logged-in subscriber devices with selected information concerning certificate status of other subscriber devices comprises:
    - responsive to a particular subscriber device'"'"'s request to publish a new digital certificate, the messaging server identifying other logged-in subscriber devices that have designated the particular subscriber device for potential future secured instant messaging, and providing the identified devices with a representation of the new digital certificate.
  - 19. The messaging server of claim 16, the processor programmed such that the operation of, responsive to prescribed events, providing logged-in subscriber devices with selected information concerning certificate status of other subscriber devices comprises:
    - responsive to a request from a first subscriber device to establish a dialog with a second subscriber device, server denying supplication of the second subscriber'"'"'s digital certificate to the first subscriber whenever the second subscriber'"'"'s digital certificate has experienced one or more of the following actions;
      
      invalidity, revocation, un-publication.
  - 20. The messaging server of claim 16, the processor programmed such that the operation of, responsive to prescribed events, providing logged-in subscriber devices with information concerning certificate status of other subscriber devices comprises:
    - responsive to a particular subscriber device'"'"'s published certificate becoming invalid, identifying other logged-in subscriber devices that previously designated the particular subscriber device for potential future secured instant messaging, and notifying the identified devices of the invalid digital certificate.
  - 21. The messaging server of claim 16, the processor programmed such that the operation of temporarily storing the submitted digital certificate additionally comprises storing a representation of a chain record pertaining to the certificate, where storage of repetitive chain records are abbreviated to conserve storage space.
  - 22. The messaging server of claim 16, the processor additionally programmed to perform operations comprising:
    - responsive to each logged-in subscriber device'"'"'s request to un-publish a digital certificate, the messaging server removing the requesting subscriber'"'"'s digital certificate from the publication record.
  - 23. The messaging server of claim 16, where:
    - the processor is programmed to perform further operations, comprising, responsive to each publication request, the messaging server receiving revocation information for the subscriber'"'"'s certificate, and upon expiration of the certificate as indicated by the revocation information, removing the subscriber'"'"'s certificate from the publication record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Hayes, Terry N., Odell, James A., Lord, Robert B., Hooker, Jeff
Primary Examiner(s)
Vu, Kimyen
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US10/718,290
Publication Number

US 20040210772A1
Time in Patent Office

2,057 Days
Field of Search

713/176, 713/156, 713/158, 713/168, 713/175, 726/2, 709/204, 709/205, 709/206, 709/207, 715751-759
US Class Current

713/168
CPC Class Codes

H04L 51/04   Real-time or near real-time...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

Method and apparatus for secure instant messaging utilizing server-supervised publication

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure instant messaging utilizing server-supervised publication

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links