System and method for secure electronic communication in a partially keyless environment
First Claim
1. A method comprising:
- intercepting, at a secure server, an unencrypted message from a sender;
searching a sequence of resources for a public key corresponding to a recipient of said unencrypted message according to a predetermined trust policy that specifies the sequence of resources as a hierarchy of networked resources on networked machines connected to said secure server including a local cache, a local certificate database, a recipient domain server and a designated key server;
when said public key is found, encrypting said unencrypted message using said public key to create a secure message created during an encryption˜
operation; and
transmitting said secure message to said recipient;
wherein said secure server transparently locates said public key and transmits said secure message to said recipient without input from said recipient during said encryption phase operation and'"'"' without said sender specifying that said secure message be transmitted; and
wherein said secure server further comprises a module to identify that a user has established a first authentication connection with an electronic mail server and automatically creates a certificate for the user in response to the first authenticated connection with the electronic mail server.
3 Assignments
0 Petitions
Accused Products
Abstract
This present invention provides users with secure transparent electronic communication, allowing them to send and receive encrypted and/or signed messages with little or no user involvement. In various embodiments, the present invention provides a user with e-mail security via automated hierarchical techniques for transparently sending and receiving secure messages, and lowers the burden on administrators. Such a system can also manage cryptographic keys and certificates for the users, and creates such keys and certificates for the users when necessary. A server according to the present invention can intercept unsecured messages from a user, automatically transform those messages into secured messages, and transmit those secure messages to the intended recipients. The server can also automatically transform messages after the recipient sends a digital identity to the server and downloads the software necessary for transforming the secured messages back into readable messages (i.e., from ciphertext into plaintext). The server can further intercept an unsecured message from a user, search for a digital identity of the intended recipient, secure the unsecured message upon finding such a digital identity, and transparently send the secured message to the intended recipient.
139 Citations
2 Claims
-
1. A method comprising:
-
intercepting, at a secure server, an unencrypted message from a sender; searching a sequence of resources for a public key corresponding to a recipient of said unencrypted message according to a predetermined trust policy that specifies the sequence of resources as a hierarchy of networked resources on networked machines connected to said secure server including a local cache, a local certificate database, a recipient domain server and a designated key server; when said public key is found, encrypting said unencrypted message using said public key to create a secure message created during an encryption˜
operation; andtransmitting said secure message to said recipient; wherein said secure server transparently locates said public key and transmits said secure message to said recipient without input from said recipient during said encryption phase operation and'"'"' without said sender specifying that said secure message be transmitted; and wherein said secure server further comprises a module to identify that a user has established a first authentication connection with an electronic mail server and automatically creates a certificate for the user in response to the first authenticated connection with the electronic mail server.
-
-
2. A system comprising:
-
a server, further comprising; a message receive module for receiving an unencrypted message from a sender; a public key certificate search module to locate a digital identity corresponding to a recipient of said unencrypted message according to a predetermined trust policy that specifies the sequence of resources as a hierarchy of networked resources on networked machines connected to said secure server including a local cache, a local certificate database, a recipient domain server and a designated key server; a crypto module for encrypting said unencrypted message using a public key for said recipient from said digital identity identified by said certificate search module to create a secure message created during an encryption operation; and a message transmit module for transmitting said secure message to said recipient; wherein said server transparently locates said stored digital identity and transmits said secure message to said recipient without input from said recipient during said encryption phase operation and without said sender specifying that said secure message be transmitted, and wherein said server further comprises a module to identify that a user has established a first authentication connection with an electronic mail server and automatically creates a certificate for the user in response to the first authenticated connection with the electronic mail server.
-
Specification
-
- Resources
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneePGP Corporation (Gen Digital Inc.)
-
InventorsAllen, David E., Callas, Jonathan D., Price, William F. III
-
Primary Examiner(s)Chai; Longbit
-
Application NumberUS10/462,618Publication NumberTime in Patent Office2,387 DaysField of Search713150-158, 713/170, 713/173, 709223-230, 380283-285, 380/286, 380/30, 705/76, 705/44US Class Current713/153CPC Class CodesH04L 63/0442 wherein the sending and rec...H04L 63/0823 using certificates cryptogr...
