Authenticated exchange of public information using electronic mail

US 7,721,093 B2
Filed: 04/02/2004
Issued: 05/18/2010
Est. Priority Date: 04/02/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a sender of a digital object on a peer-to-peer (P2P) communication, comprising:

recognizing P2P communication between a first client and a second client, said first client attempting to exchange information securely with said second client via the P2P communication without a third party mediation, said third party mediation including certificate authorities;

in response to the recognized P2P communication, establishing an electronic mail protocol communication between the first client and the second client after the P2P communication is recognized, said e-mail protocol communication being a separate connection from the P2P communication, said e-mail protocol communication being established by Simple Mail Transport Protocol (SMTP);

generating a first unique identifier (UID);

transmitting from the first client to a previously known address of the second client, via the established electronic mail protocol communication, a first electronic mail (e-mail) message comprising the first UID;

receiving from the second client, via the electronic mail protocol communication, a second e-mail message directed to the first client, said second e-mail message comprising a second UID and a copy of the first UID;

verifying the copy of the first UID is identical to the first UID at the first client; and

transmitting from the first client to the previously known address of the second client, via the electronic mail protocol communication, a third e-mail message to the second client comprising a copy of the second UID;

wherein at least one of the e-mail messages transmitted to the previously known address between the first client and the second client further comprises the digital object, said digital object authenticating the information to be exchanged between the first client and the second client via the P2P communication and not authenticating the first e-mail message, the second e-mail message, or the third e-mail message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for using an existing email transfer protocol, such as SMTP, to exchange digital objects in an authenticated manner. The provided methods and systems solve the bootstrapping problem of computer identities for P2P communication by authenticating the exchange of public information. If the electronic mail protocols are strong, in that sending an email message to a given address results in the message reaching that address with a high degree of confidence, then the exchange of public information performed in accordance with embodiments of the invention is confidently authenticated.

40 Citations

View as Search Results

18 Claims

1. A method for authenticating a sender of a digital object on a peer-to-peer (P2P) communication, comprising:
- recognizing P2P communication between a first client and a second client, said first client attempting to exchange information securely with said second client via the P2P communication without a third party mediation, said third party mediation including certificate authorities;
  
  in response to the recognized P2P communication, establishing an electronic mail protocol communication between the first client and the second client after the P2P communication is recognized, said e-mail protocol communication being a separate connection from the P2P communication, said e-mail protocol communication being established by Simple Mail Transport Protocol (SMTP);
  
  generating a first unique identifier (UID);
  
  transmitting from the first client to a previously known address of the second client, via the established electronic mail protocol communication, a first electronic mail (e-mail) message comprising the first UID;
  
  receiving from the second client, via the electronic mail protocol communication, a second e-mail message directed to the first client, said second e-mail message comprising a second UID and a copy of the first UID;
  
  verifying the copy of the first UID is identical to the first UID at the first client; and
  
  transmitting from the first client to the previously known address of the second client, via the electronic mail protocol communication, a third e-mail message to the second client comprising a copy of the second UID;
  
  wherein at least one of the e-mail messages transmitted to the previously known address between the first client and the second client further comprises the digital object, said digital object authenticating the information to be exchanged between the first client and the second client via the P2P communication and not authenticating the first e-mail message, the second e-mail message, or the third e-mail message.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the first message further comprises the digital object.
  - 3. The method of claim 1 wherein the third message further comprises the digital object.
  - 4. The method of claim 1 wherein the digital object is a public key for a cryptographic system.
  - 5. The method of claim 4 wherein the second message further comprises a second public key for the cryptographic system.
  - 6. The method of claim 1 wherein the first UID contains at least 128 bits.
  - 7. The method of claim 1, further comprising, at the first client, using the e-mail address from the second client to index the first UID after verifying the copy of the first UID is identical to the first UID at the first client.

8. A method for authenticating a sender of a digital object, comprising:
- recognizing a peer-to-peer (P2P) communication between a first client and a second client, said first client attempting to exchange information securely with said second client via the P2P communication without a third party mediation, said third party mediation including certificate authorities;
  
  in response to the recognized P2P communication, establishing an electronic mail protocol communication between the first client and the second client, said e-mail protocol communication being a separate connection from the P2P communication, said e-mail protocol communication being established by Simple Mail Transport Protocol (SMTP);
  
  receiving from the first client, via the established electronic mail protocol communication, a first electronic mail (e-mail) message comprising a first unique identifier (UID);
  
  generating a second UID at the second client;
  
  transmitting from the second client to a previously known address of the first client, via the electronic mail protocol communication, a second e-mail message comprising the second UID and a copy of the first UID;
  
  verifying the copy of the first UID is identical to the first UID at the first client; and
  
  receiving at the second client, via the electronic mail protocol communication, a third e-mail message comprising a copy of the second UID from the first client after the first client has verified the copy of the first UID;
  
  wherein at least one of the e-mail messages received further comprises the digital object, said digital object authenticating the information to be exchanged between the first client and the second client via the P2P communication and not authenticating the first e-mail message, the second e-mail message, or the third e-mail message.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the first message further comprises the digital object.
  - 10. The method of claim 8 wherein the third message further comprises the digital object.
  - 11. The method of claim 8 wherein the digital object is a public key for a cryptographic system.
  - 12. The method of claim 11 wherein the second electronic mail message further comprises a second public key for the cryptographic system.
  - 13. The method of claim 8 wherein the first UID contains at least 128 bits.
  - 14. The method of claim 9, further comprising, at the second client, verifying the copy of the second UID is identical to the second UID at the second client and using the e-mail address from the first client to index the second UID after verifying.

15. A computer storage medium including computer-executable instructions facilitating authenticating a sender of a digital object on a peer-to-peer (P2P) communication, computer-executable instructions executing the steps of:
- recognizing a peer-to-peer (P2P) communication between a first client and a second client, said first client attempting to exchange information securely with said second client via the P2P communication without a third party mediation, said third party mediation including certificate authorities;
  
  in response to the recognized P2P communication, establishing an electronic mail protocol communication between the first client and the second client, said e-mail protocol communication being a separate connection from the P2P communication, said e-mail protocol communication being established by Simple Mail Transport Protocol (SMTP);
  
  generating a first unique identifier (UID);
  
  transmitting from the first client to a previously known address of the second client, via the established electronic mail protocol communication, a first electronic mail (e-mail) message comprising the first UID;
  
  receiving from the second client, via the electronic mail protocol communication, a second e-mail message directed to the first client comprising a second UID and a copy of the first UID;
  
  verifying the copy of the first UID is identical to the first UID at the first client; and
  
  transmitting from the first client to the previously known address, via the electronic mail protocol communication, a third e-mail message to the second client comprising a copy of the second UID;
  
  wherein at least one of the messages transmitted to the previously known address further comprises the digital object, said digital object including the-information to be exchanged between the first client and the second client via the P2P communication and not authenticating the first e-mail message, the second e-mail message, or the third e-mail message.
- View Dependent Claims (16, 17)
- - 16. The computer storage medium of claim 15 wherein the digital object is a public key for a cryptographic system.
  - 17. The computer storage medium of claim 16 wherein the second message further comprises a second public key for the cryptographic system.

18. An apparatus for securely exchanging a public key without third party mediation, comprising:
- a random number generator generating a first unique identifier (UID);
  
  a network interface recognizing a peer-to-peer (P2P) communication between a first client and a second client, said first client attempting to exchange a public key securely with said second client via the P2P communication;
  
  wherein, in response to the recognized P2P communication, the network interface establishes an electronic mail protocol communication between the first client and the second client, said e-mail protocol communication being a separate connection from the P2P communication, said e-mail protocol communication being established by Simple Mail Transport Protocol (SMTP);
  
  wherein the network interface transmits to a previously known address associated with the second client, via the established electronic mail (e-mail) protocol communication, a first e-mail message comprising the first UID;
  
  wherein the network interface receives, via the electronic mail protocol communication, a second e-mail message transmitted to a previously known address associated with the first client, said second e-mail message comprising a second UID and a copy of the first UID, wherein the copy of the first UID is compared to the first UID for verification thereofwherein the network interface transmits to the previously known address associated with the second client, via the electronic mail protocol communication, a third e-mail message comprising a copy of the second UID, wherein the copy of the second UID is compared to the second UID for verification thereof; and
  
  wherein at least one of the e-mail messages transmitted to the previously known address associated with the second client further comprises the key by which the information to be exchanged between the first client and the second client via the P2P communication is secured and not authenticating the first e-mail message, the second e-mail message, or the third e-mail message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sundararajan, Narasimhan
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
ZECHER, CORDELIA P K

Application Number

US10/816,975
Publication Number

US 20050223226A1
Time in Patent Office

2,237 Days
Field of Search

713/191, 713/168, 380277-286, 380 44- 47
US Class Current

713/168
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0869   for achieving mutual authen...

Authenticated exchange of public information using electronic mail

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated exchange of public information using electronic mail

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links