Secure electronic message transport protocol

US 7,774,411 B2
Filed: 12/10/2004
Issued: 08/10/2010
Est. Priority Date: 12/12/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

encrypting in a client device flow control information associated with an electronic message, the flow control information including identities of a sender and an intended recipient, the encryption using an encryption key unique to the intended recipient;

transmitting a separately encrypted electronic message with the encrypted flow control information from a client device associated with the sender to a group mailbox server associated with the intended recipient, wherein the group mailbox server receives a plurality of electronic messages for a plurality of different recipients including the intended recipient,transmitting to the intended recipient, independently of the transmission of the electronic message, a first decryption key for decrypting the flow control information associated with an electronic message; and

downloading, by the intended recipient, at least the flow control information of a plurality of messages from said group mailbox server associated with the intended recipient, wherein the messages and encrypted flow control information are retrievable by all members associated with said group mailbox server;

applying, by the recipient, the first decryption key to the plurality of electronic messages received by the group e-mail server to identify the electronic messages for the intended recipient at least in part according to whether at least a part of the electronic message or the encrypted flow control information can be decrypted by the decryption key; and

using information from the portion of the electronic message that can be decrypted by the first decryption key to obtain a second decryption key from a key server, the second decryption key used by the recipient of the message to decrypt at least a second portion of the electronic message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic message transport protocol applies two distinct sub-protocols, a message transport protocol and an encryption key management protocol, which operate in tandem to provide enhanced security. The protocol may employ an existing SMTP infrastructure to transport secure email messages, and a key server implementing the key management protocol to transport key packets associated with the secure email message. However, the protocol need not be limited to email, and may be applicable to other electronic message applications. The message transport protocol permits communicating parties to obscure their identities to enhance security. The key management protocol supports message security, and allows senders to control access to messages even after they have been transmitted. The message transport protocol permits the sender to encrypt the entire message and utilizes the key management protocol for exchange of necessary keys. The message transport protocol relies on a group addressing scheme to obscure individual sender and recipient identities.

47 Citations

View as Search Results

20 Claims

1. A method comprising:
- encrypting in a client device flow control information associated with an electronic message, the flow control information including identities of a sender and an intended recipient, the encryption using an encryption key unique to the intended recipient;
  
  transmitting a separately encrypted electronic message with the encrypted flow control information from a client device associated with the sender to a group mailbox server associated with the intended recipient, wherein the group mailbox server receives a plurality of electronic messages for a plurality of different recipients including the intended recipient,transmitting to the intended recipient, independently of the transmission of the electronic message, a first decryption key for decrypting the flow control information associated with an electronic message; and
  
  downloading, by the intended recipient, at least the flow control information of a plurality of messages from said group mailbox server associated with the intended recipient, wherein the messages and encrypted flow control information are retrievable by all members associated with said group mailbox server;
  
  applying, by the recipient, the first decryption key to the plurality of electronic messages received by the group e-mail server to identify the electronic messages for the intended recipient at least in part according to whether at least a part of the electronic message or the encrypted flow control information can be decrypted by the decryption key; and
  
  using information from the portion of the electronic message that can be decrypted by the first decryption key to obtain a second decryption key from a key server, the second decryption key used by the recipient of the message to decrypt at least a second portion of the electronic message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising transmitting the electronic message with a sender group mailbox server identifier such that the identity of the sender is concealed from the group mailbox server.
  - 3. The method of claim 1, wherein encrypting the flow control information associated with the electronic message comprises encrypting the flow control information with a message key, the method further comprising encrypting content of the electronic message with the message key, wherein transmitting the electronic message comprises transmitting the electronic message with the encrypted flow control information and the encrypted content.
  - 4. The method of claim 3, further comprising:
    - transmitting the message key from the client device associated with the sender to a message key server; and
      
      transmitting an identity of the message key server from the client device associated with the sender to the group mailbox server with the electronic message.
  - 5. The method of claim 4, generating a time stamp in response to receipt of the message key at the message key server, further comprising providing corroboration of the time stamp from one or more clients communicating with the message key server.
  - 6. The method of claim 4, further comprising providing the intended recipient with access to the message key via the message key server, wherein the message key is necessary for decryption of the encrypted flow control information.
  - 7. The method of claim 4, further comprising permitting the sender to invalidate the message key after transmitting the message key to the message key server to prevent the intended recipient from decrypting the encrypted flow control information.
  - 8. The method of claim 7, further comprising permitting the sender to specify a period during which the message key is valid.
  - 9. The method of claim 1, further comprising:
    - generating a header;
      
      encrypting the header using a public key associated with the intended recipient;
      
      adding the header to the electronic message transmitted from the client device associated with the sender to the group mailbox server; and
      
      permitting a recipient to accept the electronic message based on successful decryption of the header by the recipient using a private key that corresponds to the public key.
  - 10. The method of claim 9, further comprising transmitting an identity of a message key server from the client device associated with the sender to the group mailbox server with the electronic message, and providing the intended recipient with access to the message key via the key server for decryption of the encrypted flow control information.

11. A system comprising:
- a sender client device that generates an encrypted electronic message, separately encrypts flow control information that includes identities of the sender client device and a recipient client device associated with the electronic message using an encryption key selected according to an intended recipient associated with the recipient client device, and transmits the electronic message with the encrypted flow control information to a group mailbox server associated with multiple recipients, the group mailbox server also selected according to the intended recipient;
  
  a group mailbox server that receives the electronic message with the encrypted flow control information from the sender client device, wherein the recipient group mailbox server receives a plurality of electronic messages for a plurality of different recipients including the intended recipient;
  
  a recipient client device that receives at least the encrypted flow control information of a plurality of electronic messages from said group mailbox server, wherein the recipient client device is associated with an intended recipient of the electronic message, applies a decryption key to the downloaded portion of the plurality of messages, and uses information from the portion of the electronic message that can be decrypted by the first decryption key to obtain a second decryption key from a key server, the second decryption key used by the recipient of the message to decrypt at least a second portion of the electronic message;
  
  wherein the messages and encrypted flow control information are retrievable by all members associated with said group mailbox server;
  
  a key server transmitting to the intended recipient, independently of the transmission of the electronic message, a decryption key for decrypting the electronic message; and
  
  wherein the recipient client device executes a stored program to download the plurality of electronic messages from the group e-mail server and apply the decryption key to the plurality of electronic messages received by the group e-mail server to identify the electronic message for the intended recipient as an electronic message that can be decrypted by the decryption key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the sender client device encrypts content of the electronic message and transmits the message to the recipient group mailbox server via one or more message transport servers.
  - 13. The system of claim 11, wherein the sender client device transmits the message with a sender group mailbox server identifier such that the identity of the sender client device is concealed from the recipient group mailbox server.
  - 14. The system of claim 11, wherein the sender client device encrypts content of the electronic message and the flow control information using a message key.
  - 15. The system of claim 14, further comprising a message key server, wherein the sender client device transmits the message key to the message key server, and wherein the electronic message includes an identity of the message key server.
  - 16. The system of claim 15, wherein the message key server generates a time stamp in response to receipt of the message key, and the message key server obtains corroboration of the time stamp from one or more clients communicating with the message key server.
  - 17. The system of claim 14, wherein the message key is necessary for decryption of the encrypted flow control information, and the message key server provides the recipient client device with access to the message key.
  - 18. The system of claim 17, wherein the message key server permits the sender client device to invalidate the message key after the message key is received by the message key server to prevent the recipient client device from decrypting the encrypted flow control information.
  - 19. The system of claim 17, wherein the message key server permits the sender client device to specify a period during which the message key is valid.
  - 20. The system of claim 11, wherein the sender client device generates a header, encrypts the header using a public key associated with the recipient client device, and adds the header to the electronic message transmitted from the sender client device to the recipient group mailbox server,the recipient client device accesses the electronic message upon successful decryption of the header using a private key that corresponds to the public key, and wherein the electronic message identifies a message key server, and the recipient client device accesses the message key via the identified message key server for decryption of the encrypted flow control information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WiSys Technology Foundation, Inc.
Original Assignee
WiSys Technology Foundation, Inc.
Inventors
LeMay, Michael, Tan, Jack
Primary Examiner(s)
Vaughn, Jr.; William C
Assistant Examiner(s)
RICHARDSON, THOMAS W

Application Number

US11/009,399
Publication Number

US 20050198170A1
Time in Patent Office

2,069 Days
Field of Search

709/206, 709/229, 713/151, 713/152, 713/155, 713/171, 713/150, 713/190, 726/4, 726/21, 370/235, 380/277
US Class Current

709/206
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/045   wherein the sending and rec...

H04L 63/126   the source of the received ...

Secure electronic message transport protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure electronic message transport protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links