System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient

US 7,996,673 B2
Filed: 05/12/2004
Issued: 08/09/2011
Est. Priority Date: 05/12/2004
Status: Active Grant

First Claim

Patent Images

1. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender uses a sender computer and each of the one or more recipients uses a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:

(a) activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility performing one or more cryptographic operations including encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;

(b) the sender sending the encrypted message to the non-credentialed recipient;

(c) the Public Key Cryptography utility configured on the sender computer for;

(i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and

(ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and

(d) the non-credentialed recipient using the shared secret to either;

(i) obtain the encrypted message in a decrypted form in a secure session with a trusted intermediary;

or(ii) activate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient or on a server computer, so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message;

whereby the encrypted message is decrypted and displayed to the recipient by;

(e) obtaining a shared secret question;

(f) providing the shared secret; and

(g) in response to (f) either (i) authenticating the recipient to the server computer and thereby obtaining the encrypted message in a decrypted form in a secure session or (ii) authenticating the recipient to the Public Key Cryptography utility on the recipient computer or the server computer and thereby releasing the private key for decryption of the encrypted message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for encrypting and decrypting messages using a browser in either a web or wireless device or secure message client software for transmission to or from a web server on the Internet connected to an email server or message server for the situation where the sender does not possess the credentials and public key of the recipients. The encryption and decryption is conducted using a standard web browser on a personal computer or a mini browser on a wireless device, or message client software on either a personal computer or wireless devices such that messages transmitted to the web or wireless browser or message client software can be completed and encrypted and signed by the user such that encrypted and signed data does not require credentials and public key of the recipients. A method for delivering and using private keys to ensure that such keys are destroyed after use is also provided. A method of transmitting encrypted messages to a web or wireless browser or message client and decrypting and verifying such messages by recipients who do not possess or who are not enrolled in a PKI and do not have private keys. A method for authenticating the sender/user of the browser, and a method for accessing or generating public and private keys for encrypting and decrypting messages for recipients who are not enrolled in a public key infrastructure.

Citations

19 Claims

1. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender uses a sender computer and each of the one or more recipients uses a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
- (a) activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility performing one or more cryptographic operations including encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
  
  (b) the sender sending the encrypted message to the non-credentialed recipient;
  
  (c) the Public Key Cryptography utility configured on the sender computer for;
  
  (i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
  
  (ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
  
  (d) the non-credentialed recipient using the shared secret to either;
  
  (i) obtain the encrypted message in a decrypted form in a secure session with a trusted intermediary;
  
  or(ii) activate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient or on a server computer, so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message;
  
  whereby the encrypted message is decrypted and displayed to the recipient by;
  
  (e) obtaining a shared secret question;
  
  (f) providing the shared secret; and
  
  (g) in response to (f) either (i) authenticating the recipient to the server computer and thereby obtaining the encrypted message in a decrypted form in a secure session or (ii) authenticating the recipient to the Public Key Cryptography utility on the recipient computer or the server computer and thereby releasing the private key for decryption of the encrypted message.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method claimed in claim 1, whereby the non-credentialed recipient accesses a private message key linked to the encrypted message so as to obtain the encrypted message in a decrypted form in a secure session with the server computer.
  - 3. The method claimed in claim 1, comprising the further steps of (i) generating a public key/private key pair for encrypting the message, and (ii) using the Shared secret to encrypt the private key.
  - 4. The method claimed in claim 3, comprising the further step of storing the encrypted private key to the server computer.
  - 5. The method claimed in claim 4, whereby recipient information and the shared secret is also stored to the server computer.
  - 6. The method claimed in claim 1, whereby:
    - (a) the message is encrypted using a trusted intermediary using the encryption key(s) of the trusted intermediary;
      
      (b) the trusted intermediary captures the shared secret and sends a notification to the recipient with instructions for retrieving the encrypted message; and
      
      (c) the recipient is authenticated to the trusted intermediary by providing the shared secret, whereby the trusted intermediary decrypts the encrypted message and transmits into the recipient in a secure session.

7. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender uses a sender computer and each of the one or more recipients uses a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
- (a) activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility performing one or more cryptographic operations including encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
  
  (b) the sender sending the encrypted message to the non-credentialed recipient;
  
  (c) the Public Key Cryptography utility configured on the sender computer for;
  
  (i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
  
  (ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
  
  (d) the non-credentialed recipient using the secret to activate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message;
  
  (e) creating a public key and private key for the encrypted message;
  
  (f) encrypting the private key with the shared secret;
  
  (g) delivering the encrypted private key to the Public Key Cryptography utility; and
  
  (h) providing the shared secret to the Public Key Cryptography utility, thereby releasing the private key.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, comprising the further step of saving the encrypted private key to a server computer or saving the shared secret to the server computer.
  - 9. The method claimed in claim 8, comprising the further step of the Public Key Cryptography utility encrypting the message with the public key.
  - 10. The method claimed in claim 8, whereby the public key consists of a public key created for the message by the Public Key Cryptography utility for the message.

11. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender uses a sender computer and each of the one or more recipients uses a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
- (a) activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility performing one or more cryptographic operations including encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
  
  (b) the sender sending the encrypted message to an email server or to a message server for delivery to the non-credentialed recipient;
  
  (c) the message server computer creating an email notification or message notification notifying the non-credentialed recipient that the email server or the message server has received the encrypted message;
  
  (d) the Public Key Cryptography utility configured on the sender computer for;
  
  (i) identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
  
  (ii) thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
  
  (e) in response to (c), the non-credentialed recipient authenticating to the message server or a trusted intermediary by using the secret to obtain the encrypted message in a decrypted form in a secure session with the server.

12. A system for exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the system comprising:
- (a) a first network-connected device used by the sender, and a second network-connected device used by the recipient, the first and second network-connected devices communicate with remote devices via a communication network; and
  
  (b) the first network-connected device including a Public Key Cryptographic utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility configured to perform one or more cryptographic operations including encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility configured to;
  
  (i) perform one or more of such cryptographic operations so as to create an encrypted message for communication to the recipient; and
  
  (ii) identify that the sender does not have access to the PKI credentials of the non-credential recipient, and thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient; and
  
  wherein the Public Key Cryptographic utility cooperates with a server to invite the recipient to provide the shared secret so as to;
  
  (i) obtain the encrypted message in a decrypted form in a secure session with the server;
  
  or (ii) activate a Public Key Cryptography utility linked to the second network connected device or to the server so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message;
  
  (c) the Public Key Cryptography utility linked to the first network connected device sends the encrypted message to the server;
  
  (d) the server is linked to a server application that creates a message notification notifying the non-credentialed recipient that the server computer has received the encrypted message, and including instructions for the non-credential recipient retrieving the encrypted message; and
  
  (e) the second network-connected device includes instructions for authenticating to the server, thereby instructing the server to decrypt the encrypted message and transmit the decrypted message to the second network connected device in a secure session.
- View Dependent Claims (13)
- - 13. The system as claimed in claim 12, wherein the Public Key Cryptography utility is operable on the first network-connected device to:
    - (a) Create a public key and private key for the encrypted message; and
      
      (b) Encrypt the private key with the shared secret.

14. A method of exchanging PKI compliant messages between a sender and one or more recipients, whereby the sender is used by a sender computer and each of the one or more recipients is used by a recipient computer, whereby the sender does not have access to the PKI credentials of at least one of the one or more recipients, said at least one of the one or more recipients corresponding to a non-credentialed recipient, the method comprising the steps of:
- activating a Public Key Cryptography utility linked to a browser or a client communication program, or forming part of the browser or the client communication program, the Public Key Cryptography utility performing one or more cryptographic operations including encrypting/decrypting data, authenticating data, and/or authenticating a sender, decrypting and/or verifying data, the Public Key Cryptography utility thereby performing one or more of such cryptographic operations so as to create an encrypted message;
  
  the sender sending the encrypted message to a server computer for delivery to the non-credentialed recipient;
  
  the Public Key Cryptography utility configured on the sender computer for;
  
  identifying that the sender does not have access to the PKI credentials of the non-credentialed recipient; and
  
  thereby initiating the creation of a secret shared between the sender and the non-credentialed recipient, the creation of the secret shared between the sender and the non-credentialed recipient including the creation of a shared secret question and a shared secret answer; and
  
  the non-credentialed recipient using the shared secret answer to either, obtain the encrypted message in a decrypted form in a secure session with a trusted intermediary;
  
  oractivate a further Public Key Cryptography utility on the recipient computer of the non-credentialed recipient or on the server computer, so as to access a private key linked to the encrypted message thereby enabling the Public Key Cryptography utility to decrypt the encrypted message;
  
  the message is encrypted using the encryption key(s) of the trusted intermediary;
  
  the trusted intermediary captures the shared secret and sends a notification to the recipient with instructions for retrieving the encrypted message; and
  
  the recipient is authenticated to the trusted intermediary by providing the shared secret answer, whereby the trusted intermediary decrypts the encrypted message and transmits the decrypted message to the recipient in a secure session.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method claimed in claim 14, whereby the non-credentialed recipient accesses a private message key linked to the encrypted message so as to obtain the encrypted message in a decrypted form in a secure session with the server computer.
  - 16. The method claimed in claim 14, comprising the further steps of (i) generating a public key/private key pair for encrypting the message, and (ii) using the shared secret to encrypt the private key.
  - 17. The method claimed in claim 16, comprising the further step of storing the encrypted private key to the server computer.
  - 18. The method claimed in claim 17, whereby recipient information and the shared secret is also stored to the server computer.
  - 19. The method claimed in claim 14, whereby the encrypted message is decrypted and displayed to the recipient by:
    - obtaining a shared secret question;
      
      providing the shared secret; and
      
      in response to said providing the shared secret either authenticating the recipient to the server computer and thereby obtaining the encrypted message in a decrypted form in a secure session, or authenticating the recipient to the Public Key Cryptography utility on the recipient computer or the server computer and thereby releasing the private key for decryption of the encrypted message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ECHOWORX Corporation
Original Assignee
ECHOWORX Corporation
Inventors
Sorbara, Joseph Dominic Michael, Lai, Qinsheng, Mansell, Michael Graves, Ivanov, Viatcheslav, Roberts, Michael Albert
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Louie; Oscar A

Application Number

US10/843,319
Publication Number

US 20050257057A1
Time in Patent Office

2,645 Days
Field of Search

713/150
US Class Current

713/168
CPC Class Codes

G06Q 20/383   Anonymous user system

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/0822   using key encryption key

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links