Key distribution for secure messaging
First Claim
Patent Images
1. At least one computer-readable storage medium having executable instructions that, when executed, cause one or more processors to:
- secure, by a communications gateway implemented as at least one domain name server of a domain, an electronic message for a sending agent associated with the domain, wherein the sending agent is a source of the electronic message, and wherein to secure the electronic message comprises;
retrieving a public encryption key associated with at least one other domain of a receiving agent that is an intended recipient of the electronic message;
generating a symmetric key associated with the domain associated with the sending agent;
encrypting the electronic message using the symmetric key to provide an encrypted version of the electronic message; and
encrypting the symmetric key using the public encryption key to provide an encrypted symmetric key;
transmit, by the communications gateway on behalf of the sending agent, the encrypted version of the electronic message to at least one other communications gateway implemented as at least one other domain server of at least one other domain;
receive, at the at least one other communications gateway on behalf of the receiving agent, the encrypted version of the electronic message;
provide, by the at least one other communications gateway, a decrypted version of the electronic message to the receiving agent, wherein to provide the decrypted version of the electronic message comprises;
retrieving a public verification key corresponding to the domain associated with the sending agent;
utilizing the public verification key in combination with a private key corresponding to the at least one other domain to decrypt the encrypted symmetric key to provide a decrypted symmetric key, wherein the private key corresponding to the at least one other domain is stored locally at the at least one other domain and is a private counterpart to the public encryption key retrieved by the communications gateway; and
decrypting the encrypted version of the electronic message using the decrypted symmetric key to provide the decrypted version of the electronic message; and
forwarding the decrypted version of the electronic message to the receiving agent.
2 Assignments
0 Petitions
Accused Products
Abstract
A transmitting gateway may utilize a retrieved domain-specific key to secure an outbound message, and a receiving gateway may utilize another retrieved domain-specific key to authenticate and validate the secured message.
-
Citations
13 Claims
-
1. At least one computer-readable storage medium having executable instructions that, when executed, cause one or more processors to:
-
secure, by a communications gateway implemented as at least one domain name server of a domain, an electronic message for a sending agent associated with the domain, wherein the sending agent is a source of the electronic message, and wherein to secure the electronic message comprises; retrieving a public encryption key associated with at least one other domain of a receiving agent that is an intended recipient of the electronic message; generating a symmetric key associated with the domain associated with the sending agent; encrypting the electronic message using the symmetric key to provide an encrypted version of the electronic message; and encrypting the symmetric key using the public encryption key to provide an encrypted symmetric key; transmit, by the communications gateway on behalf of the sending agent, the encrypted version of the electronic message to at least one other communications gateway implemented as at least one other domain server of at least one other domain; receive, at the at least one other communications gateway on behalf of the receiving agent, the encrypted version of the electronic message; provide, by the at least one other communications gateway, a decrypted version of the electronic message to the receiving agent, wherein to provide the decrypted version of the electronic message comprises; retrieving a public verification key corresponding to the domain associated with the sending agent; utilizing the public verification key in combination with a private key corresponding to the at least one other domain to decrypt the encrypted symmetric key to provide a decrypted symmetric key, wherein the private key corresponding to the at least one other domain is stored locally at the at least one other domain and is a private counterpart to the public encryption key retrieved by the communications gateway; and decrypting the encrypted version of the electronic message using the decrypted symmetric key to provide the decrypted version of the electronic message; and forwarding the decrypted version of the electronic message to the receiving agent. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
securing, by a communications gateway implemented as at least one domain name server of a domain, an electronic message for a sending agent associated with the domain that is the source of the electronic message, wherein securing the electronic message comprises; retrieving a public encryption key associated with at least one other domain of a receiving agent that is an intended recipient of the electronic message; generating a symmetric key associated with the domain associated with the sending agent; encrypting the electronic message using the symmetric key to provide an encrypted version of the electronic message that is decryptable by another communications gateway of another domain using the symmetric key; and encrypting the symmetric key using the public encryption key to provide an encrypted version of the symmetric key that is decryptable by the another communications gateway using a public verification key retrievable by the another communications gateway and a private key stored locally at the another domain, wherein the private key is the private counterpart to the public encryption key; and transmitting, by the communications gateway on behalf of the sending agent, the encrypted version of the electronic message to a receiving agent via the another communications gateway. - View Dependent Claims (7, 8, 9)
-
-
10. A system comprising:
-
a communications gateway implemented as at least one domain name server of a domain and configured to; secure an electronic message for a sending agent associated with the domain that is the source of the electronic message, wherein to secure the electronic message comprises; retrieving a public encryption key associated with at least one other domain of a receiving agent that is an intended recipient of the electronic message; generating a symmetric key associated with the domain associated with the sending agent; encrypting the electronic message using the symmetric key to provide an encrypted version of the electronic message; and encrypting the symmetric key using the public encryption key to provide an encrypted symmetric key; transmit, on behalf of the sending agent, the encrypted version of the electronic message; at least one other communications gateway implemented as at least one other domain server of at least one other domain and configured to; receive, on behalf of the receiving agent, the encrypted version of the electronic message; retrieve a public verification key corresponding to the domain associated with the sending agent; utilize the public verification key in combination with a private key corresponding to the at least one other domain to decrypt the encrypted symmetric key to provide a decrypted symmetric key, wherein the private key corresponding to the at least one other domain is stored locally at the at least one other domain and is the private counterpart to the public encryption key; decrypt the encrypted version of the electronic message using the decrypted symmetric key to provide a decrypted version of the electronic message; and forward the decrypted version of the electronic message to the receiving agent. - View Dependent Claims (11, 12, 13)
-
Specification