Peer-to-peer SMIME mechanism

US 8,296,559 B2
Filed: 05/31/2007
Issued: 10/23/2012
Est. Priority Date: 05/31/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

generating, by a mail client of a sender client device, a public and private key pair;

generating, by the mail client, a self-signed certificate of a sender that includes the public key of the public and private key pair, wherein the sender acts as its own certificate of authenticity issuer for the self-signed certificate;

forming, by the mail client, an introduction message comprising the self-signed certificate of the sender and an authenticated attribute, the introduction message addressed to a recipient, wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message; and

sending, by the mail client, the introduction message to the recipient;

wherein when the introduction message is received at a mail client of the recipient, the introduction message triggers the mail client of the recipient to provide a user interface that queries the recipient to confirm the user-selected password for the introduction message and to accept the self-signed certificate upon confirmation of the user-selected password.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for sending a self-asserted certificate is described. A mail client of a sender is configured to generate a public and private key pair, to create a self-signed certificate, and to form an introduction message addressed to a recipient to enable use of the self-signed certificate prior to corresponding with the recipient. A mail client of a recipient is configured to display an indicator of a receipt of the introduction message from the sender. The indicator comprises a user interface query to the recipient to verify and accept the sender-signed certificate in response to receiving the introduction message from the sender.

40 Citations

View as Search Results

33 Claims

1. A computer-implemented method comprising:
- generating, by a mail client of a sender client device, a public and private key pair;
  
  generating, by the mail client, a self-signed certificate of a sender that includes the public key of the public and private key pair, wherein the sender acts as its own certificate of authenticity issuer for the self-signed certificate;
  
  forming, by the mail client, an introduction message comprising the self-signed certificate of the sender and an authenticated attribute, the introduction message addressed to a recipient, wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message; and
  
  sending, by the mail client, the introduction message to the recipient;
  
  wherein when the introduction message is received at a mail client of the recipient, the introduction message triggers the mail client of the recipient to provide a user interface that queries the recipient to confirm the user-selected password for the introduction message and to accept the self-signed certificate upon confirmation of the user-selected password.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - generating the public and private key pair in response to a request of a user of the mail client; and
      
      creating the self-signed certificate based on the user information from the mail client.
  - 3. The method of claim 1 further comprising:
    - forming an SMIME introduction message in response to a request of a user of the mail client to send the self-signed certificate to the recipient.
  - 4. The method of claim 1 wherein the introduction message comprises an SMIME introduction message comprising a body, the authenticated attribute, a signature, and the self-signed certificate.
  - 5. The method of claim 4 wherein a value of the authenticated attribute triggers a user interface query in a mail client of the recipient to accept the self-signed certificate.
  - 6. The method of claim 4 wherein the authenticated attribute comprises an authenticator, the authenticator comprises the out of band proof.
  - 7. The method of claim 6 wherein the out of band proof comprises a pre-agreed secret key transmitted out of band to the recipient, a value of the authenticated attribute to trigger a user interface query in a mail client of the recipient to confirm the pre-agreed secret key and to accept the self-signed certificate upon confirmation of the pre-agreed secret key.

8. A computer-implemented method comprising:
- receiving, by a mail client of a recipient client device, an introduction message from a sender to a recipient that utilizes the mail client, the introduction message comprising a public key of the sender, a sender-signed certificate, and an authenticated attribute, wherein the sender acts as a certificate of authenticity issuer for the sender-signed certificate, and wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message;
  
  displaying, by the mail client, an indication that the introduction message has been received;
  
  generating, by the mail client, a user interface to the recipient, the user interface configured to;
  
  query the recipient to confirm the user-selected password for the introduction message; and
  
  accept the sender-signed certificate upon confirmation of the user-selected password; and
  
  receiving, by the mail client from the recipient via the user interface, an indication that the recipient has accepted the sender-signed certificate.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 wherein the introduction message is an SMIME introduction message comprising a body, the authenticated attribute, a signature, and the sender-signed certificate.
  - 10. The method of claim 9 wherein a value of the authenticated attribute triggers the user interface in the mail client to accept the sender-signed certificate.
  - 11. The method of claim 9 wherein the authenticated attribute comprises an authenticator, the authenticator comprises the out of band proof.
  - 12. The method of claim 11 wherein the out of band proof comprises a pre-agreed secret key transmitted out of band from the sender, a value of the authenticated attribute to trigger the user interface query in the mail client to confirm the pre-agreed secret key and to accept the sender-signed certificate upon confirmation of the pre-agreed secret key.

13. A non-transitory computer-accessible storage medium including data that, when accessed by a computer system, cause the computer system to perform a method comprising:
- generating, by a mail client of a sender client device, a public and private key pair;
  
  generating, by the mail client, a self-signed certificate of a sender that includes the public key of the public and private key pair, wherein the sender acts as its own certificate of authenticity issuer for the self-signed certificate;
  
  forming, by the mail client, an introduction message comprising the self-signed certificate of the sender and an authenticated attribute, the introduction message addressed to a recipient, wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message; and
  
  sending, by the mail client, the introduction message to the recipient;
  
  wherein when the introduction message is received at a mail client of the recipient, the introduction message triggers the mail client of the recipient to provide a user interface that queries the recipient to confirm the user-selected password for the introduction message and to accept the self-signed certificate upon confirmation of the user-selected password.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The non-transitory computer-accessible storage medium of claim 13 wherein the method further comprises:
    - generating the public and private key pair in response to a request of a user of the mail client; and
      
      creating the self-signed certificate based on the user information from the mail client.
  - 15. The non-transitory computer-accessible storage medium of claim 13 wherein the method further comprises:
    - forming an SMIME introduction message in response to a request of a user of the mail client to send the self-signed certificate to the recipient.
  - 16. The non-transitory computer-accessible storage medium of claim 13 wherein the introduction message comprises an SMIME introduction message comprising a body, the authenticated attribute, a signature, and the self-signed certificate.
  - 17. The non-transitory computer-accessible storage medium of claim 16 wherein a value of the authenticated attribute triggers a user interface query in a mail client of the recipient to accept the self-signed certificate.
  - 18. The non-transitory computer-accessible storage medium of claim 16 wherein the authenticated attribute comprises an authenticator, the authenticator comprises the out of band proof.
  - 19. The non-transitory computer-accessible storage medium of claim 18 wherein the out of band proof comprises a pre-agreed secret key transmitted out of band to the recipient, a value of the authenticated attribute to trigger a user interface query in a mail client of the recipient to confirm the pre-agreed secret key and to accept the self-signed certificate upon confirmation of the pre-agreed secret key.

20. A non-transitory computer-accessible storage medium including data that, when accessed by a computer system, cause the computer system to perform a method comprising:
- receiving, at a mail client of a recipient client device, an introduction message from a sender to a recipient that utilizes the mail client, the introduction message comprising a public key of the sender, a sender-signed certificate, and an authenticated attribute, wherein the sender acts as a certificate of authenticity issuer for the sender-signed certificate, and wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message;
  
  displaying, by the mail client, an indication that the introduction message has been received;
  
  generating, by the mail client, a user interface to the recipient, the user interface configured to;
  
  query the recipient to confirm the user-selected password for the introduction message; and
  
  accept the sender-signed certificate upon confirmation of the user-selected password; and
  
  receiving, by the mail client from the recipient via the user interface, an indication that the recipient has accepted the sender-signed certificate.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The non-transitory computer-accessible storage medium of claim 20 wherein the introduction message is an SMIME introduction message comprising a body, authenticated attribute, a signature, and the sender-signed certificate.
  - 22. The non-transitory computer-accessible storage medium of claim 21 wherein a value of the authenticated attribute triggers the user interface in the mail client to accept the sender-signed certificate.
  - 23. The non-transitory computer-accessible storage medium of manufacture of claim 21 wherein the authenticated attribute comprises an authenticator, the authenticator comprises the out of band proof.
  - 24. The non-transitory computer-accessible storage medium of manufacture of claim 23 wherein the out of band proof comprises a pre-agreed secret key transmitted out of band from the sender, a value of the authenticated attribute to trigger the user interface query in the mail client to confirm the pre-agreed secret key and to accept the sender-signed certificate upon confirmation of the pre-agreed secret key.

25. A client computer system comprising:
- a memory; and
  
  a processing device to execute a mail client from the memory, the mail client configured to;
  
  generate a public and private key pair;
  
  create a self-signed certificate of a sender that includes the public key of the public and private key pair, wherein the sender acts as its own certificate of authenticity issuer for the self-signed certificate;
  
  form an introduction message comprising the self-signed certificate of the sender and an authenticated attribute, the introduction message addressed to a recipient, wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message; and
  
  send the introduction message to the recipient;
  
  wherein when the introduction message is received at a mail client of the recipient, the introduction message triggers the mail client of the recipient to provide a user interface that queries the recipient to confirm the user-selected password for the introduction message and to accept the self-signed certificate upon confirmation of the user-selected password.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The client computer system of claim 25 wherein the mail client is to generate the public and private key pair in response to a request of a user of the mail client, and is to create the self-signed certificate based on the user information from the mail client.
  - 27. The client computer system of claim 25 wherein the mail client is to form an SMIME introduction message in response to a request of a user of the mail client to send the self-signed certificate to the recipient, the SMIME introduction message comprising a body, the authenticated attribute, a signature, and the self-signed certificate.
  - 28. The client computer system of claim 27 wherein a value of the authenticated attribute triggers a user interface query in a mail client of the recipient to accept the self-signed certificate.
  - 29. The client computer system of claim 27 wherein the authenticated attribute comprises an authenticator, the authenticator comprises the out of band proof.

30. A client computer system comprising:
- a memory; and
  
  a processing device to execute a mail client from the memory, the mail client configured to;
  
  receive an introduction message from a sender to a recipient that uses the mail client, the introduction message comprising a public key of the sender, a sender-signed certificate, and an authenticated attribute, wherein the sender acts as a certificate of authenticity issuer for the sender-signed certificate, and wherein the authenticated attribute is out of band proof comprising a password-based encryption (PBE) of a hash of the self-signed certificate that is based on a user-selected password for the introduction message;
  
  display an indication that the introduction message has been received;
  
  generate a user interface to the recipient, the user interface configured to;
  
  query the recipient to confirm the user-selected password for the introduction message; and
  
  accept the sender-signed certificate upon confirmation of the user-selected password; and
  
  receive, from the recipient via the user interface, an indication that the recipient has accepted the sender-signed certificate.
- View Dependent Claims (31, 32, 33)
- - 31. The client computer system of claim 30 wherein the introduction message is an SMIME introduction message comprising a body, the authenticated attribute, a signature, and the sender-signed certificate.
  - 32. The client computer system of claim 31 wherein a value of the authenticated attribute triggers the user interface in the mail client to accept the sender-signed certificate.
  - 33. The client computer system of claim 31 wherein the authenticated attribute comprises an authenticator, the authenticator comprises the out of band proof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Parkinson, Steven W.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
SHOLEMAN, ABU S

Application Number

US11/809,831
Publication Number

US 20080301438A1
Time in Patent Office

1,972 Days
Field of Search

713/152, 713/156, 713/155, 713/157, 713/177, 713/173, 726/18, 380/277, 380/278, 380/283
US Class Current

713/152
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/18   using different networks or...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Peer-to-peer SMIME mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Peer-to-peer SMIME mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links