System, method, and program for managing a user key used to sign a message for a data processing system
First Claim
1. A method for managing a user key used to sign a message for a data processing system, said method comprising:
- assigning a user key to a user and storing the user key in an encrypting data processing system utilized to encrypt messages;
encrypting the messages with the user key;
storing an associated key in the encrypting data processing system and encrypting the user key with the associated key to obtain an encrypted user key, wherein said associated key comprises a private key;
said encrypting data processing system communicating at least one encrypted message together with the encrypted user key to a recipient system in order to permit validation of an association of the user with the encrypted messages by the recipient system; and
thereafter, preventing validation of the association of the user with messages by revoking the associated key at the encrypting data processing system so that the encrypting data processing system is no longer able to decrypt the encrypted user key.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and program for managing a user key used to sign a message for a data processing system having an encryption chip are disclosed. A user is assigned a user key. In order to encrypt and send messages to a recipient(s), the messages are encrypted with the user key. The user key, in turn, is encrypted with an associated key. The associated key is further encrypted using an encryption chip key stored on the encryption chip. The encrypted messages are communicated to a recipient to validate an association of the user with the encrypted messages. The associated key is decrypted with the encryption chip key. The user key is decrypted with the associated key, and the messages are decrypted with the user key. Thereafter, validation of the association of messages with the user is removed by revoking the associated key. In a preferred embodiment, encryption resources are centralized in a server system having the encryption chip. The server system is coupled to and provides encryption services to a plurality of client systems. Messages to be encrypted are sent from a user'"'"'s client system to the server system, which encrypts the messages using the encryption chip. The encrypted messages are sent from the server system to the client system, which then transmits the encrypted messages to their intended recipient(s). All data relating to the encrypted messages are erased from the server system after the encrypted messages are sent from the server system to the client system.
19 Citations
24 Claims
-
1. A method for managing a user key used to sign a message for a data processing system, said method comprising:
-
assigning a user key to a user and storing the user key in an encrypting data processing system utilized to encrypt messages; encrypting the messages with the user key; storing an associated key in the encrypting data processing system and encrypting the user key with the associated key to obtain an encrypted user key, wherein said associated key comprises a private key; said encrypting data processing system communicating at least one encrypted message together with the encrypted user key to a recipient system in order to permit validation of an association of the user with the encrypted messages by the recipient system; and thereafter, preventing validation of the association of the user with messages by revoking the associated key at the encrypting data processing system so that the encrypting data processing system is no longer able to decrypt the encrypted user key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for managing a user key used to sign a message, said system comprising:
-
means for assigning a user key to a user; means for storing the user key; means for encrypting the messages with the user key; means for storing an associated key; means for encrypting the user key with the associated key to obtain an encrypted user key, wherein said associated key comprises a private key; means for communicating at least one encrypted message together with the encrypted user key to a recipient system in order to permit validation of an association of the user with the encrypted messages by the recipient system; and means for thereafter preventing validation of the association of the user with messages by revoking the associated key in said system so that the encrypting data processing system is no longer able to decrypt the encrypted user key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A program product for managing a user key used to sign a message, said program product comprising:
-
a control program including; instruction means for assigning a user key to a user and for storing the user key in an encrypting data processing system utilized to encrypt messages; instruction means for encrypting the messages with the user key; instruction means for storing an associated key in the encrypting data processing system and for encrypting the user key with the associated key to obtain an encrypted user key, wherein said associated key comprises a private key; instruction means for communicating at least one encrypted message together with the encrypted user key to a recipient system in order to permit validation of an association of the user with the encrypted messages by the recipient system; instruction means for thereafter preventing validation of the association of the user with messages by revoking the associated key within the encrypting data processing system so that the encrypting data processing system is no longer able to decrypt the encrypted user key; and a computer usable storage medium storing said control program. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification