Electronic data communication system
First Claim
1. A system for communicating electronic messages to a recipient, the system comprising:
- a communications network having a plurality of network devices connected thereto;
a mail server connected to the communications network and is operable to store electronic messages for access by the recipient;
a first network device in the plurality of network devices, the first network device being employed by the recipient to access electronic messages from the mail server;
a second network device in the plurality of network devices operable to generate an encrypted electronic message for communication to the recipient, the encrypted electronic message comprising encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key and encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient;
an encryption key server connected to the communications network, the encryption key server being remote from the first network device, the second network device, and the mail server;
wherein in response to a request to access an encrypted message stored by the mail server, the mail server is operable to extract said encrypted session key data from said encrypted electronic message for forwarding to the encryption key server, and in response to receipt of said encrypted session key data, the encryption key server is operable to recover the session key, by decrypting the encrypted session key data using a private key associated with the recipient, for forwarding to a remote network device, whereby the remote network device is operable to recover said message from the encrypted message data using the session key recovered by the encryption key server.
3 Assignments
0 Petitions
Accused Products
Abstract
There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message. In this way, although the trusted third party has access to the private key of the user, the trusted third party does not have access to any decrypted message. In another aspect, in order to digitally sign a message, the sender applies a hash function to the message to generate a hash value, and then sends the hash value to the trusted third party server where it is encrypted using the private key associated with the sender in order to generate the digital signature, which is then returned to the sender.
11 Citations
11 Claims
-
1. A system for communicating electronic messages to a recipient, the system comprising:
-
a communications network having a plurality of network devices connected thereto; a mail server connected to the communications network and is operable to store electronic messages for access by the recipient; a first network device in the plurality of network devices, the first network device being employed by the recipient to access electronic messages from the mail server; a second network device in the plurality of network devices operable to generate an encrypted electronic message for communication to the recipient, the encrypted electronic message comprising encrypted message data corresponding to a message for the recipient encrypted by a symmetric encryption algorithm using a session key and encrypted session key data corresponding to the session key encrypted by an asymmetric encryption algorithm using a public key associated with the recipient; an encryption key server connected to the communications network, the encryption key server being remote from the first network device, the second network device, and the mail server; wherein in response to a request to access an encrypted message stored by the mail server, the mail server is operable to extract said encrypted session key data from said encrypted electronic message for forwarding to the encryption key server, and in response to receipt of said encrypted session key data, the encryption key server is operable to recover the session key, by decrypting the encrypted session key data using a private key associated with the recipient, for forwarding to a remote network device, whereby the remote network device is operable to recover said message from the encrypted message data using the session key recovered by the encryption key server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification