Generating PKI email accounts on a web-based email system

US 8,370,444 B2
Filed: 03/31/2011
Issued: 02/05/2013
Est. Priority Date: 07/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

a) receiving a PKI email account request from a user via a PKI email account website hosted on one or more computers in a network and displayed on a client computer, wherein the client computer does not store or recall PKI keys;

b) generating and storing, without interaction from the user and responsive to a keypair generation request by the PKI email account website, a keypair comprising a private key and a public key, wherein the keypair is generated by and stored in a keystore system comprising a keypair generation software and a data storage hosted on the one or more computers;

c) generating and sending a certificate signing request comprising the public key and a distinguished name, without interaction from the user, from the keystore system to a certificate authority, wherein the certificate authority automatically trusts one or more certificate signing requests from the keystore system and wherein the certificate authority is hosted on the one or more computers hosting the keystore system;

d) installing a signed certificate from the certificate authority, wherein the signed certificate is received, installed and stored by the keystore system; and

e) creating a PKI email account for the user, wherein the PKI email account is configured to access one or more cryptographic functions stored in the keystore system to securely receive and transmit mail, wherein the PKI email account is accessible to an email website and wherein the email website is displayed on the client computer, configured to read and send email messages and accessible to any computer connected to the Internet.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for allowing an Email User to create a Public Key Infrastructure (PKI) Email Account and thereafter to digitally sign, send, verify and receive PKI encrypted emails over a computer network, such as the Internet. The systems and methods preferably include a Web-based Email System and a Certificate Authority that coordinate their actions to make the process of creating, maintaining and using the PKI Account as easy as possible for the Email User. In a preferred embodiment, a Keystore System may also be used to enhance the management and use of digital keypairs.

24 Citations

View as Search Results

17 Claims

1. A method comprising the steps of:
- a) receiving a PKI email account request from a user via a PKI email account website hosted on one or more computers in a network and displayed on a client computer, wherein the client computer does not store or recall PKI keys;
  
  b) generating and storing, without interaction from the user and responsive to a keypair generation request by the PKI email account website, a keypair comprising a private key and a public key, wherein the keypair is generated by and stored in a keystore system comprising a keypair generation software and a data storage hosted on the one or more computers;
  
  c) generating and sending a certificate signing request comprising the public key and a distinguished name, without interaction from the user, from the keystore system to a certificate authority, wherein the certificate authority automatically trusts one or more certificate signing requests from the keystore system and wherein the certificate authority is hosted on the one or more computers hosting the keystore system;
  
  d) installing a signed certificate from the certificate authority, wherein the signed certificate is received, installed and stored by the keystore system; and
  
  e) creating a PKI email account for the user, wherein the PKI email account is configured to access one or more cryptographic functions stored in the keystore system to securely receive and transmit mail, wherein the PKI email account is accessible to an email website and wherein the email website is displayed on the client computer, configured to read and send email messages and accessible to any computer connected to the Internet.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising the step of notifying the user that the PKI email account is created.
  - 3. The method of claim 1, wherein the PKI email account website requests the signed certificate from the certificate authority.
  - 4. The method of claim 1, wherein the certificate authority and the PKI email account website are operated by the same entity.
  - 5. The method of claim 1, wherein the distinguished name comprises a unique name for the user conforming to a standardized format.

6. A method comprising the steps of:
- a) receiving a PKI email account request from a user via a PKI email account website hosted on one or more computers in a network and displayed on a client computer, wherein the client computer does not store or recall PKI keys;
  
  b) verifying the identity of the user, wherein the method is terminated if the identity of the user cannot be verified;
  
  c) generating and storing, without interaction from the user and responsive to a keypair generation request by the PKI email account website, a keypair comprising a private key and a public key wherein the keypair is generated by and stored in a keystore system comprising a keypair generation software and a data storage hosted on the one or more computers;
  
  d) generating and sending a certificate signing request comprising the public key and a distinguished name, without interaction from the user, from the keystore system to a certificate authority, wherein the certificate authority automatically trusts one or more certificate signing requests from the keystore system and wherein the certificate authority is hosted on the one or more computers hosting the keystore system;
  
  e) installing a signed certificate from the certificate authority, wherein the signed certificate is received, installed and stored by the keystore system; and
  
  f) creating a PKI email account for the user, wherein the PKI email account is configured to access one or more cryptographic functions stored in the keystore system to securely receive and transmit mail, wherein the PKI email account is accessible to an email website and wherein the email website is displayed on the client computer, configured to read and send email messages and accessible to any computer connected to the Internet.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, further comprising the step of installing the certificate on the PKI email account website.
  - 8. The method of claim 6, further comprising the step of notifying the user that the PKI email account is created.
  - 9. The method of claim 6, wherein the PKI email account website requests the signed certificate from the certificate authority.
  - 10. The method of claim 6, wherein the PKI email account website verifies the identity of the user.
  - 11. The method of claim 6, wherein the certificate authority verifies the identity of the user.
  - 12. The method of claim 6, wherein the certificate authority and the PKI email account website are operated by the same entity.
  - 13. The method of claim 6, wherein the distinguished name comprises a unique name for the user conforming to a standardized format.

14. A method comprising the steps of:
- a) receiving a PKI email account request and an auto-renewal option from a user via a PKI email account website hosted on one or more computers in a network and displayed on a client computer, wherein the client computer does not store or recall PKI keys;
  
  b) generating and storing, without interaction from the user and responsive to a keypair generation request by the PKI email account website, a keypair comprising a private key and a public key, wherein the keypair is generated by and stored in a keystore system comprising a keypair generation software and a data storage hosted on the one or more computers;
  
  c) generating and sending a certificate signing request comprising the public key and a distinguished name, without interaction from the user, from the keystore system to a certificate authority, wherein the certificate authority automatically trusts one or more certificate signing requests from the keystore system and wherein the certificate authority is hosted on the one or more computers hosting the keystore system;
  
  d) installing a first signed certificate from the certificate authority, wherein the first signed certificate is received, installed and stored by the keystore system; and
  
  e) creating a PKI email account for the user, wherein the PKI email account is configured to access one or more cryptographic functions stored in the keystore system to securely receive and transmit mail, wherein the PKI email account is accessible to an email website and wherein the email website is displayed on the client computer, configured to read and send email messages and accessible to any computer connected to the Internet; and
  
  f) requesting and receiving a second signed certificate from the certificate authority, without interaction from the user, prior to the first signed certificate expiring.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the keystore system is integrated into the PKI email account website.
  - 16. The method of claim 14, wherein the certificate authority and the PKI email account website are operated by the same entity.
  - 17. The method of claim 14, wherein the distinguished name comprises a unique name for the user conforming to a standardized format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Go Daddy Operating Company LLC (GoDaddy, Inc.)
Original Assignee
Go Daddy Operating Company LLC (GoDaddy, Inc.)
Inventors
Thayer, Wayne, Owen, Brad
Primary Examiner(s)
Walsh, John B.

Application Number

US13/077,876
Publication Number

US 20110185172A1
Time in Patent Office

677 Days
Field of Search

None
US Class Current

709/206
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

Generating PKI email accounts on a web-based email system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Generating PKI email accounts on a web-based email system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others