System and method for secure electronic communication services
First Claim
1. A system for public-key distribution and management for a plurality of users in a communications network comprising a plurality of domains, each domain served by a Domain Name System (DNS) server hierarchy, and the system comprising:
- a distributed server network comprising a plurality of key servers organized as a hierarchical network structure (key server hierarchy) comprising a domain tree hierarchy, each domain being registered to a respective key server, and a topmost level of the key server hierarchy comprising a directory server;
one or more registration servers for registration of users, independently of domain registration and name service by the DNS server hierarchy, each user having a unique identifier and a public-private key pair;
each registration server registering to a user a respective public key of the public-private key pair of the user associated with the unique identifier of the user, and sending a key request for storing the unique identifier and the associated public key on an assigned key server of the key server hierarchy;
the key server hierarchy storing, for each user, on an assigned key server, the respective public key of the user associated with the unique identifier for look-up and retrieval by other users; and
the key server hierarchy further comprising;
a plurality of key address resolution (kDNS) servers, each network domain being registered to a respective kDNS server, each kDNS server storing for each of a plurality of said unique identifiers, an address of a key server storing the respective public key; and
each kDNS server responding to key requests for storage and retrieval of a public key associated with a unique identifier by;
determining, based on the unique identifier, an address of a respective assigned key server,directing the key request to the respective assigned key server for resolution, ordirecting unresolved requests to a kDNS server in another domain for resolution.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed and scalable system for public key registration, distribution and management is provided, comprising a hierarchical key server network providing key address resolution (kDNS) functionality based on a kDNS server hierarchy or a key-DNS server hierarchy and associated protocols. Thus, public-keys of users, such as email recipients, can be searched and retrieved over the internet based on a unique identifier of the user, facilitating secure communication between users in different network domains and organizations.
-
Citations
34 Claims
-
1. A system for public-key distribution and management for a plurality of users in a communications network comprising a plurality of domains, each domain served by a Domain Name System (DNS) server hierarchy, and the system comprising:
-
a distributed server network comprising a plurality of key servers organized as a hierarchical network structure (key server hierarchy) comprising a domain tree hierarchy, each domain being registered to a respective key server, and a topmost level of the key server hierarchy comprising a directory server; one or more registration servers for registration of users, independently of domain registration and name service by the DNS server hierarchy, each user having a unique identifier and a public-private key pair;
each registration server registering to a user a respective public key of the public-private key pair of the user associated with the unique identifier of the user, and sending a key request for storing the unique identifier and the associated public key on an assigned key server of the key server hierarchy;the key server hierarchy storing, for each user, on an assigned key server, the respective public key of the user associated with the unique identifier for look-up and retrieval by other users; and
the key server hierarchy further comprising;a plurality of key address resolution (kDNS) servers, each network domain being registered to a respective kDNS server, each kDNS server storing for each of a plurality of said unique identifiers, an address of a key server storing the respective public key; and each kDNS server responding to key requests for storage and retrieval of a public key associated with a unique identifier by; determining, based on the unique identifier, an address of a respective assigned key server, directing the key request to the respective assigned key server for resolution, or directing unresolved requests to a kDNS server in another domain for resolution. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 34)
-
-
5. A system for public-key distribution and management for secure communications services for a plurality of users in a communications network comprising a plurality of network domains served by a Domain Name System (DNS) server hierarchy, the system comprising:
-
a distributed server network comprising a plurality of key DNS servers organized as a hierarchical domain tree network structure (key DNS server hierarchy), said key DNS server hierarchy being distinct from the DNS server hierarchy, and each network domain being registered to a key DNS server; and at least a topmost level of the key DNS server hierarchy further comprising a registration server for registering of users, independently of domain registration and name service by the DNS server hierarchy, each user having a unique identifier and a public private-key pair;
each registration server registering to a user a respective public key of the public-private key pair of the user associated with the unique identifier of the user, and sending a key request for storing the unique identifier and the associated public key on an assigned key-DNS server of the key-DNS server hierarchy;the key DNS server hierarchy storing, for each user, on an assigned key DNS server, the respective public key associated with the unique identifier for look-up and retrieval by another user; each key-DNS server being operable as a key server to respond to key requests for storing for a registered user a unique identifier and a respective public key associated with the unique identifier, and to respond to key requests for look-up and retrieval of a public key associated with a unique identifier, by returning the requested public key; each key-DNS server further being operable for key address resolution (kDNS) comprising, when a key request for storage or retrieval of a public-key associated with a unique identifier for a user is not resolved, determining, based on the unique identifier, an address of an assigned key DNS server, for public-key storage or retrieval; and
directing the key request to the assigned key DNS server. - View Dependent Claims (13, 14)
-
-
25. A method for public-key distribution and management for secure electronic communication services for a plurality of users in a communication network comprising one or more domains served by a domain name system (DNS) server hierarchy, one or more registration servers for registration of users independently of domain registration and name service by the DNS server hierarchy, and a key server hierarchy comprising a plurality of key servers organized as a hierarchical network structure comprising a domain tree hierarchy, each domain being registered to a respective key server, and a topmost level of the key server hierarchy comprising a directory server, the method comprising:
-
registering to each user a unique identifier and attaching a respective public-key of a private-public key pair of the user; for each user, storing on at least one assigned key server of the key server hierarchy, the unique identifier and the attached public-key for lookup and retrieval of the public-key by another user based on the unique identifier; and storing, on a directory server of at least a top level of the key server hierarchy, each unique identifier and the address of an assigned key server storing the respective key; and responding to key requests for public-key storage or retrieval based on a respective unique identifier, by steps comprising; querying a local key server of the key server hierarchy and resolving the request by storing or returning the requested public-key;
orredirecting unsuccessful key requests to a key server in a next level of the hierarchy for resolution;
orredirecting unsuccessful key requests to a directory server of the key server hierarchy for key address resolution comprising;
determining the address of an assigned key server and forwarding the key request for response. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
Specification