Electronic data communication system
First Claim
Patent Images
1. A network apparatus operable to communicate with one or more remote network devices which are associated with a group of users, the network apparatus comprising:
- a request transmitter operable to transmit over a network to a remote server a request for cryptographic keys for the group of users;
a key receiver operable to receive cryptographic keys for the group of users and to store the received cryptographic keys in a cryptographic keys data store; and
a registration controller operable to control a registration procedure for registering the network apparatus with the remote server,wherein the registration controller is operable to retrieve one or more transfer keys from the remote server and to store the transfer keys in a transfer key data store,wherein the key receiver is operable, in response to receiving an encrypted cryptographic key, to retrieve at least one transfer key for decrypting the encrypted cryptographic key from the transfer key data store, and to decrypt the encrypted cryptographic key using the retrieved transfer key to recover the cryptographic key,wherein the decryption using the transfer key employs a symmetric encryption algorithm,wherein the registration controller is operable to retrieve a master transfer key associated with the network apparatus and plural user transfer keys, each user transfer key being associated with a different user within the group of users,wherein the network apparatus has a network address and an associated electronic mail address,wherein the registration controller is operable to receive i) a signal sent to the network address for the network apparatus conveying a first part of the master transfer key, and ii) an electronic mail message sent to the associated electronic mail address for the network apparatus conveying a second part of the master transfer key, and the registration controller is further operable to recover the master transfer key using said first and second parts.
2 Assignments
0 Petitions
Accused Products
Abstract
There is described a key server which is connected to a local area network, and an encryption authority transfers private keys for clients of the local area network to the key server. In an embodiment, the key server encrypts outgoing emails using public keys for the recipients and decrypts internal emails using private keys for the recipients. In another embodiment, the clients of the local area network download their respective private keys from the key server so that encryption operations may be performed by client software.
11 Citations
15 Claims
-
1. A network apparatus operable to communicate with one or more remote network devices which are associated with a group of users, the network apparatus comprising:
-
a request transmitter operable to transmit over a network to a remote server a request for cryptographic keys for the group of users; a key receiver operable to receive cryptographic keys for the group of users and to store the received cryptographic keys in a cryptographic keys data store; and a registration controller operable to control a registration procedure for registering the network apparatus with the remote server, wherein the registration controller is operable to retrieve one or more transfer keys from the remote server and to store the transfer keys in a transfer key data store, wherein the key receiver is operable, in response to receiving an encrypted cryptographic key, to retrieve at least one transfer key for decrypting the encrypted cryptographic key from the transfer key data store, and to decrypt the encrypted cryptographic key using the retrieved transfer key to recover the cryptographic key, wherein the decryption using the transfer key employs a symmetric encryption algorithm, wherein the registration controller is operable to retrieve a master transfer key associated with the network apparatus and plural user transfer keys, each user transfer key being associated with a different user within the group of users, wherein the network apparatus has a network address and an associated electronic mail address, wherein the registration controller is operable to receive i) a signal sent to the network address for the network apparatus conveying a first part of the master transfer key, and ii) an electronic mail message sent to the associated electronic mail address for the network apparatus conveying a second part of the master transfer key, and the registration controller is further operable to recover the master transfer key using said first and second parts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A network apparatus operable to communicate with one or more remote network devices which are associated with a group of users, the network apparatus comprising:
-
a request transmitter operable to transmit over a network to a remote server a request for cryptographic keys for the group of users; a key receiver operable to receive cryptographic keys for the group of users and to store the received cryptographic keys in a cryptographic keys data store; and a user registration controller operable to control a registration procedure to add a new user to the group of users, wherein the network apparatus comprises a transfer key data store, and wherein the user registration controller is operable to retrieve a user transfer key from the remote server, to store the user transfer key in a transfer key data store, and to forward the retrieved user transfer key to said new user, wherein the user registration controller initiates registration of the new user in response to signal from a user network address conveying a new user request including an electronic mail address for the new user and a token identifying the new user, wherein the request processor is operable to request verification of the token from a lightweight directory access protocol server, wherein in response to verification of the token by the lightweight directory access protocol server, the request processor is operable to transmit a signal to said user network address conveying the user transfer key for the new user, and wherein in the absence of verification of the token by the lightweight directory access protocol server, the request processor is operable to split the user transfer key for the new user into two or more parts and to send a signal to the user network address conveying a first part of the user transfer key for the new user and to transmit an electronic message to the electronic mail address for the new user conveying a second part of the user transfer key for the new user.
-
Specification