Encryption key exchange system and method

US 9,002,018 B2
Filed: 02/07/2011
Issued: 04/07/2015
Est. Priority Date: 05/09/2006
Status: Active Grant

First Claim

Patent Images

1. In a network including a key exchange system and and a plurality of network devices, a computer-implemented method enabling at least one communication recipient to identify a sender of a communication comprising:

creating, in the key exchange system, a user account for the communication sender, the user account storing user information comprising communication sender identification information, user authentication criteria and user indicia;

verifying, that the communication sender identification information associated with the user account positively identifies the communication sender;

associating the private key of an asymmetric key pair to a network device of the communication sender;

associating, to the user account of the communication sender on the key exchange system, the public key of the asymmetric key pair;

sending, by the network device of the communication sender, the communication, the communication digitally signed using the private key of the communication sender;

receiving, by the network device of the at least one communication recipient the communication;

receiving, by the key exchange system from the network device of the at least one communication recipient, a request for at least one public key and user indicia associated to at least one user account of the communication sender;

transmitting, to the network device of the at least one communication recipient, at least one public key and user indicia associated to at least one user account of the communication sender;

identifying, by the network device of the at least one communication recipient with the public key of the communication sender and the digital signature within the communication, the identity of the communication sender; and

,presenting, by a user interface of the network device of the at least one communication recipient, user indicia of the communication sender.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a computer-implemented key exchange system and methods for improving the usability of encryption technologies such as Public Key Infrastructure (PKI). One aspect of the present invention includes registering users, verifying user identity, and classifying users such that the users may send a communications such that communication recipients can verify the user identity and classification of the communication sender. Another aspect of the present invention includes users initiating relationships with other users, approving the establishment of relationships, and exchanging encryption keys between users after the establishment of a relationship.

Citations

23 Claims

1. In a network including a key exchange system and and a plurality of network devices, a computer-implemented method enabling at least one communication recipient to identify a sender of a communication comprising:
- creating, in the key exchange system, a user account for the communication sender, the user account storing user information comprising communication sender identification information, user authentication criteria and user indicia;
  
  verifying, that the communication sender identification information associated with the user account positively identifies the communication sender;
  
  associating the private key of an asymmetric key pair to a network device of the communication sender;
  
  associating, to the user account of the communication sender on the key exchange system, the public key of the asymmetric key pair;
  
  sending, by the network device of the communication sender, the communication, the communication digitally signed using the private key of the communication sender;
  
  receiving, by the network device of the at least one communication recipient the communication;
  
  receiving, by the key exchange system from the network device of the at least one communication recipient, a request for at least one public key and user indicia associated to at least one user account of the communication sender;
  
  transmitting, to the network device of the at least one communication recipient, at least one public key and user indicia associated to at least one user account of the communication sender;
  
  identifying, by the network device of the at least one communication recipient with the public key of the communication sender and the digital signature within the communication, the identity of the communication sender; and
  
  ,presenting, by a user interface of the network device of the at least one communication recipient, user indicia of the communication sender.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of verifying includes verifying a right of the communication sender to use the stored indicia.
  - 3. The method of claim 1, wherein associating the public key of the asymmetric key pair to the user account includes generating the asymmetric key pair from a certificate.
  - 4. The method of claim 1, wherein associating the public key of the asymmetric key pair includes generating the asymmetric key pair from a certificate, the public key including at least one of embedded user indicia and an association to user indicia.
  - 5. The method of claim 1, wherein associating the public key of the asymmetric key pair includes generating the asymmetric key pair from a certificate, the public key including at least one of embedded security zone indicia and an association to security zone indicia, wherein transmitting at least one pubic key and user indicia includes security zone indicia.
  - 6. The method of claim 1, wherein verifying includes specifying, by at least one of the administrative user of the key exchange system and the certificate authority and the third party application, a classification of the communication sender and associating the classification with the user account.

7. In a network, including a key exchange server and a plurality of network devices, a network device of a communication sender comprising:
- a network interface for facilitating network communication;
  
  a processor for executing and a program memory for executing thereinuser authentication logic for managing at least one of user authentication information and user authentication criteria to authenticate at least one communication sender with the key exchange server,signing logic for signing a communication with a private key of an asymmetric key pair wherein the asymmetric key pair verifies, by a public key of the asymmetric key pair retrieved from the key exchange server, an identity of the communication sender, andat least one ofcertificate requester logic for retrieving a certificate associated to a user account on the key exchange server, the certificate identifying a communication sender, and at least one of the user indicia of the communication sender and a classification of the communication sender,private key requester logic for retrieving a private key of at least one asymmetric key pair associated to a user account on the key exchange server, the key pair identifying a communication sender, and at least one of the user indicia of the communication sender and a classification of the communication sender,security zone indicia requester logic for retrieving security zone indicia from the key exchange server,key generation logic for generating an asymmetric key pair from a certificate whereby the private key is stored in at least one of the data storage and the program memory of the network device and the public key is transmitted to the key exchange server and associated to the user account on the key exchange server, the key pair identifying the communication sender, and at least one of the user indicia of the communication sender and the classification of the communication sender,key rotation logic for invoking the key generation logic automatically on a periodic basis; and
  
  ,a communication application adapted to invoke signing logic to sign the communication with the private key of the key pair, the key pair identifying the communication sender, and at least one of the user indicia of the communication sender and the classification of the communication sender.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The network device of claim 7, wherein the communication application is an email application and the communication is an email message.
  - 9. The network device of claim 7, wherein the communication application is a short message service application and the communication is a short message service message.
  - 10. The network device of claim 7, wherein the communication application is an instant messaging application and the communication is an instant message.
  - 11. The network device of claim 7, wherein the communication contains a variable, the signing logic is adapted to select a private key with associated security zone indicia, and the signing logic is adapted to substitute the variable with a reference to the security zone indicia of the selected private key.

12. In a network including a key exchange server and a plurality of network devices, a network device of a communication recipient comprising:
- a network interface for facilitating network communication;
  
  a processor for executing and a program memory for storing thereinverifying logic for verifying a communication with a public key of an asymmetric key pair retrieved from the key exchange server wherein the public key verifies an identity of the communication sender, and at least one of a user indicia of the communication sender and a classification of the communication sender,sender verification panel logic for presenting to the communication recipient a sender verification panel in juxtaposition to a verified communication, the sender verification panel presenting the identity of the communication sender and the classification of the communication sender, andat least one ofpublic key requester logic for retrieving at least one public key of at least one key pair associated to a user account on the key exchange server, the key pair identifying the communication sender, and at least one of user indicia of the communication sender and the classification of the communication sender,security zone indicia requester logic for retrieving security zone indicia from the key exchange server,key rotation logic for invoking the public key requester logic automatically on a periodic basis; and
  
  ,a communication application adapted to invoke verifying logic to verify the communication with the public key of the key pair, the key pair identifying the communication sender, and at least one of the user indicia of the communication sender and the classification of the communication sender.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The network device of claim 12, wherein the communication application is an email application and the communication is an email message.
  - 14. The network device of claim 12, wherein the communication application is a short message service and the communication is a short message service message.
  - 15. The network device of claim 12, wherein the communication application is an instant message application and the communication is an instant message.
  - 16. The network device of claim 12, wherein the communication contains user indicia and the sender verification panel animates the user indicia of the sender verification panel and the user indicia of the communication to establish a visual match.
  - 17. The network device of claim 12, wherein the sender verification panel logic presents security zone indicia.
  - 18. The sender verification panel logic of claim 17, wherein the communication contains security zone indicia and the sender verification panel logic animates the security zone indicia of the sender verification panel and the security zone indicia of the communication to establish a visual match.
  - 19. The network device of claim 12, wherein the processor for executing and the program memory for storing therein further comprises verified communication presentation logic for presenting at least one verified received communication separately from unverified received communications;
    - and, the communication application is further adapted to invoke the verified communication presentation logic to separately present the at least one verified received communication.

20. In a network including a key exchange system and a plurality of network devices, a computer-implemented method enabling at least one communication application to identify a server provider of a server comprising:
- creating, in the key exchange system, a user account for a server provider, the user account storing server provider identification information and user authentication criteria;
  
  verifying, that the server provider identification information associated with the user account identifies the server provider;
  
  associating a private key of a key pair to a server of the server provider;
  
  associating, to the user account of the server provider on the key exchange system, a public key of the key pair;
  
  receiving, by the key exchange system from the communication application of a network device, a request for at least one public key associated to at least one user account;
  
  transmitting, by the key exchange system to the communication application of the network device, at least one public key of at least one user account;
  
  communicating, by the communication application of the network device to the server of the server provider; and
  
  ,identifying, by the communication application of the network device with the public key of the server provider, the identity of the server provider of the server.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20, wherein the communication application is adapted to present at least one of user indicia of the server provider and a classification of the server provider in a server verification panel when the communication application identifies the server of the server provider using at least one public key received from the key exchange system.
  - 22. The method of claim 20, wherein verifying includes specifying by at least one of the administrative user of the key exchange system and the certificate authority and the third party application, a classification of the server provider and associating the classification with the user account.

23. In a network, including a key exchange server and a plurality of network devices, a network appliance for verifying a communication comprising:
- a network interface for facilitating network communication;
  
  a processor for executing and a program memory for storing thereinverifying logic for verifying a communication with a public key of an asymmetric key pair retrieved from the key exchange server wherein the public key verifies at least one of an identity of the communication sender and a classification of the communication sender,communication routing logic for routing a verified communication,at least one ofpublic key requester logic for retrieving at least one public key of at least one key pair associated to a user account on the key exchange server, the key pair identifying at least one of the communication sender and the classification of the communication sender, andkey rotation logic for invoking the public key requester logic automatically on a periodic basis; and
  
  ,a communication application adapted to invoke verifying logic to verify a communication with the public key of the key pair, the key pair identifying at least one of the communication sender and the classification of the communication sender, and further adapted to invoke communication routing logic to route the communication after verification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sync Up Technologies Corporation
Original Assignee
Sync Up Technologies Corporation
Inventors
Wilkins, John, Keefe, Michael, Rehman, Sam
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US12/931,631
Publication Number

US 20120204032A1
Time in Patent Office

1,520 Days
Field of Search

380/285
US Class Current

380/285
CPC Class Codes

H04L 2463/041   using an encryption or decr...

H04L 51/00   User-to-user messaging in p...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 9/006   involving public key infras...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Encryption key exchange system and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption key exchange system and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links