Encryption key exchange system and method
First Claim
1. In a network including a key exchange system and and a plurality of network devices, a computer-implemented method enabling at least one communication recipient to identify a sender of a communication comprising:
- creating, in the key exchange system, a user account for the communication sender, the user account storing user information comprising communication sender identification information, user authentication criteria and user indicia;
verifying, that the communication sender identification information associated with the user account positively identifies the communication sender;
associating the private key of an asymmetric key pair to a network device of the communication sender;
associating, to the user account of the communication sender on the key exchange system, the public key of the asymmetric key pair;
sending, by the network device of the communication sender, the communication, the communication digitally signed using the private key of the communication sender;
receiving, by the network device of the at least one communication recipient the communication;
receiving, by the key exchange system from the network device of the at least one communication recipient, a request for at least one public key and user indicia associated to at least one user account of the communication sender;
transmitting, to the network device of the at least one communication recipient, at least one public key and user indicia associated to at least one user account of the communication sender;
identifying, by the network device of the at least one communication recipient with the public key of the communication sender and the digital signature within the communication, the identity of the communication sender; and
,presenting, by a user interface of the network device of the at least one communication recipient, user indicia of the communication sender.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a computer-implemented key exchange system and methods for improving the usability of encryption technologies such as Public Key Infrastructure (PKI). One aspect of the present invention includes registering users, verifying user identity, and classifying users such that the users may send a communications such that communication recipients can verify the user identity and classification of the communication sender. Another aspect of the present invention includes users initiating relationships with other users, approving the establishment of relationships, and exchanging encryption keys between users after the establishment of a relationship.
-
Citations
23 Claims
-
1. In a network including a key exchange system and and a plurality of network devices, a computer-implemented method enabling at least one communication recipient to identify a sender of a communication comprising:
-
creating, in the key exchange system, a user account for the communication sender, the user account storing user information comprising communication sender identification information, user authentication criteria and user indicia; verifying, that the communication sender identification information associated with the user account positively identifies the communication sender; associating the private key of an asymmetric key pair to a network device of the communication sender; associating, to the user account of the communication sender on the key exchange system, the public key of the asymmetric key pair; sending, by the network device of the communication sender, the communication, the communication digitally signed using the private key of the communication sender; receiving, by the network device of the at least one communication recipient the communication; receiving, by the key exchange system from the network device of the at least one communication recipient, a request for at least one public key and user indicia associated to at least one user account of the communication sender; transmitting, to the network device of the at least one communication recipient, at least one public key and user indicia associated to at least one user account of the communication sender; identifying, by the network device of the at least one communication recipient with the public key of the communication sender and the digital signature within the communication, the identity of the communication sender; and
,presenting, by a user interface of the network device of the at least one communication recipient, user indicia of the communication sender. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a network, including a key exchange server and a plurality of network devices, a network device of a communication sender comprising:
-
a network interface for facilitating network communication; a processor for executing and a program memory for executing therein user authentication logic for managing at least one of user authentication information and user authentication criteria to authenticate at least one communication sender with the key exchange server, signing logic for signing a communication with a private key of an asymmetric key pair wherein the asymmetric key pair verifies, by a public key of the asymmetric key pair retrieved from the key exchange server, an identity of the communication sender, and at least one of certificate requester logic for retrieving a certificate associated to a user account on the key exchange server, the certificate identifying a communication sender, and at least one of the user indicia of the communication sender and a classification of the communication sender, private key requester logic for retrieving a private key of at least one asymmetric key pair associated to a user account on the key exchange server, the key pair identifying a communication sender, and at least one of the user indicia of the communication sender and a classification of the communication sender, security zone indicia requester logic for retrieving security zone indicia from the key exchange server, key generation logic for generating an asymmetric key pair from a certificate whereby the private key is stored in at least one of the data storage and the program memory of the network device and the public key is transmitted to the key exchange server and associated to the user account on the key exchange server, the key pair identifying the communication sender, and at least one of the user indicia of the communication sender and the classification of the communication sender, key rotation logic for invoking the key generation logic automatically on a periodic basis; and
,a communication application adapted to invoke signing logic to sign the communication with the private key of the key pair, the key pair identifying the communication sender, and at least one of the user indicia of the communication sender and the classification of the communication sender. - View Dependent Claims (8, 9, 10, 11)
-
-
12. In a network including a key exchange server and a plurality of network devices, a network device of a communication recipient comprising:
-
a network interface for facilitating network communication; a processor for executing and a program memory for storing therein verifying logic for verifying a communication with a public key of an asymmetric key pair retrieved from the key exchange server wherein the public key verifies an identity of the communication sender, and at least one of a user indicia of the communication sender and a classification of the communication sender, sender verification panel logic for presenting to the communication recipient a sender verification panel in juxtaposition to a verified communication, the sender verification panel presenting the identity of the communication sender and the classification of the communication sender, and at least one of public key requester logic for retrieving at least one public key of at least one key pair associated to a user account on the key exchange server, the key pair identifying the communication sender, and at least one of user indicia of the communication sender and the classification of the communication sender, security zone indicia requester logic for retrieving security zone indicia from the key exchange server, key rotation logic for invoking the public key requester logic automatically on a periodic basis; and
,a communication application adapted to invoke verifying logic to verify the communication with the public key of the key pair, the key pair identifying the communication sender, and at least one of the user indicia of the communication sender and the classification of the communication sender. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. In a network including a key exchange system and a plurality of network devices, a computer-implemented method enabling at least one communication application to identify a server provider of a server comprising:
-
creating, in the key exchange system, a user account for a server provider, the user account storing server provider identification information and user authentication criteria; verifying, that the server provider identification information associated with the user account identifies the server provider; associating a private key of a key pair to a server of the server provider; associating, to the user account of the server provider on the key exchange system, a public key of the key pair; receiving, by the key exchange system from the communication application of a network device, a request for at least one public key associated to at least one user account; transmitting, by the key exchange system to the communication application of the network device, at least one public key of at least one user account; communicating, by the communication application of the network device to the server of the server provider; and
,identifying, by the communication application of the network device with the public key of the server provider, the identity of the server provider of the server. - View Dependent Claims (21, 22)
-
-
23. In a network, including a key exchange server and a plurality of network devices, a network appliance for verifying a communication comprising:
-
a network interface for facilitating network communication; a processor for executing and a program memory for storing therein verifying logic for verifying a communication with a public key of an asymmetric key pair retrieved from the key exchange server wherein the public key verifies at least one of an identity of the communication sender and a classification of the communication sender, communication routing logic for routing a verified communication, at least one of public key requester logic for retrieving at least one public key of at least one key pair associated to a user account on the key exchange server, the key pair identifying at least one of the communication sender and the classification of the communication sender, and key rotation logic for invoking the public key requester logic automatically on a periodic basis; and
,a communication application adapted to invoke verifying logic to verify a communication with the public key of the key pair, the key pair identifying at least one of the communication sender and the classification of the communication sender, and further adapted to invoke communication routing logic to route the communication after verification.
-
Specification