Stateless server-based encryption associated with a distribution list

US 10,375,051 B2
Filed: 11/27/2017
Issued: 08/06/2019
Est. Priority Date: 02/25/2015
Status: Active Grant

First Claim

Patent Images

1. A method of decrypting electronic messages, comprising:

assigning a common public key and a corresponding common private key to an email distribution list, the email distribution list including a plurality of destination clients and the email distribution list identified by an identifier;

receiving, by a message relay server, an encrypted electronic message from a source client, the encrypted electronic message being encrypted using the common public key, being derived from a first electronic message, and being addressed to the plurality of destination clients listed in the email distribution list;

transmitting, by the message relay server, the encrypted electronic message to the plurality of destination clients listed in the distribution list, the distribution list associated with the common private key;

receiving, by a decryption module of a decryptor device, the encrypted electronic message from each of the plurality of destination clients; and

for at least two of the encrypted electronic messages received by the decryption module from different destination clients of the plurality of destination clients;

authenticating each destination client of the different destination clients; and

in response to a successful authentication of a first destination client of the different destination clients;

obtaining by the decryption module, the identifier;

using the identifier to retrieve by the decryption module, the common private key;

decrypting, by the decryption module, at least one of the at least two encrypted electronic message using the common private key; and

transmitting the at least one decrypted encrypted electronic message to the first destination client; and

in response to a failed authentication of a second destination client of the different destination clients, notifying the second destination client of the failed authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method of decrypting electronic messages includes receiving, by an authentication module of a decryptor device, authentication requests from a plurality of destination clients. The method also includes receiving, by a decryption module of the decryptor device, encrypted electronic messages from the plurality of destination clients. The encrypted electronic messages are derived from a common electronic message sent by a common source client. The method further includes authenticating, based on an authentication table, the plurality of destination clients. The authentication table stores user credentials that are used to authenticate destination clients. The method also includes for each encrypted electronic message received from an authenticated destination client of the plurality of destination clients, decrypting the encrypted electronic message using a common private key and providing the decrypted electronic message to the authenticated destination client. The private key is stored at the decryptor device.

35 Citations

18 Claims

1. A method of decrypting electronic messages, comprising:
- assigning a common public key and a corresponding common private key to an email distribution list, the email distribution list including a plurality of destination clients and the email distribution list identified by an identifier;
  
  receiving, by a message relay server, an encrypted electronic message from a source client, the encrypted electronic message being encrypted using the common public key, being derived from a first electronic message, and being addressed to the plurality of destination clients listed in the email distribution list;
  
  transmitting, by the message relay server, the encrypted electronic message to the plurality of destination clients listed in the distribution list, the distribution list associated with the common private key;
  
  receiving, by a decryption module of a decryptor device, the encrypted electronic message from each of the plurality of destination clients; and
  
  for at least two of the encrypted electronic messages received by the decryption module from different destination clients of the plurality of destination clients;
  
  authenticating each destination client of the different destination clients; and
  
  in response to a successful authentication of a first destination client of the different destination clients;
  
  obtaining by the decryption module, the identifier;
  
  using the identifier to retrieve by the decryption module, the common private key;
  
  decrypting, by the decryption module, at least one of the at least two encrypted electronic message using the common private key; and
  
  transmitting the at least one decrypted encrypted electronic message to the first destination client; and
  
  in response to a failed authentication of a second destination client of the different destination clients, notifying the second destination client of the failed authentication.
- View Dependent Claims (2, 3, 4, 16)
- - 2. The method of claim 1, further including:
    - receiving, by the decryption module, an identifier of the common public key from the different destination clients.
  - 3. The method of claim 2, wherein the identifier is included in a message header associated with the encrypted electronic message.
  - 4. The method of claim 3, wherein the identifier is included in a field of the message header.
  - 16. The method of claim 1, further including:
    - discarding, by the message relay server, the encrypted electronic message after transmitting the encrypted electronic message to the plurality of destination clients, wherein the message relay server does not store a state of the encrypted electronic message after the message relay server discards the encrypted electronic message.

5. A system for decrypting electronic messages, comprising:
- a memory that stores a distribution list identified by an identifier associated with a common private key and corresponding common public key;
  
  a message relay server that receives an encrypted electronic message from a source client and transmits the encrypted electronic message to a plurality of destination clients listed in the distribution list,wherein the encrypted electronic message is encrypted using a common public key, is derived from a first electronic message, and is addressed to the plurality of destination clients;
  
  a decryption module that receives the encrypted electronic message from each of at least two destination clients of the plurality of destination clients;
  
  and an authentication module that successfully authenticates first and second destination clients of the plurality of destination clients,wherein in response to the authentication module successfully authenticating a respective destination client, the decryption module;
  
  obtains the identifier;
  
  using the identifier, retrieves the common private key;
  
  decrypts the encrypted electronic message using the common private key; and
  
  transmits the decrypted electronic message to the respective destination client.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 14, 15, 17, 18)
- - 6. The system of claim 5, wherein an encrypted channel connects the message relay server to the first destination client of the plurality of destination clients.
  - 7. The system of claim 5, further including:
    - an encryption module that receives the first electronic message, generates the encrypted electronic message by encrypting the first electronic message, and transmits the encrypted electronic message to the message relay server.
  - 8. The system of claim 7, wherein the source client includes the encryption module.
  - 9. The system of claim 8, wherein an encrypted channel connects the message relay server to the source client.
  - 10. The system of claim 5, wherein the message relay server discards the encrypted electronic message after transmitting the encrypted electronic message to the plurality of destination clients, and the message relay server does not store a state of the encrypted electronic message after the message relay server discards the encrypted electronic message.
  - 11. The system of claim 5,wherein in response to successfully authenticating the respective destination client, the authentication module sends an authentication token to the respective destination client.
  - 12. The system of claim 11, wherein in response to receiving the authentication token from the respective destination client, the decryption module determines that the authentication module has successfully authenticated the respective destination client.
  - 14. The system of claim 5, wherein the first destination client is different from the second destination client.
  - 15. The system of claim 14, wherein the authentication module sends a success notification to the first and second destination clients and transmits a fail notification to the destination client.
  - 17. The system of claim 5, wherein each of the first and second destination clients receives the encrypted electronic message from the message relay server and forwards the encrypted electronic message to the decryption module.
  - 18. The system of claim 17, wherein each of the first and second destination clients receives the first electronic message from the decryption module after forwarding the encrypted electronic message to the decryption module.

13. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions that when executed by one or more processors is adapted to cause the one or more processors to perform a method comprising:
- assigning a common public key and a corresponding common private key to an email distribution list, the email distribution list including a plurality of destination clients and the email distribution list identified by an identifier;
  
  receiving, by a message relay server, an encrypted electronic message from a source client, the encrypted electronic message being encrypted using the common public key, being derived from a first electronic message, and being addressed to the plurality of destination clients listed in the email distribution list;
  
  transmitting, by the message relay server, the encrypted electronic message to the plurality of destination clients listed in the distribution list, the distribution list associated with the common private key;
  
  receiving, by a decryption module of a decryptor device, the encrypted electronic message from each of the plurality of destination clients; and
  
  for at least two of the encrypted electronic messages received by the decryption module from different destination clients of the plurality of destination clients;
  
  authenticating each destination client of the different destination clients; and
  
  in response to a successful authentication of a first destination client of the different destination clients;
  
  obtaining by the decryption module, the identifier;
  
  using the identifier to retrieve by the decryption module, the common private key;
  
  decrypting, by the decryption module, at least one of the at least two encrypted electronic message using the common private key; and
  
  transmitting the at least one decrypted encrypted electronic message to the first destination client; and
  
  in response to a failed authentication of a second destination client of the different destination clients, notifying the second destination client of the failed authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Original Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Inventors
Tsirkin, Michael
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
McCoy, Richard A

Application Number

US15/823,166
Publication Number

US 20180083947A1
Time in Patent Office

617 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

Stateless server-based encryption associated with a distribution list

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Stateless server-based encryption associated with a distribution list

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links