Public key cryptosystem with roaming user capability
First Claim
1. A system for sending an encrypted digital message from a client sender machine to a client recipient machine over a network, comprising:
- a client computer operable to access a pop proxy, said client computer comprising;
a pop proxy operable to access an Enabler computer program, said pop proxy further operable to transmit and receive an encrypted digital message to and from a pop server;
a client memory operable to store said Enabler computer program;
a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client sender computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
allow said user to enter a user identifier;
transmit said user identifier to said encryption server to verify identity of said user;
receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair;
use said passphrase to decrypt said encrypted private key at said client computer;
retrieve a user recipient'"'"'s public key from said encryption server database;
encrypt a digital message with said user recipient'"'"'s public key; and
transmit said encrypted digital message to said user recipient;
an encryption server, said encryption server operable to process requests from said pop proxy, said encryption server comprising;
a server memory operable to store a Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify said user identity;
retrieve said encrypted private key from said encryption server database; and
transmit said encrypted private key from said encryption server to said user'"'"'s pop proxy; and
a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender pop proxy and said encryption server and further between said client sender pop proxy and said pop server.
0 Assignments
0 Petitions
Accused Products
Abstract
A public key cryptosystem with roaming user capability within a network that allows secure communication between users of the system, client machines, and encryption servers. A client machine generates and stores an encrypted private key on an encryption server. A user may then access the encrypted private key from any client machine located on the network and decrypt it using a passphrase, thus giving the user roaming capability. The private key may then be used to decrypt any encrypted messages received. A user can generate a digital message, encrypt it with a client recipient'"'"'s public key, and transmit it to the encryption server from any client machine on the network.
122 Citations
7 Claims
-
1. A system for sending an encrypted digital message from a client sender machine to a client recipient machine over a network, comprising:
-
a client computer operable to access a pop proxy, said client computer comprising;
a pop proxy operable to access an Enabler computer program, said pop proxy further operable to transmit and receive an encrypted digital message to and from a pop server;
a client memory operable to store said Enabler computer program;
a client processor electrically connected to said client memory, said client processor operable to execute said Enabler computer program such that said client sender computer is directed by said Enabler computer program to communicate with a Server computer program located on said encryption server to;
allow said user to enter a user identifier;
transmit said user identifier to said encryption server to verify identity of said user;
receive a private key encrypted with a passphrase from a database located in a memory of said encryption server, said private key having a corresponding public key, thereby forming a public/private key pair;
use said passphrase to decrypt said encrypted private key at said client computer;
retrieve a user recipient'"'"'s public key from said encryption server database;
encrypt a digital message with said user recipient'"'"'s public key; and
transmit said encrypted digital message to said user recipient;
an encryption server, said encryption server operable to process requests from said pop proxy, said encryption server comprising;
a server memory operable to store a Server computer program and a database, said database comprising a plurality of said user identifiers, encrypted private keys, and public keys; and
a server processor electronically connected to said server memory, said server processor operable to execute said Server computer program such that said encryption server is directed by said Server computer program to communicate with said Enabler computer program to;
receive and compare said user identifier against a plurality of user identifiers located in said database of said encryption server to verify said user identity;
retrieve said encrypted private key from said encryption server database; and
transmit said encrypted private key from said encryption server to said user'"'"'s pop proxy; and
a network comprising said client sender computer, said encryption server, and said client recipient computer, wherein said network allows communication between said client sender pop proxy and said encryption server and further between said client sender pop proxy and said pop server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
generate said public/private key pair;
generate said user passphrase;
generate said user identifier;
hash said user passphrase;
transmit said hash of said user passphrase to said encryption server to compare against a plurality of hashed English words, common nouns, and popular sayings located on said database of said encryption server;
encrypt said private key with said hash of said user passphrase yielding said encrypted private key; and
transmit said encrypted private key and public key to said encryption server.
-
-
3. The system of claim 1, wherein said user identifier is said user'"'"'s passphrase, further wherein said user'"'"'s passphrase is hashed and transmitted to said encryption server and compared against said database of hashed passphrases to verify the identity of said user.
-
4. The system of claim 1, wherein said encryption server is further operable to execute said Server computer program to communicate with said New User computer program such that said encryption server is directed by said Server computer program to:
-
receive and compare said hash of said passphrase against a plurality of hashed English words, common nouns, and popular sayings located on said database of said encryption server;
compare said hash of said passphrase against said database of hashed passphrases to verify the identity of said user;
receive said encrypted private key and said public key paired to said encrypted private key from said pop proxy; and
store said encrypted private key and said public key in said database of said encryption server.
-
-
5. The system of claim 1, wherein said encryption server is authenticated to said user by industry standard means, such as SSL, using authentication certificates.
-
6. The system of claim 1, wherein said user may optionally sign said digital message with said private key before encrypting and transmitting said digital message to said encryption server.
-
7. The system of claim 1, wherein said digital message is time or bandwidth sensitive and is not transmitted through said encryption server, and wherein said time or bandwidth sensitive data is encrypted and transmitted directly to said client recipient computer.
Specification