Security server system

US 7,325,127 B2
Filed: 11/26/2002
Issued: 01/29/2008
Est. Priority Date: 04/25/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for securely communicating a message between a plurality of participants, wherein the message has a message header and a message content, the system comprising:

a message router that connects the participants via a network and delivers the message between the participants based on the message header; and

a key server that stores and releases conversation keys to the participants, wherein said conversation keys are used to apply protection to the message content of the message.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security server system and method permitting participants acting as the source or destinations for a message or a conversation with multiple messages to securely communicate the messages. The messages have a message header and a message content. A message router connects the participants via a network and delivers the message between the participants based on the message header. A key server creates, stores, and releases conversation keys that the participants use to protect the message content of the message.

116 Citations

View as Search Results

28 Claims

1. A system for securely communicating a message between a plurality of participants, wherein the message has a message header and a message content, the system comprising:
- a message router that connects the participants via a network and delivers the message between the participants based on the message header; and
  
  a key server that stores and releases conversation keys to the participants, wherein said conversation keys are used to apply protection to the message content of the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein said protection includes at least one member of the set consisting of encrypting and hashing.
  - 3. The system of claim 1, wherein:
    - the participant sending the message is a source participant;
      
      the participants receiving the message are destination participants; and
      
      said key server releases a new said conversation key to said source participant based on request by said source participant, thereby permitting said source participant to protect the message content of the message with said new said conversation key.
  - 4. The system of claim 3, wherein said key server releases a plurality of said new said conversation keys based on a single said request, thereby avoiding having to ask said key server to release a said conversation key every time one is desired.
  - 5. The system of claim 1, wherein:
    - the participant sending the message is a source participant;
      
      the participants receiving the message are destination participants; and
      
      said key server accepts a new said conversation key from the said source participant based on request by said source participant, thereby providing said key server with said conversation key for storage and later release to a said destination participant.
  - 6. The system of claim 5, wherein said key server accepts a plurality of said new said conversation keys based on a single said request, thereby avoiding having to ask said key server to provide a said conversation key every time one is desired.
  - 7. The system of claim 1, wherein said key server releases an existing said conversation key to a said destination participant based on request by said destination participant and authorization by said source participant, thereby permitting said destination participant to process the message content of the message with said existing said conversation key.
  - 8. The system of claim 1, wherein a unique identifier is associated with said conversation key, thereby permitting said destination participants to provide said identifier to said key server when requesting a particular said conversation key to process the message content of the message.
  - 9. The system of claim 1, wherein said message router creates, stores, and releases header keys to the participants, wherein said header keys are used to protect the message header of the message.
  - 10. The system of claim 9, wherein said header keys are based on a member of the set consisting of secure socket layer and transport layer security.
  - 11. The system of claim 9, wherein said header keys are different for each of the participants.
  - 12. The system of claim 11, wherein:
    - a conversation is an exchange of a plurality of topically related instances of the messages;
      
      a conversation participant is a member of the set of the participants participating in said conversation;
      
      said conversation participants maintain at least one persistent connection with the message router for the duration of a session in which they participate in a said conversation; and
      
      said header keys are different for each said session.
  - 13. The system of claim 1, wherein said message router is able to receive from one of the participants and communicate to said key server an instance of the message requesting a said conversation key and said message router is further able to receive from said key server and communicate to one of the participants an instance of the message that contains a said conversation key, thereby facilitating said key server releasing said conversation keys to the participants.
  - 14. The system of claim 13, wherein:
    - an instance of the message requesting a said conversation key is a key request message; and
      
      said message router makes a determination whether to communicate said key request message to said key server based on the message header of said key request message.
  - 15. The system of claim 13, wherein:
    - a conversation is an exchange of a plurality of topically related instances of the messages;
      
      a conversation participant is a member of the set the participants participating in said conversation;
      
      a joining participant is a potential said conversation participant seeking to participate in said conversation;
      
      a departing participant is an existing said conversation participant seeking to no longer participate in said conversation;
      
      said key server can create, store, and release one or more said conversation keys that protect the message content of subsets of the messages in said conversation; and
      
      said message router instructs said key server to henceforth release a new said conversation key based on whether said conversation has a said joining participant or a said departing participant.

16. A method for securely communicating a message between a plurality of participants in a network, wherein the participant sending the message is a source participant and the participants receiving the message are destination participants and the message has a message header and a message content, the method comprising:
- (a) at the source participant;
  
  (1) obtaining a conversation key;
  
  (2) applying protection to the message content of the message based on said conversation key, wherein said protection includes at least one member of the set consisting of encrypting and hashing; and
  
  (3) sending the message to the destination participants via the network; and
  
  (b) at the destination participants;
  
  (1) receiving the message from the source participant via the network;
  
  (2) obtaining said conversation key from a key server also in the network; and
  
  (3) processing the message content of the message based on said conversation key, wherein said procesing includes at least one of decrypting and hash analysis.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The method of claim 16, wherein said conversation key is created at said key server, and communicated to the source participant in said step (a)(1).
  - 18. The method of claim 17, wherein a plurality of said conversation keys are created at said key server and communicated to the source participant concurrently, thereby avoiding having to ask said key server to release a said conversation key every time one is desired.
  - 19. The method of claim 16, wherein said conversation key is created at the source participant, and communicated to said key server before said step (b)(2).
  - 20. The method of claim 19, wherein a plurality of said conversation keys are created at the source participant and communicated to said key server concurrently, thereby avoiding having to ask the source participant to provide a said conversation key every time one is desired.
  - 21. The method of claim 19, further comprising:
    - before said step (a)(1), associating a unique identifier with said conversation key at said key server; and
      
      contemporaneous with said step (b)(2) for each of the destination participants, releasing said conversation key to the respective destination participant based on said unique identifier.
  - 22. The method of claim 19, further comprising:
    - before said step (a)(3), protecting the message header of the message based on a header key;
      
      after said step (a)(3), before said step (b)(1), and at a message router also in the network;
      
      receiving the message;
      
      processing the message header based on said header key;
      
      protecting the message header based on a different said header key; and
      
      sending the message onward to the destination participants via the network; and
      
      after said step (b)(1), processing the message header of the message based on said different said header key.
  - 23. The method of claim 22, wherein at least one of said header keys are based on a member of the set consisting of secure socket layer and transport layer security.
  - 24. The method of claim 22, wherein all said header keys are different for each of the participants.
  - 25. The method of claim 24, wherein a conversation is an exchange of a plurality of topically related instances of the messages and a conversation participant is a member of the set of the participants participating in said conversation, and the method further comprising:
    - maintaining at least one persistent connection with said message router for the duration of each session in which a said conversation participant participates in a said conversation; and
      
      employing a different said header key for each said session.
  - 26. The method of claim 19, wherein:
    - said step (a)(1) and said step (b)(2) include the participants requesting said conversation key from said key server via a message router also in the network.
  - 27. The method of claim 26, wherein an instance of the message requesting a said conversation key is a key request message, and the method further comprising:
    - said message router determining whether to communicate said key request message to said key server based on the message header of said key request message.
  - 28. The method of claim 26, wherein a conversation is an exchange of a plurality of topically related instances of the messages and a conversation participant is a member of the set of the participants participating in said conversation, a joining participant is a potential said conversation participant seeking to participate in said conversation, and a departing participant is an existing said conversation participant seeking to no longer participate in said conversation, and the method further comprising:
    - said message router instructing said key server to henceforth release a new said conversation key based on whether said conversation has a said joining participant or a said departing participant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Secure Data In Motion, Inc. (Proofpoint Incorporated)
Inventors
Olkin, Terry M., Moreh, Jahanshah
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Parthasarathy; Pramila

Application Number

US10/305,726
Publication Number

US 20030074552A1
Time in Patent Office

1,890 Days
Field of Search

None
US Class Current

713/152
CPC Class Codes

H04L 51/23   Reliability checks, e.g. ac...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

Security server system

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Security server system

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links