Secure messaging systems

US 7,921,292 B1
Filed: 04/04/2003
Issued: 04/05/2011
Est. Priority Date: 04/04/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securely conveying a message over a communications network from a sender to a recipient, wherein the recipient has a message address and has a public key and a private key for use in encryption and decryption, comprising:

with the computing equipment at the sender, encrypting the message for the recipient using the public key of the recipient;

sending the encrypted message from the computing equipment at the sender to the message address of the recipient over the communications network;

adding forwarding notification information to the encrypted message in the form of instructions for the recipient that direct the recipient to forward the encrypted message for decryption, wherein the encrypted message with the added forwarding notification information is provided to the recipient;

at a server, receiving from the computing equipment at the sender the encrypted message addressed to the recipient;

providing the recipient with an interactive message access prompt formed from a universal resource locator to which the recipient can respond by clicking on the universal resource locator to begin obtaining access to a decrypted version of the message;

using the server to obtain credentials from the recipient when the recipient responds to the interactive message access prompt by clicking on the universal resource locator;

with a decryption engine on the server, using the recipient'"'"'s credentials to obtain a copy of the recipient'"'"'s private key;

with the decryption engine on the server, decrypting the encrypted message using the copy of the recipient'"'"'s private key to produce the decrypted version of the message; and

with the server, providing the recipient with access to the decrypted version of the message, wherein the recipient'"'"'s public key is an IBE public key and the recipient'"'"'s private key is an IBE private key, wherein the sender encrypts the message using the recipient'"'"'s IBE public key, wherein decrypting the encrypted message comprises decrypting the encrypted message at the server using the IBE private key of the recipient to produce the decrypted version of the message.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient'"'"'s public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient'"'"'s equipment.

154 Citations

22 Claims

1. A method for securely conveying a message over a communications network from a sender to a recipient, wherein the recipient has a message address and has a public key and a private key for use in encryption and decryption, comprising:
- with the computing equipment at the sender, encrypting the message for the recipient using the public key of the recipient;
  
  sending the encrypted message from the computing equipment at the sender to the message address of the recipient over the communications network;
  
  adding forwarding notification information to the encrypted message in the form of instructions for the recipient that direct the recipient to forward the encrypted message for decryption, wherein the encrypted message with the added forwarding notification information is provided to the recipient;
  
  at a server, receiving from the computing equipment at the sender the encrypted message addressed to the recipient;
  
  providing the recipient with an interactive message access prompt formed from a universal resource locator to which the recipient can respond by clicking on the universal resource locator to begin obtaining access to a decrypted version of the message;
  
  using the server to obtain credentials from the recipient when the recipient responds to the interactive message access prompt by clicking on the universal resource locator;
  
  with a decryption engine on the server, using the recipient'"'"'s credentials to obtain a copy of the recipient'"'"'s private key;
  
  with the decryption engine on the server, decrypting the encrypted message using the copy of the recipient'"'"'s private key to produce the decrypted version of the message; and
  
  with the server, providing the recipient with access to the decrypted version of the message, wherein the recipient'"'"'s public key is an IBE public key and the recipient'"'"'s private key is an IBE private key, wherein the sender encrypts the message using the recipient'"'"'s IBE public key, wherein decrypting the encrypted message comprises decrypting the encrypted message at the server using the IBE private key of the recipient to produce the decrypted version of the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method defined in claim 1 wherein providing the recipient with access to the decrypted version of the message comprises providing the recipient with access to the decrypted version of the message over a secure communications link between the server and the recipient.
  - 3. The method defined in claim 1 wherein using the server to obtain credentials from the recipient comprises using the server to obtain credentials from the recipient over a secure communications link.
  - 4. The method defined in claim 1, wherein the recipient has a web browser, the method further comprising using the server to provide the recipient with access to the decrypted version of the message in the form of a web page provided to the recipient by the server over a secure communications link.
  - 5. The method defined in claim 1 wherein using the server to obtain credentials from the recipient comprises obtaining a username and password from the recipient using the server.
  - 6. The method defined in claim 1 wherein using the recipient'"'"'s credentials to obtain a copy of the recipient'"'"'s private key comprises using the server to present the recipient'"'"'s public key to an IBE private key generator with a request for a copy of the recipient'"'"'s IBE private key.
  - 7. The method defined in claim 1 further comprising, at the server, storing the encrypted message in an encrypted message database.
  - 8. The method defined in claim 1 further comprising, at the server, storing the decrypted message in a decrypted message database.
  - 9. The method defined in claim 1 further comprising using the server to send the recipient a notification message that contains the encrypted message and that contains the forwarding notification information, wherein the forwarding notification information directs the recipient to forward the encrypted message to the server for decryption.
  - 10. The method defined in claim 1 wherein adding the forwarding notification information comprises adding the forwarding notification information to the encrypted message at the sender.
  - 11. The method defined in claim 1 wherein adding the forwarding notification information comprises adding the forwarding notification information to the encrypted message at the server.
  - 12. The method defined in claim 1 wherein adding the forwarding notification information comprises adding the forwarding notification information to the encrypted message at an intermediate mail server that lies in a communications path between the sender and the recipient.
  - 13. The method defined in claim 1 wherein providing the recipient with the interactive message access prompt comprises using the server to provide the recipient with an interactive message access prompt to which the recipient can respond to begin obtaining access to the decrypted version of the message.
  - 14. The method defined in claim 1 wherein providing the recipient with the interactive message access prompt comprises using the server to send the recipient an interactive message containing the interactive message access prompt to which the recipient can respond to begin obtaining access to the decrypted version of the message.
  - 15. The method defined in claim 1 further comprising storing the encrypted message received from the sender at the server, wherein providing the recipient with the interactive message access prompt comprises using the server to send the recipient an interactive message that informs the recipient that the encrypted message has been received and that contains the interactive message access prompt to which the recipient can respond to begin obtaining access to the decrypted version of the message.
  - 16. The method defined in claim 1 wherein providing the recipient with the interactive message access prompt comprises using the server to send the recipient an interactive message when the server receives a forwarded encrypted message from the recipient, wherein the interactive message contains the interactive message access prompt to which the recipient can respond to begin obtaining access to the decrypted version of the message.
  - 17. The method defined in claim 1 wherein providing the recipient with the interactive message access prompt comprises adding the interactive message access prompt to the encrypted message at the sender.
  - 18. The method defined in claim 1 wherein providing the recipient with the interactive message access prompt comprises adding the interactive message access prompt to the encrypted message at the server.
  - 19. The method defined in claim 1 wherein providing the recipient with the interactive message access prompt comprises adding the interactive message access prompt to the encrypted message at an intermediate mail server that lies in a communications path between the sender and the recipient.
  - 20. The method defined in claim 1 further comprising at the sender, sending a copy of the encrypted message to a message address for the server.
  - 21. The method defined in claim 20 further comprising using the server to provide the recipient with the interactive message access prompt when the server receives the copy of the encrypted message sent to the message address of the server by the sender.
  - 22. The method defined in claim 1 wherein the server is within the same organization as the recipient, the method further comprising using the server to provide the recipient with access to the decrypted version of the message without installing a decryption engine at the recipient for decrypting the encrypted message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Kacker, Rishi R., Appenzeller, Guido, Pauker, Matthew J., Spies, Terence
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Hoang; Daniel L

Application Number

US10/406,938
Time in Patent Office

2,923 Days
Field of Search

703/168, 703/182, 380/258, 380/178, 380/286, 380/44, 380/30
US Class Current

713/171
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/083   involving central third par...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/321   involving a third party or ...

Secure messaging systems

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

154 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure messaging systems

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links