Secure instant messaging system

US 9,985,790 B2
Filed: 11/28/2016
Issued: 05/29/2018
Est. Priority Date: 02/20/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

caching, for access by a first client device used by a first user, a first security certificate for a second user;

sending a request, by the first client device, to a messaging service to obtain updated certificate information for the second user;

after sending the request, receiving the updated certificate information for the second user from the messaging service, wherein the updated certificate information is based on a second security certificate published by the second user, wherein the updated certificate information includes an abbreviated value determined from the second security certificate;

comparing the abbreviated value of the second security certificate with an abbreviated value of the first security certificate for the second user;

in response to the abbreviated value of the second security certificate not matching the abbreviated value of the first security certificate, requesting the second security certificate from the messaging service;

receiving the second security certificate for the second user from the messaging service;

using the second security certificate to encrypt an electronic message and produce an encrypted message; and

sending the encrypted message to the messaging server to be sent to a second client device of the second user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure instant messaging (IM) system integrates secure instant messaging into existing instant messaging systems. A certificate authority (CA) issues security certificates to users binding the user'"'"'s IM screen name to a public key, used by sending users to encrypt messages and files for the user. The CA uses a subscriber database to keep track of valid users and associated information, e.g. user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to an instant messaging server which publishes the user'"'"'s certificate to other users. Users encrypt instant messages and files using an encryption algorithm and the recipient'"'"'s certificate. A sending user can sign instant messages using his private signing key. The security status of received messages is displayed to recipients.

61 Citations

View as Search Results

20 Claims

1. A method comprising:
- caching, for access by a first client device used by a first user, a first security certificate for a second user;
  
  sending a request, by the first client device, to a messaging service to obtain updated certificate information for the second user;
  
  after sending the request, receiving the updated certificate information for the second user from the messaging service, wherein the updated certificate information is based on a second security certificate published by the second user, wherein the updated certificate information includes an abbreviated value determined from the second security certificate;
  
  comparing the abbreviated value of the second security certificate with an abbreviated value of the first security certificate for the second user;
  
  in response to the abbreviated value of the second security certificate not matching the abbreviated value of the first security certificate, requesting the second security certificate from the messaging service;
  
  receiving the second security certificate for the second user from the messaging service;
  
  using the second security certificate to encrypt an electronic message and produce an encrypted message; and
  
  sending the encrypted message to the messaging server to be sent to a second client device of the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the updated certificate information includes an online status of the second client device.
  - 3. The method of claim 1 wherein the second user is a member of the messaging service and is listed on at least one list of preferred users of the first user.
  - 4. The method of claim 1 wherein the second security certificate associates a screen name with a public key value, the screen name being associated with the second user, wherein the first user is associated to the screen name of the second user by being listed on at least one list of preferred users of the second user as determined by the messaging service.
  - 5. The method of claim 1 wherein using the second security certificate to encrypt an electronic message includes using a public key value associated with a screen name of the second user.
  - 6. The method of claim 1 wherein the messaging server is an instant messaging server, and wherein the electronic message is an instant message.
  - 7. The method of claim 1 wherein the certificate is issued by a certificate authority.
  - 8. The method of claim 1 wherein the abbreviated value of the second security certification is a hash value of the second security certificate, and wherein the abbreviated value of the first security certificate is a hash value of the first security certificate.
  - 9. The method of claim 1 wherein using the second security certificate to encrypt an electronic message includes:
    - generating a conversation encryption key value; and
      
      storing the conversation encryption key value in the encrypted message,wherein the conversation encryption key value is configured to be used by the second client device to decrypt the encrypted message during an instant messaging conversation.
  - 10. The method of claim 1 further comprising:
    - signing the encrypted message with a private signing key associated with a screen name of the first user, wherein the second client device is configured to verify the signed message using a certificate of the first user.

11. A system comprising:
- a cache at a first client device of a first user storing a first security certificate for a second user, the certificate sent by a second messaging client via a messaging server;
  
  at least one processor configured to access the cache and configured to;
  
  send a request to a messaging service to obtain updated certificate information for the second user;
  
  after sending the request, receive the updated certificate information for the second user from the messaging service, wherein the updated certificate information is based on a second security certificate published by the second user, wherein the updated certificate information includes an abbreviated value determined from the second security certificate;
  
  compare the abbreviated value of the second security certificate with an abbreviated value of the first security certificate for the second user;
  
  in response to the abbreviated value of the second security certificate not matching the abbreviated value of the first security certificate, request the second security certificate from the messaging service;
  
  receive the second security certificate for the second user from the messaging service;
  
  use the second security certificate to encrypt an electronic message and produce an encrypted message; and
  
  send the encrypted message to the messaging server to be sent to a second client device of the second user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11 wherein the processor is configured to use the second security certificate to encrypt an electronic message including using a public key value associated with the screen name of the second user.
  - 13. The system of claim 11 wherein the second security certificate associates a screen name with a public key value, the screen name being associated with the second user, wherein the first user is associated to the screen name of the second user by being listed on at least one list of preferred users of the second user as determined by the messaging service.
  - 14. The system of claim 11 wherein the updated certificate information includes an online status of the second client device.
  - 15. The system of claim 11 wherein the second user is a member of the messaging service and is listed on at least one list of preferred users of the first user.
  - 16. The system of claim 11 wherein using the second security certificate to encrypt an electronic message includes using a public key value associated with a screen name of the second user.
  - 17. The system of claim 11 wherein the messaging server is an instant messaging server, and wherein the electronic message is an instant message.
  - 18. The system of claim 11 wherein the abbreviated value of the second security certification is a hash value of the second security certificate, and wherein the abbreviated value of the first security certificate is a hash value of the first security certificate.

19. A method comprising:
- caching, for access by a first client device used by a first user, a first security certificate for a second user;
  
  sending a request, by the first client device, to a messaging service to obtain updated certificate information for the second user;
  
  after sending the request, receiving the updated certificate information for the second user from the messaging service, wherein the updated certificate information is based on a second security certificate published by the second user, wherein the updated certificate information includes a hash value determined from the second security certificate, wherein the second security certificate associates a screen name with a public key value, the screen name being associated with the second user;
  
  comparing the hash value of the second security certificate with a hash value of the first security certificate for the second user;
  
  in response to the hash value of the second security certificate not matching the hash value of the first security certificate, requesting the second security certificate from the messaging service;
  
  receiving the second security certificate for the second user from the messaging service;
  
  using the public key value associated with the screen name of the second user to encrypt an electronic message and produce an encrypted message; and
  
  sending the encrypted message to the messaging server to be sent to a second client device of the second user.
- View Dependent Claims (20)
- - 20. The method of claim 19 wherein the updated certificate information includes an online status of the second client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Lord, Robert B., Hayes, Terry N., Uberti, Justin
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US15/362,739
Publication Number

US 20170078104A1
Time in Patent Office

547 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/33   using certificates

H04L 51/04   Real-time or near real-time...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 67/10   in which an application is ...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Secure instant messaging system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure instant messaging system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links