WO2000044128A1 - Simplified addressing for private communications - Google Patents
Simplified addressing for private communications Download PDFInfo
- Publication number
- WO2000044128A1 WO2000044128A1 PCT/SG2000/000001 SG0000001W WO0044128A1 WO 2000044128 A1 WO2000044128 A1 WO 2000044128A1 SG 0000001 W SG0000001 W SG 0000001W WO 0044128 A1 WO0044128 A1 WO 0044128A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- addressee
- package
- key
- escrow
- module
- Prior art date
Links
- 238000004891 communication Methods 0.000 title description 11
- 230000005540 biological transmission Effects 0.000 claims abstract description 31
- 230000004044 response Effects 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims description 34
- 238000004590 computer program Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 4
- 230000004888 barrier function Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000004397 blinking Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
Definitions
- the present invention relates generally to cryptographic communications
- both the sender and receiver of a message use the same secret key.
- the sender uses the secret key to encrypt the message
- any person in possession of the key can create forged messages or
- a first user may publish his public
- the present invention solves the foregoing problems by providing a system and method for securely transmitting an information package (10) to an addressee via a network (108).
- a network 108
- d i rectory (112) of public keys is checked to determine whether the addressee of the package (10) has a public key. If the addressee does not have a public key ir
- the directory (112), the package (10) is encrypted with an escrow encryption key
- a notification such as
- an e-mail message is sent to the addressee of the package (10) in escrow.
- the addressee acknowledges the notification, the addressee is issued new public
- the addressee's new public key is added to the directory (112) such that future packages (10) to the addressee may be encrypted using the addressee's public key. Finally, the package (10) is transmitted to the addressee.
- (108) includes a directory interface (110) adapted to check a directory (112) to
- addressee's public key before a package (10) is sent is sent. Indeed, the addressee is not required to have a public key before the package (10) is sent. If the addressee does not currently have a public key, the addressee will be issued new public
- Figure 1 is a functional block diagram of a secure communications system for transmitting information packages according to an embodiment of the present invention
- FIG. 2 is a physical block diagram showing additional implementation
- Figure 3 is a flow diagram of a secure communication system according to
- Figure 4 is a flow diagram of a first embodiment of a transmission module and a decryption module according to an embodiment of the present invention.
- Figure 5 is a flow diagram of a second embodiment of a transmission
- the principal components of the system 100 include a sending system 102,
- the sending system 102 is
- an "open" computer network 108 such as the Internet.
- all transmissions over the network 108 are by a secure protocol, such as the Secure Multipurpose Internet Mail Extension (S/MIME) and/or the Secure Sockets Layer (SSL).
- S/MIME Secure Multipurpose Internet Mail Extension
- SSL Secure Sockets Layer
- the sending system 102 is used by a sender to securely transmit a , n information package 10 to at least one intended "recipient", who is
- sending system 102 includes a directory interface 110 for communicating via the
- the directory 112 is a
- the directory 112 may be queried using the addressee's e-mail address.
- the public key directory 112 is implemented using an existing online directory infrastructure provided, for example, by VeriSign, Inc. of Mountain View, California. In alternative embodiments, however, the directory is implemented using a conventional database system, such as one
- LDAP Lightweight Directory Access Protocol
- the sending system 102 also includes an encryption module 114 for
- the encryption module 114 is coupled to receive an escrow encryption key from an escrow key manager 116, as described
- the encryption module 114 uses a public key
- each encrypted data is transmitted using such as the Data Encryption Standard (DES), such as the Data Encryption Standard (DES), is used.
- DES Data Encryption Standard
- each encrypted data is transmitted using the Data Encryption Standard (DES).
- DES Data Encryption Standard
- symmetric key cryptography are preferably used to provide a high level of data security.
- the escrow key manager 116 generates keys and/or provides stored keys
- the escrow key manager 116 is a process running
- the encryption module 114 communicates with the escrow key manager 116 via the network
- the escrow key manager 112 is a functional unit contained
- the encryption module 114 is coupled via the network 108 to an escrow
- storage area 118 is a database for storing encrypted information packages and is
- an information package 10 is sent using a conventional protocol, such as the
- Hypertext Transfer Protocol (HTTP) to be stored within the escrow storage area
- the escrow storage area 118 is contained within the escrow storage area 118
- the server system 104 additionally includes a notification module 120 for
- the notification is an e-mail message
- notification module 120 is an e-mail server, such as the Microsoft Exchange®
- the server system 104 also includes a transmission module 122, the
- the decryption module 126 in the receiving system 106.
- the decryption module 126 in the receiving system 106.
- transmission module 122 is a standard Web server, such as the Windows NT ®
- module 126 may be implemented using a standard Web browser, such as the
- the transmission and decryption modules 122, 126 is by HTTP using SSL.
- the transmission module 122 is coupled to
- the notification module 120 is coupled via the network 108 to a key
- the key registration module 124 in the receiving system 106 The key registration
- module 124 is configured to issue new public and private keys to an addressee who does not currently have such keys, and is additionally configured to
- the key registration module 124 is resident in the
- the notification module 120 is configured to send the key registration module 124 to the receiving system 106 as an
- notification includes a hyperlink, such as a Uniform Resource Locator (URL),
- URL Uniform Resource Locator
- reg i stration module 124 using a conventional Web browser, such as the Netscape
- the receiving system 106 also includes a decryption module 126 for decrypting information packages 10. Like the encryption module 114, the decryption module 126 preferably uses a public key
- a symmetric key algorithm such as the Data Encryption Standard (DES) may be used.
- DES Data Encryption Standard
- the decryption module 126 is coupled to receive an
- the escrow decryption module 126 is coupled to receive the addressee's private key from the key registration module 124. Using either the escrow decryption key or the
- the decryption module 126 decrypts the information package 10 and provides the decrypted package 10 to the addressee.
- the systems 102, 104, and 106 described above, as well as the public key directory 112 and escrow key manager 116, are each implemented us i ng convenrional personal computers or workstations, such as IBM® PC-
- Figure 2 is a physical
- a central processing unit (CPU) 202 executes
- a storage device 204 coupled to the CPU 202, provides long-term storage of data and software programs, and may be
- network interface 206 coupled to the CPU 202, connects the sending system 102
- a display device 208 coupled to the CPU 202, displays text
- An input device 210 coupled to
- the CPU 202 such as a mouse or keyboard, facilities user control of the sending system 102.
- An addressable memory 212 coupled to the CPU 202, stores software
- the memory 212 stores a number of standard memory devices, such as random access memory (RAM) and read-only memory (ROM) devices.
- RAM random access memory
- ROM read-only memory
- the memory 212 stores a number of
- the sending system 102 initially receives 302 from the sender the
- addressee's e-mail address Although the addressee's e-mail address is used in one embodiment, those skilled in the art will recognize that the sender may
- a package 10 may have a plurality of addressees.
- the sending system 102 searches 304
- a determination 306 is then made whether the addressee's key was found in the directory 112. If the key was found, the package 10 is encrypted 308 by the
- the server system 104 notifies 312 the addressee about the package
- the notification module 120 which uses an e-mail notification system.
- the notification module 120 uses an e-mail notification system.
- the receiving system 106 may include a notification
- the notification module 120 Upon receipt of a UDP notification, the
- notification client generates a visual or audible desktop notification to the
- addressee such as a blinking icon, a chime, a pop-up dialog box, or the like.
- notification could include a voice notification via a voice
- synthesis module a pager notification via a conventional pager, or a facsimile notification via a standard facsimile.
- the addressee After the addressee receives 314 and acknowledges the notification, such as by a return e-mail message, the person claiming to be the addressee is
- authenticated 316 to determine whether that person is, in fact, the addressee.
- Those skilled in the art will recognize that there are many ways to authenticate an addressee. For example, passwords or the like could be used.
- the addressee is a secure way for authenticating an addressee.
- the transmission module 122 obtains the addressee's public key from the public
- authentication steps may be performed automatically by a Web server and Web
- the transmission module After the addressee is properly authenticated, the transmission module
- the receiving system 106 receives 320 the package from the server 104.
- HTTP and SSL are used, although other standard protocols could also be used without
- decryption module 126 decrypts 322 the package 10 using the addressee's private key, and provides the decrypted package 10 to the addressee.
- the present invention solves this problem by holding the addressee's package 10 in escrow, as described in greater detail below.
- step 306 if the addressee's public key was not found in the
- the escrow key manager 116 issues 324, for the package 10, an
- escrow decryption key is used for decrypting the package 10.
- the addressee's private key should never be sent to the addressee.
- the addressee's private key is generated locally at the receiving computer 106, and only the addressee's public
- the escrow encryption/ decryption keys are
- the keys are symmetric keys.
- the keys are symmetric keys.
- the encryption module 114 within the sending
- system 102 retrieves 326 the escrow encryption key, encrypts the package 10
- the package 10 is then stored 328 in the escrow storage area
- the server system 104 holds the package in escrow
- the addressee is then notified 330 of the package 10 being stored in escrow and the need to register for public and
- the notification is an e-mail message.
- the notification message includes a copy of the key registration
- ⁇ module 124 as an e-mail attachment.
- the notification message
- a hyperlink such as a URL, to permit the addressee to download the
- key registration module 124 from the server system 104 or another location. After the addressee has received 332 and acknowledged the notification and has either extracted or downloaded the key registration module 124, the
- addressee uses the key registration module 124 to register 334 for new public and
- the new public and private keys are
- the registration process is similar to the procedure
- the addressee is authenticated 336 to determine whether the person
- authentication may involve encrypting a standard
- server system 104 sends 338 the package 10 of the authenticated addressee to the
- the decryption module 126 in the receiving system 106.
- this process may be done in a number of ways.
- the transmission module 122 retrieves 342 the package 10 being stored
- the decryption module 126 retrieves 346 the escrow decryption key
- the decryption module 126 then decrypts 348 the package 10.
- the transmission module 122 retrieves 350 the
- the transmission module 120 retrieves 352 the escrow decryption key from the
- the transmission module 120 re-encrypts 354 the package
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU38536/00A AU3853600A (en) | 1999-01-12 | 2000-01-11 | Simplified addressing for private communications |
JP2000595457A JP2002535922A (en) | 1999-01-12 | 2000-01-11 | Simplified procedure for private communication |
EP00917584A EP1149483A1 (en) | 1999-01-12 | 2000-01-11 | Simplified addressing for private communications |
CA002360095A CA2360095A1 (en) | 1999-01-12 | 2000-01-11 | Simplified addressing for private communications |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11562699P | 1999-01-12 | 1999-01-12 | |
US60/115,626 | 1999-01-12 | ||
US09/332,358 US7171000B1 (en) | 1999-06-10 | 1999-06-10 | Simplified addressing for private communications |
US09/332,358 | 1999-06-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000044128A1 true WO2000044128A1 (en) | 2000-07-27 |
Family
ID=26813404
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2000/000001 WO2000044128A1 (en) | 1999-01-12 | 2000-01-11 | Simplified addressing for private communications |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1149483A1 (en) |
JP (1) | JP2002535922A (en) |
AU (1) | AU3853600A (en) |
CA (1) | CA2360095A1 (en) |
WO (1) | WO2000044128A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6725264B1 (en) * | 2000-02-17 | 2004-04-20 | Cisco Technology, Inc. | Apparatus and method for redirection of network management messages in a cluster of network devices |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4717509B2 (en) * | 2005-05-17 | 2011-07-06 | キヤノン株式会社 | Document management apparatus and control method therefor, computer program, and storage medium |
US11750572B2 (en) | 2020-08-12 | 2023-09-05 | Capital One Services, Llc | System, method, and computer-accessible medium for hiding messages sent to third parties |
US11664988B2 (en) * | 2020-11-30 | 2023-05-30 | EMC IP Holding Company LLC | Method and system for encrypting and decrypting secrets using escrow agents |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5751813A (en) * | 1996-04-29 | 1998-05-12 | Motorola, Inc. | Use of an encryption server for encrypting messages |
EP0869652A2 (en) * | 1997-04-01 | 1998-10-07 | Tumbleweed Software Corporation | Document delivery system |
WO1999000958A1 (en) * | 1997-06-26 | 1999-01-07 | British Telecommunications Plc | Data communications |
-
2000
- 2000-01-11 WO PCT/SG2000/000001 patent/WO2000044128A1/en not_active Application Discontinuation
- 2000-01-11 EP EP00917584A patent/EP1149483A1/en not_active Withdrawn
- 2000-01-11 JP JP2000595457A patent/JP2002535922A/en active Pending
- 2000-01-11 CA CA002360095A patent/CA2360095A1/en not_active Abandoned
- 2000-01-11 AU AU38536/00A patent/AU3853600A/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5751813A (en) * | 1996-04-29 | 1998-05-12 | Motorola, Inc. | Use of an encryption server for encrypting messages |
EP0869652A2 (en) * | 1997-04-01 | 1998-10-07 | Tumbleweed Software Corporation | Document delivery system |
WO1999000958A1 (en) * | 1997-06-26 | 1999-01-07 | British Telecommunications Plc | Data communications |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6725264B1 (en) * | 2000-02-17 | 2004-04-20 | Cisco Technology, Inc. | Apparatus and method for redirection of network management messages in a cluster of network devices |
USRE41750E1 (en) * | 2000-02-17 | 2010-09-21 | Cisco Technology, Inc. | Apparatus and method for redirection of network management messages in a cluster of network devices |
Also Published As
Publication number | Publication date |
---|---|
JP2002535922A (en) | 2002-10-22 |
AU3853600A (en) | 2000-08-07 |
CA2360095A1 (en) | 2000-07-27 |
EP1149483A1 (en) | 2001-10-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20020101998A1 (en) | Fast escrow delivery | |
US6988199B2 (en) | Secure and reliable document delivery | |
US7251728B2 (en) | Secure and reliable document delivery using routing lists | |
US9667418B2 (en) | Electronic data communication system with encryption for electronic messages | |
US6061448A (en) | Method and system for dynamic server document encryption | |
US9673984B2 (en) | Session key cache to maintain session keys | |
US6834112B1 (en) | Secure distribution of private keys to multiple clients | |
US6424718B1 (en) | Data communications system using public key cryptography in a web environment | |
US8649522B2 (en) | Electronic data communication system | |
US8370444B2 (en) | Generating PKI email accounts on a web-based email system | |
US6941454B1 (en) | System and method of sending and receiving secure data with a shared key | |
US7171000B1 (en) | Simplified addressing for private communications | |
US20020023213A1 (en) | Encryption system that dynamically locates keys | |
US20040019780A1 (en) | System, method and computer product for delivery and receipt of S/MIME encrypted data | |
CA2554847C (en) | System and method for secure electronic data delivery | |
EP1197030A1 (en) | Method for generating secure symmetric encryption and decryption | |
JP2004048679A (en) | Session key security protocol | |
US8271788B2 (en) | Software registration system | |
US20060095770A1 (en) | Method of establishing a secure e-mail transmission link | |
US20070022292A1 (en) | Receiving encrypted emails via a web-based email system | |
WO2000044128A1 (en) | Simplified addressing for private communications | |
JP2000099421A (en) | Method for confirming reception of electronic information | |
US20050138367A1 (en) | System and method for storing user credentials on a server copyright notice | |
CA2350321C (en) | System, method and computer product for deploying pki (public key infrastructure) in wireless devices connected to the internet | |
WO2002033891A2 (en) | Secure and reliable document delivery using routing lists |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref document number: 2360095 Country of ref document: CA Ref country code: CA Ref document number: 2360095 Kind code of ref document: A Format of ref document f/p: F |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2000 595457 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000917584 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2000917584 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000917584 Country of ref document: EP |