The invention relates generally to computing systems and more particularly to a method and system for providing secure data transmissions between Internet users.
The Internet is a global network of computers that uses a common communication protocol, the Transfer Control Protocol/Internet Protocol (TCP/IP), to transmit data from one location to another. Many application specific tasks, such as E-mail transmission and file transfer, are not directly supported by TCP/IP. Instead, support for these services is implemented by application specific protocols that in turn rely on TCP/IP for basic data transport services. One problem that is relatively unknown to individuals that make use of the Internet is the ease by which information can be obtained during transmission by unauthorized eavesdroppers. For example, most E-mail transmissions over the Internet are sent in cleartext. Cleartext is unencrypted data that can be intercepted anywhere along the path between a sender and the recipient.
Accordingly, sensitive business or personal information should not be transmitted in cleartext over the Internet. To do so is to risk its publication. To avoid this risk, sensitive data is often sent by courier services at great cost.
Encryption mechanisms can be used to ensure the integrity of information sent over the Internet. Two common encryption techniques, symmetric key encryption and public key encryption, are described below. In a symmetric key encryption, a unique key is identified and used by the sender to encrypt and by the receiver to decrypt a message. In public key encryption, separate keys are used to encrypt and to decrypt a message.
While secure communications are desirable, the mechanisms required to ensure security can be difficult to implement in a network environment. Private networks that include connections to public networks are often shielded using a firewall. A firewall provides a gateway between a public and a private network, or between public and private portions of a single network. A firewall can screen incoming and outgoing traffic to ensure integrity of the traffic between the two distinct domains. While the screening is desirable to avoid unauthorized access to or transfers of data, the additional security measures can have undesirable effects in limiting the kind or form of traffic that is able easily to be transmitted through the gateway.
In one aspect, the invention provides a method for transferring a message securely from a sender to a recipient over a network and includes at each transfer: creating a message; retrieving the public key of the recipient from an external key server just prior to sending the message; signing the message using the private key of the sender; encrypting the signed message using a public key encryption algorithm and the public key of the recipient producing an encrypted signed message; generating an E-mail message addressed to the recipient; attaching the encrypted signed message as an attachment to the E-mail message; and, transmitting the E-mail message to the recipient.
Aspects of the invention can include one or more of the following features. The step of retrieving the public key of the recipient can include verifying a status of a public key for the sender and where the external key server is operable to not return the recipient""s public key unless the status of the sender""s public key is active.
Verifying the status of a public key of the sender can include sending a hash of a sender""s public key to a external key server where the external key server is operable to maintain a status for each public key stored therein and enabled to return the status for a particular public key when the hash is received.
The external key server can be a single central key server. The external key server can be one of a group of external key servers each including a repository of public keys.
Substantially contemporaneous with sending the message, the method can include prompting the sender for a signature phrase, decrypting the private key of the sender using the signature phrase, applying a hash function to a sender""s public key to produce a hash and verifying a status of the sender""s public key including submitting the hash to the external key server to enable a look-up of a status of a public key of the sender.
The method can include designating a signature phrase by each user, either sender or recipient, encrypting a private key of the user using the signature phrase and storing the encrypted private key locally at a user""s computer.
The step of retrieving the public key of the recipient can include generating a request for a current public key of the recipient where the request can include an identifier for the recipient.
The identifier can be an E-mail address for the recipient or a hash of an E-mail address for the recipient.
The step of encrypting can include generating a random number, encrypting the message using the random number as a session key in a symmetric key encryption algorithm and encrypting the session key using a public key encryption algorithm and the public key of the recipient.
The step of signing a message can include decrypting a private key of the sender and applying a digital signature algorithm to the message using the sender""s private key.
The step of decrypting the private key can includes prompting the user for a signature phrase, applying a hash function to the signature phrase and decrypting the private key using a symmetric key encryption algorithm where the hash is used as the symmetric key.
The step of attaching the signed document can include designating a recipient""s E-mail address and the sender""s E-mail address, designating one or more of a public title and public message body for the E-mail message and attaching the encrypted signed message as an attachment to the E-mail message addressed to the recipient.
The step of transmitting can include transmitting the E-mail message to a forwarding proxy using a non-SMTP protocol where the forwarding proxy is operable to extract the E-mail message and forward the E-mail message to the recipient. The non-SMTP protocol can be the HTTP protocol.
The method can include creating an HTTP post including the E-mail message and transmitting the HTTP post. The forwarding proxy can forward the E-mail message by SMTP.
The method can include attaching a random number to the E-mail message prior to transferring where the forwarding proxy is operable to verify the random number is valid based on a predefined criterion, and if not, will not forward the E-mail message. The predefined criterion can be the passage of a predefined amount of time.
The method can include attaching a return receipt request to the E-mail message and acknowledging the return of a receipt including displaying the receipt to the sender. The opening of the E-mail message by the recipient can be conditioned upon the return of the return receipt.
The step of generating an E-mail message can include creating a MIME E-mail message addressed to the recipient. The step of attaching the signed document can include attaching the signed document to the MIME mail message as a MIME attachment. The step of transmitting can include sending the MIME mail message to the recipient.
The central key server can be one of a plurality of distributed key servers, each of which include public keys and status information to enable key retrieval from multiple locations, which facilitates secure transfers of messages between users.
In another aspect, the invention provides a method for transferring E-mail messages securely from a sender to a recipient over a network including, substantially contemporaneous with the transmission of a secure E-mail transmission from the sender to the recipient, retrieving the public key of the recipient from an external key server to ensure an active public key for the recipient is used in encrypting the message.
Aspects of the invention can include one or more of the following features. The step of retrieving can include verifying the status of a sender""s public key at the external key server to ensure the sender""s public key is available to allow for the authentication by the recipient of the E-mail message sent by the sender.
The step of retrieving can include retrieving a time stamp from the external key server. The time stamp can be signed by a public key of the external key server.
In another aspect, the invention provides a method for verifying the authenticity of a message received by a recipient process. The message is generated by a sender process and transferred using secure means over a network. The method includes decrypting a signed encrypted message exposing a message signed by the sender, verifying the sender""s signature, requesting a status for the sender""s public key from an external key server and displaying the status of the sender""s public key and the decrypted message.
Aspects of the invention can include one or more of the following features. The step of requesting a status for the sender""s public key from an external key server can includes receiving signed status information from the external key server. The method can further include verifying the external key server""s signature used to sign the status information.
The step of requesting a status for the sender""s public key from an external key server can include receiving unsigned status information from the external key server.
The step of requesting a status for the sender""s public key from an external key server can include receiving a time stamp certificate from the external key server.
The step of decrypting can include exposing a time stamp certificate signed by an external key server and associated with the signed encrypted message and verifying the external key server""s signature used to sign the time stamp certificate.
The step of displaying can include displaying the time stamp certificate.
The public key encryption algorithm can be selected so that encrypting processes are substantially faster than decrypting processes. The public key encryption algorithm can be a Rabin algorithm.
The step of displaying can include displaying two indicators and enabling an appropriate one of the two based on the status of the sender""s public key, either valid or invalid. The step of displaying can include displaying three or more indicators and enabling an appropriate one of the three based on the status of the sender""s public key, either valid, invalid or valid when signed but now invalid.
The step of decrypting a signed message can include recovering the recipient""s private key, applying a public key encryption algorithm to the encrypted session key included with the encrypted signed message to recover a session key and applying a symmetric key encryption algorithm to the encrypted signed message using the session key to recover the message.
Messages can be signed using a signature algorithm that is selected so that verifying a signature is substantially faster than signing a message. The signature algorithm can be a Rabin algorithm.
The step of recovering the private key can include prompting the user for a signature phrase, applying a hash function to the signature phrase and decrypting the private key using a symmetric key encryption algorithm where the hash is used as a session key. The step of applying a hash function can include applying the hash function to the signature phrase a large number of times, applying the hash function to the signature phrase approximately 5000 times, or applying multiple hash functions to the signature phrase.
The step of verifying a signature can include applying a hash function to a signed message resulting in a first hash and comparing the first hash with an associated second hash received from a signing party. The signing party can be the sender, the signed message can be the signed encrypted message and the second hash can be recovered when decrypting the signed encrypted message. The signing party can be the external key server, the signed message can be the time stamp certificate and the second hash can be recovered when decrypting the signed encrypted message. The signing party can be the external key server, the signed message can be the status information and the second hash can be generated by the external key server and provided along with the status information. The signing party can be the external key server, the signed message can be the recipient""s public key and the second hash can be recovered when decrypting the signed encrypted message.
Verifying the status of a public key of the sender can include sending a request to the external key server including an identifier designating the public key of the sender where the central key server is operable to maintain a status for each public key stored therein and enabled to return the status for a particular public key of the sender when the identifier is received.
In another aspect, the invention provides a method for transferring a message securely from a sender process to a recipient process over a network and includes creating a message and receiving the E-mail message. The step of creating includes retrieving a public key of the recipient and verifiable transmission time stamp where the transmission time stamp generated and signed by an external key server independent of the sender process, signing the encrypted message, encrypting the signed message using a public key encryption algorithm and the public key of the recipient and attaching the encrypted message to an E-mail message. The step of receiving the E-mail message includes decrypting the signed encrypted message, verifying the sender""s signature mathematically, requesting a status for the sender""s public key from an external key server including receiving signed status information, verifying the external server""s signature that signed the status information and displaying the status of the sender""s public key, the time stamp certificate and the decrypted message.
In another aspect, the invention provides a method for securely transferring a message from a sender to a recipient over a network and includes creating a message, retrieving the public key of the recipient from an external key server, encrypting the message using a public key encryption algorithm and the public key of the recipient producing an encrypted message and transmitting the E-mail message to a forwarding proxy using a non-SMTP protocol where the forwarding proxy is operable to extract the E-mail message and forward the E-mail message to the recipient.
Aspects of the invention can include one or more of the following features. The non-SMTP protocol can be the HTTP protocol. The method can include creating an HTTP post including the E-mail message and transmitting the HTTP post. The forwarding proxy can forward the E-mail message by SMTP.
In another aspect, the invention provides, in a public key encryption system that includes a central key repository and a plurality of users, where a user""s public key is stored at the central key repository and the user""s associated private key is stored locally on a user""s computer, a method for recovering lost keys including designating an recovery question and an answer to the recovery question, encrypting the user""s private key using a first hash of the answer as a session key in a symmetric key encryption process, taking a different hash of the answer producing a second hash and storing the second hash and the recovery question at the central key repository. When prompted by the user to recover a lost private key, the method includes prompting the user to provide the answer, taking the different hash of the answer provided producing a third hash and transmitting the third hash to the central key repository without transmitting the answer itself and comparing the second and third hashes. If they match, the encrypted private key is returned to the user and the private key is decrypted using the first hash and stored.
In another aspect, the invention provides an apparatus for creating and viewing secure messages transferred over a network between one or more senders and recipients. The apparatus includes a composer viewer operable to compose a message, retrieve a public key and public key status for a recipient of the message, verify an active status of a sender""s public key, encrypt the message and view secure messages received from other senders, and a communication process for transferring composed messages out from the sender and for receiving composed messages from other senders.
Aspects of the invention can include one or more of the following features. The composer viewer can be operable to retrieve the public key and public key status just prior to the transfer of the message to the recipient.
The composer viewer can be operable to retrieve a time stamp certificate that certifies the sender""s identity, the recipient""s identity, the integrity of the message, and the time that the message was sent.
In another aspect, the invention provides, in a public key encryption system that includes a central key repository and a plurality of users, where a user""s public key is stored at the central key repository and the user""s associated private key is stored locally on a user""s computer, and where messages are signed by a private key of the central key repository and can be verified by retrieving an associated public key for and from the central key repository, a method for certifying a document sent from the central key server is valid. The method includes creating a key server certificate including applying a signature operation to the public key of the central key repository using a verifiable private key of the central key repository, attaching the key server certificate to a document that is to be transferred to a user and needs to be certified, producing a certified document, and signing the certified document including applying a signature operation on the certified document using the public key of the central key repository.
In another aspect, the invention provides, in a public key encryption system that includes a central key repository, a plurality of users and a trusted third party server, where a user""s public key is stored at the central key repository and the user""s associated private key is stored locally on a user""s computer, and where an encrypted version of a user""s private key is stored by the trusted third party server for the benefit of beneficiary of the escrow process, a method for verifying the private key escrowed at the trusted third party server is same as the private key stored locally by a user without exposing the private key to the central key repository. The method includes, at the trusted third party server and prior to storing the user""s private key, taking a hash of the private key producing a first hash, encrypting the private key using the public key of the escrow beneficiary, and storing the private key and returning the first hash to the user. At the user and prior to storing the user""s private key locally, the method includes taking a hash of the private key producing a second hash, comparing the first and second hashes and, if the hashes match, storing the public key associated with the private key locally on the user""s computer.
In another aspect, the invention provides an apparatus for transferring a message securely from a sender to a recipient over a network including a composer operable to create a message and retrieve a public key of the recipient from an external key server just prior to sending the message, a signature engine operable to sign the message using the private key of the sender, an encryption engine operable to encrypt the signed message using a public key encryption algorithm and the public key of the recipient producing an encrypted signed message, and a wrapping application operable to generate an E-mail message addressed to the recipient, attach the encrypted signed message as an attachment to the E-mail message and transmit the E-mail message to the recipient.
In another aspect, the invention provides an apparatus for verifying the authenticity of a message received by a recipient process where the message is generated by a sender process and transferred using secure means over a network. The apparatus includes a decryption engine for decrypting a signed encrypted message exposing a message signed by the sender, a verification engine operable to verify the sender""s signature, request a status for the sender""s public key from an external key server, receive status information from the external key server and verify the external key server""s signature used to sign the status information and a display engine operable to display the status of the sender""s public key and the decrypted message.
In another aspect, the invention provides an apparatus for securely transferring a message from a sender to a recipient over a network including a composer operable to create a message and retrieve the public key of the recipient from an external key server, an encryption engine for encrypting the message using a public key encryption algorithm and the public key of the recipient producing an encrypted message and a transmission system separable from the composer and operable to transmit the E-mail message to a forwarding proxy using a non-SMTP protocol where the forwarding proxy is operable to extract the E-mail message and forward the E-mail message to the recipient.
In another aspect, the invention provides a method for posting a public key for a user at central key server where the public key is retrievable by a sender and used by a public key encryption process executed at the sender""s computer to securely transfer a message from a sender to a recipient over a network. The method of posting includes generating a set of public and private keys, associating a unique E-mail address for the user with the set of public and private keys, storing the encrypted private key locally on the user""s computer; and posting the public key including storing the public key at the central key server in a key list.
Aspects of the invention can include one or more of the following features. The key list can be indexed by the E-mail address or a hash of the E-mail address. The method can include designating a signature phrase where the signature phrase is used by the user""s computer to encrypt the private key.
In another aspect, the invention provides a method for producing a set of public and private keys for a user where the public key is retrievable by a sender and used by a public key encryption process executed at the sender""s computer to securely transfer a message from a sender to a recipient over a network. The method includes generating a large random number having a first size including generating a first random number at the user""s computer and second random number at the central key server and mixing the first and second random numbers, using the large random number as a seed to generate two large prime numbers that form the user""s private key, multiplying the two large prime numbers to produce a public key having a second size that is comparable to the first size and posting the public key at the central key server.
In another aspect the invention provides a method for producing a large random number used as a seed in generating a secure set of public and private keys for a user, where the public key includes a first size. The method includes generating a first random number at the user""s computer, generating a second random number at a central key server and mixing the first and second random numbers to produce the large random number where that large random number has a second size that is comparable to the first size.
In another aspect, the invention provides a method for posting a public key for a user at a central key server where the public key is retrievable by a sender and used by a public key encryption process executed at the sender""s computer to securely transfer a message from a sender to a recipient over a network. The method of posting includes generating a set of public and private keys, associating an E-mail address for the user with the set of public and private keys, escrowing the private key including retrieving a public key package for the central key server where the public key package includes a public key of a trusted third party, encrypting the private key with the public key of the trusted third party and sending the encrypted private key and public key to the central key server to be forwarded to the trusted third party for escrowing.
If the escrowing at the trusted third party is successful, a hash of the private key is received back from the trusted third party. The private key is hashed and compared with the hash received and, if they match, the private key is stored locally at the user""s computer. The method include receiving an E-mail confirmation request from the central key server at the E-mail address indicating that the escrowing process was successful and sending a confirmation to the central key server which, upon receipt, will cause the central key server to post the public key.
In another aspect, the invention provides a method of escrowing a set of public and private keys including generating a set of public and private keys, associating an E-mail address for the user with the set of public and private keys, escrowing the private key with a trusted third party including encrypting the private key and sending the encrypted private key to the trusted third party, receiving a successful escrow message from the trusted third party and verifying a private key escrowed by the trusted third party is the same is as the private key.
Aspects of the invention can include one or more of the following features. The method can include receiving a hash of the private key back from the trusted third party, hashing the private key and comparing the two hashes and if they match storing the private key locally at the user""s computer.
The method can include receiving a confirmation request from the central key server at the E-mail address indicating that the escrowing process was successful and sending a confirmation to the central key server which, upon receipt, will cause the central key server to post the public key.
In another aspect, the invention provides a method for authenticating a message sent from a sender to a recipient over a network including generating a time stamp request including the message, sending to a time stamping authority the time stamp request, constructing a time stamp certificate comprising the message to be sent and the current time, returning the time stamp certificate to the sender and attaching the time stamp certificate to the message and sending the message to the recipient.
Aspects of the invention can include one or more of the following features. The time stamp request can include a hash of the message to be sent and the sender""s and the recipient""s E-mail addresses, the hash of the sender""s and recipient""s E-mail address, a hash of the message to be sent and the sender""s and the recipient""s E-mail addresses, the hash of the sender""s and recipient""s E-mail address, a hash of sender""s public key and a status of the public key, or a hash of recipient""s public key and a status of the public key.
The method can include signing the time stamp certificate with a private key of the time stamping authority.
In another aspect, the invention provides a method for authenticating a sender, a recipient and a message when transferring the message from the sender to the recipient over a network including generating, remotely from the sender, a time stamp certificate that includes the message, a time stamp, the recipient""s and sender""s public keys and recipient""s and sender""s public key status, attaching the time stamp certificate to the message and sending the message and the time stamp certificate to the recipient.
Aspects of the invention can include one or more of the following features. The time stamp certificate can include a hash of the message, the hash of the recipient""s public key, the hash of the sender""s public key the sender""s and the recipient""s E-mail addresses, a hash of the sender""s and the recipient""s E-mail addresses
Implementations of the invention can include one or more of the following advantages. Documents can be encrypted by the intended recipient""s public key and signed with a signature that includes a remotely generated and signed time stamp provided from a central server. The remotely generated time stamp can be evaluated to verify the time of signing. The remotely generated time stamp can be in the form of a certificate that can be used to authenticate the sender""s and recipient""s public keys. Care is taken in the construction of the time stamp so that it cannot be tampered with or attached to other documents. The present invention provides an easy means for revoking a signature that assures both the sender and the recipient of the authenticity of each signature produced. A screening mechanism is provided that can alert a recipient to both invalid signatures as well as out of date signatures. A sender can be required to validate his/her own signature when sending a transmission (E-mail), thereby further ensuring the authenticity of each message transmitted. A public key retrieval is completed at each message transmission ensuring that the correct public key is retrieved for the recipient each time a message is sent. An algorithm that is optimized to minimize the amount of time required to encrypt messages is provided. The present invention provides verification of signature status similar to a certificate, but with the additional feature of public key validation at verification time.
A system is provided for secure E-mail services. Secure E-mail messages can be composed or generated using the secure massaging system, the result of which can be attached as a MIME message to a conventional E-mail message for transfer to a recipient. A viewer or reader is provided for opening the secure MIME attachment at a recipient device and for decrypting the underlying contents.
The secure MIME attachment can be sent directly by the composer, such in an SMTP message format, or attached and sent using a conventional E-mail program. While one implementation of the invention requires the client sender to have access to an SMTP server, an alternative implementation sends the secure message with an HTTP post. A forwarding proxy or relay is used to recover the secure message from the HTTP post and to forward the message as an attachment to a conventional E-mail message or as an SMTP message.
These and other advantages of the present invention will become apparent from the following description and from the claims.