Vault controller secure depositor for managing secure communication

Assignee

• International Business Machines Corporation · US

Inventors

• Hamid Bacha · Great Falls, US
• Robert B. Carroll · Mount Kisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/102
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A secure-end-to-end communication system for conducting electronic business includes a web server—vault controller having personal storage vaults for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique platform ID, e.g. a UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. User processes running in dedicated vaults are able to communicate with other User processes running in different vaults using a secure depositor running as a module in a vault process in each vault. Messages are sent from a vault process to a specific vault rather than another vault process. There is no direct communication between vault processes. In operation, if a vault process intends for a message to go to another vault, e.g. Vault V, the sending secure depositor performs the mapping from the DN of the owner of Vault V to the DN of Vault V. The secure depositor then obtains the public encryption key of Vault V from the certificate found in the X.500 directory under the DN of Vault V. The secure depositor encrypts the message with the recipient's public key and …