GUIDO APPENZELLER
Pilots at Campo Bello Ln, Menlo Park, CA

7017181, Mar 21, 2006

Jun 25, 2003

10/607195

Terence Spies - Palo Alto CA, US
Rishi R. Kacker - Menlo Park CA, US
Guido Appenzeller - Menlo Park CA, US
Matthew J. Pauker - Menlo Park CA, US
Eric Rescorla - Palo Alto CA, US

Voltage Security, Inc. - Palo Alto CA

G06F 11/30, G06F 12/14, H04L 9/00, H04L 9/32

726 3, 713156, 713175, 380277, 380278, 380279

A system is provided that uses identity-based encryption (IBE) to support secure communications. Messages from a sender may be encrypted using an IBE public key and IBE public parameter information associated with a recipient. The recipient may decrypt IBE-encrypted messages from the sender using an IBE private key. A host having a service name may be used to store the IBE public parameter information. The sender may use a service name generation rule to generate the service name based on the IBE public key of the recipient. The sender may use the service name to obtain the IBE public parameter information from the host.

8024769, Sep 20, 2011

Dec 9, 2005

11/298954

Rishi R. Kacker - San Francisco CA, US
Guido Appenzeller - Menlo Park CA, US
Matthew J. Pauker - San Francisco CA, US
Terence Spies - San Mateo CA, US

Voltage Security, Inc. - Cupertino CA

G06F 17/00

726 1

A system is provided that allows encrypted content to be distributed to users over a communications network. A policy enforcement service may use an identity-based encryption algorithm to generate public parameter information and private keys. Data content may be encrypted prior to distribution using an identity-based encryption engine. The encryption engine may use the public parameter information from the policy service and public key information to encrypt the data. The public key information may be based on policy information that specifies which types of users are allowed to access the data that is encrypted using that public key. A user may obtain a private key for unlocking particular encrypted data by providing a key request to the policy enforcement service that contains the public key. The policy enforcement service may enforce the policies given by the policy information and may provide private keys only to authorized users.

7624269, Nov 24, 2009

Jul 9, 2004

10/887721

Guido Appenzeller - Menlo Park CA, US
Xavier Boyen - Palo Alto CA, US
Terence Spies - San Mateo CA, US

Voltage Security, Inc. - Palo Alto CA

H04L 9/00

713171, 713150, 713168, 380 44, 380277, 380278, 380284, 726 2, 726 12

Secure messages may be sent between senders and recipients using symmetric message keys. The symmetric message keys may be derived from a master key using a key generator at an organization. A gateway may encrypt outgoing message using the derived keys. Senders in the organization can send messages to recipients who are customers of the organization. The recipients can authenticate to a decryption server in the organization using preestablished credentials. The recipients can be provided with copies of the derived keys for decrypting the encrypted messages. A hierarchical architecture may be used in which a super master key generator at the organization derives master keys for delegated key generators in different units of the organization. An organization may have a policy server that generates non-customer symmetric message keys. The non-customer symmetric message keys may be used to encrypt messages sent by a non-customer sender to a recipient at the organization.

7571321, Aug 4, 2009

Mar 14, 2003

10/390058

Guido Appenzeller - Menlo Park CA, US
Matthew J Pauker - Menlo Park CA, US
Terence Spies - Palo Alto CA, US
Rishi R Kacker - Menlo Park CA, US

Voltage Security, Inc. - Palo Alto CA

H04L 9/00, H04L 9/32

713171, 726 3

A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.

8353023, Jan 8, 2013

Sep 30, 2011

13/250950

Terence Spies - San Mateo CA, US
Guido Appenzeller - Menlo Park CA, US

Voltage Security, Inc. - Cupertino CA

G06F 9/00

726 12

Systems and methods for managing email are provided. Some of the email may be encrypted using identity-based-encryption (IBE) techniques. When an incoming IBE-encrypted message for a recipient in an organization is received by a gateway at the organization, the gateway may request an IBE private key from an IBE private key generator. The IBE private key generator may generate the requested IBE private key for the gateway. The gateway may use an IBE decryption engine to decrypt the incoming message. The decrypted message can be scanned for viruses and spam and delivered to the recipient. Outgoing email messages can also be processed. If indicated by message attributes or information provided by a message sender, an outgoing message can be encrypted using an IBE encryption engine and the IBE public key of a desired recipient.

7961879, Jun 14, 2011

Jul 31, 2009

12/534040

Terence Spies - Palo Alto CA, US
Rishi R. Kacker - Menlo Park CA, US
Guido Appenzeller - Menlo Park CA, US
Matthew J. Pauker - Menlo Park CA, US

Voltage Security, Inc. - Cupertino CA

H04L 9/00

380 44, 380281, 380282, 380284

A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient over a communications network. IBE public key information may be used to encrypt messages and corresponding IBE private key information may be used to decrypt messages. Information on which IBE public key information was used in encrypting a given message may be provided to the message recipient with the message. Multiple IBE public keys may be used to encrypt a single message. A less sensitive IBE public key may be used to encrypt a more sensitive public key, so that the more sensitive public key can remain hidden as it is sent to the recipient.

8301889, Oct 30, 2012

Mar 3, 2011

13/040050

Matthew J. Pauker - Menlo Park CA, US
Terence Spies - Palo Alto CA, US
Rishi R. Kacker - Menlo Park CA, US
Guido Appenzeller - Menlo Park CA, US

Voltage Security, Inc. - Cupertino CA

H04L 9/32

713171

A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.

2013012, May 16, 2013

Jan 3, 2013

13/733598

Voltage Security, Inc. - Cupertino CA, US
Guido Appenzeller - Menlo Park CA, US

Voltage Security, Inc. - Cupertino CA

H04L 9/28

380 30

Systems and methods for managing email are provided. Some of the email may be encrypted using identity-based-encryption (IBE) techniques. When an incoming IBE-encrypted message for a recipient in an organization is received by a gateway at the organization, the gateway may request an IBE private key from an IBE private key generator. The IBE private key generator may generate the requested IBE private key for the gateway. The gateway may use an IBE decryption engine to decrypt the incoming message. The decrypted message can be scanned for viruses and spam and delivered to the recipient. Outgoing email messages can also be processed. If indicated by message attributes or information provided by a message sender, an outgoing message can be encrypted using an IBE encryption engine and the IBE public key of a desired recipient.

7921292, Apr 5, 2011

Apr 4, 2003

10/406938

Matthew J. Pauker - Menlo Park CA, US
Terence Spies - Palo Alto CA, US
Rishi R. Kacker - Menlo Park CA, US
Guido Appenzeller - Menlo Park CA, US

Voltage Security, Inc. - Palo Alto CA

H04L 9/32

713171

A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.

7580521, Aug 25, 2009

Jun 25, 2003

10/606432

Terence Spies - Palo Alto CA, US
Rishi R. Kacker - Menlo Park CA, US
Guido Appenzeller - Menlo Park CA, US
Matthew J. Pauker - Menlo Park CA, US

Voltage Security, Inc. - Palo Alto CA

H04L 9/00

380 44, 380281, 380282, 380284

A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient over a communications network. IBE public key information may be used to encrypt messages and corresponding IBE private key information may be used to decrypt messages. Information on which IBE public key information was used in encrypting a given message may be provided to the message recipient with the message. Multiple IBE public keys may be used to encrypt a single message. A less sensitive IBE public key may be used to encrypt a more sensitive public key, so that the more sensitive public key can remain hidden as it is sent to the recipient.