Patent attributes
A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys. Secure search capability is also provided by the client devices supplying a set of message tokens obtained by transformations that the communication server cannot replicate, and the communication server maintaining a search index storing the message tokens in association with the (encrypted) messages from which they were obtained.
