Assured encrypted delivery

US 10,075,469 B1
Filed: 08/31/2015
Issued: 09/11/2018
Est. Priority Date: 08/31/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an email client executable by a processor of a computing device, the email client configured to receive instructions to transmit an email message from the computing device to a destination, the email client further configured to enable an encryption flag to be added to a header of the email message and specify a type of transport layer encryption, the encryption flag indicating to use the type of the transport layer encryption during transmission of the email message to the destination; and

an email server including an interface for receiving the email message from the email client, the email server configured to detect the encryption flag and determine a path to the destination, the email server further configured to submit a request to a next email server along the path to determine whether the next email server supports use of the type of the transport layer encryption for transmission of the email message and guarantees transmission of the email message using the type of the transport layer encryption, the email server further configured to receive a response from the next email server and, if the next email server supports and guarantees use of the type of the transport layer encryption for the transmission of the email message, transmitting the email message to the next email server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information can be added to the headers of email messages to ensure the messages are delivered using encryption, without the user having to manage keys or perform the encryption. A user can select an option in an email program that causes a flag to be added to the message header. Each mail server along the delivery path can provide (or expose) information about the type(s) of encryption supported, and if the encryption is not sufficient then the message will not be delivered to that server. This ensures the transport will remain encrypted before delivering the message to the next hop along the path. If the message cannot be delivered encrypted then the message will not be transmitted past that point. An end user then only needs to click a button or perform another such action to ensure encrypted message delivery.

Citations

21 Claims

1. A system, comprising:
- an email client executable by a processor of a computing device, the email client configured to receive instructions to transmit an email message from the computing device to a destination, the email client further configured to enable an encryption flag to be added to a header of the email message and specify a type of transport layer encryption, the encryption flag indicating to use the type of the transport layer encryption during transmission of the email message to the destination; and
  
  an email server including an interface for receiving the email message from the email client, the email server configured to detect the encryption flag and determine a path to the destination, the email server further configured to submit a request to a next email server along the path to determine whether the next email server supports use of the type of the transport layer encryption for transmission of the email message and guarantees transmission of the email message using the type of the transport layer encryption, the email server further configured to receive a response from the next email server and, if the next email server supports and guarantees use of the type of the transport layer encryption for the transmission of the email message, transmitting the email message to the next email server.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the email client is further configured to enable specification of the type of the transport layer encryption to be used for the transmission of the email message, and wherein the email server is further configured to determine the type of the transport layer encryption from the header of the email message and confirm that the next email server supports the type of the transport layer encryption before forwarding the email message to the next email server.
  - 3. The system of claim 1, wherein the email server is further configured to not forward the email message to the next email server if the next email server does not support and guarantee use of the transport layer encryption for transmission of the email message.
  - 4. The system of claim 3, wherein the email server is further configured to attempt to determine an alternative email server for a different path to the destination if the next email server does not support the type of the transport layer encryption, the email message being transmitted to the alternative email server only if the alternative email server supports the type of the transport layer encryption.
  - 5. The system of claim 3, wherein the next email server is configured to, upon receiving the email message, verify that a subsequent mail server along the path guarantees the use of the type of the transport layer encryption for transmission of the email message before the next email server transmits the email message to the subsequent mail server.

6. A computer-implemented method, comprising:
- under control of one or more computer systems including configured with executable instructions,receiving an electronic message indicating a destination and a type of encryption to be used in transmission of the electronic message to the destination;
  
  determining whether a next message server along a path to the destination (1) supports using the type of the encryption for the transmission of the electronic message and (2) is configured to use the type of the encryption upon determining that the type of the encryption is to be used in the transmission; and
  
  forwarding the electronic message to the next message server along the path only if the next message server supports using, and is configured to use, the type of the encryption for the transmission of the electronic message.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 7. The computer-implemented method of claim 6, further comprising:
    - determining a policy specified by the electronic message, wherein determining whether the next message server supports using the type of the encryption includes determining whether the next message server supports the policy.
  - 8. The computer-implemented method of claim 7, further comprising:
    - determining, from the policy, a location-based criterion for transmission of the electronic message to the next message server; and
      
      causing a bounceback message to be generated for a sender of the electronic message if the next message server does not satisfy the location-based criterion.
  - 9. The computer-implemented method of claim 6, further comprising:
    - causing a bounceback message to be generated for a sender of the electronic message if the next message server along the path does not support and guarantee using the type of the type of the encryption for the transmission of the electronic message, whereby the electronic message is not delivered to the destination.
  - 10. The computer-implemented method of claim 6, further comprising:
    - sending, before or after the electronic message is received, a request to the next message server regarding the type of the encryption; and
      
      receiving a response from the next message server indicating whether the next message server supports using the type of the encryption.
  - 11. The computer-implemented method of claim 6, further comprising:
    - checking a certificate for the next message server to determine whether the next message server supports using the type of the encryption for the transmission of the electronic message.
  - 12. The computer-implemented method of claim 6, further comprising:
    - receiving the electronic message using a different type of encryption than is used to transmit the electronic message to the next message server.
  - 13. The computer-implemented method of claim 6, further comprising:
    - determining a minimum level of the type of the encryption specified by the electronic message, wherein the next message server must support using at least the minimum level of the type of the encryption for the transmission of the electronic message to the next message server to occur.
  - 14. The computer-implemented method of claim 6, further comprising:
    - determining a preferred type of the type of the encryption specified by the electronic message, wherein the transmission to the next message server is capable of being performed using two or more types of encryption, and wherein the transmission is to use the preferred type of the type of the encryption if available as one of the two more types of encryption.
  - 15. The computer-implemented method of claim 6, further comprising:
    - determining an encryption score for the next message server, the encryption score determined using a mapping of encryption types to encryption values, wherein the next message server must meet at least a specified encryption score threshold for the transmission of the electronic message to the next message server to occur.
  - 16. The computer-implemented method of claim 6, further comprising:
    - determining that a certificate for the next message server is from a trusted certificate authority before transmitting the electronic message to the next message server.
  - 17. The computer-implemented method of claim 6, further comprising:
    - determining a policy associated with the electronic message, the policy indicating at least one of encryption criteria for transmitting the electronic message or an action to take if the next message server does not support the type of the encryption.

18. A non-transitory computer-readable storage medium including instructions that, upon execution by a processor of a computing device, cause the computing device to:
- receive an electronic message indicating a destination and a type of transport level encryption to be used in transmission of the electronic message to the destination;
  
  determine whether a next message server along a path to the destination (1) supports the type of transport level encryption and (2) guarantees use of the type of transport level encryption for the transmission; and
  
  forward the electronic message to the next message server if the next message server supports and guarantees using the type of transport level encryption for the transmission.
- View Dependent Claims (19, 20, 21)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the instructions when executed further cause the computing device to:
    - use a mail transfer protocol to determine a plurality of paths to the destination; and
      
      select the path from the plurality of paths based at least in part upon mail servers along the selected path supporting the type of transport level encryption.
  - 20. The non-transitory computer-readable storage medium of claim 18, wherein the instructions when executed further cause the computing device to:
    - determine an encryption score for the next message server, the encryption score determined using values for at least one of encryption algorithms supported, a length of keys supported, signatures or hash algorithms used, or blocking modes available for the next message server, wherein the type of transport level encryption to be supported includes transport level encryption with at least a minimum encryption score.
  - 21. The non-transitory computer-readable storage medium of claim 18, wherein the instructions when executed further cause the computing device to:
    - determine a policy associated with the electronic message, the policy indicating at least one of encryption criteria for transmitting the electronic message or an action to take if the next message server does not support the type of transport level encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brown, Nicholas Howard, Roth, Gregory Branchek
Primary Examiner(s)
Shehni, Ghazal

Application Number

US14/841,463
Time in Patent Office

1,107 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/23   Reliability checks, e.g. ac...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

Assured encrypted delivery

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Assured encrypted delivery

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links