Method and system for messaging security

US 10,116,621 B2
Filed: 03/22/2013
Issued: 10/30/2018
Est. Priority Date: 06/22/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising:

a messaging firewall that cooperates with a remote publicly accessible security server to securely transmit e-mail messages,wherein the messaging firewall encrypts an e-mail message in accordance with at least one encryption key and determines, based on textual content, a destination, a size, and a source of the e-mail message, whether application of a signature to the e-mail message is required, the e-mail message being sent from the source to one or more recipients;

wherein the messaging firewall queries the remote security server for an encryption key including related encryption data which is associated with at least one target server for the e-mail message, and that in response to a determination that application of a signature is required for the e-mail message, retrieves the signature and a certificate associated with the source of the e-mail message;

wherein the encryption key is the recipient'"'"'s public key;

wherein the certificate is used to store the recipient'"'"'s public key;

wherein the signature is applied to the e-mail message to allow for a recipient of the one or more recipients to authenticate the source, wherein the encryption key is stored in the remote security server, and the certificate is included with the signature; and

wherein the messaging firewall transmits the e-mail message to at least one target server for which encryption data was retrieved by the messaging firewall.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An e-mail firewall applies policies to e-mail messages transmitted between a first site and a plurality of second sites. The e-mail firewall includes a plurality of mail transfer relay modules for transferring e-mail messages between the first site and one of the second sites. Policy managers are used to enforce and administer selectable policies. The policies are used to determine security procedures for the transmission and reception of e-mail messages. The e-mail firewall employs signature verification processes to verify signatures in received encrypted e-mail messages. The e-mail firewall is further adapted to employ external servers for verifying signatures. External servers are also used to retrieve data that is employed to encrypt and decrypt e-mail messages received and transmitted by the e-mail firewall, respectively.

64 Citations

View as Search Results

16 Claims

1. A system comprising:
- a messaging firewall that cooperates with a remote publicly accessible security server to securely transmit e-mail messages,wherein the messaging firewall encrypts an e-mail message in accordance with at least one encryption key and determines, based on textual content, a destination, a size, and a source of the e-mail message, whether application of a signature to the e-mail message is required, the e-mail message being sent from the source to one or more recipients;
  
  wherein the messaging firewall queries the remote security server for an encryption key including related encryption data which is associated with at least one target server for the e-mail message, and that in response to a determination that application of a signature is required for the e-mail message, retrieves the signature and a certificate associated with the source of the e-mail message;
  
  wherein the encryption key is the recipient'"'"'s public key;
  
  wherein the certificate is used to store the recipient'"'"'s public key;
  
  wherein the signature is applied to the e-mail message to allow for a recipient of the one or more recipients to authenticate the source, wherein the encryption key is stored in the remote security server, and the certificate is included with the signature; and
  
  wherein the messaging firewall transmits the e-mail message to at least one target server for which encryption data was retrieved by the messaging firewall.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further including:
    - a security manager, wherein when a source of the retrieved certificate is not fully trusted, the security manager verifies a validity of the certificate.
  - 3. The system of claim 2, wherein the security manager uses the retrieved certificate to encrypt the e-mail message in accordance with verification that the retrieved certificate is valid.
  - 4. The system of claim 2, wherein the security manager includes a local database, and when the certificate is retrieved from the local database, a signature verification process is reported as successful.
  - 5. The system of claim 4, wherein the local database stores a persistent mapping from the recipient'"'"'s e-mail address to the certificate.
  - 6. The system of claim 4, wherein the local database stores a persistent mapping from the recipient'"'"'s server domain to the certificate.
  - 7. The system of claim 4, wherein the local directory stores trusted certificates that do not require full verification.
  - 8. The system of claim 1, wherein the remote security server is a Certificate Authority (CA).

9. A method of securely transmitting e-mail messages, the method comprising:
- encrypting, at a messaging firewall, an e-mail message in accordance with at least one encryption key, the e-mail message being sent from a source to one or more recipients;
  
  determining based on textual content, a destination, a size, and the source of the e-mail message, whether application of a signature to the e-mail message is required;
  
  querying, at the messaging firewall, a remote security server for an encryption key including related encryption data which is associated with at least one target server for the e-mail message, wherein the encryption key is the recipient'"'"'s public key;
  
  in response to a determination that application of a signature is required for the e-mail message, retrieving the signature and a certificate associated with the source of the e-mail message, wherein the certificate is used to store the recipient'"'"'s public key, wherein the signature is applied to the e-mail message to allow for a recipient of the one or more recipients to authenticate the source, wherein the encryption key is stored in the remote security server, and the certificate is included with the signature; and
  
  transmitting the e-mail message to at least one target server for which encryption data was retrieved by the messaging firewall.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further including:
    - when a source of a the retrieved certificate is not fully trusted, verifying a validity of the certificate.
  - 11. The method of claim 10, further including:
    - using the retrieved certificate to encrypt the e-mail message in accordance with verification that the retrieved certificate is valid.
  - 12. The method of claim 10, further including:
    - when the certificate is retrieved from a local database, the signature verification process is reported as successful.
  - 13. The method of claim 12, wherein the local database stores a persistent mapping from the recipient'"'"'s e-mail address to the certificate.
  - 14. The method of claim 12, wherein the local database stores a persistent mapping from the recipient'"'"'s server domain to the certificate.
  - 15. The method of claim 12, wherein the local directory stores trusted certificates that do not require full verification.

16. A computer program product encoded in one or more non-transitory media, the computer program product including instructions that when executed by one or more processors causes the one or more processors to perform a method comprising:
- encrypting, at a messaging firewall, an e-mail message in accordance with at least one encryption key, the e-mail message being sent from a source to one or more recipients;
  
  determining based on textual content, a destination, a size, and the source of the e-mail message, whether application of a signature to the e-mail message is required;
  
  querying, at a messaging firewall, a remote security server for an encryption key including related encryption data which is associated with at least one target server for the e-mail message, wherein the encryption key is the recipient'"'"'s public key;
  
  in response to a determination that application of a signature is required for the e-mail message, retrieving a signature and a certificate associated with the source of the e-mail message, wherein the certificate is used to store the recipient'"'"'s public key,wherein the signature is applied to the e-mail message to allow for a recipient of the one or more recipients to authenticate the source, wherein the encryption key is stored in the remote security server, and the certificate is included with the signature; and
  
  transmitting the e-mail message to at least one target server for which encryption data was retrieved by the messaging firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Axway Incorporated (Axway Software SA)
Original Assignee
Axway Incorporated (Axway Software SA)
Inventors
Bandini, Jean-Christophe Denis, Smith, Jeffrey C.
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Callahan, Paul E

Application Number

US13/849,432
Publication Number

US 20140041013A1
Time in Patent Office

2,048 Days
Field of Search

380259, 705 50, 705 55, 713150, 713151, 713153, 713154, 713175, 726 11, 726 14
US Class Current
CPC Class Codes

G06Q 10/00   Administration; Management

H04L 51/212   using filtering or selectiv...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/32   including means for verifyi...

Method and system for messaging security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for messaging security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links