Perimeter enforcement of encryption rules
First Claim
Patent Images
1. A computer program product for securing network traffic comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
- receiving an electronic mail message from a sender for transmittal to a recipient different from the sender, the electronic mail message including an attachment containing at least one file;
removing the attachment from the electronic mail message;
wrapping the attachment into a portable encrypted container that contains an encrypted instance of the file, an encrypted instance of a decryption key to decrypt the file, and program code providing a user interface that supports a first mode of decryption using remote resources and authentication credentials for the recipient and a second mode of decryption based on local input of a password for decrypting the decryption key;
attaching the portable encrypted container to the electronic mail message; and
transmitting the electronic mail message and the portable encrypted container to an electronic mail gateway for communication from the sender to the recipient.
4 Assignments
0 Petitions
Accused Products
Abstract
Rules are applied at a network perimeter to outbound network communications that contain file attachments. The rules may, in a variety of circumstances, require wrapping of an outbound file from the endpoint in a portable encrypted container. The network perimeter may be enforced locally at the endpoint, or at any network device between the endpoint and a recipient.
61 Citations
20 Claims
-
1. A computer program product for securing network traffic comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
-
receiving an electronic mail message from a sender for transmittal to a recipient different from the sender, the electronic mail message including an attachment containing at least one file; removing the attachment from the electronic mail message; wrapping the attachment into a portable encrypted container that contains an encrypted instance of the file, an encrypted instance of a decryption key to decrypt the file, and program code providing a user interface that supports a first mode of decryption using remote resources and authentication credentials for the recipient and a second mode of decryption based on local input of a password for decrypting the decryption key; attaching the portable encrypted container to the electronic mail message; and transmitting the electronic mail message and the portable encrypted container to an electronic mail gateway for communication from the sender to the recipient.
-
-
2. A method for securing outbound network traffic, the method comprising:
-
receiving a communication from a sender for communication to a recipient different from the sender, the communication including a file coupled to the communication as an attachment; removing the attachment from the communication; wrapping the attachment into a portable encrypted container that contains an encrypted instance of the file, an encrypted instance of a decryption key to decrypt the file, and program code providing a user interface that supports a first mode of decryption using remote resources and authentication credentials for the recipient and a second mode of decryption based on local input of a password for decrypting the decryption key; attaching the portable encrypted container to the communication; and transmitting the communication and the portable encrypted container to the recipient. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A network device comprising:
-
a first interface for receiving communications; a second interface for sending communications over a data network; a memory; and a processor configured by computer executable code stored in the memory to secure network communications by performing the steps of receiving a communication from a sender through the first interface for communication to a recipient different from the sender, the communication including a file coupled to the communication as an attachment, removing the attachment from the communication, wrapping the attachment into a portable encrypted container that contains an encrypted instance of the file, an encrypted instance of a decryption key to decrypt the file, and program code providing a user interface that supports a first mode of decryption using remote resources and authentication credentials for the recipient and a second mode of decryption based on local input of a password for decrypting the decryption key, attaching the portable encrypted container to the communication, and transmitting the communication and the portable encrypted container to the recipient through the second interface. - View Dependent Claims (20)
-
Specification