Perimeter encryption

US 10,454,903 B2
Filed: 02/10/2017
Issued: 10/22/2019
Est. Priority Date: 06/30/2016
Status: Active Grant

First Claim

Patent Images

1. A computer program product for managing communications through an electronic mail gateway, the computer program product comprising computer executable code embodied in a non-transitory memory that, when executing on the electronic mail gateway, performs the steps of:

storing an encryption key on the electronic mail gateway, the encryption key associated with users of an enterprise network;

receiving an electronic mail communication at the electronic mail gateway, wherein the electronic mail communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the electronic mail communication includes an attachment that is encrypted with the encryption key;

decrypting the attachment at the electronic mail gateway to provide a decrypted attachment;

performing a security scan on the decrypted attachment at the electronic mail gateway;

routing the electronic mail communication from the electronic mail gateway based on a result of the security scan;

wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment; and

attaching the portable encryption container to the electronic mail communication in place of the attachment.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. whether and how files are encrypted with the encryption keys, may also be used to assist in selecting appropriate security handling and routing of the communications.

81 Citations

View as Search Results

17 Claims

1. A computer program product for managing communications through an electronic mail gateway, the computer program product comprising computer executable code embodied in a non-transitory memory that, when executing on the electronic mail gateway, performs the steps of:
- storing an encryption key on the electronic mail gateway, the encryption key associated with users of an enterprise network;
  
  receiving an electronic mail communication at the electronic mail gateway, wherein the electronic mail communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the electronic mail communication includes an attachment that is encrypted with the encryption key;
  
  decrypting the attachment at the electronic mail gateway to provide a decrypted attachment;
  
  performing a security scan on the decrypted attachment at the electronic mail gateway;
  
  routing the electronic mail communication from the electronic mail gateway based on a result of the security scan;
  
  wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment; and
  
  attaching the portable encryption container to the electronic mail communication in place of the attachment.
- View Dependent Claims (2, 3, 4)
- - 2. The computer program product of claim 1 wherein routing includes at least one of rejecting the electronic mail communication at the electronic mail gateway, rerouting the electronic mail communication to a secure recipient, and forwarding the electronic mail communication without the attachment.
  - 3. The computer program product of claim 1wherein the portable encryption container further includes program code providing a user interface that supports a first mode of decryption using remote resources and authentication credentials for a recipient of the electronic mail communication and a second mode of decryption based on local receipt of a password for decrypting the decryption key.
  - 4. The computer program product of claim 1 wherein the attachment includes at least one of a word processing document, a spreadsheet, an image, a video, a presentation document, and a portable document format document.

5. A method comprising:
- storing an encryption key on a gateway, the encryption key associated with users on an enterprise network;
  
  receiving a communication at the gateway, wherein the communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the communication includes an attachment that is encrypted with the encryption key;
  
  decrypting the attachment at the gateway to provide a decrypted attachment;
  
  performing a security scan on the decrypted attachment at the gateway;
  
  routing the communication from the gateway based on a result of the security scan;
  
  wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment; and
  
  attaching the portable encryption container to the communication in place of the attachment.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The method of claim 5 wherein routing includes rejecting the communication at the gateway.
  - 7. The method of claim 5 wherein routing includes rerouting the communication to a secure recipient.
  - 8. The method of claim 5 wherein routing includes forwarding the communication without the attachment.
  - 9. The method of claim 5 wherein the portable encryption container further includes program code providing a user interface that supports a first mode of decryption using remote resources and authentication credentials for the recipient of the communication and a second mode of decryption based on local receipt of a password for decrypting the decryption key.
  - 10. The method of claim 5 further comprising conditionally wrapping the attachment according to a security protocol applicable to a sender of the communication.
  - 11. The method of claim 5 wherein the communication includes a text message.
  - 12. The method of claim 5 wherein the communication includes an electronic mail message.
  - 13. The method of claim 5 wherein the attachment includes at least one of a word processing document, a spreadsheet, an image, a video, a presentation document, and a portable document format document.
  - 14. The method of claim 5 wherein the gateway includes an electronic mail gateway.
  - 15. The method of claim 5 wherein the gateway includes an enterprise network gateway that couples the enterprise network to a second network.

16. A gateway comprising:
- a network interface;
  
  a memory; and
  
  a processor, the processor configured by computer executable code stored in the memory to perform the steps of storing an encryption key on the gateway, the encryption key associated with users on an enterprise network, receiving a communication at the gateway, wherein the communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the communication includes an attachment that is encrypted with the encryption key, decrypting the attachment at the gateway to provide a decrypted attachment, performing a security scan on the decrypted attachment at the gateway, routing the communication from the gateway based on a result of the security scan, wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment, and attaching the portable encryption container to the communication in place of the attachment.
- View Dependent Claims (17)
- - 17. The gateway of claim 16 wherein the gateway includes at least one of an electronic mail gateway and an enterprise network gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Neal, Roger
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/429,291
Publication Number

US 20180007014A1
Time in Patent Office

984 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Perimeter encryption

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Perimeter encryption

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links