Perimeter encryption
First Claim
1. A computer program product for managing communications through an electronic mail gateway, the computer program product comprising computer executable code embodied in a non-transitory memory that, when executing on the electronic mail gateway, performs the steps of:
- storing an encryption key on the electronic mail gateway, the encryption key associated with users of an enterprise network;
receiving an electronic mail communication at the electronic mail gateway, wherein the electronic mail communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the electronic mail communication includes an attachment that is encrypted with the encryption key;
decrypting the attachment at the electronic mail gateway to provide a decrypted attachment;
performing a security scan on the decrypted attachment at the electronic mail gateway;
routing the electronic mail communication from the electronic mail gateway based on a result of the security scan;
wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment; and
attaching the portable encryption container to the electronic mail communication in place of the attachment.
4 Assignments
0 Petitions
Accused Products
Abstract
Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. whether and how files are encrypted with the encryption keys, may also be used to assist in selecting appropriate security handling and routing of the communications.
81 Citations
17 Claims
-
1. A computer program product for managing communications through an electronic mail gateway, the computer program product comprising computer executable code embodied in a non-transitory memory that, when executing on the electronic mail gateway, performs the steps of:
-
storing an encryption key on the electronic mail gateway, the encryption key associated with users of an enterprise network; receiving an electronic mail communication at the electronic mail gateway, wherein the electronic mail communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the electronic mail communication includes an attachment that is encrypted with the encryption key; decrypting the attachment at the electronic mail gateway to provide a decrypted attachment; performing a security scan on the decrypted attachment at the electronic mail gateway; routing the electronic mail communication from the electronic mail gateway based on a result of the security scan; wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment; and attaching the portable encryption container to the electronic mail communication in place of the attachment. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
storing an encryption key on a gateway, the encryption key associated with users on an enterprise network; receiving a communication at the gateway, wherein the communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the communication includes an attachment that is encrypted with the encryption key; decrypting the attachment at the gateway to provide a decrypted attachment; performing a security scan on the decrypted attachment at the gateway; routing the communication from the gateway based on a result of the security scan; wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment; and attaching the portable encryption container to the communication in place of the attachment. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A gateway comprising:
-
a network interface; a memory; and a processor, the processor configured by computer executable code stored in the memory to perform the steps of storing an encryption key on the gateway, the encryption key associated with users on an enterprise network, receiving a communication at the gateway, wherein the communication includes an outbound communication to a recipient outside of the enterprise network, and wherein the communication includes an attachment that is encrypted with the encryption key, decrypting the attachment at the gateway to provide a decrypted attachment, performing a security scan on the decrypted attachment at the gateway, routing the communication from the gateway based on a result of the security scan, wrapping the decrypted attachment in a portable encryption container that contains an encrypted instance of the decrypted attachment and an encrypted instance of a decryption key to decrypt the encrypted instance of the decrypted attachment, and attaching the portable encryption container to the communication in place of the attachment. - View Dependent Claims (17)
-
Specification