E-mail firewall with stored key encryption/decryption

US 20030196098A1
Filed: 04/21/2003
Published: 10/16/2003
Est. Priority Date: 07/24/1997
Status: Abandoned Application

First Claim

Patent Images

1. A computer based encryption and decryption system comprising:

(a) means (i) for determining whether digital input information including as content at least one of a body of a message and a file attachment is encrypted using a cryptographic key, and (ii) for decrypting the digital input information using a private decryption key of a public key pair prior to applying policies that analyze the content of the digital input information; and

(b) a policy manager configured to apply the policies, the policies including a virus policy for detecting and eradicating a detected virus;

wherein;

(c) the private decryption key is apart from the content of the digital input information and (d) decryption is done without using decryption executables contained in a header corresponding to the digital input information when a header is present.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An e-mail firewall (105) applies policies to e-mail messages (204) between a first 5 site and a plurality of second sites in accordance with a plurality of administrator selectable policies (216). The firewall comprises a simple mail transfer protocol (SMTP) relay (202) for causing the e-mail messages (204) to be transmitted between the first site and selected ones of the second sites. A plurality of policy managers (216) enforce-administrator selectable policies. The policies, such as encryption and decryption policies, comprise at least a first source/destination policy (218), at least a first content policy (202) and at least a first virus policy (224). The policies are characterized by a plurality of administrator selectable criteria (310), a plurality of administrator selectable exceptions (312) to the criteria and a plurality of administrator selectable actions (314, 316, 322) associated with the criteria and exceptions. The policy managers comprise an access manager (218) for restricting transmission of e-mail messages (204) between the first site and the second sites in accordance with the source/destination policy (218). The policy managers (216) further comprise a content manager (220) for restricting transmission of e-mail messages (204) between the first site and the second sites in accordance with the content policy (220), and a virus manager (224) for restriction transmission of e-mail messages (204) between the first site and the second sites in accordance with the virus policy (224).

Citations

18 Claims

1. A computer based encryption and decryption system comprising:
- (a) means (i) for determining whether digital input information including as content at least one of a body of a message and a file attachment is encrypted using a cryptographic key, and (ii) for decrypting the digital input information using a private decryption key of a public key pair prior to applying policies that analyze the content of the digital input information; and
  
  (b) a policy manager configured to apply the policies, the policies including a virus policy for detecting and eradicating a detected virus;
  
  wherein;
  
  (c) the private decryption key is apart from the content of the digital input information and (d) decryption is done without using decryption executables contained in a header corresponding to the digital input information when a header is present.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the means for decrypting decrypts the digital information content to facilitate content analysis prior to allowing subsequent use of the decrypted digital input information on a computer system.
  - 3. The system of claim 1, wherein the means for decrypting decrypts the digital information content to facilitate content analysis prior to allowing subsequent transfer of the decrypted digital input information.
  - 4. The system of claim 1, wherein the means for decrypting uses a private decryption key which has been stored by the system.
  - 5. The system of claim 1, wherein the policy manager performs real time content analysis of the digital input information before allowing the digital input information to be passed to a designated recipient.
  - 6. The system of claim 1, wherein the policy manager is further configured to defer, quarantine, return to sender, or drop the digital input information as a result of the content analysis.

7. A computer based encryption and decryption method, said method comprising the steps of:
- (a) determining whether digital input information that includes as content at least one of a body of a message and a file attachment is encrypted;
  
  (b) decrypting the digital input information without using decryption executables included in a header corresponding to the digital input information when a header is present if it is determined that the digital input information is encrypted; and
  
  (c) providing content analysis including performing virus detection to facilitate eradication of a detected virus subsequent to decrypting the digital information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The encryption and decryption method of claim 7, wherein the step of providing content analysis includes decrypting the digital information content to facilitate content analysis prior to allowing subsequent use of the decrypted digital input information on a computer system.
  - 9. The encryption and decryption method of claim 7, wherein the step of providing content analysis includes decrypting the digital information content to facilitate content analysis prior to allowing subsequent transfer of the decrypted digital input information.
  - 10. The encryption and decryption method of claim 7, wherein the step of decrypting includes using a private decryption key which has been stored by the system.
  - 11. The encryption and decryption method of claim 7, further including the step of deferring decrypted information prior to dissemination of the digital input information within the network.
  - 12. The encryption and decryption method of claim 7, wherein the step of providing content analysis includes the step of performing real time content analysis of the digital input information before allowing the digital input information to be passed to a designated recipient.

13. A storage medium comprising:
- a program executable by a computing mechanism that facilitates the following steps;
  
  (i) determining whether digital input information that includes as content at least one of a body of a message and a file attachment is encrypted;
  
  (ii) decrypting the digital input information without using decryption executables included in a header corresponding to the digital input information when a header is present if it is determined that the digital input information is encrypted; and
  
  (iii) applying content analysis to the decrypted digital input information prior to allowing use of the decrypted digital input information, wherein content analysis includes performing virus detection to facilitate eradication of a detected virus.
- View Dependent Claims (14, 15)
- - 14. The storage medium of claim 13, wherein decrypting includes using a private decryption key which has been stored by the system.
  - 15. The storage medium of claim 13, wherein the program also facilitates decryption operation on the encrypted digital input information to facilitate content analysis prior to transferring of the digital input information for use by a target application.

16. A computer based encryption and decryption system comprising:
- (a) means (i) for determining whether digital input information including as content at least one of a body of a message and a file attachment is encrypted using a cryptographic key, and (ii) for decrypting the digital input information using a private decryption key of a public key pair prior to applying policies that analyze the content of the digital input information; and
  
  (b) a policy manager configured to apply the policies, the policies including a virus policy for detecting and eradicating a detected virus;
  
  wherein;
  
  (c) the private decryption key is apart from the content of the digital input information and (d) has been stored by the system for access at the time of decryption.
- View Dependent Claims (17)
- - 17. The encryption and decryption system of claim 16, wherein the means for decrypting decrypts the digital information content to facilitate content analysis prior to allowing subsequent transfer of the decrypted digital input information.

18. An encryption and decryption method comprising:
- providing content analysis by determining whether digital input information that includes at least one of a file, document and at least part of a body of a message is encrypted and generating a decryption request to a decryptor to decrypt the encrypted digital input information prior to applying content analysis to facilitate content analysis within the encrypted digital input information; and
  
  decrypting the encrypted digital input information prior to completion of the content analysis wherein content analysis includes performing virus detection to facilitate eradication of a detected virus, wherein decrypting is done without using decryption executables contained in a header corresponding to the digital input information, if a header is present.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tumbleweed Communications Corporation (Axway Software SA)
Original Assignee
Tumbleweed Communications Corporation (Axway Software SA)
Inventors
Dickinson, Robert D. III, Krishnamurthy, Sathvik

Application Number

US10/419,219
Publication Number

US 20030196098A1
Time in Patent Office

Days
Field of Search
US Class Current

713/188
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 51/063   Content adaptation, e.g. re...

H04L 51/212   using filtering or selectiv...

H04L 51/224   providing notification on i...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

E-mail firewall with stored key encryption/decryption

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

E-mail firewall with stored key encryption/decryption

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links