Identity-based-encryption message management system
First Claim
1. A method for using a gateway at an organization to process a message that has been sent to a recipient at the organization from a sender over a communications network, wherein the message has been encrypted at the sender using an identity-based-encryption (IBE) public key of the recipient to produce an IBE-encrypted message, the method comprising:
- at the gateway, obtaining an IBE private key for the recipient corresponding to the IBE public key of the recipient;
at the gateway, decrypting the IBE-encrypted message to produce an unencrypted version of the message;
at the gateway, scanning the unencrypted version of the message for viruses to produce a scanned version of the message; and
providing the scanned message from the gateway to the recipient.
11 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing email are provided. Some of the email may be encrypted using identity-based-encryption (IBE) techniques. When an incoming IBE-encrypted message for a recipient in an organization is received by a gateway at the organization, the gateway may request an IBE private key from an IBE private key generator. The IBE private key generator may generate the requested IBE private key for the gateway. The gateway may use an IBE decryption engine to decrypt the incoming message. The decrypted message can be scanned for viruses and spam and delivered to the recipient. Outgoing email messages can also be processed. If indicated by message attributes or information provided by a message sender, an outgoing message can be encrypted using an IBE encryption engine and the IBE public key of a desired recipient.
363 Citations
20 Claims
-
1. A method for using a gateway at an organization to process a message that has been sent to a recipient at the organization from a sender over a communications network, wherein the message has been encrypted at the sender using an identity-based-encryption (IBE) public key of the recipient to produce an IBE-encrypted message, the method comprising:
-
at the gateway, obtaining an IBE private key for the recipient corresponding to the IBE public key of the recipient;
at the gateway, decrypting the IBE-encrypted message to produce an unencrypted version of the message;
at the gateway, scanning the unencrypted version of the message for viruses to produce a scanned version of the message; and
providing the scanned message from the gateway to the recipient. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for using a gateway at an organization to process a message that has been sent to a recipient at the organization from a sender over a communications network, wherein the message has been encrypted at the sender using an identity-based-encryption (IBE) public key of the recipient to produce an IBE-encrypted message, the method comprising:
-
at the gateway, obtaining an IBE private key for the recipient corresponding to the IBE public key of the recipient;
at the gateway, decrypting the IBE-encrypted message to produce an unencrypted version of the message;
at the gateway, scanning the unencrypted version of the message to determine whether the message is spam; and
providing the scanned message from the gateway to the recipient over a network of the organization. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of processing incoming email messages to an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of recipients and wherein the gateway, private key generator, and recipients are connected by the network, the method comprising:
-
receiving an encrypted email message for a recipient in the organization with the gateway;
with the gateway, using recipient credential information to request a private key of the recipient from the private key generator;
using the recipient credential information at the private key generator to determine whether the gateway is authorized to obtain the requested private key, and, if the gateway is authorized, generating the requested private key in real time;
providing the private key that has been generated by the private key generator to the gateway; and
at the gateway, using the private key to decrypt the email message. - View Dependent Claims (14, 15)
-
-
16. A method of processing outgoing email messages from an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of users and wherein the gateway, the private key generator, and the users are connected by the network, the method comprising:
-
at a user, creating an email message to be sent to a recipient over the Internet;
providing information from the user to the gateway that indicates to the gateway that the email message is to be encrypted using an identity-based-encryption (IBE) public key of the recipient;
at the gateway, receiving the information from the user that indicates that the email message is to be encrypted using the IBE public key of the recipient and, in response, using an IBE encryption engine and the IBE public key of the recipient to encrypt the email message; and
sending the IBE-encrypted email message to the recipient over the Internet. - View Dependent Claims (17)
-
-
18. A method of processing outgoing email messages from an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of users and wherein the gateway, the private key generator, and the users are connected by the network, the method comprising:
-
at a user, creating an email message to be sent to a recipient over the Internet;
at the gateway, processing the email message to determine whether the email message should be encrypted; and
if it is determined that the email message should be encrypted, using an identity-based-encryption (IBE) public key of the recipient and an IBE encryption engine at the gateway to encrypt the email message. - View Dependent Claims (19, 20)
-
Specification