Identity-based-encryption message management system

US 20050138353A1
Filed: 12/22/2003
Published: 06/23/2005
Est. Priority Date: 12/22/2003
Status: Active Grant

First Claim

Patent Images

1. A method for using a gateway at an organization to process a message that has been sent to a recipient at the organization from a sender over a communications network, wherein the message has been encrypted at the sender using an identity-based-encryption (IBE) public key of the recipient to produce an IBE-encrypted message, the method comprising:

at the gateway, obtaining an IBE private key for the recipient corresponding to the IBE public key of the recipient;

at the gateway, decrypting the IBE-encrypted message to produce an unencrypted version of the message;

at the gateway, scanning the unencrypted version of the message for viruses to produce a scanned version of the message; and

providing the scanned message from the gateway to the recipient.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for managing email are provided. Some of the email may be encrypted using identity-based-encryption (IBE) techniques. When an incoming IBE-encrypted message for a recipient in an organization is received by a gateway at the organization, the gateway may request an IBE private key from an IBE private key generator. The IBE private key generator may generate the requested IBE private key for the gateway. The gateway may use an IBE decryption engine to decrypt the incoming message. The decrypted message can be scanned for viruses and spam and delivered to the recipient. Outgoing email messages can also be processed. If indicated by message attributes or information provided by a message sender, an outgoing message can be encrypted using an IBE encryption engine and the IBE public key of a desired recipient.

363 Citations

20 Claims

1. A method for using a gateway at an organization to process a message that has been sent to a recipient at the organization from a sender over a communications network, wherein the message has been encrypted at the sender using an identity-based-encryption (IBE) public key of the recipient to produce an IBE-encrypted message, the method comprising:
- at the gateway, obtaining an IBE private key for the recipient corresponding to the IBE public key of the recipient;
  
  at the gateway, decrypting the IBE-encrypted message to produce an unencrypted version of the message;
  
  at the gateway, scanning the unencrypted version of the message for viruses to produce a scanned version of the message; and
  
  providing the scanned message from the gateway to the recipient.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method defined in claim 1 further comprising:
    - processing the unencrypted version of the message at the gateway to determine whether to generate a notification; and
      
      if it is determined that a notification is to be generated, using the gateway to generate the notification.
  - 3. The method defined in claim 1 further comprising:
    - processing the unencrypted version of the message at the gateway to determine whether to edit the message; and
      
      if it is determined that the message is to be edited, using a message editor at the gateway to edit the message.
  - 4. The method defined in claim 1 further comprising:
    - processing the unencrypted version of the message at the gateway to determine whether to archive the message; and
      
      if it is determined that the message is to be archived, using a database controller to save a copy of the message in a database of the organization.
  - 5. The method defined in claim 1 further comprising:
    - processing the unencrypted version of the message at the gateway to determine if the message is spam.
  - 6. The method defined in claim 1 wherein the organization has an IBE private key generator that communicates with the gateway over a network of the organization, the method further comprising:
    - at the gateway, requesting and obtaining the IBE private key for the recipient over the network of the organization, wherein providing the scanned message from the gateway to the recipient comprises providing the scanned message from the gateway to the recipient over the network of the organization.

7. A method for using a gateway at an organization to process a message that has been sent to a recipient at the organization from a sender over a communications network, wherein the message has been encrypted at the sender using an identity-based-encryption (IBE) public key of the recipient to produce an IBE-encrypted message, the method comprising:
- at the gateway, obtaining an IBE private key for the recipient corresponding to the IBE public key of the recipient;
  
  at the gateway, decrypting the IBE-encrypted message to produce an unencrypted version of the message;
  
  at the gateway, scanning the unencrypted version of the message to determine whether the message is spam; and
  
  providing the scanned message from the gateway to the recipient over a network of the organization.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method defined in claim 7 further comprising:
    - processing the unencrypted version of the message at the gateway to determine whether to generate a notification; and
      
      if it is determined that a notification is to be generated, using the gateway to generate the notification.
  - 9. The method defined in claim 7 further comprising:
    - processing the unencrypted version of the message at the gateway to determine whether to edit the message; and
      
      if it is determined that the message is to be edited, using a message editor at the gateway to edit the message.
  - 10. The method defined in claim 7 further comprising:
    - processing the unencrypted version of the message at the gateway to determine whether to archive the message; and
      
      if it is determined that the message is to be archived, using a database controller to save a copy of the message in a database of the organization.
  - 11. The method defined in claim 7 further comprising:
    - processing the unencrypted version of the message at the gateway to determine if the message contains a virus.
  - 12. The method defined in claim 7 wherein the organization has an IBE private key generator that communicates with the gateway over the network of the organization, the method further comprising:
    - at the gateway, using recipient credential information to request and obtain the IBE private key for the recipient over the network of the organization.

13. A method of processing incoming email messages to an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of recipients and wherein the gateway, private key generator, and recipients are connected by the network, the method comprising:
- receiving an encrypted email message for a recipient in the organization with the gateway;
  
  with the gateway, using recipient credential information to request a private key of the recipient from the private key generator;
  
  using the recipient credential information at the private key generator to determine whether the gateway is authorized to obtain the requested private key, and, if the gateway is authorized, generating the requested private key in real time;
  
  providing the private key that has been generated by the private key generator to the gateway; and
  
  at the gateway, using the private key to decrypt the email message.
- View Dependent Claims (14, 15)
- - 14. The method defined in claim 13 wherein the gateway has an identity-based-encryption (IBE) decryption engine and wherein using the private key to decrypt the email message comprises using the IBE decryption engine to decrypt the email message at the gateway.
  - 15. The method defined in claim 13 wherein the gateway is connected to the Internet by a firewall, the method further comprising receiving the encrypted email message with the gateway through the firewall.

16. A method of processing outgoing email messages from an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of users and wherein the gateway, the private key generator, and the users are connected by the network, the method comprising:
- at a user, creating an email message to be sent to a recipient over the Internet;
  
  providing information from the user to the gateway that indicates to the gateway that the email message is to be encrypted using an identity-based-encryption (IBE) public key of the recipient;
  
  at the gateway, receiving the information from the user that indicates that the email message is to be encrypted using the IBE public key of the recipient and, in response, using an IBE encryption engine and the IBE public key of the recipient to encrypt the email message; and
  
  sending the IBE-encrypted email message to the recipient over the Internet.
- View Dependent Claims (17)
- - 17. The method defined in claim 16 further comprising scanning the email message at the gateway for viruses before using the IBE encryption engine to encrypt the message.

18. A method of processing outgoing email messages from an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of users and wherein the gateway, the private key generator, and the users are connected by the network, the method comprising:
- at a user, creating an email message to be sent to a recipient over the Internet;
  
  at the gateway, processing the email message to determine whether the email message should be encrypted; and
  
  if it is determined that the email message should be encrypted, using an identity-based-encryption (IBE) public key of the recipient and an IBE encryption engine at the gateway to encrypt the email message.
- View Dependent Claims (19, 20)
- - 19. The method defined in claim 18 wherein processing the email message at the gateway to determine whether the email message should be encrypted comprises examining content in the email message to determine whether it is sensitive.
  - 20. The method defined in claim 18 wherein processing the email message the gateway to determine whether the email message should be encrypted comprises examining address information in the email message to determine whether to encrypt the email message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Appenzeller, Guido, Spies, Terence

Granted Patent

US 7,523,314 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 9/3073   involving pairings, e.g. id...

Identity-based-encryption message management system

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

363 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based-encryption message management system

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

363 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links