Method for establishing a secure e-mail communication channel between a sender and a recipient

US 20070130464A1
Filed: 11/15/2006
Published: 06/07/2007
Est. Priority Date: 11/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a secure e-mail communication channel between a sender and at least one recipient, wherein an encryption system on the sender'"'"'s side sends an enrolment message to said recipient, said enrolment message containing an invitation for said recipient to choose among one of the following options:

i) access to said e-mail over a secured web mail interface, or ii) sends a reply to said encryption system from which the public key of said recipient can be extracted, or iii) initiate generation of a public key on the recipient'"'"'s side.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing a secure e-mail communication channel between a sender (10) and a recipient (5), wherein:

1) said sender sends an e-mail addressed to said recipient over an e-mail encryption system (16),
2) said encryption system (16) verifies in a database (160) of recipients if a public key of said recipient is available,
3) if said public key of said recipient is available, said encryption system encrypts said e-mail with said public key, and forwards the encrypted e-mail to the recipient (5),
4) if, on the other hand, said public key of said recipient is not available in said database (160), said encryption system sends instead enrolment message (1220) to said recipient, said enrolment message containing an invitation for said recipient to choose among one of the following options: i) access to said email over a secured web mail interface, or ii) sends a reply to said encryption system from which said public key can be extracted, or ii) initiate generation of a public key on the recipient'"'"'s side.

70 Citations

View as Search Results

37 Claims

1. A method for establishing a secure e-mail communication channel between a sender and at least one recipient, wherein an encryption system on the sender'"'"'s side sends an enrolment message to said recipient, said enrolment message containing an invitation for said recipient to choose among one of the following options:
- i) access to said e-mail over a secured web mail interface, or ii) sends a reply to said encryption system from which the public key of said recipient can be extracted, or iii) initiate generation of a public key on the recipient'"'"'s side.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34)
- - 2. The method of claim 1, wherein:
    - 1) said sender sends an e-mail addressed to said recipient over said email encryption system, 2) said encryption system verifies in a database of recipients if a public key of said recipient is available, 3) if said public key of said recipient is available, said encryption system encrypts said email with said public key, and forwards the encrypted email to the recipient, 4) if, on the other hand, said public key of said recipient is not available in said database, said encryption system sends instead said enrolment message to said recipient.
  - 3. The method of claim 2, wherein said encryption system first verifies if said email fulfils conditions for encryption previously defined by the administrator of said system and forwards the email without encrypting it if the email does not fulfil said conditions.
  - 4. The method of claim 2, wherein during said step 4, the encryption system sends a notification by email to said sender, or to another party, to let him decide if he wants an enrolment message to be sent to the recipient, or if he prefers his email to be sent unencrypted to said recipient.
  - 5. The method of claim 4, wherein said sender replies to said notification by clicking on a link in the body of the notification, or by answering to said notification.
  - 6. The method of claim 1, wherein:
    - 1) said sender introduces a list of recipients in said encryption system, 2) said encryption system verifies in a database of recipients if the public key of said recipients are available, 3) said encryption system sends enrolment messages to recipients whose public keys are not available in said database.
  - 7. The method of claim 6, wherein all recipients in said list further receive an address book entry for their email client to send messages to all the other recipients in said list.
  - 8. The method of claim 6, wherein said list of recipients is entered over a web page on said encryption system.
  - 9. The method of claim 6, wherein said list of recipients is entered as a file, such as XML file, a comma-separated file, a spreadsheet file, as a list of entries from a LDAP or active directory, or as a list of entries retrieved from a database.
  - 10. The method of claim 1, wherein generation of said public key implies cooperation of said encryption system with a client application on the recipient'"'"'s side.
  - 11. The method of claim 1, comprising a step of generation of said public key and of at least one corresponding private key, said public key being made available to said encryption system and at least one of said private key being made available to the recipient'"'"'s side only.
  - 12. The method of claim 1, wherein said client application is a web browser.
  - 13. The method of claim 12, wherein the process of generation of a public key depends on the web browser used by the recipient.
  - 14. The method of claim 1, wherein the process of generation of a public key depends on the email client used by the recipient.
  - 15. The method of claim 14, wherein the number of said options offered to said recipient in said enrolment message depends on the email client used by said recipient.
  - 16. The method of claim 15, wherein said encryption system determines said email client from emails previously received from said recipient.
  - 17. The method of claim 14, wherein said encryption system stores at least the email addresses of at least some recipients even before an encrypted email is sent to them.
  - 18. The method of claim 14, wherein said encryption system stores information about the email client used in different domains of said recipients.
  - 19. The method of claim 14, wherein said encryption system stores information about the email client used by individual recipients.
  - 20. The method of claim 1, further comprising a step wherein said public key extracted from said reply or whose generation is initiated is stored in a database and used for encrypting said email and forwarding it to said recipient.
  - 21. The method of claim 20, wherein, if said public key of said recipient is not available in said database, said encryption system tries to retrieve it from a central directory on the World Wide Web and/or from an email relay at the recipient'"'"'s side.
  - 22. The method of claim 1, wherein said enrolment message contains a first hyperlink to said web mail, and a second hyperlink to a web page allowing said recipient to initiate said generation of a public key.
  - 23. The method of claim 1, wherein said enrolment message contains an option allowing said recipient to install a software for managing encryption keys.
  - 24. The method of claim 1, wherein said enrolment message contains an option allowing said recipient to download a private key and a public key.
  - 25. The method of claim 1, wherein said emails are signed with the private key of said sender.
  - 26. The method of claim 25, wherein said emails are signed in said encryption system.
  - 27. The method of claim 1, wherein generation of said public key implies cooperation of said encryption system with a browser on the recipient'"'"'s side, said method comprising a step of automatic detection of said browser in said encryption system.
  - 28. The method of claim 1, wherein generation of said public key implies generation of a corresponding private key made available to said recipient and of a spare private key made available to said sender, wherein the private key and the spare private key both correspond to said public key.
  - 29. The method of claim 1, wherein said enrolment message is marked with a machine-readable tag so that a software on the recipient'"'"'s side can automatically answer said enrolment message.
  - 30. The method of claim 1, wherein said encryptions system performs at least one of the following actions on outgoing e-mails, before encryption:
    - Scanning for viruses, Spam filtering Content filtering.
  - 31. The method of claim 1, further comprising a step during which said encryption system checks a predefined set of rules to verify which emails must be encrypted and/or signed.
  - 32. The method of claim 1, wherein said encryption system is operated by the network administrator of a local area network and encrypts mails sent by a plurality of senders in said local area network.
  - 34. Computer product including a program for performing the method of claim 1 when said product is loaded in an encryption'"'"'system and said program is run by said encryption system.

33. An email encryption system for securing emails sent by a sender to a recipient, comprising:
- an email relay for relaying emails a database of recipients for storing public key of said recipients a cryptographic module for encryption outgoing emails to said recipients using their public keys a SSL secured Webmail server for delivering outgoing emails over a secured web interface an infrastructure for generating new pairs of keys for new recipients requesting it, a software module for replacing outgoing emails sent to external recipients for which no public key is available by an invitation to generate or deliver a key.

35. A method for establishing a secure e-mail communication channel between a sender and at least one recipient, wherein an encryption system on the sender'"'"'s side sends an enrolment message to said recipient, said enrolment message containing an invitation for said recipient to choose among several options, including an option to generate a public key on the recipient'"'"'s side, wherein generation of said public key implies generation of a corresponding private key made available to said recipient and of a spare private key made available to said sender, wherein the private key and the spare private key both correspond to said public key.

36. A method for establishing a secure e-mail communication channel between a sender and at least one recipient, wherein:
- 1) said sender sends an e-mail addressed to said recipient over said email encryption system, 2) an encryption system on the sender'"'"'s side first verifies if said email fulfils conditions for encryption previously defined by the administrator of said encryption system and forwards the email without encrypting it if the email does not fulfil said conditions, otherwise;
  
  3) said encryption system verifies in a database of recipients if a public key of said recipient is available, and, if said public key of said recipient is available, said encryption system encrypts said email with said public key, and forwards the encrypted email to the recipient, otherwise;
  
  4) said encryption system sends an enrolment message to said recipient, said enrolment message containing an invitation for said recipient to choose among one of the following options;
  
  i) access to said e-mail over a secured web mail interface, or ii) sends a reply to said encryption system from which the public key of said recipient can be extracted, or iii) initiate generation of a public key on the recipient'"'"'s side.

37. A method for sending encrypting messages, comprising:
- 1) a list of recipients is stored in a database in an encryption system, said list comprising an email address and a cryptographic key of recipients, 2) said encryption system verifies in a database of recipients if the cryptographic key of a recipient to which an outgoing email is sent is available, 3) said encryption system replaces said outgoing email by an enrolment message when said cryptographic key is not available in said database, said enrolment message containing several options allowing said recipient to share a cryptographic key with said database or to retrieve said email over a secure webmail.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Totemo AG (Accellion USA LLC)
Original Assignee
Totemo AG (Accellion USA LLC)
Inventors
Mock, Marcel, Swedor, Olivier

Granted Patent

US 8,032,750 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 2221/2107   File encryption

H04L 51/23   Reliability checks, e.g. ac...

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

Method for establishing a secure e-mail communication channel between a sender and a recipient

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method for establishing a secure e-mail communication channel between a sender and a recipient

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links