METHODS AND SYSTEMS FOR INDICATING TRUSTWORTHINESS OF SECURE COMMUNICATIONS
First Claim
1. A method of indicating a trustworthiness of a received message, said method comprising:
- receiving a message comprising content that has been digitally signed by a digital signer;
accessing a set of attestations by a third-party entity known, but not necessarily trusted to software that received the message;
identifying a cryptographic key was used to sign the message and an entity that holds the key;
determining a set of indicium from said secure bindings and said cryptographically secure attestation;
presenting said indicium to said user; and
requesting said user to modify said indicium.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention enable a message recipient or messaging system to indicate the trustworthiness of a message, especially messages that comprise content that has been digitally signed. In addition, embodiments may alter or control the message to change user behavior by preventing the user from doing things that the message would induce the user into doing. In some embodiments, various characteristics and indicia of the message are determined. For example, for e-mail messages having digitally signed content, certain embodiments may determine the entity or entities asserting a basis for trust, the status or role of the sender, the name of the sender, the affiliation of the sender, the messaging address the location, and the most recent status of the trust relationship. Based on the determined indicia, a plain language notification is composed and the message is displayed with the notification. For example, the notification may be displayed in a display bar above or below the message'"'"'s contents, or may appear as a pop-up window. In addition, in some embodiments, the recipient may provide his or her assessment of the indicia, such as the accuracy, reliability, and the trustworthiness of the indicia. The history of interactions between various parties related to the message may also be considered. For example, the history of interactions between the sender and recipient may be considered. The trustworthiness of the certification authority or other entity may also be considered.
-
Citations
52 Claims
-
1. A method of indicating a trustworthiness of a received message, said method comprising:
-
receiving a message comprising content that has been digitally signed by a digital signer; accessing a set of attestations by a third-party entity known, but not necessarily trusted to software that received the message; identifying a cryptographic key was used to sign the message and an entity that holds the key; determining a set of indicium from said secure bindings and said cryptographically secure attestation; presenting said indicium to said user; and requesting said user to modify said indicium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of assessing trustworthiness of a received message, said method comprising:
-
receiving a message comprising content that is digitally signed by a digital signer; accessing a set of attestations by a trusted entity; identifying a cryptographic key was used to sign the message and an entity that holds the key; determining a set of indicium from said secure bindings, said cryptographically secure attestation; determining a role from said indicium; and modifying the message based on said role and said indicium to a recipient of the received message. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 43, 47, 48)
-
-
30. A method of indicating a trustworthiness of a message, wherein said message comprises content that is digitally signed, said method comprising:
-
determining a name of an entity sending the message; classifying the entity; determining a validity of the digital signature; composing a notification that is configured according to a set of plain language grammar templates that indicate at least the name of the entity sending the message, whether the entity is an individual or an organization, and the validity of the digital signature; and configuring the message to include the notification when the message is displayed. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 44, 45, 46, 49, 50)
-
-
51. A method of issuing a digital certificate, said method comprising:
-
determining information regarding a name of a signer of a message; determining a role of the signer, wherein the role indicates types of messages that the signer will likely sign with a key associated with the digital certificate; and issuing the digital certificate based on the name of the signer and the role of the signer. - View Dependent Claims (52)
-
Specification