System and Method for End-to-End Electronic Mail-Encryption

US 20090327714A1
Filed: 12/19/2006
Published: 12/31/2009
Est. Priority Date: 12/19/2005
Status: Abandoned Application

First Claim

Patent Images

1. An email encryption system, the system comprising:

an email transmission module configured for sending an email;

a payload-encryption-packet creation module operating remotely from the email transmission module, the payload-encryption-packet creation module being configured for producing a payload-encryption-packet in response to a request for creating a payload-encryption-packet, wherein the payload-encryption-packet is produced as a function of an encryption key;

a payload-encryption-packet creation trigger module connectable to the payload-encryption-packet creation module, the payload-encryption-packet creation trigger module being configured for, contemporaneously with the sending of the email;

generating the request for creating the payload-encryption-packet,causing the generation of an encrypted email, wherein the encrypted email is produced as a function of the email and the encryption key, andcausing the substitution of the email with the encrypted email;

a payload-encryption-packet processing module configured for returning the encryption key in response to a request for processing the payload-encryption-packet; and

a payload-encryption-packet processing trigger module connectable to the payload-encryption-packet processing module, the payload-encryption-packet processing trigger module being configured for triggering the request for processing the payload-encryption-packet contemporaneously with the reception of the payload-encryption-packet and receiving the encryption key, thereby enabling the decryption of the encrypted email.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides a system and method for end-to-end electronic mail encryption. In one embodiment, the sender contacts a payload-encryption-packet creation server which receives the message the sender would like to encrypt, generates an encrypted message and a payload-encryption-packet, and returns both to the sender. The sender then uses his regular email infrastructure to transmit to the recipient the encrypted message and the payload-encryption-packet as a single email. Upon receiving the sender'"'"'s email, the recipient contacts a payload-encryption-packet processing server and sends it the payload-encryption-packet and authorization information. Depending on the validity of the authorization information, said server processes the payload-encryption-packet and provides the recipient with information usable for extracting the original message from the encrypted message.

71 Citations

View as Search Results

32 Claims

1. An email encryption system, the system comprising:
- an email transmission module configured for sending an email;
  
  a payload-encryption-packet creation module operating remotely from the email transmission module, the payload-encryption-packet creation module being configured for producing a payload-encryption-packet in response to a request for creating a payload-encryption-packet, wherein the payload-encryption-packet is produced as a function of an encryption key;
  
  a payload-encryption-packet creation trigger module connectable to the payload-encryption-packet creation module, the payload-encryption-packet creation trigger module being configured for, contemporaneously with the sending of the email;
  
  generating the request for creating the payload-encryption-packet,causing the generation of an encrypted email, wherein the encrypted email is produced as a function of the email and the encryption key, andcausing the substitution of the email with the encrypted email;
  
  a payload-encryption-packet processing module configured for returning the encryption key in response to a request for processing the payload-encryption-packet; and
  
  a payload-encryption-packet processing trigger module connectable to the payload-encryption-packet processing module, the payload-encryption-packet processing trigger module being configured for triggering the request for processing the payload-encryption-packet contemporaneously with the reception of the payload-encryption-packet and receiving the encryption key, thereby enabling the decryption of the encrypted email.

2. A system for email encryption, the system comprising:
- an email transmission module configured for sending an email;
  
  a payload-encryption-packet creation module operating remotely from the email transmission module, the payload-encryption-packet creation module being configured for producing a payload-encryption-packet in response to a request for creating the payload-encryption-packet, wherein the payload-encryption-packet is produced as a function of data identifying the recipient;
  
  a payload-encryption-packet creation trigger module connectable to the payload-encryption-packet creation module, the payload-encryption-packet creation trigger module being configured for generating the request for creating the payload-encryption-packet contemporaneously with the sending of the email and configured for causing the email to be substituted with an encrypted email, wherein the encrypted email is produced as a function of the email and cryptographic information found in the payload-encryption-packet;
  
  a payload-encryption-packet processing module configured for returning cryptographic information necessary for decrypting the encrypted email in response to a request for processing the payload-encryption-packet;
  
  an email reception module configured for receiving the email; and
  
  a payload-encryption-packet processing trigger module connectable to the payload-encryption-packet processing module, the payload-encryption-packet processing trigger module being configured for triggering the request for processing the payload-encryption-packet contemporaneously with the reception of the payload-encryption-packet, whereby the cryptographic information returned by the payload-encryption-packet processing module is used to decrypt the encrypted email received by the email reception module.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 3. A system of claim 2, further comprising:
    - a payload-encryption-packet transmission module configured for causing the sending of the payload-encryption-packet; and
      
      a payload-encryption-packet reception module configured for receiving the payload-encryption-packet.
  - 4. A system according to claim 2, wherein the payload-encryption-packet processing module enabling requests for processing payload-encryption-packets to enable access to the payload-encryption-packet creation module.
  - 5. A system according to claim 2, wherein the payload-encryption-packet creation module is separate from the payload-encryption-packet processing module.
  - 6. A system according to claim 2, wherein the payload-encryption-packet processing module requires requests for processing payload-encryption-packets to be authenticated.
  - 7. A system according to claim 6, further comprising a random key generation module connectable to the payload-encryption-packet creation module, the random key generation module being configured for generating a symmetric key.
  - 8. A system according to claim 7, further comprising a symmetric key encryption module connectable to the payload-encryption-packet creation module, the symmetric key encryption module being configured for producing an encrypted symmetric key as a function of a public key and the symmetric key, wherein the encrypted symmetric key is made to be a component of the payload-encryption-packet.
  - 9. A system according to claim 8, further comprising an email encryption module connectable to the payload-encryption-packet creation module, the email encryption module being configured for producing the encrypted email as a function of the symmetric key.
  - 10. A system according to claim 9, further comprising a payload-encryption-packet formatting module configured for producing an email in payload-encryption format by combining the encrypted email with the payload-encryption-packet.
  - 11. A system according to claim 10, wherein the payload-encryption-packet formatting module is connectable to payload-encryption-packet creation module.
  - 12. A system according to claim 10, wherein the payload-encryption-packet formatting module is connectable to the payload-encryption-packet creation trigger module.
  - 13. A system according to claim 10, further comprising a payload-encryption-packet transmission module configured for substituting the email with the email in payload-encryption format, wherein said substitution is effected contemporaneously with the transmission of the email by the email transmission module.
  - 14. A system according to claim 13, wherein the payload-encryption-packet transmission module is connectable to the payload-encryption-packet creation trigger module.
  - 15. A system according to claim 13, wherein the payload-encryption-packet transmission module is connectable to the payload-encryption-packet creation module.
  - 16. A system according to claim 13, wherein the email received by the email reception module is the email in payload-encryption format.
  - 17. A system according to claim 16, wherein the payload-encryption-packet processing module is further configured for receiving the payload-encryption-packet part of the email in payload-encryption format.
  - 18. A system according to claim 17, wherein the payload-encryption-packet processing module is further configured for decrypting the symmetric key found in the payload-encryption-packet using a private key.
  - 19. A system according to claim 18, wherein the payload-encryption-packet processing module is further configured to return the decrypted symmetric key to the payload-encryption-packet processing trigger module.
  - 20. A system according to claim 19, wherein the payload-encryption-packet processing trigger module is further configured for decrypting the encrypted email found as part of the email in payload-encryption format using the decrypted symmetric key.
  - 21. A system according to claim 2, wherein the email transmission module is a sender'"'"'s email client application.
  - 22. A system according to claim 21, wherein the payload-encryption-packet creation trigger module is connected to the sender'"'"'s email client application by way of a plugin.
  - 23. A system according to claim 22, wherein the email reception module is a recipient'"'"'s email client application.
  - 24. A system according to claim 23, wherein the payload-encryption-packet processing trigger module is connectable to the recipient'"'"'s email client application by way of a plugin.
  - 25. A system according to claim 24, wherein the payload-encryption-packet creation module is integrated in a payload-encryption-packet creation server.
  - 26. A system according to claim 25, wherein the payload-encryption-packet processing module is integrated in a payload-encryption-packet processing server.
  - 27. A system according to claim 26, wherein the email transmission module and the payload-encryption-packet creation trigger module are integrated in a sender unit.
  - 28. A system according to claim 27, wherein the email reception module and the payload-encryption-packet processing trigger module are integrated in a recipient unit.
  - 29. A system according to claim 28, wherein the sender unit is a sender station.
  - 30. A system according to claim 29, wherein the recipient unit is a recipient station.

31. A method for email encryption, the method comprising:
- a) generating a request for producing a payload-encryption-packet contemporaneously with the sending of an email, wherein the email is sent by an email transmission module;
  
  b) producing a payload-encryption-packet remotely from the email transmission module in response to the request for producing a payload-encryption-packet;
  
  c) producing an encrypted email as a function of the email and cryptographic information contained in the payload-encryption-packet;
  
  d) substituting the email with the encrypted email;
  
  e) generating a request for processing the payload-encryption-packet contemporaneously with the reception of the payload-encryption-packet; and
  
  extracting the cryptographic information found in the payload-encryption-packet for use in decrypting the encrypted email received by the email reception module.

32. A method for email encryption, the method comprising:
- a) generating a request for producing a payload-encryption-packet contemporaneously with the sending of an email, wherein the email is sent by an email transmission module;
  
  b) generating a symmetric key remotely from the email transmission module in response to the request for producing a payload-encryption-packet, wherein the content of the payload-encryption-packet can only be accessed by authorized recipients;
  
  c) encrypting the email using the symmetric key, thereby obtaining an encrypted email;
  
  d) encrypting the symmetric key using a public key, thereby obtaining an encrypted symmetric key;
  
  e) substituting the email with an email in payload-encryption format, wherein the email in payload-encryption format is produced as a function of the encrypted email and the encrypted symmetric key;
  
  f) generating a request for processing the payload-encryption-packet contemporaneously with the reception of the email in payload-encryption format by an email reception module;
  
  g) authenticating the recipient on whose behalf the request for processing the payload-encryption-packet is generated;
  
  h) decrypting the encrypted symmetric key found in the email in payload-encryption format using a private key, thereby obtaining a decrypted symmetric key; and
  
  i) decrypting the encrypted email found in the email in payload-encryption format using the decrypted symmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kryptiva Incorporated
Original Assignee
Kryptiva Incorporated
Inventors
Yaghmour, Karim

Application Number

US12/086,697
Publication Number

US 20090327714A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 51/23   Reliability checks, e.g. ac...

H04L 51/234   for tracking messages

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/126   the source of the received ...

System and Method for End-to-End Electronic Mail-Encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for End-to-End Electronic Mail-Encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links