PROTECTING CONTENT FROM THIRD PARTY USING CLIENT-SIDE SECURITY PROTECTION

US 20100186062A1
Filed: 01/20/2009
Published: 07/22/2010
Est. Priority Date: 01/20/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented messaging system, comprising:

a client for sending a message to a recipient using an untrusted message service; and

a security component for automatically applying security to the message in response to using the untrusted message service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Citations

20 Claims

1. A computer-implemented messaging system, comprising:
- a client for sending a message to a recipient using an untrusted message service; and
  
  a security component for automatically applying security to the message in response to using the untrusted message service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the client is at a trusted location and the untrusted message service is at an untrusted location.
  - 3. The system of claim 2, wherein the security includes encryption of portions of the message and storage of an associated encryption key at a trusted location.
  - 4. The system of claim 1, further comprising a rules component associated with the untrusted message service for creating rules, the message evaluated based on the rules when using the untrusted message service.
  - 5. The system of claim 4, wherein the client automatically downloads and caches the rules to be used for evaluating the message when transmitting the message via the untrusted message service.
  - 6. The system of claim 4, wherein the rules include at least one of a predicate, an action, or configuration information.
  - 7. The system of claim 4, wherein the client is a trusted messaging client that automatically polls the rules component, which is a trusted rules service, for new rules policies and/or modified rules policies, and downloads the new rules policies and/or modified rules policies for evaluation of the message.
  - 8. The system of claim 1, wherein the message is evaluated according to the rules during an offline mode of the client and the security is applied during the offline mode.
  - 9. The system of claim 1, wherein the security includes encryption of a body of the message so the untrusted message service cannot decrypt the message body.

10. A computer-implemented messaging system, comprising:
- a trusted message client for sending a message to one or more recipients using an untrusted message service, the trusted client applying rules downloaded from a trusted rules service; and
  
  a trusted security component for automatically applying a security template to a portion of the message in response to evaluation of the message by the rules.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, wherein the rules include at least one of a predicate that defines sender and recipient constraints, an action by a recipient that is specified by the security template, or configuration information that delegates control to a user of the client.
  - 12. The system of claim 10, wherein the security template applies results in encryption of a body of the message and/or attachments, which is an e-mail message, to prevent exposure of the body and/or attachments of the e-mail message to the untrusted message service.
  - 13. The system of claim 10, wherein the security template as applied to the message prevents an unintended recipient from decrypting the message.

14. A computer-implemented method of processing messages, comprising:
- composing a message in a trusted client for communication to a recipient via an untrusted message service;
  
  analyzing the message using a trusted rules service;
  
  applying a security template to the message based on results of the analysis; and
  
  sending the message to the recipient through the untrusted message service without exposing portions of the message at the untrusted message service based on the security template.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising periodically downloading updated or new rules from the rules service to the client.
  - 16. The method of claim 14, further comprising applying encryption broadly or narrowly to the message based on the security template and storing a key to the encryption at a trusted location.
  - 17. The method of claim 14, wherein the security template allows exposure of a header portion and subject portion at the untrusted message service and prevents a body portion of the message and message attachments from being exposed at the untrusted message server.
  - 18. The method of claim 17, wherein the untrusted message service routes the message to the recipient based on the exposed header portion.
  - 19. The method of claim 17, further comprising exposing the body portion of the message only to intended recipients based on the security template.
  - 20. The method of claim 14, further comprising:
    - caching the rules in association with the client;
      
      analyzing the message during an offline state of the client; and
      
      applying the security template while in the offline state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Carvalho Neto, Mayerber L., Biswas, Palash, Banti, Edward T., Byrum, Frank, Barnes, Christopher, Knibb, James R.

Granted Patent

US 8,978,091 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 63/0263   Rule management

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

PROTECTING CONTENT FROM THIRD PARTY USING CLIENT-SIDE SECURITY PROTECTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROTECTING CONTENT FROM THIRD PARTY USING CLIENT-SIDE SECURITY PROTECTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links