SIGNED EPHEMERAL EMAIL ADDRESSES

US 20140331310A1
Filed: 07/10/2014
Published: 11/06/2014
Est. Priority Date: 06/22/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented system, comprising:

a provisioning component configured to provision a secret for use with an ephemeral account;

a signing component configured to sign the ephemeral account with the secret to generate a signed ephemeral account and return the signed ephemeral account to a user of the user account;

an address book of a network gateway configured to receive and store the signed ephemeral account and the secret, wherein the network gateway confirms the ephemeral account is valid when the ephemeral account is in the address book, and confirms the signed ephemeral account is signed using the secret when the signed ephemeral account is not in the address book; and

a hardware processor configured to execute computer-executable instructions stored in a memory and associated with the provisioning component, the signing component, and the address book.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user'"'"'s creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.

68 Citations

View as Search Results

28 Claims

1. A computer-implemented system, comprising:
- a provisioning component configured to provision a secret for use with an ephemeral account;
  
  a signing component configured to sign the ephemeral account with the secret to generate a signed ephemeral account and return the signed ephemeral account to a user of the user account;
  
  an address book of a network gateway configured to receive and store the signed ephemeral account and the secret, wherein the network gateway confirms the ephemeral account is valid when the ephemeral account is in the address book, and confirms the signed ephemeral account is signed using the secret when the signed ephemeral account is not in the address book; and
  
  a hardware processor configured to execute computer-executable instructions stored in a memory and associated with the provisioning component, the signing component, and the address book.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the provisioning component is configured to provision the ephemeral account prior to creation of a friendly name.
  - 3. The system of claim 1, further comprising a revocation component configured to revoke the secret in response to revocation of the ephemeral account, the hardware processor configured to execute computer-executable instructions that implement the revocation component.
  - 4. The system of claim 1, wherein the signing component combines the secret with a friendly name and generates a combination of the secret and friendly name, the hardware processor configured to execute computer-executable instructions that enable the signing component to combine the secret and the friendly name and generate the combination.
  - 5. The system of claim 1, further comprising a validation component of the network gateway, the validation component configured to look up the secret in the address book, to validate ephemeral accounts signed with the secret, the hardware processor executes computer-executable instructions that implement the validation component.

6. A computer-implemented messaging system, comprising:
- a signing component configured to receive a temporary message address associated with a user account and to sign the temporary message address with a secret to create a signed temporary message address, and return the signed temporary message address to a user of the user account;
  
  an address book of a network gateway configured to store the temporary message address and the secret;
  
  a validation component of the network gateway configured to validate incoming messages directed to the signed temporary message address, configured to confirm the temporary message address is valid when the temporary message address is in the address book, and configured to confirm the signed temporary message address is signed using the secret when the signed temporary message address is not in the address book; and
  
  a hardware processor configured to execute computer-executable instructions in a memory associated with the signing component, the address book, and the validation component.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the signing component generates a single secret for each user and multiple temporary message addresses are generated using the single secret.
  - 8. The system of claim 6, wherein the signing component generates a plurality of secrets for each user and multiple temporary message addresses are generated that correspond to the secrets.
  - 9. The system of claim 6, wherein the signing component returns the signed temporary message address, which comprises a user identifier, a name, and an encrypted string that includes the secret.
  - 10. The system of claim 9, wherein the encrypted string is derived from an operation on a combination of the secret and the name.
  - 11. The system of claim 6, wherein the validation component further comprises a restriction component configured to restrict incoming messages to messages having the temporary message address signed with the secret and a user-defined domain name.

12. A computer-implemented method of messaging, comprising acts of:
- propagating a temporary message address for a user and a secret to an address book of a network node;
  
  signing the temporary message address with the secret to create a signed temporary message address, and returning the signed temporary message address to the user;
  
  looking up at least one of the temporary message address or the secret in the address book based on receipt of incoming messages directed to the signed temporary message address; and
  
  confirming the temporary message address is valid when the temporary message address is in the address book, and confirming the signed temporary message address is signed using the secret when the signed temporary message address is not in the address book.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising provisioning the temporary message addresses prior to creation of the friendly name.
  - 14. The method of claim 12, further comprising revoking the secret in response to revocation of the temporary message address.
  - 15. The method of claim 12, further comprising generating a single secret for each user, and generating a plurality of temporary message addresses using the single secret.
  - 16. The method of claim 12, further comprising generating a plurality of secrets for each user, and generating a plurality of temporary message addresses that correspond to the plurality of secrets.
  - 17. The method of claim 12, further comprising returning a signed message address that comprises a user identifier, the user-supplied name, and an encrypted string that includes the secret.
  - 18. The method of claim 17, further comprising generating the encrypted string by concatenating the secret with the name to generate a hash of the secret and the name.
  - 19. The method of claim 12, further comprising restricting incoming messages to messages having the temporary message address signed with the secret and a user-defined domain name.

20. A computer-readable storage medium comprising instructions that when executed by a hardware processor, cause the hardware processor to perform acts comprising:
- propagating a temporary message address for a user and a secret to an address book of a network node;
  
  signing the temporary message address with the secret to create a signed temporary message address, and returning the signed temporary message address to the user;
  
  looking up at least one of the temporary message address or the secret in the address book based on receipt of incoming messages directed to the signed temporary message address; and
  
  confirming the temporary message address is valid when the temporary message address is in the address book, and confirming the signed temporary message address is signed using the secret when the signed temporary message address is not in the address book.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The computer-readable storage medium of claim 20, further comprising provisioning the temporary message addresses prior to creation of the friendly name.
  - 22. The computer-readable storage medium of claim 20, further comprising revoking the secret in response to revocation of the temporary message address.
  - 23. The computer-readable storage medium of claim 20, further comprising generating a single secret for each user, and generating a plurality of temporary message addresses using the single secret.
  - 24. The computer-readable storage medium of claim 20, further comprising generating a plurality of secrets for each user, and generating a plurality of temporary message addresses that correspond to the plurality of secrets.
  - 25. The computer-readable storage medium of claim 20, further comprising returning a signed message address that comprises a user identifier, the user-supplied name, and an encrypted string that includes the secret, and generating the encrypted string by concatenating the secret with the name to generate a hash of the secret and the name.
  - 26. The computer-readable storage medium of claim 20, further comprising restricting incoming messages to messages having the temporary message address signed with the secret and a user-defined domain name.

27. A computer-readable medium comprising computer-executable instructions that when executed by a hardware processor enable a system, comprising:
- a provisioning component configured to provision a secret for use with an ephemeral account;
  
  a signing component configured to sign the ephemeral account with the secret to generate a signed ephemeral account and return the signed ephemeral account to a user of the user account; and
  
  an address book of a network gateway configured to receive and store the signed ephemeral account and the secret, wherein the network gateway confirms the ephemeral account is valid when the ephemeral account is in the address book, and confirms the signed ephemeral account is signed using the secret when the signed ephemeral account is not in the address book.

28. A computer-readable medium comprising computer-executable instructions that when executed by a hardware processor enable a system, comprising:
- a signing component configured to receive a temporary message address associated with a user account and to sign the temporary message address with a secret to create a signed temporary message address, and return the signed temporary message address to a user of the user account;
  
  an address book of a network gateway configured to store the temporary message address and the secret; and
  
  a validation component of the network gateway configured to validate incoming messages directed to the signed temporary message address, configured to confirm the temporary message address is valid when the temporary message address is in the address book, and configured to confirm the signed temporary message address is signed using the secret when the signed temporary message address is not in the address book.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Salada, Charles R., Neto, Mayerber Carvalho, Chung, Charlie, Mehta, Mayank

Granted Patent

US 9,894,039 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 2209/80   Wireless network architectu...

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0281   Proxies

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

SIGNED EPHEMERAL EMAIL ADDRESSES

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

SIGNED EPHEMERAL EMAIL ADDRESSES

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links