Secure, distributed e-mail system

US 7,020,779 B1
Filed: 08/22/2000
Issued: 03/28/2006
Est. Priority Date: 08/22/2000
Status: Expired due to Term

First Claim

Patent Images

1. An e-mail handling system, wherein e-mail messages are entered, transported and stored, the system comprising:

a central key repository;

means for encrypting a message using a key associated with the message;

means for adding the key to the central key repository, wherein at least one key in the central key repository is an encryption key associated with a message designated as an off-the-record message and at least one key in the central key repository is a null key associated with a message designated as an on-the-record message such that the on-the-record message can be read without an encryption key;

means for tagging the off-the-record message such that the off-the-record message and copies thereof are identified as being off-the-record; and

means for deleting the key for a message when the message is to be made unrecallable, wherein the off-the-record message and copies thereof are rendered unreadable when the key associated with the off-the-record message is deleted,wherein at least one key in the central key repository is a deleted key associated with a message designated as an unreadable off-the-record message, thereby representing a previously available message that is presently unreadable, the e-mail handling system further comprising means for indicating the unavailability of the deleted message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An e-mail handling system, wherein e-mail messages are entered, transported and stored, comprises a central key repository, means for encrypting a message using a key associated with the message, means for adding the key to the central key repository; and means for deleting the key for a message when the message is to be made unrecallable.

Citations

11 Claims

1. An e-mail handling system, wherein e-mail messages are entered, transported and stored, the system comprising:
- a central key repository;
  
  means for encrypting a message using a key associated with the message;
  
  means for adding the key to the central key repository, wherein at least one key in the central key repository is an encryption key associated with a message designated as an off-the-record message and at least one key in the central key repository is a null key associated with a message designated as an on-the-record message such that the on-the-record message can be read without an encryption key;
  
  means for tagging the off-the-record message such that the off-the-record message and copies thereof are identified as being off-the-record; and
  
  means for deleting the key for a message when the message is to be made unrecallable, wherein the off-the-record message and copies thereof are rendered unreadable when the key associated with the off-the-record message is deleted,wherein at least one key in the central key repository is a deleted key associated with a message designated as an unreadable off-the-record message, thereby representing a previously available message that is presently unreadable, the e-mail handling system further comprising means for indicating the unavailability of the deleted message.
- View Dependent Claims (2, 3)
- - 2. The e-mail handling system of claim 1, wherein the means for deleting the key comprises a means for deleting clear text from the off-the-record message to prevent snooping.
  - 3. The e-mail handling system of claim 1, further comprising storage for fixed length message headers and variable length message contents, the fixed length message headers each comprising fields for a message identifier, an off-the-record flag and a pointer to corresponding message contents.

4. A method of selectively securing an e-mail system against recovery of selected messages after one or more of the selected messages are flagged as deleted messages even when stored representations of the selected message contents remain accessible, the method comprising the steps of:
- when a new message is created, determining whether the new message is to be created as a selected message or an unselected message;
  
  when a new message is created, generating a message key to be associated with the new message, the message key being a null message key if the new message is an unselected message;
  
  generating a transportable new message wherein the new message is encrypted using the new message'"'"'s generated message key to form the transportable new message if the message is a selected message and wherein the transportable new message is an unencrypted form of the new message if the message is an unselected message;
  
  routing the transportable new message from a source to a plurality of destinations, at least one of which is not controllable for message deletion by an operator of the e-mail system;
  
  when the transportable new message is to be accessed at one or more of the plurality of destinations, retrieving a decoding key from a central key repository secured by the operator of the e-mail system, the decoding key corresponding to the message key generated for the transportable new message and being a null message key if the transportable new message is not an encrypted selected message; and
  
  when the transportable new message is to be deleted and is a selected message, deleting its associated message key from the central key repository,wherein at least one key in the central key repository is a deleted key associated with a message designated as an unreadable off-the-record message, thereby representing a previously available message that is presently unreadable, the e-mail system further comprising means for indicating the unavailability of the deleted message.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein accessing the transportable new message at the destination comprises reading a message header data structure having a fixed length and having at least a message identifier and a pointer to a variable length message content data structure.
  - 6. The method of claim 4, further comprising purging the transportable new message and stored representations thereof from the e-mail system when the decoding key associated with the transportable new message is deleted.

7. A method of communicating with an off-the-record e-mail message, the method comprising:
- receiving, by a mail client, a e-mail message;
  
  generating a data structure for the e-mail message;
  
  requesting, by the mail client, a mail message identification and a key, wherein the key is stored in a key table;
  
  generating a copy of the e-mail message in a message table;
  
  if the e-mail message is off-the-record, labeling the e-mail message with a off-the-record indicator;
  
  if the e-mail message is off-the-record, encrypting the e-mail message and the copy thereof;
  
  if the e-mail message is off-the-record, discarding clear text associated with the e-mail message;
  
  transmitting the e-mail message to a destination e-mail reader;
  
  if the e-mail message is off-the-record, requesting, by the destination e-mail reader, the key associated with the e-mail message;
  
  decrypting, by the destination e-mail reader, the off-the-record message using its associated key; and
  
  purging the off-the-record message and the copy thereof when the associated off-the-record key is deleted;
  
  wherein at least one key in a central key repository is a deleted key associated with a message designated as an unreadable off-the-record message, thereby representing a previously available message that is presently unreadable, the method further comprising means for indicating the unavailability of a deleted message.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein labeling of the off-the-record e-mail messages with a indicator thereof comprises labeling with a off-the-record flag.
  - 9. The method of claim 7, further comprising presenting e-mail messages not labeled as off-the-record to the e-mail reader in an unencrypted form.
  - 10. The method of claim 7, further comprising deleting the key when its associated off-the-record e-mail message is deleted or a predetermined time period has expired.
  - 11. The method of claim 7, further comprising generating a error message if the key is not obtainable by the destination c-mail reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Sutherland, Ivan E.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Dada, Beemnet W

Application Number

US09/644,086
Time in Patent Office

2,044 Days
Field of Search

713/193, 713200-202, 713/185, 709/226, 709/229, 709/207, 709/204, 709/206, 380277-279
US Class Current

713/185
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/062 for key distribution, e.g. ...

Secure, distributed e-mail system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secure, distributed e-mail system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links