Method and system for verifying identification of an electronic mail message

US 7,437,558 B2
Filed: 06/01/2004
Issued: 10/14/2008
Est. Priority Date: 06/01/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an electronic mail message at a recipient server, the electronic mail message comprising a signature and a key identifier, said signature identifying a domain from which said electronic mail message originated and said key identifier for verifying said signature;

accessing a domain name system over a network by the recipient server to perform a domain name system (DNS) lookup responsive to receiving the electronic mail message at the recipient server, the DNS lookup to locate a key registration server associated with the domain;

accessing, by the recipient server, said key registration server over the network responsive to receiving the electronic mail message at the recipient server, the key registration server to verify an association of said key identifier with the domain in the signature of the received electronic mail message; and

receiving, at the recipient server, a security rating associated with the domain or sender of the received electronic mail message from a rating service, where the security rating is based on at least one of registration policies associated with the domain, domain security, or behavioral information associated with the sender of the electronic mail message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for verifying identification of an electronic mail message. An electronic mail message including a signature and a key is received, the signature identifying a domain from which the electronic mail message originated and the key for verifying the signature. A key registration server of the domain is accessed to verify the key. The key registration server provides for verifying that a key used to sign an electronic mail message is valid and that the sender is authorized by the domain to send the electronic mail message from the return address.

72 Citations

View as Search Results

49 Claims

1. A method comprising:
- receiving an electronic mail message at a recipient server, the electronic mail message comprising a signature and a key identifier, said signature identifying a domain from which said electronic mail message originated and said key identifier for verifying said signature;
  
  accessing a domain name system over a network by the recipient server to perform a domain name system (DNS) lookup responsive to receiving the electronic mail message at the recipient server, the DNS lookup to locate a key registration server associated with the domain;
  
  accessing, by the recipient server, said key registration server over the network responsive to receiving the electronic mail message at the recipient server, the key registration server to verify an association of said key identifier with the domain in the signature of the received electronic mail message; and
  
  receiving, at the recipient server, a security rating associated with the domain or sender of the received electronic mail message from a rating service, where the security rating is based on at least one of registration policies associated with the domain, domain security, or behavioral information associated with the sender of the electronic mail message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1 further comprising receiving a key from said key registration server based on said key identifier;
    - andin response to said receiving said key, verifying said authorization of said key.
  - 3. The method as recited in claim 1 wherein said key identifier is a key.
  - 4. The method as recited in claim 3 further comprising:
    - receiving a value from said key registration server indicating a trust level of said key according to said domain; and
      
      verifying said authorization of said key based on said value.
  - 5. The method as recited in claim 4 wherein said value is based on a key fingerprint of said key.
  - 6. The method as recited in claim 1, wherein said security rating is associated with a sender of said electronic mail message.
  - 7. The method as recited in claim 1, wherein said security rating is associated with said domain.
  - 8. The method as recited in claim 1 further comprising verifying said signature based on said key.
  - 9. The method as recited in claim 1 further comprising verifying said identification of said electronic mail message based on said signature and said key.
  - 10. The method as recited in claim 1 further comprising verifying said identification of said electronic mail message based on said signature, said key and said security rating.

11. A system comprising:
- a mail signer for transmitting an electronic mail message, said electronic mail message comprising a signature and a key identifier, said signature identifying a domain from which said electronic mail message originated and said key identifier for verifying said signature;
  
  a key registration server for registering a key; and
  
  a mail verifier for receiving said electronic mail message generated independently of a public key associated with the mail verifier, for verifying said signature based on said key identifier, for accessing a domain name system over a network to perform a domain name system (DNS) lookup responsive to receiving the electronic mail message from the mail signer, the DNS lookup to locate said key registration server, and for accessing said key registration server over the network responsive to receiving the electronic mail message from the mail signer, the key registration server to verify an association of said key identifier with the domain in the signature of the received electronic mail message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 12. The system as recited in claim 11 wherein said mail signer is a mail transfer agent.
  - 13. The system as recited in claim 11 wherein said mail signer is a mail user agent.
  - 14. The system as recited in claim 11 wherein said mail verifier is a mail transfer agent.
  - 15. The system as recited in claim 11 wherein said mail verifier is a mail user agent.
  - 16. The system as recited in claim 11 wherein said mail verifier is also for receiving said key from said key registration server based on said key identifier, and verifying said authorization of said key in response to said receiving said key.
  - 17. The system as recited in claim 11 wherein said key identifier is a key.
  - 18. The system as recited in claim 17 wherein said key registration server is also for determining a value indicating a trust level of said key according to said domain.
  - 19. The system as recited in claim 18 wherein said value is based on a key fingerprint of said key.
  - 20. The system as recited in claim 11 further comprising a rating service for determining a security rating associated with said electronic mail message.
  - 21. The system as recited in claim 20, wherein said security rating is associated with a sender of said electronic mail message.
  - 22. The system as recited in claim 20, wherein said security rating is associated with said domain.
  - 23. The system as recited in claim 11 wherein said mail verifier is also for verifying said signature based on said key.
  - 24. The system as recited in claim 11 wherein said mail verifier is also for verifying said identification of said electronic mail message based on said signature and said key.
  - 25. The system as recited in claim 20 wherein said mail verifier is also for verifying said identification of said electronic mail message based on said signature, said key and said security rating.

26. An electronic device comprising:
- a bus;
  
  a computer-readable memory coupled to said bus; and
  
  a processor coupled to said bus, said processor for;
  
  receiving an electronic mail message at a recipient server, the electronic mail message comprising a signature and a key identifier, said signature identifying a domain from which said electronic mail message originated and said key identifier for verifying said signature;
  
  accessing a domain name system over a network by the recipient server to perform a domain name system (DNS) lookup responsive to receiving the electronic mail message at the recipient server, the DNS lookup to locate a key registration server associated with the domain;
  
  accessing, by the recipient server, said key registration server over the network responsive to receiving the electronic mail message at the recipient server, the key registration server to verify an association of said key identifier with the domain in the signature of the received electronic mail message; and
  
  tagging the electronic mail message with verification results associated with the authorization of the key.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The electronic device as recited in claim 26 wherein said method further comprises:
    - receiving a value from said key registration server indicating a trust level of said key according to said domain; and
      
      verifying said authorization of said key based on said value.
  - 28. The electronic device as recited in claim 27 wherein said value is based on a key fingerprint of said key.
  - 29. The electronic device as recited in claim 26 wherein said method further comprises accessing a rating service to determine a security rating associated with said electronic mail message.
  - 30. The electronic device as recited in claim 29, wherein said security rating is associated with a sender of said electronic mail message.
  - 31. The electronic device as recited in claim 29, wherein said security rating is associated with said domain.
  - 32. The electronic device as recited in claim 26 wherein said method further comprises verifying said signature based on said key.
  - 33. The electronic device as recited in claim 26 wherein said method further comprises verifying said identification of said electronic mail message based on said signature and said key.
  - 34. The electronic device as recited in claim 29 wherein said method further comprises verifying said identification of said electronic mail message based on said signature, said key and said security rating.

35. A system for verifying identification of an electronic mail message, said system comprising:
- means for transmitting an electronic mail message, said electronic mail message comprising a signature and a key, said signature identifying a domain from which said electronic mail message originated and said key for verifying said signature;
  
  means for registering said key; and
  
  means for receiving said electronic mail message generated independently of a public key associated with the means for receiving, for verifying said signature based on said key, for accessing a domain name system over a network to perform a domain name system (DNS) lookup responsive to receiving the electronic mail message, the DNS lookup to locate said means for registering said key, and for accessing said means for registering said key over the network responsive to receiving the electronic mail message, the means for registering said key to verify an association of said key with the domain in the signature of the received electronic mail message.
- View Dependent Claims (36, 37)
- - 36. The system as recited in claim 35 wherein said means for registering said key is also operable to determine a value indicating a trust level of said key according to said domain.
  - 37. The system as recited in claim 35 further comprising a means for determining a security rating associated with said electronic mail message.

38. A method comprising:
- monitoring a domain for at least one of domain security at a ratings service, registration policies associated with the domain, and user-behavior associated with the domain;
  
  receiving, at the ratings service, a security rating request associated with an electronic mail message originating from the domain, the security rating request received from a recipient of the electronic mail message over a network;
  
  determining, at the ratings service, a security rating associated with said electronic mail message based on said monitoring; and
  
  transmitting, from the ratings service, a response comprising said security rating to the recipient of the electronic mail message over the network.
- View Dependent Claims (39, 40)
- - 39. The method as recited in claim 38 wherein said security rating is associated with a sender of said electronic mail message.
  - 40. The method as recited in claim 38 wherein said security rating is associated with said domain.

41. A computer-usable medium having computer-readable program code embodied therein for causing a computer system to perform a method for determining a security rating, said method comprising:
- monitoring a domain for at least one of domain security at a ratings service, registration policies associated with the domain, and user-behavior associated with the domain;
  
  receiving, at the ratings service, a security rating request associated with an electronic mail message originating from the domain, the security rating request received from a recipient of the electronic mail message over a network;
  
  determining, at the ratings service, a security rating associated with said electronic mail message based on said monitoring; and
  
  transmitting, from the ratings service, a response comprising said security rating to the recipient of the electronic mail message over the network.
- View Dependent Claims (42, 43)
- - 42. The computer-usable medium as recited in claim 41 wherein said security rating is associated with a sender of said electronic mail message.
  - 43. The computer-usable medium as recited in claim 41 wherein said security rating is associated with said domain.

44. An electronic device comprising:
- a bus;
  
  a computer-readable memory coupled to said bus; and
  
  a processor coupled to said bus, said processor for;
  
  monitoring a domain for at least one of domain security at a ratings service, registration policies associated with the domain, and user-behavior associated with the domain;
  
  receiving, at the ratings service, a security rating request associated with an electronic mail message originating from the domain, the security rating request received from a recipient of the electronic mail message over a network;
  
  determining, at the ratings service, a security rating associated with said electronic mail message based on said monitoring; and
  
  transmitting, from the ratings service, a response comprising said security rating to the recipient of the electronic mail message over the network.
- View Dependent Claims (45, 46)
- - 45. The electronic device as recited in claim 44 wherein said security rating is associated with a sender of said electronic mail message.
  - 46. The electronic device as recited in claim 44 wherein said security rating is associated with said domain.

47. A system for determining a security rating, said system comprising:
- means for monitoring a domain for at least one of domain security at a ratings service, registration policies associated with the domain, and user-behavior associated with the domain;
  
  means for receiving, at the ratings service, a security rating request associated with an electronic mail message originating from the domain, the security rating request received from a recipient of the electronic mail message over a network;
  
  means for determining, at the ratings service, a security rating associated with said electronic mail message based on said monitoring; and
  
  means for transmitting, from the ratings service, a response comprising said security rating to the recipient of the electronic mail message over the network.
- View Dependent Claims (48, 49)
- - 48. The system as recited in claim 47 wherein said security rating is associated with a sender of said electronic mail message.
  - 49. The system as recited in claim 47 wherein said security rating is associated with said domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Thomas, Michael A., Fenton, James L., Baker, Frederick J
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
LASHLEY, LAUREL L

Application Number

US10/859,402
Publication Number

US 20060031315A1
Time in Patent Office

1,596 Days
Field of Search

380/30, 709/206, 713/156, 713/176, 713/170
US Class Current

713/170
CPC Class Codes

H04L 51/212 using filtering or selectiv...

Method and system for verifying identification of an electronic mail message

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

72 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for verifying identification of an electronic mail message

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links