Method and apparatus for trusted branded email
First Claim
Patent Images
1. A method of communicating a message, comprising:
- a reader component receiving a message from a writer component, the message having at least one branding asset uniquely assigned to a sender domain adapted to provide a visible indicia to the recipient of the message in the recipient'"'"'s inbox list view that the message arrived unaltered from the original sender that is indicated in a “
from”
field of an email header;
determining whether a domain configuration of the reader component matches a sender domain configuration of a writer component, wherein a domain configuration comprises hash classes, cryptographic key generation classes and crytographic classes, and an algorithm index that de-references an index for hashing, cryptographic key generation and cryptography between the reader component and the writer component, wherein this information is included in the message;
if the domain configuration of the reader component does not match the sender domain configuration of the writer component, initialing an error handling process;
determining whether a cryptographic tag is included in the message, wherein the message further comprises the algorithm index and a tamper proof digest (TPD);
if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on the algorithm index, wherein the algorithm index is specific to the message;
using the cryptographic key to decrypt the message;
validating the TPD of the message, comprising,generating a value using the algorithm index; and
comparing the generated value with the TPD of the message;
the writer component receiving a message from an electronic message system client;
determining whether the electronic message system client is in a network that comprises permissible domains, addresses and subnets;
if the client is not in the network, initiating an error handling process; and
if the client is in the network, retrieving a mapping between a “
from”
domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; and
adding the at least one branding asset to the message, wherein the at least one branding asset is defined for a sender domain, and including a TPD in the message.
4 Assignments
0 Petitions
Accused Products
Abstract
Atrusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.
72 Citations
23 Claims
-
1. A method of communicating a message, comprising:
-
a reader component receiving a message from a writer component, the message having at least one branding asset uniquely assigned to a sender domain adapted to provide a visible indicia to the recipient of the message in the recipient'"'"'s inbox list view that the message arrived unaltered from the original sender that is indicated in a “
from”
field of an email header;determining whether a domain configuration of the reader component matches a sender domain configuration of a writer component, wherein a domain configuration comprises hash classes, cryptographic key generation classes and crytographic classes, and an algorithm index that de-references an index for hashing, cryptographic key generation and cryptography between the reader component and the writer component, wherein this information is included in the message; if the domain configuration of the reader component does not match the sender domain configuration of the writer component, initialing an error handling process; determining whether a cryptographic tag is included in the message, wherein the message further comprises the algorithm index and a tamper proof digest (TPD); if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on the algorithm index, wherein the algorithm index is specific to the message; using the cryptographic key to decrypt the message; validating the TPD of the message, comprising, generating a value using the algorithm index; and comparing the generated value with the TPD of the message; the writer component receiving a message from an electronic message system client; determining whether the electronic message system client is in a network that comprises permissible domains, addresses and subnets; if the client is not in the network, initiating an error handling process; and if the client is in the network, retrieving a mapping between a “
from”
domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; andadding the at least one branding asset to the message, wherein the at least one branding asset is defined for a sender domain, and including a TPD in the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable medium having instructions stored therein that when executed cause an electronic mail method to be performed, the method comprising:
-
a reader component receiving a message from a writer component, the message having at least one branding asset uniquely assigned to a sender domain adapted to provide a visible indicia to the recipient of the message in the recipient'"'"'s inbox list view that the message arrived unaltered from the original sender that is indicated in a “
from”
field of an email header;determining whether a domain configuration of the reader component matches a domain configuration of a writer component, wherein a domain configuration comprises hash classes, cryptographic key generation classes and cryptographic classes, and an algorithm index that de-references an index for hashing, cryptographic key generation and cryptography between the reader component and the writer component, wherein this information is included in the message; if the domain configuration of the reader component does not match the domain configuration of the writer component, initialing an error handling process; determining whether a cryptographic tag is included in the message, wherein the message further comprises the algorithm index and a tamper proof digest (TPD); if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on the algorithm index, wherein the algorithm index is specific to the message; using the cryptographic key to decrypt the message; validating the TPD of the message, comprising, generating a value using the algorithm index; and comparing the generated value with the TPD of the message; the writer component receiving a message from an electronic message system client; determining whether the electronic message system client is in a network that comprises permissible domains, addresses and subnets; if the client is not in the network, initiating an error handling process; if the client is in the network, retrieving a mapping between a “
from”
domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; andadding the at least one branding asset to the message, wherein the at least one branding asset is defined for a domain, and including a TPD in the message. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An electronic mail system comprising:
-
a reader hardware component configured to receive a message from a writer hardware component, wherein the reader hardware component is configurable to, determine whether a domain configuration of the writer hardware component matches a domain configuration of the reader hardware component; if the domain configuration of the reader comDonent does not match the domain configuration of the writer component, initialing an error handling process; determining whether a cryptographic tag is included in the message; if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on predetermined domain configuration data, wherein a domain configuration comprises hash classes, crytographic key generation classes and crytographic classes, and algorithm index that de-references an index for hashing, crytographic key generation and crytography between the reader component and the writer, component, wherein this information is included in the message; using the cryptographic key to decrypt the message; and validating a tamper proof digest (TPD) of the message, comprising generating a value using the domain configuration data, and comparing the generated value with the TPD of the message; the writer hardware component configurable to, receive an electronic message from a client; determine whether the client is in a network that comprises permissible domains, addresses and subnets; if the client is not in the network, initiating an error handling process; and if the client is in the network, retrieving a mapping between a “
from”
domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; andadding the at least one branding assest to the message, wherein the at least one branding asset is defined for a domain, and including a TPD in the message. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification