Method and apparatus for trusted branded email

US 7,457,955 B2
Filed: 01/13/2005
Issued: 11/25/2008
Est. Priority Date: 01/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method of communicating a message, comprising:

a reader component receiving a message from a writer component, the message having at least one branding asset uniquely assigned to a sender domain adapted to provide a visible indicia to the recipient of the message in the recipient'"'"'s inbox list view that the message arrived unaltered from the original sender that is indicated in a “

from”

field of an email header;

determining whether a domain configuration of the reader component matches a sender domain configuration of a writer component, wherein a domain configuration comprises hash classes, cryptographic key generation classes and crytographic classes, and an algorithm index that de-references an index for hashing, cryptographic key generation and cryptography between the reader component and the writer component, wherein this information is included in the message;

if the domain configuration of the reader component does not match the sender domain configuration of the writer component, initialing an error handling process;

determining whether a cryptographic tag is included in the message, wherein the message further comprises the algorithm index and a tamper proof digest (TPD);

if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on the algorithm index, wherein the algorithm index is specific to the message;

using the cryptographic key to decrypt the message;

validating the TPD of the message, comprising,generating a value using the algorithm index; and

comparing the generated value with the TPD of the message;

the writer component receiving a message from an electronic message system client;

determining whether the electronic message system client is in a network that comprises permissible domains, addresses and subnets;

if the client is not in the network, initiating an error handling process; and

if the client is in the network, retrieving a mapping between a “

from”

domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; and

adding the at least one branding asset to the message, wherein the at least one branding asset is defined for a sender domain, and including a TPD in the message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Atrusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

72 Citations

View as Search Results

23 Claims

1. A method of communicating a message, comprising:
- a reader component receiving a message from a writer component, the message having at least one branding asset uniquely assigned to a sender domain adapted to provide a visible indicia to the recipient of the message in the recipient'"'"'s inbox list view that the message arrived unaltered from the original sender that is indicated in a “
  
  from”
  
  field of an email header;
  
  determining whether a domain configuration of the reader component matches a sender domain configuration of a writer component, wherein a domain configuration comprises hash classes, cryptographic key generation classes and crytographic classes, and an algorithm index that de-references an index for hashing, cryptographic key generation and cryptography between the reader component and the writer component, wherein this information is included in the message;
  
  if the domain configuration of the reader component does not match the sender domain configuration of the writer component, initialing an error handling process;
  
  determining whether a cryptographic tag is included in the message, wherein the message further comprises the algorithm index and a tamper proof digest (TPD);
  
  if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on the algorithm index, wherein the algorithm index is specific to the message;
  
  using the cryptographic key to decrypt the message;
  
  validating the TPD of the message, comprising,generating a value using the algorithm index; and
  
  comparing the generated value with the TPD of the message;
  
  the writer component receiving a message from an electronic message system client;
  
  determining whether the electronic message system client is in a network that comprises permissible domains, addresses and subnets;
  
  if the client is not in the network, initiating an error handling process; and
  
  if the client is in the network, retrieving a mapping between a “
  
  from”
  
  domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; and
  
  adding the at least one branding asset to the message, wherein the at least one branding asset is defined for a sender domain, and including a TPD in the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - the writer component generating the algorithm index; and
      
      using the algorithm index to generate the TPD.
  - 3. The method of claim 2, further comprising using the algorithm index to dynamically select a TPD algorithm such that the algorithms selected rotate among a plurality of algorithms associated with a configuration of the reader component and the writer component.
  - 4. The method of claim 3, further comprising logging the TPD in an auditable file with the contents of the message.
  - 5. The method of claim 1, further comprising:
    - the writer component determining from the received message whether cryptography is to be used; and
      
      if cryptography is to be used, generating a cryptography key, and binding the cryptography key to the message.
  - 6. The method of claim 5, further comprising the writer component using the algorithm index to select an algorithm to generate the cryptographic key.
  - 7. The method of claim 6, further comprising using a domain specific configuration hash to validate a configuration of the reader component against a configuration of the writer component.
  - 8. The method of claim 7, wherein if the algorithm index de-references non-corresponding algorithms for the reader component and the writer component, decryption of the message is determined to be invalid.

9. A computer readable medium having instructions stored therein that when executed cause an electronic mail method to be performed, the method comprising:
- a reader component receiving a message from a writer component, the message having at least one branding asset uniquely assigned to a sender domain adapted to provide a visible indicia to the recipient of the message in the recipient'"'"'s inbox list view that the message arrived unaltered from the original sender that is indicated in a “
  
  from”
  
  field of an email header;
  
  determining whether a domain configuration of the reader component matches a domain configuration of a writer component, wherein a domain configuration comprises hash classes, cryptographic key generation classes and cryptographic classes, and an algorithm index that de-references an index for hashing, cryptographic key generation and cryptography between the reader component and the writer component, wherein this information is included in the message;
  
  if the domain configuration of the reader component does not match the domain configuration of the writer component, initialing an error handling process;
  
  determining whether a cryptographic tag is included in the message, wherein the message further comprises the algorithm index and a tamper proof digest (TPD);
  
  if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on the algorithm index, wherein the algorithm index is specific to the message;
  
  using the cryptographic key to decrypt the message;
  
  validating the TPD of the message, comprising,generating a value using the algorithm index; and
  
  comparing the generated value with the TPD of the message;
  
  the writer component receiving a message from an electronic message system client;
  
  determining whether the electronic message system client is in a network that comprises permissible domains, addresses and subnets;
  
  if the client is not in the network, initiating an error handling process;
  
  if the client is in the network, retrieving a mapping between a “
  
  from”
  
  domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; and
  
  adding the at least one branding asset to the message, wherein the at least one branding asset is defined for a domain, and including a TPD in the message.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer readable medium of claim 9, wherein the method further comprises:
    - the writer component generating the algorithm index; and
      
      using the algorithm index to generate the TPD.
  - 11. The computer readable medium of claim 10, wherein the method further comprises using the algorithm index to dynamically select a TPD algorithm such that the algorithms selected rotate among a plurality of algorithms associated with a configuration of the reader component and the writer component.
  - 12. The computer readable medium of claim 11, wherein the method further comprises logging the TPD in an auditable file with the contents of the message.
  - 13. The computer readable medium of claim 9, wherein the method further comprises:
    - the writer component determining from the received message whether cryptography is to be used; and
      
      if cryptography is to be used, generating a cryptography key, and binding the cryptography key to the message.
  - 14. The computer readable medium of claim 13, wherein the method further comprises the writer component using the algorithm index to select an algorithm to generate the cryptographic key.
  - 15. The computer readable medium of claim 14, wherein the method further comprises using a domain specific configuration hash to validate a configuration of the reader component against a configuration of the writer component.
  - 16. The computer readable medium of claim 15, wherein if the algorithm index de-references non-corresponding algorithms for the reader component and the writer component, decryption of the message is determined to be invalid.

17. An electronic mail system comprising:
- a reader hardware component configured to receive a message from a writer hardware component, wherein the reader hardware component is configurable to,determine whether a domain configuration of the writer hardware component matches a domain configuration of the reader hardware component;
  
  if the domain configuration of the reader comDonent does not match the domain configuration of the writer component, initialing an error handling process;
  
  determining whether a cryptographic tag is included in the message;
  
  if the cryptographic tag is included in the message, selecting a decryption algorithm for a cryptographic key based on predetermined domain configuration data, wherein a domain configuration comprises hash classes, crytographic key generation classes and crytographic classes, and algorithm index that de-references an index for hashing, crytographic key generation and crytography between the reader component and the writer, component, wherein this information is included in the message;
  
  using the cryptographic key to decrypt the message; and
  
  validating a tamper proof digest (TPD) of the message, comprising generating a value using the domain configuration data, and comparing the generated value with the TPD of the message;
  
  the writer hardware component configurable to,receive an electronic message from a client;
  
  determine whether the client is in a network that comprises permissible domains, addresses and subnets;
  
  if the client is not in the network, initiating an error handling process; and
  
  if the client is in the network, retrieving a mapping between a “
  
  from”
  
  domain and a predetermined policy hash, and binding the policy hash as a message processing policy attribute, wherein the policy attribute determines domain specific processing of the message; and
  
  adding the at least one branding assest to the message, wherein the at least one branding asset is defined for a domain, and including a TPD in the message.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, wherein the writer hardware component is further configurable to generate a TPD.
  - 19. The system of claim 18, wherein the writer hardware component is further configurable to log the TPD in an auditable file with the contents of the message.
  - 20. The system of claim 17, wherein the writer hardware component is further configurable to:
    - determine from the received message whether cryptography is to be used; and
      
      if cryptography is to be used, generate a cryptography key, and binding the cryptography key to the message.
  - 21. The system of claim 20, wherein the writer hardware component is further configurable to use an algorithm index to select an algorithm to generate the cryptographic key.
  - 22. The system of claim 21, wherein the algorithm index de-references an index for hashing, cryptographic key generation and cryptography between the reader hardware component and the writer hardware component.
  - 23. The system of claim 21, wherein the system is configurable to use a domain specific configuration hash to validate a configuration of the reader hardware component against a configuration of the writer hardware component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Iconix Incorporated (Matthews Group LLC)
Original Assignee
Brand Mail Solutions LLC
Inventors
Ruane, Noel, Seshadri, Harish
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
PATEL, NIRAV B

Application Number

US11/035,476
Publication Number

US 20050182938A1
Time in Patent Office

1,412 Days
Field of Search

713/176, 713/181, 713/160, 713/161, 713168-170, 713/175, 713/180, 726/2, 726 26- 30, 726/1, 726 22- 24, 726 12- 14, 709201-207, 705/50, 705/54, 705/51, 715/512, 715/515, 715/517, 715/526, 715/748, 715/753, 715/739, 707/9, 707/10
US Class Current

713/170
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 2209/60   Digital content management,...

H04L 2209/68   Special signature format, e...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Method and apparatus for trusted branded email

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for trusted branded email

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others